03-05-2014 06:32 AM - edited 03-04-2019 10:30 PM
Hi All,
We have a Cisco 891 as our gateway router, and a 25Mb Internet connection shared between two buildings. We have a PTP connection connecting another building, where we have another 891 connected via OSPF. We have an external SIP trunk that we use for our primary phone systems, one in each building.
We would like to make sure the VoIP traffic is guaranteed so there is no disturbance to the calls. 2Mb. We have a direct external to internal NAT for each phone system, with ACLs for the specific ports.
New to QoS, not sure if shaping or policing should be used, and if so how and on which interfaces. As long as 2Mb is reserved for VoIP, and the other 23Mb can be shared between everything else.
Attached is an edited copy of the config.
03-05-2014 11:42 AM
Hello.
First of all let me note that 891 is not fast enough to service 25M link with NAT+CBAC+IPSec; I recommend at least 1941!
---
but, if you decide to continue with 891, then:
If you want to implement QoS for voice, then you need LLQ.
Actually if we are talking about QoS you need to worry abount both directions: inbound and outbound.
For inbound direction there is no way to limit incoming traffic from ISP (unless you buy MPLS), so you may forget about QoS over internet. One workaround could be to deploy dedicated WAN link for SIP only.
For outbound you can try LLQ, but it seems to me that you may apply it on G0 interface only (it should be L3 physical [sub]-interface), so in current configuration there is no way to provide QoS between your buildings.
I would suggest to test appling LLQ on sub-interfaces of your G0 (I don't have such a device in lab); if it works - then reconfigure G0 with subinterfaces and apply QoS.
03-06-2014 07:13 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Could you better explain you topology or provide a simple diagram? I'm confused at you describe a shared 25 Mbps connection between buildings and a p2p connection to another building with another 891.
PS:
In general, if you have any link with less bandwidth then the interface provides, you shape for the available bandwidth and use QoS against the shape queue to manage congestion as you desire, for example, insuring priority for VoIP traffic.
03-06-2014 08:25 AM
Here is the topology diagram -
https://www.dropbox.com/s/166m519zakdn64w/Diagram.png
Internet connection is on GigabitEthernet0, Building 1 LAN is FastEthernet, and Building 2 is connected via FastEthernet. Both Buildings share the Internet connection. We have an Internet based SIP provider that provides our VoIP service. This is what I would like to prioritze over general Internet traffic.
The link between the two buildings should also be prioritized.
03-06-2014 09:23 AM
I get a blank screen when I link to your drawing reference. Could you attach to your posting?
03-06-2014 11:08 AM
Edited above.
03-06-2014 11:41 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Ah, that helps.
Yes, you'll want to shape all your egress links for 25 Mbps (actually about 15% less, as I believe most shapers don't account for L2 overhead).
Then you can prioritize your traffic as needed.
e.g.
policy-map parent
shape average 20000000
service-policy child
policy-map child
class VoIP
priority percent 10
class class-default
fair-queue
int Ethernet #
service-policy output parent
One issue that's difficult to address, is the inbound on your Internet. You can try policing non-VoIP to leave bandwidth for VoIP, but as the policer is downstream, this isn't a hard guarantee.
policy-map InetIN
class VoIP
class class-default
police average 20000000
03-07-2014 07:59 AM
I'm a bit confused due to being new to this.
I need to create a class-map to map out the VoIP specific traffic...
Ok just to back track a bit, if you look at my config I have all my external traffic in access-list 106 (including the VoIP sip/rtp) which is applied to the external interface G/0. From what you're saying if I am reading it right, I need to apply the policy-map parent to the FastEthernet 0 and 1 (The local lan vlan and remote building vlan)?
If that's the case my access-list 106 would not be usable on the FastEthernet interfaces (plus it has all the other access for all traffic). So how should I go about creating the class-map to be used on the FastEthernet interfaces? Create another access-list with permits for ports 5060, 5091-5092, and 10000-20000?
The policy-map InetIN would be used on G/0?
03-07-2014 11:28 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, you need a class map to match your VoIP traffic. You might match on DSCP marking, if phones are setting them correctly, or you might use NBAR to match VoIP traffic, or . . .
e.g
class-map VoIP match-any
match protocol
match ip dscp EF
match access-group
You want egress policies on your "WAN" interfaces. Your diagram doesn't note interfaces, so I cannot confirm what they are.
You also want the Internet policer policy on you Internet "WAN" interface. Again, unable to confirm you port.
03-07-2014 11:43 AM
I'll play with this over the weekend. Appreciate the help.
Just to note my config is an attachment in the first post.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: