[asterisk-users] QoS & VPN

[Jeremy Mann]

Access-list 100 permit ip host <asterisk server> any

Class-map match-any voip
 Match access-group 100

Policy-map voip
 Class voip
  Priority 256
 Class class-default
  Fair-queue

Interface fastethernet 0
 Service-policy output voip


Above is what I do to prioritize 256kbit of outbound bandwidth to voip calls, adjust accordingly.  You must also use the qos pre-classify in your ipsec tunnel definitions for this to work, but it does work well.  I know I'm potentially mapping other traffic than voip, but I'm lazy and don't want to classify the rtp and sip and iax ports, rarely does the box do any other traffic than voip as updates occur in off hours.

You'll probably additionally want to match your ipsec keying traffic and give it priority bandwidth, if you're going to push voip through the tunnel you'll find yourself rekeying more often and want to make sure on a saturated link it gets priority so the tunnels don't drop.

If you're on DSL, you probably want to research cascading the Qos, have a root policy that throttles all bandwidth to a certain speed, then a child policy that prioritizes that bandwidth, so you don't saturate your outbound circuit(think in terms of P2P protections).



This e-mail, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing, or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Texas Health Management Group immediately at 1-817-310-4999. Texas Health Management Group, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information.