Solved: videoconferencing-Qos

Shibu1978 · ‎12-25-2012

Hi,

We are having the attached videoconferencing setup (Polycom) with our branch office. This setup is working fine over site to site vpn tunnel and we see a better voice & video quality all the time except during peak hours.

Since we are sharing this 20 mb link with other office usage we find video freezing and voice disturbance when bandwidth crosses the threshold limit. hence we are planing to put Qos to gurantee bandwidth for videoconferncing all the time. There should be 4mb bandwidth dedicated to

videoconferncing at all the time even during full congestion on the internet link.

I think we need to configure qos both in ASA and router. what would be the best way to acheive this...could some one help us.

Thanks

Reza Sharifi · ‎12-25-2012

Hi,

You can try remarking the traffic on the incoming port from the Polycom. And then trust that marking (DSCP)in your layer-3 links and also reserve bandwidth for it if you want to:

something link this:

Cos 4 and DSCP 34 which I think is typical COS for videoconferencing

map from 4 to 34

apply below config to the incoming interface using a service policy

policy-map Remark

class Video-VTC

set dscp 40

class-map match-any Video-VTC

match dscp 34

match cos 4

apply below config to the outgoing interface using a service policy

policy-map outgoing-interface

class Video-VTC

bandwidth percent 25

View solution in original post

Joseph W. Doherty · ‎12-26-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

At the moment we have to use the shared internet for Videoconferencing as we dont have any other link for this purpose.

Yes, I understand, but doing so may make it practically impossible to guarantee Video conferencing performance.

We will our do our best to mark /send out Video packets to ISP ....rest all up to them.

Unless the ISP has made some commitment to you about providing QoS based on ToS markings, you'll likely receive no benefit across the ISP network due to your markings. (NB: most ISPs, by default, ignore ToS markings.)

class-map match-all vpntraffic match  dscp ef
 match  dscp af31
 match  dscp af41
class-map match-all http
 match access-group 102

policy-map outbound-policy class vpntraffic
  bandwidth percent 35

interface FastEthernet0/1 description Du_ILL_20Mbps
 bandwidth 20480
 ip address 94.*.*.* 255.255.255.248
 load-interval 30
 duplex auto
 speed auto
 service-policy output outbound-policy

For the above, you probably should shape for the 20 Mbps; the bandwidth 20480 doesn't rate limit your 100 Mbps.

From the above, I presume you're allocating about 7 Mbps for ALL your "special" VPN traffic and leaving the rest for non-"special" VPN traffic and/or non-VPN traffic. First (again) this policy won't engage until you congest at 100 Mbps and second you really want to prioritize real-time traffic even within you overall VPN allocation (and third, if you can't manage or control ingress bandwidth, video conferencing is likely not to work well at all times).

View solution in original post

Reza Sharifi · ‎12-25-2012

Hi,

You can try remarking the traffic on the incoming port from the Polycom. And then trust that marking (DSCP)in your layer-3 links and also reserve bandwidth for it if you want to:

something link this:

Cos 4 and DSCP 34 which I think is typical COS for videoconferencing

map from 4 to 34

apply below config to the incoming interface using a service policy

policy-map Remark

class Video-VTC

set dscp 40

class-map match-any Video-VTC

match dscp 34

match cos 4

apply below config to the outgoing interface using a service policy

policy-map outgoing-interface

class Video-VTC

bandwidth percent 25

Shibu1978 · ‎12-25-2012

Thanks for the reply.

The connectivity is like below

Polycom(VC)-----Cisco3560Sw(Access) ---4503-sw(Core Sw)----ASA5520-------cisco 2811 rtr-------Internet

Cos 4 and DSCP 34 which I think is typical COS for videoconferencing

map from 4 to 34 apply below config to the incoming interface using a service policy

I think above mapping is to be done on the Core SW as this is the incoming SVi interface for the VC vlan.

Is it good to do bandwidth allocation in ASA? will it work?

Joseph W. Doherty · ‎12-26-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If you're "sharing" Internet bandwidth, especially with usual Internet access, without QoS on the ISP side of your links, you cannot guarantee bandwidth for your video stream. You can discuss the possibility of obtaining QoS support with your ISP(s); most ISPs will not provide it. Or, you might consider obtaining another set of Internet links that you can dedicate for your video.

If you're not "sharing" Internet bandwidth, i.e. all the bandwidth is dedicated for VPN site-to-site, then you can often implement QoS to manage bandwidth for your applications. Unfortunately, I'm not familiar with ASAs so I'm unable to suggest or recommend how QoS might be configured for them or whether it's even possible to satisify your needs. However, your edge 2811s, if they can "recognize" your video stream might be able to support what you need. If they can, you need an outbound policy like what Reza posted although if the interface isn't actually 20 Mbps or implicitly shaped (your later post mentions a VC - what kind of VC?), then you need to shape for your 20 Mbps before reserving bandwidth for your video. Additionally, if your video "averages" 4 Mbps, for real-time video like video conferencing, you'll want to allocate more bandwidth, so that the average is about 2/3 of what's allocated, e.g. for 4 Mbps you'll want about 6 Mbps.

Shibu1978 · ‎12-26-2012

Thanks for the reply.

At the moment we have to use the shared internet for Videoconferencing as we dont have any other link for this purpose.

We will our do our best to mark /send out Video packets to ISP ....rest all up to them.

