This is the second post of 3 about my experience with Vonage QoS on my Cisco network.
As mentioned earlier, here are the configs I came up with. But before, the layout of the network:
Vonage Datacenter
|
|
Internet
/ \
/ \
Cable modem ADSL modem
| \
Fa0/1 | \ Fa0/1
Cisco router-----Cisco router
Fa0/0 | | Fa0/0
| |
Fa0/1 | | Fa0/2
Cisco Catalyst 3550 switch
Fa0/23 |
|
VDV21 ATA (192.168.8.96)
Note- I use the cable ISP as my primary ISP as they give me 512 Kbps of uploads vs 384 Kbps for the DSL telco. However, the QoS configs are applied to both routers in case of failover.
So, the first step was to ensure the DSCP for every voice bearer and call signaling packet leaving the 3550 was correct. Because the voice bearer RTP traffic leaving the VDV21 to the Internet was already marked as DSCP EF, I didn't change anything. For the call signaling traffic leaving the VDV21, I classified and marked it on the input interface of the 3550 as follows.
mls qos
ip access-list extended ACL_CALL_SIGNALING
deny udp host 192.168.8.96 any dscp ef
permit udp host 192.168.8.96 any range 10000 20000
class-map match-any CM_CALL_SIGNALING
match access-group name ACL_CALL_SIGNALING
policy-map PM_CLASSIFY_AND_MARK
class CM_CALL_SIGNALING
set dscp cs3
int fa0/23
desc VDV21 - VONAGE ATA
service-policy input PM_CLASSIFY_AND_MARK
mls qos trust dscp
The first ACE will prevent the voice bearer originated by the ATA from being re-marked. The second will allow any packet with a source of the ATA, and a destination anywhere with a UDP port >= 10000 and <= 20000 to be marked.
The class-map is created to classify the call signaling based on the ACL. Then, a policy-map is created to mark the traffic identified by the class map to DSCP CS3. I chose CS3 for call signaling based on the Cisco QoS SRND document. This way, if future needs warrant adding more classes such as a mission-critical class, AF31 will be available for this. Note- the CS3 is also chosen over AF31 because WRED will work better with Assured Forwarding 1,2 and 3 for different levels of drop probabilities.
Note that the 3550 does not support NBAR, which might have worked to classify the RTCP traffic. Instead, we are restricted to using ACLs.
Once the policy-map is created, it is applied to the input interface where the ATA is connected. And, the interfaces to the routers are configured as trusted, meaning, any packet received with specific DSCP values will not be re-marked or reset to default. We do this for the return traffic.
This takes care of our 2 outbound traffic classes. Practically, for the other direction, there is no need to mark and classify this traffic as it enters the routers from the Internet because we are dealing with high-speed FastEthernet interfaces toward the LAN, which will most likely not get congested. However, for the purpose of the exercise, we will classify and mark this traffic so we can action it in the future on the internal LAN if we need to, as well as for reporting purposes (i.e. to be able to generate NetFlow reports based on DSCP).
On the Cisco routers, we will classify and mark the voice and call signaling traffic when it enters from the Internet:object-group network OBJ_VONAGE_ATA_HOSTS
description VONAGE ANALOG TELEPHONE ADAPTERS
host 192.168.8.96
ip access-list extended ACL_VONAGE_ATA_HOSTS
permit ip any object-group OBJ_VONAGE_ATA_HOSTS
ip access-list extended ACL_VONAGE_SIP
permit udp any eq 10000 object-group OBJ_VONAGE_ATA_HOSTS
class-map match-all CM_VONAGE_SIP
match access-group name ACL_VONAGE_SIP
class-map match-all CM_VONAGE_RTCP
match protocol rtcp
match access-group name ACL_VONAGE_ATA_HOSTS
class-map match-all CM_VONAGE_VOICE_BEARER
match protocol rtp
match access-group name ACL_VONAGE_ATA_HOSTS
class-map match-any CM_VONAGE_CALL_SIGNALING
match class-map CM_VONAGE_SIP
match class-map CM_VONAGE_RTCP
policy-map PM_CLASSIFY_AND_MARK
class CM_VONAGE_VOICE_BEARER
set dscp ef
class CM_VONAGE_CALL_SIGNALING
set dscp cs3
int fa0/1
desc OUTSIDE - ISP
ip nbar protocol-discovery
service-policy input PM_CLASSIFY_AND_MARK
Note that I use an object group since this router runs 12.4(22)T1 and I wanted to test this new functionality which I assume Cisco carried over from the PIX OS. Better late than never!
