how-to block ads
|
| | | | FAQ Revisions | Editors: skj  , Covenant , aryoba , Phraxos
Last modified on 2009-11-27 07:30:01
| |
|
|
50.7 QoS and Voice over IP·Deploying VoIP - An Introduction
·Introduction to Voice over IP
·QoS Basic
·How do I configure QoS for VoIP?
·Improving Performance of Cable/DSL Internet using QoS
·Router runs VoIP, Bit Torrent, Online Gaming; DynDNS - QoS Sample Configuration
·Cisco References
·Call Manager Express (CME) Sample Configuration
·Troubleshooting QoS
| | | »Cisco Interconnect
»[HELP] TDMOIP
 feedback form
 feedback form
by aryoba
last modified: 2009-10-10 05:47:08 | | | »Phone System
»SIP long distance plan for enterprise IP-PBX
»General Q's about Cisco VoIP
»[HELP] Cisco CallManager Setup
»[Other] Cisco Call Manager
»[voice] sip broker with cucme?
feedback form
feedback form
by aryoba
last modified: 2009-08-23 18:05:08 | | | Introduction To QoS
»QoS on WAN
Cisco Implementation
How to implement QoS network using Cisco
Discussion and Sample Configuration
»seting up an ISP for my builing
»851 for QoS/VoIP?
»[Config] QOS Questions
»differences in policy maps and qos from router to switch
»Traffic shaping question
»[Config] Traffic Shaping on ATM interface
feedback form
feedback form
by aryoba
last modified: 2009-10-12 09:20:52 | | | The information posted here is a summarized version of the Cisco AVVID QoS Design Guide. The person who posted this is not liable for any network problems or any damage caused by configuring their router to the following specification. If in doubt, open up a Cisco TAC case where a Cisco Engineer will get in touch to help you implement or troubleshoot your design or issue respectively. You may also ask the Cisco forum community for any advice but community accept no liability for any recommendations made which are then implemented.
The example below is using a Cisco 79xx IP Phone, 2924 Switch (12.0(5)XU EN, and a 2600 Router (12.2(11)T IP/FW/IDS PLUS IPSEC 56). Make sure the versions of IOS that you're running support the commands used before implementing in a production environment. It also assumes that you are using separate VLANs for data and voice (VLAN 100 for data, and 101 for voice).
This example assumes the following network setup:
PC--->79xx---->2924---->2600---->Internet
Configuring the 2924 Switch:
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100 !this is the data vlan
switchport mode trunk
switchport voice vlan 101 !the vlan for voice
spanning-tree portfast
switchport priority extend cos 0
speed auto
!
The above port configuration allows for both voice and data traffic from separate vlans. Cisco IP Phones automatically support 802.1q trunking and 802.1p COS tagging, which will tag all outgoing voice traffic with an L2 COS of 5, and a L3 IP Precedence of 5. The 'switchport priority extend cos 0' ensures that all data traffic has it's L2 COS tag re-classified as 0. This will ensure a PC connected to the phone is not also classifying its traffic.
Additionally, if your switch supports inline power, add the following to the above configuration: 'power inline auto'
NOTE: The 'speed auto' command is extremely important. Cisco IP phones default to auto-negotiation for speed and duplex.If the switch port is set to 100baseT full-duplex, the IP phone automatically sets its port to 100baseT half-duplex, causing a duplex mismatch.
Configuring the 2600 router:
The first thing we need to do is define access-lists to match our voice traffic. We will create 2 extended ACLs, one for the voice RTP traffic, and one for the voice signaling traffic.
For Skinny, H.323, MGCP:
!signaling traffic
access-list 101 permit tcp any any range 2000 2002
access-list 101 permit tcp any any eq 1720
access-list 101 permit tcp any any range 11000 11999
access-list 101 permit udp any any eq 2427
!
!RTP traffic
access-list 102 permit udp any any range 32767
For SIP/IAX/IAX2:
!signaling traffic
access-list 101 permit udp any any eq 4569
access-list 101 permit udp any any eq 5036
access-list 101 permit udp any any eq 5060
!
!RTP traffic
access-list 102 permit udp any any range 16384 32767
NOTE: You may also use a 'permit ip 1.1.1.0 0.0.0.255 any' command on the signaling access-list to match all hosts in a particular subnet, assuming all IP phones are on the same subnet and their own vlan.
Next, we create class maps for each type of traffic:
!
class-map match-all voice-traffic
match access-group 102
!
class-map match-all voice-signaling
match access-group 101
!
Then create a policy map for the classes:
!
policy-map qos-voice
class voice-traffic
priority 240
class voice-signaling
bandwidth 16
class class-defult
fair-queue
!
The policy-map on the router places all voice traffic into the Priority Queue, which is given 240kbps of bandwidth. All signaling traffic is in a class-based queue with 16kbps of bandwidth. And all other traffic is queued using Weighted Fair Queuing.
To determine how much bandwidth to give to voice traffic:
Number of simultaneous calls X 80 (for g711u)
Number of simultaneous calls X 11 (for g729)
Finally, apply the policy to the interface:
!
interface FastEthernet0/0
service-policy output qos-voice
!
NOTE: If you are using sub-interfaces, applying the policy to the fa0/0 interface will also apply it to all sub-interfaces (i.e. fa0/0.1, fa0/0.2 etc.) To apply a QoS service-policy to a specific sub-interface refer to this Cisco link.
Applying QoS Features to Ethernet Sub-interfaces
As Qos is generally configured on outgoing traffic, it will help if you have control over both sides of the link. You can also apply rate limiting to inbound traffic if you so choose, however it will only work with TCP traffic.
!
interface Serial0/0
rate-limit input 1408000 8000 8000 conform-action transmit exceed-action drop
This will allow no more than 1408kbps through; any excess will be dropped. Again, this only works for TCP traffic, since dropped packets will cause the sender to back off and try again slower.
-b
feedback form
feedback form
by nozero edited by aryoba
last modified: 2009-04-21 09:32:16 | | | Thank you for mplex for the submission.
said by mplex :
Since I have done a lot of QoS at work lately, I wanted to post a good solution that home users can use to improve the performance of their high speed connection when your outbound traffic rate is congested. It could be congested due to P2P traffic, a home server or anything. Regardless, if your upstream traffic is congested (and that is likely with the pathetic upload speeds on most home connections), latency will increase and everything will be sluggish. Hopefully, this will help.
Below are two qos queuing strategies for home users with slow uplinks on cable and DSL Internet. The first one is simple to implement generally performs well (fair queuing). Fair queuing is complicated to explain but easy to understand. It divides traffic in to flows and throttles heavy flows to allow room for smaller ones. In general, this will keep pings, ssh/telnet, VPN traffic etc responsive while cutting back P2P traffic and other aggressive traffic to make room.
For all of this to work, you have to tell the router how much upstream bandwidth you have, otherwise it will think you have a 10mbit or 100mbit link rather than a 256k WAN link. The best way to achieve this that I have found is Hierarchical Class Based Weighted Fair Queuing (CBWFQ). It's a mouth-full for sure, but in reality it is a simple flexible system for implementing QoS.
The first solution does no classification at all, rather it implements the fair queueing strategy in hopes that it can differentiate between different traffic and give everything a fair share.
!! This policy sets up your general queuing strategy for your WAN interface, which is only fair-queue in this case
policy-map fair-queue-child
class class-default
fair-queue 128 !! 128 allows more active flows than default
!! This policy queues the above policy at a specified rate of 200k
policy-map fair-queue-parent
class class-default
shape average 200000
service-policy fair-queue-child
!! Apply the policy to the physical outbound interface on your router
interface Fa0
service-policy output fair-queue-parent
If you need to change the shape average rate to a lower number, you have to first remove and reapply the policy on the interface for it to take effect.
