01-18-2012 12:00 PM
I have 4 remote sites that are using a ASA as thir firewall / router. I'm setting up a full mesh VPN between all the sites. One of the sites have a UC500 and the other sites access that UC over the VPN tunnels. I would like to set up some basic QoS for the VOIP traffic
Lets say a remote site has 10mb down / 1mb up and I use the following config
ASA(config)# priority-queue outside
ASA(config)# class-map TG1-voice-class
ASA(config-cmap)# match tunnel-group (VPN 2L2 TUNNLE NAME BACK TO UC)
ASA(config-cmap)# match dscp ef
ASA(config-cmap)# policy-map priority-policy
ASA(config-pmap)# class TG1-voice-class
ASA(config-pmap-c)# priority
ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 900000
ASA(config-pmap-c)# service-policy priority-policy
ASA(config-pmap-c)# service-policy shape-priority-policy interface outside
To me this would only limt the VPN to 900kb with 100kn reserved for VOIP but non VPN traffic would not be shapped
I would like to limit all traffic with some reserced space for VOIP and then give it priorty.
Second question:
The site that has the UC will have multiple vpn tunnles coming in from the remote sites. How will I do QoS with voice traffic on that site?
01-18-2012 01:09 PM
01-18-2012 02:25 PM
Thanks for the link but that is where I got my config that I posted above...
The artical didn't answer my questions so I posted here.
01-19-2012 06:12 AM
Any other thoughts on this?
01-19-2012 06:25 AM
OK let me try to explain -
Here two service-policies are configured one is matching VPN voip traffic and another one is global .Inside global policy you have configured
shape average 900000 < This is for match class-default all the traffic which is not matching in any specific class will be matched here. Just in case of congestion remaining BW will be guaranteed for voice.
Thanks
Ajay
01-19-2012 11:59 AM
Thanks that makes some more sense. I still have the second question though, could you help with that?
"
The site that has the UC will have multiple vpn tunnles coming in from the remote sites. How will I do QoS with voice traffic on that site?
"
01-19-2012 12:53 PM
Hi Jason,
You can call multiple calss-map under same policy-map. Here it will be little tricky to allocate the required bandwidth.
So you need to adjust bandwidth for traffic shape.
Thanks
Ajay
01-19-2012 03:27 PM
How should I do that though?
Lets say the site with the UC has 5MB connection UP.
I want to reserve at least 200Kbps for each sites VPN voice traffice
02-01-2012 12:00 PM
Maybe I should ask the question this way.
I have 5 Site to Site VPN tunnels. I want to apply the QoS to all 5 tunnels to limit the speed to %85 and reserver %15 for VOIP.
With my example above I am able to do this if I have one tunnle but not sure how to make it work with more then one tunnel.
I was thinking I could use a match statment that uses a ACL to match all LAN traffic that would be going to the other remote sites but I get the following error:
ERROR: Multiple match commands are not supported except for the 'match tunnel-group or default-inspect-traffic' command.
02-01-2012 12:34 PM
I would say you should calculate total BW required for VOIP and based on that configure shape . Ofcourse you wont like to drop voice calls. QOS will only work when there is congestion else all free to go.
02-01-2012 12:46 PM
How do you apply this type of QoS when there is more the one tunnel in place?
Do I need to make 5 policy maps such as (only made 2 as an example)
class-map TG1-voice-class
match tunnel-group AAA
match dscp ef
class-map TG2-voice-class
match tunnel-group BBB
match dscp ef
policy-map priority-policy
class TG1-voice-class
priority
policy-map shape-priority-policy
class class-default
shape average 14256000
service-policy priority-policy
policy-map priority-policy
class TG2-voice-class
priority
policy-map shape-priority-policy
class class-default
shape average 14256000
service-policy priority-policy
service-policy shape-priority-policy interface outside
So this will limit the upload speed to 14256000 and allow the rest of the BW to VOIP?
02-01-2012 10:04 PM
create multiple class-map like-
class-map TG2-voice-class
match tunnel-group BBB
match dscp ef
call all of them under-
policy-map priority-policy
Thanks
Ajay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide