A customer with UC560's and a 4-site multisite configuration built by CCA 2.2(5) is having voice quality issues on multisite calls. I see that the "qos pre-classify" is applied to the WAN interfaces.There are no other quality issues, i.e., the PSTN SIP provider traffic, traffic shaping is enabled and configured on the WAN intfc.
My understanding is that the QOS is not "visible" to any devices AFTER leaving the UC560 because of the IPSEC VPN. Is there a OOB or other method that can be used so that QOS is visible to devices between the UC560's? Testing and the configuration seem to indicate that the problems occurs on the Internet or on the ISP equipment. All sites in the multisite relationship have at least T1 circuits.
Here is some information straight from the QOS SRND to answer some of your questions about preclassify:
QoS for Virtual Private Networks
The QoS for Virtual Private Networks (VPNs) feature is designed for tunnel interfaces. When the feature is enabled, the QoS features on the output interface classify packets before encryption, allowing traffic flows to be adjusted in congested environments. The result is more effective packet tunneling.
The QoS for VPNs feature provides a solution for making Cisco IOS QoS services operate in conjunction with tunneling and encryption on an interface. Cisco IOS software can classify packets and apply the appropriate QoS service before the data is encrypted and tunneled. The QoS for VPN feature allows users to look inside the packet so that packet classification can be done based on original port numbers and based on source and destination IP addresses. This allows the service provider to treat mission-critical or multiservice traffic with higher priority across its network.
To use this feature, the system must be able to configure QoS features.
Configuring QoS for VPNs
The QoS for VPNs feature, which is enabled by the qos pre-classify command, is restricted to tunnel and virtual template interfaces, and crypto map configuration submodes.
For generic routing encapsulation (GRE) and IP in IP (IPIP) tunnel protocols, the qos pre-classify command is applied on the tunnel interface, making QoS for VPNs a configuration option on a per-tunnel basis.
For Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP) protocols, the qos pre-classify command is applied on the virtual template interface. L2TP clients belonging to identical virtual private dial-up network (VPDN) groups inherit the preclassification setting. The qos pre-classify command can be configured on a per-VPDN tunnel basis.
For IPSec tunnels, the qos pre-classify command is applied on the crypto map, allowing configuration on a per-tunnel basis. QoS features on the physical interface carrying the crypto map are able to classify packets before encryption.
To configure the QoS for VPNs feature on a tunnel or virtual interface basis, use the following commands beginning in global interface mode:
Nathan - Thank you for your reponse, the document has been helpful.
Using your document, I have verified that the QoS for VPNs feature is enabled on all of the multisite crypto maps and virtual interfaces. So QoS is being applied to the trafficprior to encryption. After encryption, and after the encrypted traffic leaves the router's WAN interface on its way to its destination over the Internet, is the QoS information on the VPN packets visible to devices on the way to the other sites?
This is where the voice quality problem may be. The ISP has said that QoS is setup in their equipment at each of my locations, but can these ISP devices perform QoS on the traffic while the traffic is VPN traffic? Are the QoS markings on the VPN traffic encrypted with the payload, or are they visible to QoS enabled devices so that it can be prioritized?
Listen: https://smarturl.it/CCRS8E41 Follow us: https://twitter.com/CiscoChampion
Let’s face it: today’s work is hybrid. Making hybrid work requires more than collaboration tools and SaaS applications. It’s about connecting people, dispa...
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.
David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig...
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work.
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l...