Note: The command shape average 200000 is extremely important. This is the rate at which outbound traffic will leave your router. This only takes in to account IP packets, and none of the Ethernet/DOCSIS/PPP overhead that is included in that number your ISP quotes as your upload speed. You may also find that the amount of upstream bandwidth you can reliably get may very depending on time of day. This is just your ISP cheating you and the downside of shared bandwidth. Regardless, you will need to tweak your speed to a rate you are happy with. I usually load up a P2P program, then start pinging a reliable router upstream. When it's all said and done, with my 384k connection, the above number of 200k is the only reliable amount of bandwidth I get in the area I live now so don't be suprised to find out your ISP is no good. Here are the results I get without the fair-queue-parent policy applied:
60 packets transmitted, 60 received, 0% packet loss, time 59030ms
rtt min/avg/max/mdev = 371.506/989.091/1625.488/328.546 ms, pipe 2
As you can see, no packet loss, but performance was horrible
Now here are the results with the policy applied:
60 packets transmitted, 60 received, 0% packet loss, time 59080ms
rtt min/avg/max/mdev = 41.084/150.854/614.971/123.688 ms
Here's the applied policy output: sh policy-map int fa0
FastEthernet0
Service-policy output: fair-queue-parent
Class-map: class-default (match-any)
2888 packets, 1763229 bytes
30 second offered rate 185000 bps, drop rate 2000 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
200000/200000 2000 8000 8000 40 1000
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 63 2780 1638576 2768 1635385 yes
Service-policy : fair-queue-child
Class-map: class-default (match-any)
2888 packets, 1763229 bytes
30 second offered rate 185000 bps, drop rate 2000 bps
Match: any
Queuing
Flow Based Fair Queuing
Maximum Number of Hashed Queues 128
(total queued/total drops/no-buffer drops) 63/43/0
The average pings dropped to 150ms; that would be voice quality if it wasn't for the jitter. Still, most people will see a marked improvement implementing fair queuing. If you are a hardcore gamer or remote shell user, you won't be happy until performance is a consistent sub 100ms. For that, it gets a little more complicated.
You could do something like this:
!! Make an access list to match your game/shell traffic etc (This isn't enough to do it)
access-list 101 permit icmp any any
access-list 101 permit udp any any
!! Make a class for that traffic to match your ACLs
class-map match-any important
match access-group 101
!! Edit your existing policy to add the new class
policy-map fair-queue-child
class important
priority [or bandwidth] percent 50
Then remove and re-add the policy to the interface. See it working with the sh policy-map interface fa0 command.
That will setup a strict priority queue for that traffic and always service it first. The downside to using priority is that during times of congestion, priority acts as a policer and caps the traffic class to 50% of the total bandwidth under the parent policy. One way to get around this is setting priority at something like 80%. All the unused bandwidth will be shared proportionally among other classes including the default class. One thing to remember is that you can only have one priority queue. You need to use the bandwidth command under all other classes (otherwise, everything using priority will share the same queue). The bandwidth command uses a round robin mechanism to service the queues proportional to the percentage of bandwidth they have. The default class always gets what's left.
In the real world, the difference between priority and bandwidth is small and some routers don't support it. The policing action is enough to scare me away from using it for anything but udp traffic and small tcp traffic if at all. I also would not use it for large TCP packets since it will share space with your low latency traffic like game traffic and slow it down if it gets ahead of it in the queue.
Using a similiar but more complicated strategy (it still queues low latency for icmp), I get these results with a fully congested link:
60 packets transmitted, 60 received, 0% packet loss, time 59075ms
rtt min/avg/max/mdev = 30.732/60.634/107.809/17.917 ms
So I cut my ping rates by more than half. The average ping rates with no traffic is about 40ms to that location so there is roughly 20ms of overhead on a congested link. Those delays are more likely to be from the docsis timings rather than my router so this is likely the best performance I would think you could get. I can get a little better if I police my P2P traffic at a lower rate as seen below.
