12-14-2011 11:16 AM
Grettings!
I set up a full mesh LAN-to-LAN VPN for a client with 4 sites. Each site has an ASA 5505 running 8.2(5). Site-to-site VoIP traffic runs in the VPN tunnels, as well as traffic to/from a file-server located at the main site. There are two back-up servers, one at the main site and one at a remote site. The main site has 2 bonded T1s and the other three sites have a single T1.
How should I go about setting up my QoS?
My top requirement is that VoIP traffic will never be pushed out of the way for data traffic. My secondary consideration is to give more preference to file-server traffic than to web traffic and to make back-up traffic the least important. I'm currently researching to see if the VoIP provider is DSCP marking EF on the VoIP traffic, but I am going to assume they are for now. I know the IP of the file-server and back-up servers.
Based on my first readings, I'm thinking I need a hierarchical priority que.
Thanks
12-15-2011 11:06 AM
SD has 16 VoIP phones in active use. I want to guarantee each phone 64000bps, meaning 1024000bps guaranteed(prioritized) for VoIP traffic. With the remainder of bandwidth at SD (3000000-1024000) 1976000bps, I want to shape near as possible to 32% for Filemaker traffic, 8% for Crashplan traffic, and 60% for other/web.
Is this config valid? Will it suit my needs?
ip access-list extended OUTBOUND-FILEMAKER-TRAFFIC-ACL permit tcp host 192.168.0.9 any eq 5033
ip access-list extended OUTBOUND-CRASHPLAN-TRAFFIC-ACL permit tcp host 192.168.0.9 any eq 4242
ip access-list extended SD-CV-VOIP-ACL permit ip host 192.168.0.7 host 192.168.1.7
ip access-list extended SD-ST-VOIP-ACL permit ip host 192.168.0.7 host 192.168.2.7
ip access-list extended SD-OC-VOIP-ACL permit ip host 192.168.0.7 host 192.168.3.7
priority-queue outside
class-map SD-CV-VOIP-CLASS
match tunnel-group 2.2.2.2
match dscp ef
(or match access-list SD-CV-VOIP-ACL)
class-map SD-ST-VOIP-CLASS
match tunnel-group 3.3.3.3
match dscp ef
(or match access-list SD-ST-VOIP-ACL)
class-map SD-OC-VOIP-CLASS
match tunnel-group 4.4.4.4
match dscp ef
(or match access-list SD-OC-VOIP-ACL)
class-map FILEMAKER-CLASS
match access-list OUTBOUND-FILEMAKER-TRAFFIC-ACL
class-map CRASHPLAN-CLASS
match access-list OUTBOUND-CRASHPLAN-TRAFFIC-ACL
policy-map VOIP-PRIORITY-MAP
class SD-CV-VOIP-CLASS
priority
class SD-ST-VOIP-CLASS
priority
class SD-OC-VOIP-CLASS
priority
policy-map INTERFACE-TOTAL-POLICY-MAP
service-policy VOIP-PRIORITY-MAP
class FILEMAKER-CLASS
shape average 632000
class CRASHPLAN-CLASS
shape average 152000
class class-default
shape average 1184000
service-policy INTERFACE-TOTAL-POLICY-MAP interface outside
12-21-2011 09:41 AM
There is something (maybe obviously) wrong with the above configuration. I will not be able to use the access-lists I wanted to use to match the traffic for the classes. First, it is not allowed to match access-lists (at least it wasn't on the ASA5505 8.2(5) I was using), and second the access-lists would never get hit on the outside interface because the traffic is all encapsulated in the IPSec packets. So the client needs to install DSCP marking capable LAN switches.
Until that time we will prioritized VoIP traffic, since we know it is DSCP EF marked. We will take a position of prioritizing 20% of total bandwidth since it approximates the needs pretty well. With 3000000bps total bandwidth at SD, 20% prioritization means 600000bps. This translates into prioritizing about 15 calls using 40000bps for each call (codec being used is G729).
Here is the config:
priority-queue outside
class-map SD-CV-VOIP-CLASS
match tunnel-group 2.2.2.2
match dscp ef
class-map SD-ST-VOIP-CLASS
match tunnel-group 3.3.3.3
match dscp ef
class-map SD-OC-VOIP-CLASS
match tunnel-group 4.4.4.4
match dscp ef
policy-map VOIP-PRIORITY-MAP
class SD-CV-VOIP-CLASS
priority
class SD-ST-VOIP-CLASS
priority
class SD-OC-VOIP-CLASS
priority
policy-map QOS-POLICY-INTERFACE-MAP
service-policy VOIP-PRIORITY-MAP
class class-default
shape average 2400000
service-policy QOS-POLICY-INTERFACE-MAP interface outside
Comments? Ideas? Suggestions?
Thanks
12-21-2011 10:43 AM
During configuration it looks like this:
policy-map QOS-POLICY-INTERFACE-MAP
service-policy VOIP-PRIORITY-MAP
class class-default
shape average 2400000
..must be configured like this instead:
policy-map QOS-POLICY-INTERFACE-MAP
class class-default
shape average 2400000
service-policy VOIP-PRIORITY-MAP
12-09-2013 06:38 PM
I have the same problem.what were you do ? could you share you configuration?Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide