Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
870
Views
0
Helpful
1
Replies

Best practices for applying QoS for VoIP over network-plus VPN?

cclarkacs
Level 1
Level 1

‎01-14-2011 04:13 PM

I have several 871 routers scattered around in various soho offices.  At each location there is an IP phone so I would like to set up some QoS  to give the users a fighting chance at reasonable voice quality.

My  EZVPN clients (the routers) are set up in Network-plus mode and are  using Virtual-Tunnel interfaces which carry the tunnel. In the past I  have applied outbound QoS policies (generic SDM policies that prioritize  voice) to the Virtual-Template interface but nothing else. I've noticed  that I cannot monitor this interface in Cisco Configuration  Professional. Here is the config for the VTI

interface Virtual-Template1 type tunnel
  bandwidth 500
  no ip address
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  tunnel mode ipsec ipv4
  service-policy output SDM-QoS-Policy-2

I thought  about applying the QoS policy to the actual physical outside WAN  interface, which on a 871 is Fa/4. However, I don't think that will work  because if I understand things correctly, then the physical interface  is carrying the Virtual-Tunnel interface, which being encrypted wouldn't  expose the DSCP tags to the physical interface's policies. Is that  correct?

So in the scenario of branch/remote office  with IP phones, what is the recommended general config for QoS. What  interfaces would you apply it to when virtual-templates are being used  for the VPN tunnels, and how would one monitor the statistics of this  virtual interface?

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎01-15-2011 12:15 PM

To be honest it's quite futile to apply QoS over VPN's - as really the only thing you are doing is making sure that time sensitive packets are given some priority leaving the router, Once it's encrypted and out in the internet you have NO control.

The other issue is you are using a virtual interface - an interface that does not really exist cannot really get congested! theoretically JMTPW

I create a policy to "shape" the traffic to my lowest circuit speed (my WAN circuit) in my shaping policy I give priority to voice audio/signalling and video etc.  This way the virtual interface has a fighing chance on acutally doing something.

HTH>

0 Helpful
Customers Also Viewed These Support Documents