So, the first ACL permits any traffic with a destination of my ATA. The second one permits traffic with a source of UDP 10000 and a destination of my ATA. This is for the UDP/SIP 20-second interval REGISTER "keepalives" as well as INVITE/On-hook/Off-hook messages.
The CM_VONAGE_SIP class-map matches this ACL. However, call signaling consists not only of SIP, but also of RTCP as stated earlier. So, we also need the CM_VONAGE_RTCP class-map. Thankfully, we can use NBAR for this one. This is why we also have "ip nbar protocol-discovery" applied to the outside interface.
Once the SIP and RTCP class maps are defined, we put them together in a class-map called "CM_VONAGE_CALL_SIGNALING". This class-map matches either one ("OR" boolean).
Then, we classify the voice bearer traffic using a similar method. This time, we tell the router, if your NBAR process receives RTP packets (voice packets) with a destination of the ATA, classify those.
We then create the policy-map, and mark the voice packets with DSCP EF, and the call signaling (RTCP & SIP) with DSCP CS3. We do this by applying the policy-map to the outside interface, inbound.
Note- The routers in question run NAT and CBAC so I wasn't sure if the classification would work as it calls the ACL which contain the private IP address of the ATA. And, as far as I can tell, documentation on this is non-existent. But a packet capture reveals the NAT de-translation processing occurs before the QoS classification, hence we are good to go!
Now that we have our voice and call signaling marked in both direction, the last step is to take action on it. Meaning, configure queueing and shaping to prioritize this traffic over the web browsing, email and other less time-sensitive traffic. I will post those configs in the near future.
ghd flat iron
ReplyDeletehollister clothing
converse uk
armani jeans
michael kors outlet clearance
rolex daytona
fitflops sale clearancee
louboutin pas cher
new balance shoes
kate spade
ed hardy
canada goose parka
rolex replica watches
christian louboutin outlet
timberland boots
michael kors handbags
louboutin
true religion jeans
nike running shoes
prada handbags
ecco shoes
louboutin outlet
longchamp outlet
michael kors outlet
michael kors outlet
nike air max
ray ban sunglasses discount
salvatore ferragamo
coach outlet store
cheap jordans
air max 90
polo ralph lauren outlet
ralph lauren outlet
ZHUO20160715
nike shoes on sale
ReplyDeletekate spade handbags
pandora charms sale clearance
adidas nmd r1
cheap oakley sunglasses
air max 90
nike shoes for men
fred perry clothing
true religion jeans
kate spade handbags
20180414wanglili
coach outlet
ReplyDeletefootball shirts
kate spade handbags
coach outlet
tag heuer watches
longchamp outlet
ray ban sunglasses
louboutin
mcm backpack
herve leger dresses
chenyingying20180628
adidas soccer cleats
ReplyDeletemac makeup
dsquared2 jeans
timberland boots
cartier love bracelet
bvlgari sunglasses
jordan
nike free
nike air
adidas outlet
2018.7.16chenlixiang
air max 97
ReplyDeletembt shoes
coach outlet sale
kobe shoes
nike x off white
adidas nmd
yeezy shoes
nike air max 90
timberland boots
golden goose outlet
kd shoes
ReplyDeletepaul george shoes
golden goose
supreme shirt
longchamp
golden goose
offwhite
canada goose jacket
westbrook shoes
supreme hoodie
The casino with roulette machines | Vannienailor4166 Blog
ReplyDeleteCasino roulette game is one of the most popular casino games in https://vannienailor4166blog.blogspot.com/ Malaysia. It offers the latest games with the best ventureberg.com/ odds, with big payouts งานออนไลน์ and easy worrione
company website pop over to this website review next browse around this web-site Bottega Veneta Dolabuy
ReplyDelete