×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

QoS on a 2800 with VOIP, VPN and BGP

Unanswered Question
Oct 18th, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

I have a Cisco 2800 series ISR receiving 2 WAN links a 5Mbps fiber link and a 1.5Mbps T1. The Fiber is connected to the ISR on gigabit Ethernet 0/1, the T1 is on Serial 0 and our LAN side is connected on 0/0 to an HP Procurve Switch 3500-24. I am using BGP with both links, the 5Mbps fiber is setup as our primary and the T1 is the backup link.



I also have 3 remote sites that connect via a Sonicwall VPN 200 and have 3 VOIP phones, one at each site. Each site is on a cable or dsl connection 1.5Mbps or better.



I am having trouble with Quality of Service. During times of high upload and download, VOIP calls suffer, experiencing lag, choppiness and generally bad service. Sometimes during high load the VPN connections will lag and at worst drop connection. Ideally I’d like the VOIP calls and VPN connections to be the priority and impacted as little as possible during any times of high load.



I have some experience with CLI and setting up Cisco routers, I am in no way an expert and have little to no experience working with QoS. I’ve read through Cisco documentation for QoS but I am not sure what would be best. Below is our current configuration the only QoS change I’ve made or tried is turning on fair-queuing.




Any suggestions or solutions to make this work better would be appreciated.




Router#show running-config


Building configuration...



Current configuration : 2077 bytes


!


version 12.4


service timestamps debug datetime msec


service timestamps log datetime msec


no service password-encryption


!


hostname Router


!


boot-start-marker


boot-end-marker


!


no logging console


!


no aaa new-model


!


!


ip cef


!


!


multilink bundle-name authenticated


!


!


!


archive


log config


  hidekeys


!


!


!


!


!


interface GigabitEthernet0/0


description LAN


ip address 10.0.0.254 255.255.255.0


duplex auto


speed auto


!


interface GigabitEthernet0/1


description WANprimary


ip address 20.10.10.104 255.255.255.252


duplex auto


speed auto


fair-queue


!


interface Serial0/0/0


description WANbackup


ip address 30.20.20.106 255.255.255.252


encapsulation ppp


no fair-queue


!


router bgp 50


no synchronization


bgp log-neighbor-changes


bgp bestpath as-path ignore


network 10.0.0.0 mask 255.255.255.0


neighbor 30.20.20.10 remote-as 10


neighbor 30.20.20.10 description WANbackup BGP


neighbor 30.20.20.10 ebgp-multihop 10


neighbor 30.20.20.10 update-source Serial0/0/0


neighbor 30.20.20.10 weight 100


neighbor 30.20.20.10 prefix-list WANprimary BGP-out out


neighbor 30.20.20.10 route-map WANbackup BGP-in in


neighbor 30.20.20.10 route-map WANbackup BGP-out out


neighbor 20.10.10.255 remote-as 40


neighbor 20.10.10.255 description WANprimary BGP


neighbor 20.10.10.255 ebgp-multihop 10


neighbor 20.10.10.255 update-source GigabitEthernet0/1


neighbor 20.10.10.255 weight 200


neighbor 20.10.10.255 prefix-list WANprimary BGP-out out


no auto-summary


!


ip forward-protocol nd


ip route 10.0.0.0 255.255.255.0 Null0 255


ip route 30.20.20.10 255.255.255.255 30.20.20.105


ip route 20.10.10.255 255.255.255.255 20.10.10.103


ip route 20.11.10.255 255.255.255.255 20.10.10.103


!


!


no ip http server


!


!


ip prefix-list WANprimary BGP-out seq 5 permit 10.0.0.0/24


route-map WANbackup BGP-in permit 10


set local-preference 80


set as-path prepend 50 50


!


route-map WANbackup BGP-out permit 10


set as-path prepend 50 50


!


!


!


control-plane


!


!


line con 0


line aux 0


line vty 0 4


login


!


scheduler allocate 20000 1000


!


end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Mon, 10/18/2010 - 13:56
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

1) Create an ACL to match the src/dst traffic for VOIP


access-list 101 permit ip src_voip_net dst_voip_net


2) Create a class-map to associate the ACL


class-map QoS_VOIP

match access-group 101


3) Create a policy-map to assoicate the class-map


policy-map QoS_VOIP

  class QoS_VOIP

    priority percent 15

  class class-default



4) Associate the policy-map to the interface in the output direction


interface GigabitEthernet0/1


bandwidth 5000


description WANprimary


ip address 20.10.10.104 255.255.255.252


duplex auto


speed auto


fair-queue


service-policy output QoS_VOIP


!


interface Serial0/0/0


bandwith 1500


description WANbackup


ip address 30.20.20.106 255.255.255.252


encapsulation ppp


no fair-queue


service-policy output QoS_VOIP



You must do the same on the remote routers.



Regards,


Edison

brian0shelby Wed, 10/20/2010 - 12:49
User Badges:

Thanks,I have a few questions and a comment.


Would this be a better solution than setting up something with IP Precedence bits?


Our remote users are using cable/dsl modem-routers so we may not be able to control their bandwidth allocation like that.


In this setup does the priority percentage reserve 15 of the bandwidth or gaurantee that? If no VOIP calls were being made could another type of traffic use our full 5Mbps or would 15% be unavailible? Could the VOIP traffic use more than 15% in this setup?


Would a similar setup be needed for VPN traffic or can something else be done with it to prevent it from dropping during high loads?


