The matter with the approach explained in the WP, is that essentially you are limiting bandwidth to tunnels, to whatever you believe the internet performance to be. Traffic in excess is dropped, (TCP senders will benefit however) and a quasi-LLQ is given to voice traffic. If you have no issue with that, then works fine. But will never get full circuit capacity or at least need a fine tuning.
We are running 10 ipphone on an Ipsec tunnel with Qos with a centralied ccm deployement for over a year.We do see occasional Voice quality issues primarily when we see a increase in round trip times.Some of the things which you should consider in this deployement is
1. Use LLQ in your Qos policy to priortize voice traffic
2. Provide guarnteed bandwitdh for signalling trafic to aviod unregistrations of ipphones.
3.Use an ISP which can provide a SLA on Latency,packet drops.
4.Use hardware encryption and decryption as much as possible.
but the topic discussed in there will work only for static address, a criterion that you know in advance, so what if ,if you dont know the address or you want to classify your traffic based on other caracteristics of the packets such ports number whitch in this situation will be encrypted whicth mean you cannot access them!!!!
the solution for such case is the use of (QOS pre-classify) command under the tunnel or the crypto map, that command will keep a copy of the packet before it hits the tunnel.
but if you want to classify your traffic by the marking done before by the ipphone or others , here the IOS will copy automaticaly the TOS field of the original packet the TOS field of the encapsulating packet IPSEC, so it works without difficulties!
Indeed the clean approach is like kamal said, if you directly map between DSCP for packets inside and outside, even if these arrive out of sequence because queuing in the ISP cloud, IPSEC is smart enough to deal with the cypherstream details and no problem should occur.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...