cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1608
Views
0
Helpful
9
Replies

Need help with QoS for VoIP Traffic on Cisco 891

tdubbbers
Beginner
Beginner

Hi All,

We have a Cisco 891 as our gateway router, and a 25Mb Internet connection shared between two buildings. We have a PTP connection connecting another building, where we have another 891 connected via OSPF. We have an external SIP trunk that we use for our primary phone systems, one in each building.

We would like to make sure the VoIP traffic is guaranteed so there is no disturbance to the calls. 2Mb. We have a direct external to internal NAT for each phone system, with ACLs for the specific ports.

New to QoS, not sure if shaping or policing should be used, and if so how and on which interfaces. As long as 2Mb is reserved for VoIP, and the other 23Mb can be shared between everything else.

Attached is an edited copy of the config.

9 Replies 9

Vasilii Mikhailovskii
Rising star
Rising star

Hello.

First of all let me note that 891 is not fast enough to service 25M link with NAT+CBAC+IPSec; I recommend at least 1941!

---

but, if you decide to continue with 891, then:

If you want to implement QoS for voice, then you need LLQ.

Actually if we are talking about QoS you need to worry abount both directions: inbound and outbound.

For inbound direction there is no way to limit incoming traffic from ISP (unless you buy MPLS), so you may forget about QoS over internet. One workaround could be to deploy dedicated WAN link for SIP only.

For outbound you can try LLQ, but it seems to me that you may apply it on G0 interface only (it should be L3 physical [sub]-interface), so in current configuration there is no way to provide QoS between your buildings.

I would suggest to test appling LLQ on sub-interfaces of your G0 (I don't have such a device in lab); if it works - then reconfigure G0 with subinterfaces and apply QoS.

Joseph W. Doherty
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Could you better explain you topology or provide a simple diagram?  I'm confused at you describe a shared 25 Mbps connection between buildings and a p2p connection to another building with another 891.

PS:

In general, if you have any link with less bandwidth then the interface provides, you shape for the available bandwidth and use QoS against the shape queue to manage congestion as you desire, for example, insuring priority for VoIP traffic.

Here is the topology diagram -

https://www.dropbox.com/s/166m519zakdn64w/Diagram.png

Internet connection is on GigabitEthernet0, Building 1 LAN is FastEthernet, and Building 2 is connected via FastEthernet. Both Buildings share the Internet connection. We have an Internet based SIP provider that provides our VoIP service. This is what I would like to prioritze over general Internet traffic.

The link between the two buildings should also be prioritized.

Diagram.png

Joseph W. Doherty
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

I get a blank screen when I link to your drawing reference.  Could you attach to your posting?

Edited above.

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Ah, that helps.

Yes, you'll want to shape all your egress links for 25 Mbps (actually about 15% less, as I believe most shapers don't account for L2 overhead).

Then you can prioritize your traffic as needed.

e.g.

policy-map parent

shape average 20000000

service-policy child

policy-map child

class VoIP

priority percent 10

class class-default

fair-queue

int Ethernet #

service-policy output parent

One issue that's difficult to address, is the inbound on your Internet. You can try policing non-VoIP to leave bandwidth for VoIP, but as the policer is downstream, this isn't a hard guarantee.

policy-map InetIN

class VoIP

class class-default

police average 20000000

I'm a bit confused due to being new to this.

I need to create a class-map to map out the VoIP specific traffic...

Ok just to back track a bit, if you look at my config I have all my external traffic in access-list 106 (including the VoIP sip/rtp) which is applied to the external interface G/0. From what you're saying if I am reading it right, I need to apply the policy-map parent to the FastEthernet 0 and 1 (The local lan vlan and remote building vlan)?

If that's the case my access-list 106 would not be usable on the FastEthernet interfaces (plus it has all the other access for all traffic). So how should I go about creating the class-map to be used on the FastEthernet interfaces? Create another access-list with permits for ports 5060, 5091-5092, and 10000-20000?

The policy-map InetIN would be used on G/0?

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Yes, you need a class map to match your VoIP traffic.  You might match on DSCP marking, if phones are setting them correctly, or you might use NBAR to match VoIP traffic, or . . .

e.g

class-map VoIP match-any

match protocol

match ip dscp EF

match access-group

You want egress policies on your "WAN" interfaces.  Your diagram doesn't note interfaces, so I cannot confirm what they are.

You also want the Internet policer policy on you Internet "WAN" interface.  Again, unable to confirm you port.

I'll play with this over the weekend. Appreciate the help.

Just to note my config is an attachment in the first post.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers