Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1711
Views
15
Helpful
3
Replies

Easy question on MPLS, Encryption and VoIP traffic

Go to solution
news2010a
Level 3
Level 3

‎10-29-2010 09:42 AM - edited ‎03-04-2019 10:18 AM

Hey, imagine I am planning to deploy GET VPN (or whatever traffic encryption feature) between sites in the MPLS network.

Then the provider tells me that VoIP traffic cannot be encrypted.

Questions:

Is that common that you cannot encrypt VoIP traffic over the MPLS network?

I mean, if you have to provide encryption for your data, how do you handle that then? I thought about somehow classifying and defining non-VoIP traffic using a route-map perhaps and applying encryption over the non-VoIP traffic, if that is the case that it cannot be encrypted. Please let me know how you have handled that.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to Robert Taylor

‎10-29-2010 10:21 AM

Just to add to Roberts post, providers rarely know technologies especially ones like GETVPN. Don't rely on them to know anything :-). Using GETVPN you can encrypt voice traffic across MPLS. Just make sure you correctly size your routers and/or purchase the encryption/decryption hardware to limit the amount of added latency with the encrpytion/descrption of packets.

View solution in original post

3 Replies 3

Go to solution
Robert Taylor
Cisco Employee
Cisco Employee

‎10-29-2010 10:08 AM

The provider may say you cannot encrypt the voice traffic because of the fact that they may be setup to give you "Gold Class", meaning prioritization, for your voice traffic across their mpls cloud.  This would be based on the DSCP/TOS portion of the ip header.

However, this should not matter, as the DSCP values are preserved in the packets, even when encryption is used.

Sounds like you need to get more info as to why they dont want you encrypting the voice traffic, but if that is their reason, then they are wrong.

Go to solution
news2010a
Level 3
Level 3
In response to Robert Taylor

‎10-29-2010 10:20 AM

Provider is claiming that VoIP traffic cannot be touched, encrypted, etc because it may affect the quality (MOS). Well, that is strange for me. That means that people cannot encrypt sensitive voice traffic traversing on such provider network. Weird.

From reading the documentation for GET VPN, I see the original IP header is preserved so QoS reading should not be a problem there.

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to Robert Taylor

‎10-29-2010 10:21 AM

Just to add to Roberts post, providers rarely know technologies especially ones like GETVPN. Don't rely on them to know anything :-). Using GETVPN you can encrypt voice traffic across MPLS. Just make sure you correctly size your routers and/or purchase the encryption/decryption hardware to limit the amount of added latency with the encrpytion/descrption of packets.

Customers Also Viewed These Support Documents