Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

QOS Questions

I have a question surrounding QOS. Although I have many branch offices that connect to my data center via IPSEC VPN tunnels. I think it will be easiest for me to understand if I focus on a single link, but please keep in mind that whatever I come up with I will need to do something similar in 30 or so additional branch locations. Different locations have different numbers of users, different bandwidth capabilities, etc.

We use Cisco Call Manager, Unity Connection VM, Cisco Presence and IPCC all installed in my data center. Some branch office use their router as a PSTN gateway, while others rely on Call Manager based SIP trunks for PSTN connectivity.

So my branch office has a Cisco 2821 router with a Serial T1 direct internet access. This DIA is provided by Carrier “A” and they have assigned a public IP for my router. MY data center has an ASA5510 Security appliance and it has 15 megs of DIA, also provided by Carrier “A” and it too has a public IP assigned by Carrier “A”.

I have an IPSEC VPN tunnel created between the public IP of my branch router and the public IP of my ASA in my data center.

The traffic traversing this link consists of the following (list in the order of importance to me):

•1)      Voice Traffic (branch phones to other branch phones, branch phones to and from Unity Connection, ad hoc conference calls, MeetMe conference calls and some branch phone to PSTN via SIP trunks terminated on my Call Managers in my data center – number of such calls vary by location)

•2)      Mission Critical Applications ( proprietary thin client on TCP 8221)

•3)      Cisco Phone Control (maybe needs to be #2 ??)

•4)      Data transfer associated with # 2 above (TCP 8222)

•5)      Other data transfers (documents, spreadsheets, etc. from network storage locations within the data center to client PCs in the branch office

•6)      In house web based applications (Intranet, custom web based tools which interact with servers in our data center)

•7)      Other data (Microsoft AD data for domain permissions etc., Virus Software Updates (happen overnight), Windows Updates (overnight), Help Desk Traffic (RDP/VNC, etc.)

•8)      FTP traffic from scanning machines to an FTP server in the data center

We would like to ensure that voice quality is given top priority and as such we would like to allow unimpeded priority for voice traffic.

At the same time, if there is little or no voice traffic we would like the remaining items, in order of priority to use the full available bandwidth.

We certainly feel we could enforce a very strict ‘rate limit’ on item #8 - FTP traffic and quite possibly Item #7 - Other data.

Is this attainable or a pipe dream?

Thanks in advance for any input.

Brian

Everyone's tags (5)
1 REPLY

Re: QOS Questions

Hi,

It's an ambitious but attainable policy.

Have you seen the following QoS guide? It offers excellent advice on developing a QoS policy.

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSWAN_40.html#wp129801

For example it ranks Signalling above Critical Data. Also consider using a Scavenger class.

I also suggest that if you haven't done so already that you get business sign off on the policy. Then people can't complain about poor perfromance for their favourite applications when it is implemented.

I suggest that you also ensure that you have your trust QoS boundary configured on your switches and routers before the traffic hits the firewall.

472
Views
0
Helpful
1
Replies
CreatePlease to create content