Could someone please post a location for some good examples on how to configure a site-to-site vpn using IOS routers, that provides for QoS / prioritization for Voice traffic. I have seen some in the past, but I am curious if new enhancements have been made in this area. We have 15-20 remote sites that I would like to look at deploying voice over my vpns. We have been running our vpn network for 2 to 3 years now and it works very well. We have deployed IPSEC protected GRE tunnels with EIGRP dynamic routing with ISDN failover. I am not sure what type of QoS I need to look at. Shaping vs Queueing etc? I know there has to be many companies that are deploying voice over vpns, and would like to get some feedback/pitfalls that people have experienced. Thank you.
from my personal exp voice traffic has to be taken care with uttermost priority followed by other business oriented applications like sap,oracle,jde etc.,then comes your mailing ,FTP traffics between your locations.
And again your internet browsing traffic which mite come to the central site and go to the outside world if its like hub n spoke kinda setup.
if u take an example of following traffic pattern in your network would suggest to take a look which can give your some clarity on how to go about the qos configs.
1 VOIP place your voice in LLQ (strict priority)
2 SAP or Oracel or JDE can be put in CBWFQ with guranteed B/W.Allocate the b/w accordingly based on the b/w available in your links .
3 for mailing and ftp you can again give some minimum level of b/w gurantee ,you can again put them in CBWFQ.
4 for internet you can still put them under cbwfq or else u can classify them as default class which will use the remaining b/w in ur links (means the remaining avl b/w in ur link after being alloted to the active classes)
again for configuring qos with GRE or IPSEC you should make sure that your boxes supports the following command without which your configs wont take effect.
CLI : qos pre-classify
this has to be keyed in under the interface tunnel config and also under the crypto map.
i dont think that you can check out the same policy in the isdn backups too coz the avl b/w will be less in case of the isdn.
also check wht kinda voip equipments you are using out there ?
what kinda of l2 switches and also the type of routers to get your nodes connected ..
shaping basically uses the buffer and avoids unecessary droppage in the traffic.
it stores up them in buffers when the link is heavily choked or used upto its capacity and passes or transmits them once its free to pass it on.
Again in queueing u got to have both s/w and h/w in which you can configure the s/w queues and not desirable to change the h/w queues.
in queuing again you can configure different queue sizes and different kinda priorities.
based on trafifc pattern avl and desing plan you can make use of different queues.
Yes, I followed the links regarding dmvpn and qos. But we found that the nested QoS works better as a template for most of our broadband users. We are coming across one issue with the config regarding download speed. PCs behind the 831 are seeing a drop in download speed (- 500k) versus running the PC directly into the broadband modem.
"ip tcp adjust-mss 542" is the culprit of your speed issues.
I ran into this same issue almost 6 months ago. The whole issue that I have is that there multiple documents on Cisco's site that all give examples of how to deploy Teleworkers differently. Networkers 2004 QoS / Telewoker documenations state that setting the ip tcp adjust-mss 542 is mandatory for good voice quality. Newer DMVPN documentation show configs without these. I have also seen a config floating around that was supposed to be from Cisco employee deployed routers that have completely different configs. There is no consistancy.
I myself am fighting the Telewoker battle now for about 1 1/2 years. What I would pay for consistant documentation from Cisco on this matter.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...