Re: Bonding 4 T1's and Cisco IP Tel and VPN and yada yada

jcleary · ‎05-12-2006

Hey Everyone,

Verizon is my ISP. I am upgrading my internet connection fron a T1 to a 6MB Circuit. They say that i need a router with 4 T1 ports to bond the T1's. Im assuming with Multilink PPP. I'm also in the process of installing Cisco Call manager with 40 phones in my office. i am going to use a 2811 with the security bundle to act as my VPN router connecting to 871's for home users they will connect with comcast 8mb/1mb teleworker connections. Im going to do QOS in the routers and this should be ok for the voice. My question is, Will the multilink cause any quality issues for the VPN?

Thanks,

Joe

jcleary · ‎05-15-2006

Hey guys. Any ideas on this?

jcleary · ‎05-16-2006

any ideas?

Sorry to be a pain but i really need the answer

thanks

robert.hyde · ‎05-16-2006

Joe,

I see that there are no responses to this so I'll take a stab at it to maybe get things going. Multilink should not have any negative impact; though it adds a small amount of overhead it is very efficient. We bundle ATM & Frame T1's with multilink at many sites, running QoS over those links, and have had great results. I am assuming that your 4 T1's will terminate to an ISP router, and you will run multilink to only that ISP router. And then the teleworker 871's will run a single non-multilink connection to the ISP. Not sure if I am answering your question, but the fact that your 2811 is running multilink to the ISP and your 871's are not, is totally fine.

If this is not quite the info you were looking for, please reply with specifics. Thanks!

Best Regards

Robert

jcleary · ‎05-16-2006

Great I really appreciate it. I just talked to the provider and he said that they use MLFR. Not sure where to go from here

robert.hyde · ‎05-16-2006

Joe,

Unfortunately, I have worked with MLFR only once, a couple years ago, and certainly no QoS on that connection. One potential red flag is the fact that per CCO, CEF is still not supported on MLFR links, even at 12.4. As NBAR requires CEF, you would have to remove NBAR from your QoS toolkit. I know that doesn’t help, just wanted to give you a heads-up. Has anyone out there configured QoS on a MLFR/FRF.16 connection?

Best Regards

Robert

jcleary · ‎05-21-2006

Will i have to?

What im going to do is use a 2651 i have for an internet router to do the MLFR for my internet connection. I will be using a seperate 2821 for my VPN router to terminate the site to site with my home users with 871's. I will be doing the QOS on the 2821 and 871's

Will this work?

clagos · ‎05-22-2006

How many home sites do you plan to support? I have had good luck with 871's running EIGRP and tunnel interfaces with crypto. You can't acheive true QoS but it's definately doable. I would make the default route at each site point to the tunnel interface. You can dedicate the local broadband internet connection to the VPN and run your QoS on the tunnel interface. This way, you can keep users from killing voice. Make sure you set a static route pointing to the 2821 on the 871s to avoid recursive routing. I would also recommend reading the Cisco V3PN docs.

Here is some config I use for this purpose:

class-map match-all VOICE

match ip dscp ef

class-map match-all SCAVENGER

match ip dscp cs1

!

policy-map V3PN

class VOICE

priority percent 33

class SCAVENGER

bandwidth percent 1

queue-limit 1

class class-default

bandwidth percent 25

queue-limit 16

policy-map SHAPE-DSL

class class-default

shape average 1120000

service-policy V3PN

interface FastEthernet0/1

ip access-group fwingress in

ip nat outside

ip inspect inspect out

crypto map vpn-map

service-policy output SHAPE-DSL