Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
3
Helpful
3
Replies

V3PN or VoIP in P2P GRE in IPSec

Wilson Samuel
Level 7
Level 7

‎08-04-2006 02:01 AM - edited ‎02-21-2020 01:05 AM

Hi All,

I have been curious enough that can we achieve the same levels of the QoS in a IPSec VPN that we could easily in a Leased Line.

My concern is that, what actually happens when a VoIP Packet is encapsulated in a IPSec Packet and then being routed into Internet?

Can we really deploy such cutting edge factors and cut the costs and make the whole transaction secure also.

Kind Regards,

Wilson Samuel

0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎08-04-2006 04:01 AM

Hi Samuel,

IPSec standard mandates to copy the DSCP field from the original header into the new IP header. As VoIP is usually marked with DSCP EF (decimal 46), your IPSec packets would also be marked.

Now all the marking has no influence whatsoever, if no QoS config is in place. So on your side you could enable LLQ to prioritize voice (do not forget signalling!) - auto-qos voip would be sufficient for that purpose.

The tricky thing is the internet. As long as you stay with one ISP you might get SLAs for VoIP. If more than one ISP is involved, it is unlikely to get SLAs and more unlikely to proove to one ISPs that he does not meet the SLAs (typical "finger pointing problem").

If you have no SLAs, then you might encounter VoIP problems ANY time - from degradation to one-way voice and so on.

A solution some customers picked is to interconnect sites through a MPLS VPN including VoIP SLAs. Whether you use IPSec or not over MPLS VPNs does not matter to the ISP.

My 2 cents.

Regards, Martin

Wilson Samuel
Level 7
Level 7
In response to mheusinger

‎08-08-2006 05:50 AM

Hi Martin,

Thanks a lot for the clarification over the matter.

So now, how does Cisco is aggressively marketing on their V3PN??

Are they having any special tie-ups with ISPs?

Regards,

Wilson Samuel

0 Helpful

tom.shiba
Level 1
Level 1

‎08-10-2006 11:08 PM

The most that can be done is on the traffic leaving each site using priority queueuing and shaping. This will resolve outbound traffic starving voip towards your remote site. But then again once it leaves from your domain the DSCP bits are not honored on the internet. Surprisingly though as chaotic as the internet is we have a bunch of teleworkers which work great. It takes a lot of configuration though as you have to determine their uplink at the worst time and shape around 70-80%. Sometimes but rarely it clips but it's pretty rare and people expect that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card