Thanks,

Edison Ortiz Wed, 10/20/2010 - 13:23
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You can use IPP for marking - same can be said by using DSCP or COS - your choice.


Ideally, any type of QoS marking must be made closest to the source - then the router would match against the QoS marking instead of having an ACL.


The priority percentage will dequeue the matched traffic before any other type of traffic. It's not a reservation per say but if there is matched traffic vs regular traffic, the matched traffic will exit the interface first (up to the selected value). In your case, it will be 15% of the 5M pipe - that's the reason I added the 'bandwitdh' command because if you don't - the QoS will calculate based on the physical interface 100 or 1000Mbps.


You can use CBWFQ for VPN/IPSec traffic if you want to avoid tunnel drop off.


Regards,


Edison

brian0shelby Mon, 10/25/2010 - 15:18
User Badges:

We can mark the packets with IPP at our HP switch, I've read that 7 the highest priority is typically reserved for LAN traffic would it be better than to prioritize the VOIP traffic as 5 or 6? Once IP precedence markings are made what setup is needed on the router?


A related issue we are having, in our BGP setup the slower circuit is giving more and often prefered/better routes than the faster circuit. I have some things in place (local preference, as-prepending) to try and push as much traffic as I can toward the faster circuit but much of the upstream traffic still exits the slower circuit. Is there anyway to fix this? I belive this would help solve the problems we are having as much as QoS solutions.


Thanks.

Edison Ortiz Mon, 10/25/2010 - 16:11
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Voice traffic should be IPP5


On the router, all you need to modify the class-map from my previous config recommendation.

The old class-map matched against an ACL while the new class-map will match against precedence 5.


As for the BGP, please post configs and routes in question.


Local preference will aid on traffic leaving your network. For traffic entering your network, you may need to employ AS-PATH Prepend out.

brian0shelby Fri, 10/29/2010 - 15:13
User Badges:

BGP configuration was posted above but reposted here for ease. The WANbackup link often gives better routes and traffic exits via this route despite the weights, prepending and local preference.




router bgp 50

no synchronization

bgp log-neighbor-changes

bgp bestpath as-path ignore

network 10.0.0.0 mask 255.255.255.0

neighbor 30.20.20.10 remote-as 10

neighbor 30.20.20.10 description WANbackup BGP

neighbor 30.20.20.10 ebgp-multihop 10

neighbor 30.20.20.10 update-source Serial0/0/0

neighbor 30.20.20.10 weight 100

neighbor 30.20.20.10 prefix-list WANprimary BGP-out out

neighbor 30.20.20.10 route-map WANbackup BGP-in in

neighbor 30.20.20.10 route-map WANbackup BGP-out out

neighbor 20.10.10.255 remote-as 40

neighbor 20.10.10.255 description WANprimary BGP

neighbor 20.10.10.255 ebgp-multihop 10

neighbor 20.10.10.255 update-source GigabitEthernet0/1

neighbor 20.10.10.255 weight 200

neighbor 20.10.10.255 prefix-list WANprimary BGP-out out

no auto-summary

!

ip forward-protocol nd

ip route 10.0.0.0 255.255.255.0 Null0 255

ip route 30.20.20.10 255.255.255.255 30.20.20.105

ip route 20.10.10.255 255.255.255.255 20.10.10.103

ip route 20.11.10.255 255.255.255.255 20.10.10.103

!

!

no ip http server

!

!

ip prefix-list WANprimary BGP-out seq 5 permit 10.0.0.0/24

route-map WANbackup BGP-in permit 10

set local-preference 80

set as-path prepend 50 50

!

route-map WANbackup BGP-out permit 10

set as-path prepend 50 50

brian0shelby Tue, 11/09/2010 - 15:33
User Badges:

Doing some more reading it looks like CBWFQ is the way to go to get the traffic out in timely manner. I see 2 main types of traffic that need to be classified and given a percentage amount, VOIP and VPN. VOIP should be the priority and I'm thinking 20% of bandwidth during congestion. VPN 15% and a lesser priority but still more important than general web traffic. For the sake of example we'll say the VOIP hardware at my site has an IP of: 10.0.0.5 and the VPN: 10.0.0.10


The ACL configuration itself is where I'm a little confused. Below is my thinking but maynot be correct.


Router(config)# class-map VOIP-class

Router(config-cmap)# match access-group 101

Router(config)# policy-map VOIP

Router(config-pmap)# class VOIP-class

Router(config-pmap-c)# bandwidth percent 20

Router(config-if)# service-policy output VOIP


Router(config)# access-list permit ip 10.0.0.5?


How best should the ACL's be configured? How would they be configured using IPP? 1 end user with the VOIP phones themselves have a static ip the other 2 have dynamic from their ISP.


Thanks.

David McDaniel Fri, 10/22/2010 - 16:31
User Badges:

For configurations such as this one, my company's tool LiveAction can be a big help. It can show you how your QoS has been configured, how it is  performing, and can help guide you to a proper configuration using templates based on Cisco's SRND. Here's a  link to the download:


http://www.actionpacked.com/liveaction-2.0-download


Load the  tool, add your routers, then pull up the QoS interface view of the interface having the  problem. That will show you what's configured and how it's performing.  In fact, if you'd like, give me a call and I can walk you through it.  These types of configurations can be really complicated coming from the  CLI only. Let me know if I can be of further assistance.


David McDaniel

dmcdaniel@actionpacked.com

808-423-1900 x809

Actions

This Discussion

Related Content