We are having Polycom device for VC. the below is the configuration done at the perimeter router. hope this give enough bandwidth for VC.

=====

class-map match-all vpntraffic

match dscp ef

match dscp af31

match dscp af41

class-map match-all http

match access-group 102

!

policy-map outbound-policy

class vpntraffic

bandwidth percent 35

!

interface FastEthernet0/1

description Du_ILL_20Mbps

bandwidth 20480

ip address 94.*.*.* 255.255.255.248

load-interval 30

duplex auto

speed auto

service-policy output outbound-policy

Joseph W. Doherty · ‎12-26-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

At the moment we have to use the shared internet for Videoconferencing as we dont have any other link for this purpose.

Yes, I understand, but doing so may make it practically impossible to guarantee Video conferencing performance.

We will our do our best to mark /send out Video packets to ISP ....rest all up to them.

Unless the ISP has made some commitment to you about providing QoS based on ToS markings, you'll likely receive no benefit across the ISP network due to your markings. (NB: most ISPs, by default, ignore ToS markings.)

class-map match-all vpntraffic match  dscp ef
 match  dscp af31
 match  dscp af41
class-map match-all http
 match access-group 102

policy-map outbound-policy class vpntraffic
  bandwidth percent 35

interface FastEthernet0/1 description Du_ILL_20Mbps
 bandwidth 20480
 ip address 94.*.*.* 255.255.255.248
 load-interval 30
 duplex auto
 speed auto
 service-policy output outbound-policy

For the above, you probably should shape for the 20 Mbps; the bandwidth 20480 doesn't rate limit your 100 Mbps.

From the above, I presume you're allocating about 7 Mbps for ALL your "special" VPN traffic and leaving the rest for non-"special" VPN traffic and/or non-VPN traffic. First (again) this policy won't engage until you congest at 100 Mbps and second you really want to prioritize real-time traffic even within you overall VPN allocation (and third, if you can't manage or control ingress bandwidth, video conferencing is likely not to work well at all times).

Shibu1978 · ‎12-26-2012

Thanks for the reply again.

Videoconferencing works well all the time.

But we face issue only when the bandwidth touches 20mb or close to 20Mb. luckily rest all times VC works fine.

For the above, you probably should shape for the 20 Mbps; the bandwidth 20480 doesn't rate limit your 100 Mbps

How do i shape for the 20mbps? could you help

From the above, I presume you're allocating about 7 Mbps for ALL your "special" VPN traffic and leaving the rest for non-"special" VPN traffic and/or non-VPN traffic. First (again) this policy won't engage until you congest at 100 Mbps and second you really want to prioritize real-time traffic even within you overall VPN allocation (and third, if you can't manage or control ingress bandwidth, video conferencing is likely not to work well at all times).

If that case is there any way we can prioritise the above dscp values so that these values will be served first irrespective of the link usage. can we do it

Thanks

Joseph W. Doherty · ‎12-27-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Amend your config to be similar to:

policy-map outbound-policy-shape

class class-default

shape average 20000000

service-policy outbound-policy

interface FastEthernet0/1

service-policy output outbound-policy-shape

Again, since you're "sharing" bandwidth - no guarantee whether the above will mitigate your issue.

Shibu1978 · ‎01-03-2013

Sorry for being late to reply.

Thanks to all for your inputs.

After amending the suggested configurations on to the device i can now see EF packets are matching . but other two values are not being marked.

RTR2800-1#sh policy-map interface fa0/1

FastEthernet0/1

Service-policy output: VPNOUTBOUND

Class-map: VPNOUTBOUND (match-any)

2641274 packets, 345188496 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: dscp ef (46)

2641274 packets, 345188748 bytes

30 second rate 0 bps

Match: dscp af31 (26)

0 packets, 0 bytes

30 second rate 0 bps

Match: dscp af41 (34)

0 packets, 0 bytes

30 second rate 0 bps

Queueing

Output Queue: Conversation 265

Bandwidth 30 (%)

Bandwidth 6144 (kbps)Max Threshold 64 (packets)

(pkts matched/bytes matched) 35/4394

(depth/total drops/no-buffer drops) 0/0/0

Below is the packet flow.

Polycom(VC)-----Cisco3560Sw(Access) ---4503-sw(Core Sw)----ASA5520-------cisco 2811 rtr-------Internet

As Reza suggested I have not done remarking the traffic on the incoming port from the Polycom. Is it now required as i am seeing the matching on EF packets?

Thanks

Joseph W. Doherty · ‎01-04-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Reza suggested  I have not done remarking the traffic on the incoming port from the Polycom.  Is it now required as i am seeing the matching on EF packets?

Well that depends whether the EF marking is attached to the Polycom's packets and whether you want to use this marking for the video traffic. (NB: normally EF is just used for VoIP bearer traffic. Sometimes for other "like" traffic, as perhaps video conferencing audio.)

BTW, I believe the Polycom units often ofter a setup where you can specify how their traffic is to be marked.

Shibu1978 · ‎01-04-2013

Hi,

I can see the attached default Qos setup with Polycom device.

Joseph W. Doherty · ‎01-04-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Well going by your Polycom's default setup, if you want to match the Polycom's markings, you'll need to match on IP Precedence 3, 4 and 5. You can treat each of them differently if you like to.

You might, if possible, consider using DSCP markings.