Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

does this VoIP strategy make sense?

I have a VoIP gateway that is marking packets with DiffServ CS1 and CS2 levels. These packets first hit an internal router that has a GRE/IPSec transport mode tunnel to another router on the public Internet. The internal router uses its FastEthernet port to connect to a second in-house router that has a T1 connection to the Internet. In order to setup some QoS I would like do the following:

1) On the internal router I am not going to setup any actual QoS policies but I want to use the "qos pre-classify" commands on the crypto map and the tunnel interface in order preserve the DCSP info on the IPSec encrypted packets that will be processed by the Internet router

2) On the Internet router I will setup a policy that matches DCSP packets and assigns them to a LLQ using the "priority" command.

Since the IPSec tunnel also carries non-VoIP traffic my objective here is to prioritize only IPSec packets that have voice. Non-voice IPSec and all other traffic will be treated in best-effort mode.

Does my plan make sense?




Re: does this VoIP strategy make sense?

Since IOS 11.3T, the TOS bits of the IP header is copied automatically to the TOS bits of the GRE header. However, there was a problem. While the subsequent routers could use this info in the TOS field of the GRE header, the router doing this initial copying itself was unable to prioritize based on the TOS bits. The 'qos pre-classify' command solves this problem. With the command configured, the packets will be correctly classified and the qos policy applied on the headend router too.

The information ultimately copied into the TOS bit of the new header, mirrors the TOS bit in the original header. Also, the TOS bit is copied regardless of the 'qos pre-classify' command.

New Member

Re: does this VoIP strategy make sense?

I am pretty sure the above setup will prioritize IPSec packets over non-IPSec, but what about the packets inside the tunnel? Will this prioritize "inside" the tunnel. My ultimate goal would be the following:

IPSec packets from VoIP host should have highest priority

IPSec packets from all other hosts and non-IPSec traffic should share remaining bandwidth and be treated with equal priority.



CreatePlease to create content