Please share your configurations on how you deal with VoIP traffic. Often on this forum, people are asking “how to prioritize voip”. Is anyone successful in doing this? What rules are you using, and did they make significant difference? What do you consider “VoIP traffic” and how do you deal with exceptions to this generalization? Please do not post questions, but observations and experience.
high priority, dont buffer
voip, sip h323, usually small packets
I I used to be a pbx engineer, on a network with more than roughly 50 hosts, rule of thumb was setup vlans to reduce broadcast traffic.
Comercially, On-net routing packets over the backbone of an ISP, It is very highly advisable to route these kind of packets with an ISP end to end VPN’s/VRF’s let them provide QoS.
Just cuz a cheap adsl can provide voip, dont mean it will be good.
NAT, even though there are workarounds sip proxy’s and SIP ALG/Sip Helpers, I have yet to get it working in a simple way. Routing is just easyer.
Routing, especially in situations with DSL, isn’t usually an option and NAT must be used. Often, getting enough IP addresses for PBX and phones is too expensive or simply not an option.
Anyway, I currently work as the telecom and data engineer for a supplies company and have 30 asterisk boxes in deployment.
My setup has been boiled down to a simple, easy to setup config.
deploy phones with DHCP, TFTP configs, and a voice VLAN
via TFTP config file, configure phones to mark outbound packets with a DSCP high priority
configure mangle on the asterisk box to mark outbound SIP (any interface) with high priority DSCP tag.
configure router/firewall to mark all outbound, NATed, unmarked packets from pbx with DSCP high priority, or if there are public IPs, anything sourced from the PBX.
hope that I am the wISP so the DSCP tags are used for priority on my Airmax distribution network.
I don’t offer wISP service in all (or even a tiny fraction) of the sites the supplies company operates so I have to deal with other providers. Other wISPs are very friendly and typically are using something that has some QoS on the wire (airmax, nv2, canopy) and I need no other configuration.
As far as plain old QoS on the router, I just make top levels queues for inbound & outbound traffic with 2 child queues each, one for high priority and one for bulk. The outbound queue is the one that is most effective. Inbound QoS works best farther up the chain on the ISP side, but is useful here because you can influence ACK replies to the other TCP traffic and hopefully keep it under control. I find that limiting other inbound traffic to WANSpeed-(64*max number of calls+64) is a good formula to ‘dedicate’ some to voip. It does limit WAN speed, but this is effectively limiting ACK replies and that takes a few seconds to kick in so I don’t want the first 5-10 seconds of a voip call dropping or being choppy.
as far as from the wISP side, just use DSCP and a QoS capable protocol(airmax, nv2). Mark packets on your first ingress device you control. Make sure to strip any DSCP from customer packets that are not within normal SIP/IAX port ranges so that a clever customer can’t just tag http as high priority and step inline.
Routing with DSL not an option ? Unless you only work in wireless solutions,
I work as a data/field engineer for an ISP, I specialize in managed VPN’s, most of the vpn’s we provide are on private subnet’s pretty much unlimited IP’s eg. 1x PBX that goes over multiple sites, this is what VoIP pbx’s try to sell commercially, or Like what alot of ISP’s are doing which is hosted PBX, the ISP provides the PBX and hands the customer a dsl/fibre hand off AND OR A sip => ISDN/PRI/PSTN handoff.
Handing it off like this clearly the ISP controls the QoS on a dedicated line, you can calculate the amount of lines/ext to bandwidth.
Our company started off buying wholesale links via multiple carriers we were able to provide a full QoS over any carrier end to end
except adsl which was contended.
some solutions to solve qos for some customer’s is just buy MORE bandwidth ( we would monitor usage )
Others just we have a few QoS setups
an dynamic interactive setup that we will honor what the customer marks
Or we reject there marking’s if they seem to screw it up all the time.
each has a different price tag.
If you are the DSL provider, you typically control from the customer all the way to the upstream. You can engineer your network (hopefully) for VoIP and do QoS etc etc.
If you buy DSL from someone else, you have no control over how they handle the packets and your latency and jitter can be unpredictable.
On a low end Scale you cant, but you can control it wholesale. when you buy it wholesale its not contended, and there is a SLA agreement, on a low end scale its shared and your probly in a base QoS pool. We so it all the time, We call them POI
point of interconnect, alot of the wholesale links come into our PE routers, EG, an Ethernet over copper service, ATM service , Shdsl, and there is where we control the QoS, but we cant with adsl (using a different provider),
On the grand scheme of things it looks like this OurCE-----Otherisp-----OurPE, we have high end links to the “otherisp” 1:1 contention ratio.
I’m just pointing out it is possible to use other ISP’s if you put your equipment in the correct places
Im sorry nomis for being offtopic
hi normis,
We have made very often a support-request set. unfortunately never got an answer …
We make prioritize facilities within our network of VoIP in both directions. This is very easy with NV2 and MPLS / VPLS with exp-bits. This can simply be the traffic on the CPE or the other endpoint of the VPLS using “ip firewall filter in the bridge and use IP Firewall for PPPoE” to use. The whole then based on an IP list of the VoIP Switch or Servers. Works very well so far.
The only problem is, VPN does not work then …
Turning on the bridge filter (use Firewall and IP Use IP Firewall for PPPoE) means that VPN packets are modified in the sum of the digits and VPN does not work anymore. I Think the Firewall of the MT is a little bit too exactly…
The ticket number is: 2012031166000177
best regards
Christian
this gives them something new ??
Thx
dingsingo
Very often, peoples think that they can get a perfect VOIP quality with standard ADSL links using some magic with QOS rules.
This is sometimes possible, but most of the time this is not possible. Because of DSLAM overload, transport overload, provider overload, DSL link stability problems, tier one transit providers traffic quality, the final quality is not (always) good or can be very bad.
So the first thing to check is the link quality from end to end during weeks or monthes, using a hardware tester preferably using EtherSAM, or if not available use simpler well known test tools available as free linux utilities.
If link quality is not good enough for VOIP, then QOS will not help. The first thing to do is to correct this link quality, using a better provider, better copper lines, better xDSL modems, and if possible never use Internet tier ones providers to send the traffic to your central locations. Always rent private fiber links with SLA on them between Datacenters and providers. This is the key to success.
QOS will only help to share VOIP with DATA trafic on the same link, and in this case it needs to be implemented at each side of the link for outgoing trafic at each side. Trying to do QOS on inbound trafic works only for slowing down TCP, and does not work well because the slow down needs time to be effective. This means that it is not possible to fully protect inbound trafic from saturation if there is no QOS rule at the sending side.
To do efficient QOS on DSL links, you need to be a provider yourself, or at least get a private router at your provider site. It is the only way to have true bidirectionnal QOS.
There are other tips, like using the fastest DSL links you can get. This help sheduling packets in the QOS sheduler. Trying to manage IP QOS on 128 kbps links is not possible because of the size of DATA packets : 1500 bytes. When a DATA packet is transmitted, whatever what you do, you need to wait the DATA packet tranmission end before to be able to send a VoIP packet, this produce heavy jitter on slow links. If you need QOS for VoIP on such slow links, then you need to use lower level ATM QOS taking advantage of the really smaller ATM cellule size. IP QOS will never work on slow links regardless what you try to do with QOS rules and queue buffer setting (Cisco has a special autofragmentation features to allow a better VoIP QOS on slow links, but this is not available at all on Linux).
Another possibility is to use dual play ADSL links, using two differents ATM VCI and ATM QOS on them, one for VoIP and one for DATA. But this needs special ADSL links and modems allowing multi VCI setups, and those offers are generaly not available in most countries for final users. In France we have triple play links (VoiP, DATA and TV), but only at big providers bundled offers and not for professional use.
QOS rules are quite easy to implement to manage outgoing trafic, using DSCP filtering or source address filtering. At least if the router setup is simple with only a couple interfaces.
When the router setup is more complex, with many interfaces and tunnels, then QOS rules becomes more complexe to implement and trafic marking inside mangle rules as well as Queue trees need to be very carefully designed. Small errors here can fully destroy the benefit of using QOS.
One of the problem we can get with multiple tunnels QOS management on MT routers, is that there is no way to classify packets from multiple PPTP or L2TP client interfaces outgoing from the same router. Only GRE tunnels do have a DSCP marking that can be used for QOS. On other tunnels there is no other solution than watching inside the tunnel interface packets to classify trafic flowing inside the tunnel.
So, kind of a stupid question here on this. However it seems that it IS possible to setup a strict queuing policy. Can’t one just setup the classes under the interface and then just put a priority on the classes? Therefore higher classes automatically get serviced first and then the lower classes get what’s left over?
When I get home I’ll get the configs for this…
This is what I personally use:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=850k max-limit=850k name=“Outbound Centurylink - 12mbit down 896kbit up”
packet-mark=“” parent=CENTURYLINK priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=6M max-limit=6M name=“Outbound Comcast - 30mbit down 6mbit up” packet-mark=“”
parent=“Ethernet 2” priority=1
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=red name=“random early detect - 100 deep” red-avg-packet=1000 red-burst=10 red-limit=100 red-max-threshold=100 red-min-threshold=10
set 6 kind=none name=only-hardware-queue
set 7 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 8 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS7 outbound traffic - Centurylink” packet-mark=“DSCP CS7”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS6 outbound traffic - Centurylink” packet-mark=“DSCP CS6”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=2 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS5 outbound traffic - Centurylink” packet-mark=“DSCP CS5”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=3 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS4 outbound traffic - Centurylink” packet-mark=“DSCP CS4”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=4 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS3 outbound traffic - Centurylink” packet-mark=“DSCP CS3”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=5 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS2 outbound traffic - Centurylink” packet-mark=“DSCP CS2”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=6 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS1 outbound traffic - Centurylink” packet-mark=“DSCP CS1”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=7 queue=“random early detect - 100 deep”
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“BE outbound traffic - Centurylink” packet-mark=“DSCP BE”
parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=8 queue=“random early detect - 100 deep”
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS7 outbound traffic - Comcast” packet-mark=“DSCP CS7” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS6 outbound traffic - Comcast” packet-mark=“DSCP CS6” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=2 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS5 outbound traffic - Comcast” packet-mark=“DSCP CS5” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=3 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS4 outbound traffic - Comcast” packet-mark=“DSCP CS4” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=4 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS3 outbound traffic - Comcast” packet-mark=“DSCP CS3” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=5 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS2 outbound traffic - Comcast” packet-mark=“DSCP CS2” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=6 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“CS1 outbound traffic - Comcast” packet-mark=“DSCP CS1” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=7 queue=“random early detect - 100 deep”
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=“BE outbound traffic - Comcast” packet-mark=“DSCP BE” parent=
“Outbound Comcast - 30mbit down 6mbit up” priority=8 queue=“random early detect - 100 deep”
/queue interface
set “Ethernet 1” queue=only-hardware-queue
set “Ethernet 2” queue=only-hardware-queue
set “Ethernet 3” queue=only-hardware-queue
set “Ethernet 4” queue=only-hardware-queue
set “Ethernet 5” queue=only-hardware-queueMarked with the following:
ip firewall mangle
add action=passthrough chain=prerouting comment=“DSCP Bittorrent Classification - Incoming from Ethernet 5” dscp=1 in-interface=“Ethernet 5”
add action=mark-packet chain=prerouting comment=“DSCP BE Classification - Incoming from Ethernet 5” dscp=0 in-interface=“Ethernet 5” new-packet-mark=
“DSCP BE” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS1 Classification - Incoming from Ethernet 5” dscp=8 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS1” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS2 Classification - Incoming from Ethernet 5” dscp=16 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS2” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS3 Classification - Incoming from Ethernet 5” dscp=24 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS3” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS4 Classification - Incoming from Ethernet 5” dscp=32 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS4” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS5 Classification - Incoming from Ethernet 5” dscp=40 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS5” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS6 Classification - Incoming from Ethernet 5” dscp=48 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS6” passthrough=no
add action=mark-packet chain=prerouting comment=“DSCP CS7 Classification - Incoming from Ethernet 5” dscp=56 in-interface=“Ethernet 5” new-packet-mark=
“DSCP CS7” passthrough=noEthernet 5 is my edge routers’ port facing my core which is a Cisco 4503. The 4503 is doing all of my tagging of traffic and whatnot and this SEEMS to work well in a priority queuing kind of fashion. I am not sure if it’ll work right or not, but wouldn’t this theoretically simulate a pseudo-LLQ like setup?
-
- Someone has echo test at this level? http://www.youtube.com/watch?v=AF5AFca-16U
test your configuration ie if the theory had really works?
-
- How would do for my rb750 time do not leave the audio on one side only, I have 10 problems per 100 calls, I was told it was because of the nat symmetric, it could solve a dmz?? with a VPN??? Tunels?? and ips and ports that are provider variables over time and are demasiodos.
cheeze, have you read the manual about what ‘priority’ is?..
it’s actually not about the order in which queues are processed…
Ahh you’re right. I actually need to set a “max-limit” before the priority field actually gets utilized?
So I know that the priority bit doesn’t cause the order for them to change on processing (per the manual), but this is what I used as the manual entry:
Priority
We already know that limit-at (CIR) to all queues will be given out no matter what.
Priority is responsible for distribution of remaining parent queues traffic to child queues so that they are able to reach max-limit
Queue with higher priority will reach its max-limit before the queue with lower priority. 8 is the lowest priority, 1 is the highest.
Make a note that priority only works:
for leaf queues - priority in inner queue have no meaning.
if max-limit is specified (not 0)
And
priority (1..8) : Prioritize one child queue over other child queue. Does not work on parent queues (if queue has at least one child). One is the highest, eight is the lowest priority. Child queue with higher priority will have chance to reach its limit-at before child with lower priority and after that child queue with higher priority will have chance to reach its max-limit before child with lower priority. Priority have nothing to do with bursts.
So, I was thinking that it SHOULD theoretically order the packets on the egress once there is congestion right on all of the child queues…therefore if there is only one parent queue, then the rest as child queues…it should order egress per priority on each child…right?
So I changed my config to the following…
/queue tree
add limit-at=850k max-limit=850k name=“Outbound Centurylink - 12mbit down 896kbit up” parent=CENTURYLINK priority=1
add limit-at=850k max-limit=850k name=“CS7 outbound traffic - Centurylink” packet-mark=“DSCP CS7” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=1
add limit-at=850k max-limit=850k name=“CS6 outbound traffic - Centurylink” packet-mark=“DSCP CS6” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=2
add limit-at=850k max-limit=850k name=“CS5 outbound traffic - Centurylink” packet-mark=“DSCP CS5” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=3
add limit-at=850k max-limit=850k name=“CS4 outbound traffic - Centurylink” packet-mark=“DSCP CS4” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=4
add limit-at=850k max-limit=850k name=“CS3 outbound traffic - Centurylink” packet-mark=“DSCP CS3” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=5
add limit-at=850k max-limit=850k name=“CS2 outbound traffic - Centurylink” packet-mark=“DSCP CS2” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=6
add limit-at=850k max-limit=850k name=“CS1 outbound traffic - Centurylink” packet-mark=“DSCP CS1” parent=“Outbound Centurylink - 12mbit down 896kbit up” priority=7
add limit-at=850k max-limit=850k name=“BE outbound traffic - Centurylink” packet-mark=“DSCP BE” parent=“Outbound Centurylink - 12mbit down 896kbit up”
add limit-at=6M max-limit=6M name=“Outbound Comcast - 30mbit down 6mbit up” parent=“Ethernet 2” priority=1
add limit-at=6M max-limit=6M name=“CS7 outbound traffic - Comcast” packet-mark=“DSCP CS7” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=1
add limit-at=6M max-limit=6M name=“CS6 outbound traffic - Comcast” packet-mark=“DSCP CS6” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=2
add limit-at=6M max-limit=6M name=“CS5 outbound traffic - Comcast” packet-mark=“DSCP CS5” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=3
add limit-at=6M max-limit=6M name=“CS4 outbound traffic - Comcast” packet-mark=“DSCP CS4” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=4
add limit-at=6M max-limit=6M name=“CS3 outbound traffic - Comcast” packet-mark=“DSCP CS3” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=5
add limit-at=6M max-limit=6M name=“CS2 outbound traffic - Comcast” packet-mark=“DSCP CS2” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=6
add limit-at=6M max-limit=6M name=“CS1 outbound traffic - Comcast” packet-mark=“DSCP CS1” parent=“Outbound Comcast - 30mbit down 6mbit up” priority=7
add limit-at=6M max-limit=6M name=“BE outbound traffic - Comcast” packet-mark=“DSCP BE” parent=“Outbound Comcast - 30mbit down 6mbit up”
Would this now be considered to be more like “priority queueing” that a Cisco would do?
On my network my voip is working very well on 2 / 3 of the network. We have got good lines and all in all all is very good.
I have a max latency of 10mS for +/- 70 Km. There are three hops on this line.
We have quite a few clients ( high end) all want fast links. And VOIP is a “free service” except for where we get billed we bill onwards
We have a good fiber inter connect and that makes the difference. We do not resell adsl that is a disaster.
Thus if we have no interference all in all it is good.
We did find that the better the network design is the better the VOIP. Typically we are pushing +/- 30 M per channel.
We use PC routers that give us more CPU power for the routing and normally our routers run at 35% CPU usage. Yes that is for a dual core > 2Ghz CPU
We do find the CPU power is very important.
We also find that a stable link is very important.
We also found that on smaller cpu’s the CPU power is not enough to handle the VOIP. Thus the more spare power the better the VOIP.
We normally ping an ip with 56 bytes at 40mS and that will show us the stability of VOIP.
The biggest problem is latency. We have one area where something is creating latency.
On this link we get an easy 20 M up and 20 M down but the moment there is latency we have problems.
We simply do not have the means to get this problem solved.
We had several consultants attending to it with out any success.
The problem we find is that once there is a volume of traffic then the normal cpu’s are to limited to handle the packets and then we get packet drops and and and.
Anybody that can help us on one router we will appreciate it.
Other than this all is working very well and voip is very good.
We have a 99.3% success with our VOIP.
Simply give me your number and I can dial you an a link of +/- 70Km and you can see it is very good.
This we have achieved without any QOS prioritizing …
Simply the PC routers does the trick and the spare power is very good.
for prioritizre VOIP packets you must do these:
1- Identify voip packets with TOS No. It depends on your softphone , IPPhone or PBX. To do that you can sniff your packets to found it.
2- mark packets with mangle. In advance tab specify dscp(TOS) no.
3-create simple queue for voip packets limit at=max limit=all bandwith you have.
4- make pcq type for non voip packets.( pcq up: classifier:srcaddress & pcq down classifier: dstaddress)
5- create simple queue for nonvoip.targeress is your Lan.( select target upload=pcq up & target download=pcq down) and maxlimit=all bandwidth you have.
Are any dscp (diffserv) specific for voip, sip, skype…? or how to mark voip traffic?
TOS 46