QOS over the internet

Answered Question
May 13th, 2010
User Badges:

Is using a Cisco Router or an ASA recommended for QOS over the Internet when using site-to-site VPN?  What are the recommendations?


Thank you

Correct Answer by Panos Kampanakis about 6 years 9 months ago

You need to do it on the Internet facing device, whichever they are.

The internal network will likely not cause  quality issues because it is probably not oversubscribed.


Rate helpful posts.


PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Panos Kampanakis Thu, 05/13/2010 - 08:51
User Badges:
  • Cisco Employee,

Both can perform QoS.

In general you want to perform QoS as close to the source of the traffic as possible, that is something you need to keep in mind.

Also Router QoS has more queueing options like WFQ, LLQ, CBWFQ and congestion avoidance RED, WRED etc.


I hope it helps.


PK

Collin Clark Thu, 05/13/2010 - 08:51
User Badges:
  • Purple, 4500 points or more

The internet does not follow any standardized QoS/queuing mechanism. In other words the internet is best effort and traffic is not prioritized in any way.


Hope that helps.

peter.williams@... Thu, 05/13/2010 - 09:02
User Badges:

So whether I use a router (which has better queuing, ETC) or an ASA I should not try to prioritize the data because the Internet does not support it, correct?  Should I not even use QOS?  I will be running VOIP and video conferencing.


Thank you

Collin Clark Thu, 05/13/2010 - 09:10
User Badges:
  • Purple, 4500 points or more

I would not bother with QoS. If you configure it (ASA or router) it will mark/prioritize traffic leaving the device but after that it's best effort on the ISPs. Some ISPs may even remove any QoS markings!

Panos Kampanakis Thu, 05/13/2010 - 09:25
User Badges:
  • Cisco Employee,

I would go with QoS even if the ISP doesn't support it.


The fact that the ISP will not pay attention to DSCP markings or strip them unless you pay for that service is right.


But if your packets come out from your edge prioritized, it is more likely the priority will remain until they reach their destination.

OK, the Internet doesn't guarantee it, but backbone Internet is usually not congested, and practically traffic order is maintained throughout the path.

Experience has shown that when we prioritize on our endpoints on our devices and that tends to help.


That is my view.


PK

Collin Clark Thu, 05/13/2010 - 09:30
User Badges:
  • Purple, 4500 points or more

"But if your packets come out from your edge prioritized, it is more  likely the priority will remain until they reach their destination."


How will it be more likely? As I stated before some ISP's remove all QoS tags from the CPE so only their traffic has QoS markings and is queued appropriately during congestion.

peter.williams@... Thu, 05/13/2010 - 09:48
User Badges:

How will I be able to tell if I receive the packets on the other side in the correct order?

Collin Clark Thu, 05/13/2010 - 09:52
User Badges:
  • Purple, 4500 points or more

With voice and video traffic, you'll know! There will be jitter and delay. The router will hold the packet for a little bit of time to try and resequence if they arrive out of order, but if it doesn't see it in a specified time it forwards to the designation and those missing packets result in broken voices and jerky video.

Panos Kampanakis Thu, 05/13/2010 - 10:47
User Badges:
  • Cisco Employee,

"But if your packets come out from your edge prioritized, it is more  likely the priority will remain until they reach their destination."


How will it be more likely? As I stated before some ISP's remove all QoS tags from the CPE so only their traffic has QoS markings and is queued appropriately during congestion.



I meant that if the packets go out as x, y, z, QoS marking will be disregarded or stripped.but there is high probability they will reach the remote end as x,y,z.

No guarantees, I agree.

But practically they will. And it usually helps in most situations.


PK

jan.nielsen Thu, 05/13/2010 - 16:00
User Badges:
  • Gold, 750 points or more

As many have said just marking packets with priority won't help much, since ISPs don't follow your markings. What really helps you when doing QoS for internet vpn's, is that once your own link is congested, you decide what traffic is dropped, by using shaping, instead of your ISP dropping maybe the wrong traffic (voip). So if you know what your link speed is, you can create a policy that will drop the traffic you wan't to drop once your link is congested.

peter.williams@... Thu, 05/13/2010 - 17:35
User Badges:

Can I shape the traffic on a ASA and a router, and if so, do you have any configuration examples, so I can start with shaping the traffic?


Thank you

peter.williams@... Wed, 06/09/2010 - 07:14
User Badges:

If I have a PIX and router on the remote side and an ASA on the corporate side, I would have to setup the QOS on all 3, corrrect?


Thank you for your post

Correct Answer
Panos Kampanakis Wed, 06/09/2010 - 07:32
User Badges:
  • Cisco Employee,

You need to do it on the Internet facing device, whichever they are.

The internal network will likely not cause  quality issues because it is probably not oversubscribed.


Rate helpful posts.


PK

Actions

This Discussion