Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
0
Helpful
4
Replies

Voice QoS over an Internet GRE Tunnel

Mitchell Theriot
Level 1
Level 1

‎06-24-2015 11:40 AM - edited ‎03-17-2019 03:27 AM

We have a backup connection to all our remote sites via a GRE tunnel using the Internet.  We have QoS in place on our primary MPLS circuits to prioritize our voice traffic however I was wonder if applying QoS to the backup GRE tunnel would work as well.  Being that it is over the Internet would the first Internet router strip off any QoS markings and prioritization or would it survive accross the tunnel?  We need to be sure that our VOIP stays viable over the backup tunnels.  How would the Internet routers handle the traffic?

Labels:
0 Helpful
4 Replies 4

Mohammed al Baqari
Level 11
Level 11

‎06-24-2015 12:21 PM

You can't guarantee QoS over internet. Internet providers will reset IPP/DSCP markings to treat the traffic over their global links based on ISP requirements.

From experience, I can tell that VoIP can be acceptable over internet depending on your location and your service provider. For example,I found it challenging to get good VoIP quality in Indonesia while it is acceptable from Singapore.

However, I suggest that you define a minimum acceptable MOS score or delay/jitter/packet loss (you can find best practice values in Cisco QoS SRND). Next step is to run a tool to measure these values for 15 days between your sites to give you an idea about you VoIP performance over your internet links.

One more recommendation is to run VoIP over IPSEC instead of GRE. Cisco ISR routers perform GRE encaps/decaps in software while IPSec enacps/decaps in hardware. Always reduce the CPU usage for VoIP applications to minimize the impact on performance.

0 Helpful

Mitchell Theriot
Level 1
Level 1
In response to Mohammed al Baqari

‎06-24-2015 12:31 PM

Thank you for the response.  Unfortunately we have to use GRE tunneling due to passing BGP routing across the tunnel.  We have tested from several location and the latency seems to be within limits however we have no way to protect against congestion across the Internet.  If there is congestion anywhere along the path it could potential affect the call due to no prioritization of the packets.  I guess the best we can do is place QoS on our backup routers to prioritize the packets heading out on to the tunnel.  After it leaves there is no guarantee that it makes it to the other end with no issues.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Mitchell Theriot

‎06-24-2015 12:39 PM

Understood. Regarding BGP routes, you can still pass them over IPSec using VTI instead of crypto maps. Just a thought but you can decide your preference.

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to Mitchell Theriot

‎06-24-2015 05:30 PM

Mitch,

 

Wether you use GRE , IPSEC or any other encryption method is irrelevant for this scenario. The fact of the matter is that you will provide one sort of traffic to "the internet" ; which is your encrypted traffic". You might have a Qos Policy that applies some sort of traffic marking before the traffic is encrypted but none of this really matters as it is internet and thus NO guarantees.

In my opinion you will need to inform the business of what the potential effects are when running in backup mode. 

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents