Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Easy question on MPLS, Encryption and VoIP traffic

Hey, imagine I am planning to deploy GET VPN (or whatever traffic encryption feature) between sites in the MPLS network.

Then the provider tells me that VoIP traffic cannot be encrypted.

Questions:

Is that common that you cannot encrypt VoIP traffic over the MPLS network?

I mean, if you have to provide encryption for your data, how do you handle that then? I thought about somehow classifying and defining non-VoIP traffic using a route-map perhaps and applying encryption over the non-VoIP traffic, if that is the case that it cannot be encrypted. Please let me know how you have handled that.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Easy question on MPLS, Encryption and VoIP traffic

Just to add to Roberts post, providers rarely know technologies especially ones like GETVPN. Don't rely on them to know anything :-). Using GETVPN you can encrypt voice traffic across MPLS. Just make sure you correctly size your routers and/or purchase the encryption/decryption hardware to limit the amount of added latency with the encrpytion/descrption of packets.

3 REPLIES
Cisco Employee

Re: Easy question on MPLS, Encryption and VoIP traffic

The provider may say you cannot encrypt the voice traffic because of the fact that they may be setup to give you "Gold Class", meaning prioritization, for your voice traffic across their mpls cloud.  This would be based on the DSCP/TOS portion of the ip header.

However, this should not matter, as the DSCP values are preserved in the packets, even when encryption is used.

Sounds like you need to get more info as to why they dont want you encrypting the voice traffic, but if that is their reason, then they are wrong.

New Member

Re: Easy question on MPLS, Encryption and VoIP traffic

Provider is claiming that VoIP traffic cannot be touched, encrypted, etc because it may affect the quality (MOS). Well, that is strange for me. That means that people cannot encrypt sensitive voice traffic traversing on such provider network. Weird.

From reading the documentation for GET VPN, I see the original IP header is preserved so QoS reading should not be a problem there.

Re: Easy question on MPLS, Encryption and VoIP traffic

Just to add to Roberts post, providers rarely know technologies especially ones like GETVPN. Don't rely on them to know anything :-). Using GETVPN you can encrypt voice traffic across MPLS. Just make sure you correctly size your routers and/or purchase the encryption/decryption hardware to limit the amount of added latency with the encrpytion/descrption of packets.

1041
Views
15
Helpful
3
Replies
CreatePlease to create content