05-13-2010 08:20 AM - edited 03-09-2019 10:58 PM
Is using a Cisco Router or an ASA recommended for QOS over the Internet when using site-to-site VPN? What are the recommendations?
Thank you
Solved! Go to Solution.
06-09-2010 07:32 AM
You need to do it on the Internet facing device, whichever they are.
The internal network will likely not cause quality issues because it is probably not oversubscribed.
Rate helpful posts.
PK
05-13-2010 08:51 AM
Both can perform QoS.
In general you want to perform QoS as close to the source of the traffic as possible, that is something you need to keep in mind.
Also Router QoS has more queueing options like WFQ, LLQ, CBWFQ and congestion avoidance RED, WRED etc.
I hope it helps.
PK
05-13-2010 08:51 AM
The internet does not follow any standardized QoS/queuing mechanism. In other words the internet is best effort and traffic is not prioritized in any way.
Hope that helps.
05-13-2010 09:02 AM
So whether I use a router (which has better queuing, ETC) or an ASA I should not try to prioritize the data because the Internet does not support it, correct? Should I not even use QOS? I will be running VOIP and video conferencing.
Thank you
05-13-2010 09:10 AM
I would not bother with QoS. If you configure it (ASA or router) it will mark/prioritize traffic leaving the device but after that it's best effort on the ISPs. Some ISPs may even remove any QoS markings!
05-13-2010 09:25 AM
I would go with QoS even if the ISP doesn't support it.
The fact that the ISP will not pay attention to DSCP markings or strip them unless you pay for that service is right.
But if your packets come out from your edge prioritized, it is more likely the priority will remain until they reach their destination.
OK, the Internet doesn't guarantee it, but backbone Internet is usually not congested, and practically traffic order is maintained throughout the path.
Experience has shown that when we prioritize on our endpoints on our devices and that tends to help.
That is my view.
PK
05-13-2010 09:30 AM
"But if your packets come out from your edge prioritized, it is more likely the priority will remain until they reach their destination."
How will it be more likely? As I stated before some ISP's remove all QoS tags from the CPE so only their traffic has QoS markings and is queued appropriately during congestion.
05-13-2010 09:48 AM
How will I be able to tell if I receive the packets on the other side in the correct order?
05-13-2010 09:52 AM
With voice and video traffic, you'll know! There will be jitter and delay. The router will hold the packet for a little bit of time to try and resequence if they arrive out of order, but if it doesn't see it in a specified time it forwards to the designation and those missing packets result in broken voices and jerky video.
05-13-2010 10:47 AM
"But if your packets come out from your edge prioritized, it is more likely the priority will remain until they reach their destination."
How will it be more likely? As I stated before some ISP's remove all QoS tags from the CPE so only their traffic has QoS markings and is queued appropriately during congestion.
I meant that if the packets go out as x, y, z, QoS marking will be disregarded or stripped.but there is high probability they will reach the remote end as x,y,z.
No guarantees, I agree.
But practically they will. And it usually helps in most situations.
PK
05-13-2010 04:00 PM
As many have said just marking packets with priority won't help much, since ISPs don't follow your markings. What really helps you when doing QoS for internet vpn's, is that once your own link is congested, you decide what traffic is dropped, by using shaping, instead of your ISP dropping maybe the wrong traffic (voip). So if you know what your link speed is, you can create a policy that will drop the traffic you wan't to drop once your link is congested.
05-13-2010 05:35 PM
Can I shape the traffic on a ASA and a router, and if so, do you have any configuration examples, so I can start with shaping the traffic?
Thank you
06-08-2010 01:23 PM
What is the best way to do this?
06-08-2010 04:51 PM
For the router http://www.cisco.ws/en/US/docs/ios/12_2/qos/configuration/guide/fqos_c.html
For the ASA https://supportforums.cisco.com/docs/DOC-1230
Rate helpful posts.
PK
06-09-2010 07:14 AM
If I have a PIX and router on the remote side and an ASA on the corporate side, I would have to setup the QOS on all 3, corrrect?
Thank you for your post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide