VoIP via VPN

[E1Designs]

Is this considered ideal or is it better to pass it through the Internet?

 

[JOAMON]

A big consideration would be the number and amount of call activity and the size of the CPU in the router and if the router has a VPN accelerator. Connecting two sites with voip direct over the internet would not have the overhead compared to routing it through a VPN. If the router is capable and with QOS configured correctly you could do it over your VPN and would probably be the better choice as you can set a policy to reserve a certain amount of bandwith for voice and if not used for voice give it back for use with data until needed.

 

[Belushi]

I'm not 100% sure I understand your question. I think you are talking about passing vocie over the Internet straight up, or passing voice over the Internet with the security of VPN. In either case, you are still passing voice over the Internet.

As stated already, I wouldn't be too worried about using the VPN because most modern equipment can easily handle the process and memory utilization of today's VPNs. In addition, most routers also can handle some type of prioritization that gives preferrential treatment to voice packets over all other forms of data.

The sticking point is that just because your equipment gives preferrential treatmnet doesn't mean that the countless other peices of equipment that your traffic flow uses from source to destination has any preference as to the type of traffic what so ever. In other words, ther ei sno QOS on the Internet once it leaves your customer premise. This is the problem with voice over IP on the Internet. Sometime the quality will be great and other times it will stink and there is nothing you can do about it once it leaves your equipment. If you had a private network with a carrier (example - MPLS) then you might be able to get QOS all the way from source to destination, but Internet VPNs are not private (at least not the path through the Internet).

Hope this helps.

 

[JOAMON]

Whichever way you go just remember to print the router stats before any change. If Cisco print the output from show process cpu history and note your average and peak bandwidth utilizaation. After the change run the same data and compare and also insure that your CPU does not get overloaded. Remember that with voice if there is any packet loss it is just dropped unlike data that is retransmitted.
If you do it through VPN remember to put
qos pre-classify
in your crypto-map statement.

 

[E1Designs]

Thanks for all the feedback. Currently there is a remote site which a permanent VPN tunnel to the main site. The main site has a PIX 506e, the remote site a PIX 501. The router at the main site is ours, but all it is doing is routing, it is a 1721. The router at the branch site is not ours, so we have no access to it, but it also is just routing. The PIX 506e at the main site is doing 5 VPN tunnels and then random remote clients, maxing out at 5 - 10 at once. The PIX 501 CPU runs up and down about 20 - 30% during phone calls at the remote site, is this to heavy on the PIX?

Someone mentioned QoS is impossible in this set up as everything leaving the PIX is encrypted, so the router has no idea what is going in or out. Would you all tend to agree?

 

[avayaconsultant]

Without trying to make a sales pitch here, I woudl recommend you to look at teh Kentrox Q series routers. They will offer QoS across your VPN and even have a standalone device that will do QoS behind legacy routers that have no QoS functionality.

 

[E1Designs]

So placing a Kentrox Q series router at the main site and then at the remote site as well? Leaving the PIX's as they are, VPN tunnels and all?

 

[avayaconsultant]

You could actually place the Q1300 at each sites where the Cisco will not do QoS. I didn't pay attention to teh fact you already had teh PIX in place. If you didn't have the PIX, I would suggest using the full Kentrox routers instead. Otherwise, the Q1300 appliance is a QoS appliance to give QoS on the WAN side of the PIX.

 

[E1Designs]

The Cisco 1721 does do QoS, however we only own one of the Routers in play, XO owns the other. I am confused somewhat. I keep hearing different things. Is this possible with the setup that I described above to do QoS if we owned the Routers at both ends? Or is the only way now to add something like the Q1300?

 

[avayaconsultant]

I would suggest calling XO and seeing if they will set up QoS on the router. If they won't make the changes, then look at alternatives such as the Q Series products to establish as much QoS as possible.

 

[E1Designs]

XO said you can not do QoS via T1, you have to purchase something else, I forgot what they mentioned.

 

[ISDNman]

QoS is a funciton of the routers, not the medium. Maybe XO *won't* do it but they certainly *could*.

More likley you were not talking to someone that really understood what you were asking.

good luck

 

[Sympology]

As a note QoS only works if everything it passes through supports it. It's the usual weakest link scenario.
If your two end router have it, but middle ones don't then this could be a problem. Also some routers that don't support it can actually strip the id tag off it, rendering your QoS useless.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[beholder95]

Currently we have VOIP running in 3 branch offices over MPLS VPN Lines. The problem is these lines go down all the time and thye are expensive for the speed you get. I have one office with just 1 IP Phone in it that I am going to test running my own VPN (with Sonicwalls). Can anyone make a case for what type of WAN connection i should get? Fractional T1, DSL, Cable, or other?
Obviously i'm looking for something with the least latency. I can do QoS with my sonicwalls on both ends, but the internet is a gamble as we all know.

Thanks for any suggestions,
Andy