[asterisk-users] QoS & VPN

Fri May 8 08:53:59 CDT 2009

On Fri, May 8, 2009 at 3:45 PM, Jeff LaCoursiere <jeff at jeff.net> wrote:

>
> On Fri, 8 May 2009, Aurimas Skirgaila wrote:
>
> > Despite the VPN overhead, running VOIP through VPN is good idea because
> VPN
> > reorders encapsulated UDP packets in correct order. Security matters as
> > well.
>
> Reorders?  How so?  I think it will maintain the order, only if they have
> arrived in the "correct" order.

UDP doesn't guarantee that over long way packets arrive in correct order,
while TCP based VPN would sort them correctly ;) well, I'm not sure if all
kinds of VPN are SSL/TCP based.
The author mentioned remote offices so this might be useful for him.

>
>
> >
> > I'd suggest to route VNC packets rather over internet than VPN (so do I),
> as
> > VPN usually has the highest priority.
> >
>
> Unless QoS is implemented packets are first come first served.  There is
> no "usually has the highest priority".  Routing one over the Internet
> versus over the VPN won't change that priority.
>

ok.  probably I've misread somewhere about switches which QoS enabled is by
default. By the way we do ask our ISP to prioritize VPN packets and they do.

>
> j
>
> > On Thu, May 7, 2009 at 11:33 PM, Roberto Piola <roberto.piola at visiant.it
> >wrote:
> >
> >> I do not have examples, but if you are using the 1700 series router in
> >> order to originate the ipsec vpn, you may use command  qos pre-classify
> >> (please search for it on cco.cisco.com)
> >>
> >> On Thu, May 7, 2009 at 9:54 PM, Brent Davidson <
> >> brent at texascountrytitle.com> wrote:
> >>
> >>> I've got multiple satellite office all linked back to the main office
> >>> via VPN.  Each office has their own asterisk server which registers
> back
> >>> to the main office's Asterisk server.  Each office also has a 1Mb
> >>> downstream / 384k - 768k upstream connection.  The branches are using
> >>> Speex for their connections back to the main office.  The issue I'm
> >>> having is that there are times that I need to VNC in to machines at the
> >>> various offices for tech support while the user is also on the phone.
> >>> Unfortunately the VNC connection apparently takes priority and makes it
> >>> impossible for me to understand anything the person on the phone is
> >>> saying, although they can still hear me fine.
> >>>
> >>> Our Main office uses a Cisco PIX 506 for the main firewall and VPN
> >>> concentrator.  Each branch office used a Cisco 1700 series router with
> >>> IPSec enabled in the IOS.  Is there any sort of QoS I can turn on on
> the
> >>> main router or the branch routers to make sure the voice quality takes
> >>> precedence over the VNC?  (Any example configs would be greatly
> >>> appreciated)
> >>>
> >>> Would I be better off routing the voice packets over the internet
> rather
> >>> than the VPN, and could I safely do that without exposing the asterisk
> >>> boxes to unnecessary security risks?  (At present all of our asterisk
> >>> boxes are behind the firewalls and only talk to each other over the
> >>> VPN.  All PSTN connection is done through TDM boards so they have no
> >>> direct exposure to the internet.)
> >>>
> >>>
> >> _______________________________________________
> >> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >>
> >> asterisk-users mailing list
> >> To UNSUBSCRIBE or update options visit:
> >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >
> >
> >
> > --
> > Mvh,
> > Aurimas Skirgaila
> >
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

-- 
Mvh,
Aurimas Skirgaila
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090508/752d460a/attachment.htm 