The policy below is the one I use. To be honest, it's a mess. Some of the descriptions are wrong and some traffic is probably in the wrong place, but that's because I've edited it so many times for my setup. I would only base your own policy loosly on this one and make your own classes. Just remember to have a maximum of 4 or so classes. Anymore will have strange results. You have to think of how the your traffic will compete for different classes at different times and whether you want that.
access-list 110 remark Management
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any echo-reply
access-list 110 permit tcp any any range 22 telnet
access-list 110 permit tcp any range 22 telnet any
access-list 110 permit tcp any any eq 3389
access-list 110 permit tcp any eq 3389 any
access-list 110 deny udp any eq 10000 any !! I want VPN in a seperate class
access-list 110 deny udp any any eq 10000
access-list 110 permit udp any any
!
access-list 120 remark VPN
access-list 120 permit udp any any eq 10000
!
access-list 130 remark Web
access-list 130 permit tcp any any eq www
access-list 130 permit tcp any eq www any
!
access-list 140 remark File Sharing (FS)
access-list 140 permit tcp any any range 6881 6886
access-list 140 permit tcp any range 6881 6886 any
access-list 140 permit tcp any any eq 2234
access-list 140 permit tcp any eq 2234 any
access-list 140 permit tcp any range 4661 4662 any
access-list 140 permit tcp any any range 4661 4662
access-list 140 permit tcp any any eq 1214
access-list 140 permit tcp any any eq 6880
access-list 140 permit tcp any eq 6880 any
class-map match-any nbar-fs
match protocol bittorrent
match protocol kazaa2
match protocol gnutella
match protocol fasttrack
match protocol edonkey
match access-group 140
class-map match-all class2
description [VPN/UDP]
match access-group 120
class-map match-all class3
description [web traffic/other tcp]
match access-group 130
class-map match-all class1
description [SSH/ICMP/RDP]
match access-group 110
policy-map shaped
class nbar-fs
bandwidth percent 5
police cir 140000 bc 1500
conform-action transmit
exceed-action drop
violate-action drop
class class1
priority percent 30
class class2
bandwidth percent 30
queue-limit 16
class class3
bandwidth percent 25
queue-limit 32
class class-default
fair-queue
policy-map shaper
class class-default
shape average 220000
service-policy shaped
interface FastEthernet0
description [WAN-Comcast]
service-policy output shaper
Sample Configuration
»Cisco Forum FAQ »Router runs VoIP, Bit Torrent, Online Gaming; DynDNS - QoS Sample Configuration
Discussion
»1760s+T1 QoS not working?
feedback form
feedback form
by aryoba
last modified: 2009-01-22 15:21:13 | | | Suggested prerequisite reading
»Cisco Forum FAQ »How do I configure QoS for VoIP?
»Cisco Forum FAQ »Improving Performance of Cable/DSL Internet using QoS
The biggest challenge running Bittorrent application is that it is very hungry bandwidth application. If your Internet router is doing NAT/PAT, you can also see how extensive Bittorrent applications in using NAT/PAT process and fill up the NAT/PAT table very quickly. In the end, your router might not be able to keep up and then fail to work.
Since the Bittorrent application is very hungry bandwidth one, then the key to have manageable network connection is to apply Quality of Service (QoS). This QoS application is very significant especially when you run high-priority applications such as Voice over IP (VoIP) and some public servers to provide (as example) web and mail services.
Following is sample configuration of how to have manageable network connection when the network run Bittorrent, VoIP, and other applications such as Online Gaming. The sample configuration should work on any hardware. This configuration has been applied to cheapo 827 router and works fine.
