cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
0
Helpful
4
Replies

VPN QoS Design

de1denta
Level 3
Level 3

Hi,

Please see the attached diagram. We have a main office and 4 remote offices (only showing 1 remote office in the diagram). We are using GRE over IPSec VPNs to the remote offices which terminate on the 2811 router in the main office. We are using the 2811 as it is the only device that we have that can terminate GRE. The 2811 router is connected to the outside switch and is configured with a public IP address. We also have a ASA 5510 in the main office which is connected in the same manner and is used for Web, e-mail traffic etc.

Both the main office and remote offices have a 10Mbps Internet connection.

We have an issue with voice quality between sites as we are finding it difficult to control bandwidth utilization in the main office. When users in the main office download web content it can saturate the 10Mbps Internet connection causing voice quality issues. We have configured outbound shaping on the branch routers to make sure that aggregate inbound traffic from all branches to the main office does not saturate the link but we cannot control traffic from the Internet.

I understand that controlling inbound traffic from the Internet is difficult without controlling QoS on the ISPs side. Is there any way that can reserve inbound bandwidth to ensure that web traffic does not impact voice?

Also in this design, which is the best place to configure outbound QoS from the main office?

4 Replies 4

mikull.kiznozki
Level 1
Level 1

just as a query, how have you configured the QoS on the VoIP traffic? I worked on a smilar issue between a hub and spoke site and all I did was to reserve the bandwidth for the VoIP at each of the sites..

I have configured QoS on the main office Internet edge router by matching EF on the packets from the VPN router and prioritizing using LLQ. I have done the same for the remote offices but using a nested QoS policy with class-default traffic shaping. I have not configured any other policies. This would work well if traffic was just between the 2 sites but we also use the 10Mbps link at the main office for Internet traffic so its difficult to control inbound traffic that's not originating from the remote offices.

How have you reserved the bandwidth for VoIP at each site?

at the spoke site i created 6 channels dedicated for voice and gave it an assured b/w.

note that the link at spoke site used to break out to the internet locally and all i had traversing the ipsec tunnel was the voice and intranet data.

which direction have you configured your traffic shaping at the spoke site mate?

Traffic shaping is configured outbound on the outside interface connected to the Internet