Pre-requisites:
the router supports named ACLs
the router has a 12.4 IOS (not sure about other versions, feel free to try and let me know)
The configuration supposes you assign IP range 192.168.254.0/24 to the LAN
192.168.254.129 to 192.168.254.191 are assigned by DHCP to non static IP machines
192.168.254.11 is assigned to the VoIP ATA (in the exemple below, a Wengo ATA called Wenbox
192.168.254.1 is my Server for DNS, WINS, NTP and TFTP. Replace by the correct IPs (Local LAN or your ISP addresses)
Notes on Outbound Policy Shaping Implementation:
* Ethernet0 is the physical interface LAN side that receive the traffic
* ATM0 is the physical interface WAN side that send the traffic out to the ISP
* Dialer1 is the logical interface WAN side that controls the Layer-2/3 (PPP and IP) management of the ATM0 interface
* Since the physical WAN interface is the ATM0, then you need to implement outbound policy shaping on the ATM0 to actually execute the queueing/shaping/policing functions
* Implement outbound policy shaping on Dialer1 interface (the logical WAN interface) won't make differences. The issue is that once the data has been encapsulated into PPPoX (PPPoA or PPPoE) there is no proper identification as the traffic goes out the Dialer interface. By tagging the packets as they come into the inside interface with a unique precedence or DSCP value prior encapsulation, it should provide the ability for proper decision making as the packets exit the outside interface.
Sample Configuration
Note:
Peer-to-Peer (P2P) protocols such as Bittorrent and eMule/eDonkey could use any TCP/UDP port numbers and not specifically from port 6881 to 6889 for Bittorrent or port 4662/4672 for eMule/eDonkey. Therefore you might need to implement NBAR (Network Based Application Recognition) for better approach of controlling P2P traffic. Check out the following FAQ for more info.
»Cisco Forum FAQ »Restrict Traffic Flow including P2P (Peer to Peer) using NBAR: An Overview
More sample configurations and discussions
»[HELP] Cisco 877 VOIP QoS & ASA5505
»[Config] Question about QoS Priority and Policing
»[Config] Setting up QOS/prioritisation on an 877
»[Config] QoS+VoIP on a Cisco - sample config
»VoIP issues with my Cisco 831. (torrents & pulsing voice)
feedback form
feedback form
by LilYoda edited by aryoba
last modified: 2009-03-11 14:56:20 | | | LLQ (Shaping) Sample Configuration
»www.cisco.com/en/US/tech/tk1077/···1b.shtml
»www.cisco.com/en/US/tech/tk39/tk···e5.shtml
Between Traffic Shaping and Policing
»www.cisco.com/en/US/tech/tk543/t···25.shtml
Enterprise QOS Solution Reference, Network Design Guide (pdf)
»www.cisco.com/application/pdf/en···b062.pdf
feedback form
feedback form
by aryoba
last modified: 2007-06-04 15:29:16 | | | Contribution of Covenant
To work with SIP phones, SCCP phones and a GSM gateway to use a SIP trunk from an ITSP
1.) Allow H.323 to H.323, SIP to SIP and between each other and set the domain for the ITSP. Translation rule to discard the "9" is also setup below:
2.) Setup SIP user agent configuration parameters.
4.) A dial-peer is created as a SIP trunk to the SIP server within voipcheap.com's domain and also to the GSM-VoIP gateway.
Contribution of ladino
1) Configure Voice mail via your Provider
2) Configure Outbound CLID
3) CFNA - Voice Mail
Inbound calls still just ring and ring until going to a busy signal since there's no voicemail with CME
4) B-ACD
Create a Ring Group & Basic Auto Attendant
When you call the number you can enter the extension directly or hold on the line for an operator (ring all phones)
Cisco CME Basic Automatic Call Distribution and Cisco Unity Express Auto Attendant Interoperation Configuration Example
5) Paging group
More Sample Configurations
»[Config] CallManager Express / IOS Telephony config
»[Info] 2800 as a resedential gateway?
Discussions
»Cisco 2621XM
»[voice] unknown number when dialing
»[HELP] Callmanager Express can not call or be called after regis
»[HELP] cisco cme over vpn
feedback form
feedback form
by aryoba
last modified: 2009-08-16 07:30:55 | | | Auto QoS
»Unexpected side effect of turning QOS on
QoS and WIC-1ADSL module
»Low Latency Queueing Problem With PPPOE(OA?)
feedback form
feedback form
by aryoba
last modified: 2009-10-09 12:06:06 |
|
