[asterisk-users] QoS & VPN

Frank Bulk - iName.com frnkblk at iname.com
Fri May 8 16:47:05 CDT 2009 

It's been a few years ago, but Network Computing had tests results showing
that VoIP over a VPN was measurably better than outside a VPN.  Why?
Because the latency was low enough that lost UDP packets (within the VPN
tunnel) could be re-transmitted before the jitter buffer had expired.  Since
most jitter buffers are on the order for 10 to 80 msec, if your one-way
latency is any greater than a third of your jitter buffer, it's of no use.
For example, if the one-way latency is 15 msec, the best-case scenario is
that with single-time packet loss, the other packet would arrive at the
destination in ~45 msec.

Frank

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Garth van
Sittert
Sent: Friday, May 08, 2009 10:08 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] QoS & VPN

I would think that VoIP over VPN is a bad idea as UDP packets need to be 
in realtime not corrected by the TCP of the VPN.

Garth van Sittert
Technical Director
BitCo
08600 24826
www.bitco.co.za



Aurimas Skirgaila wrote:
> Despite the VPN overhead, running VOIP through VPN is good idea 
> because VPN reorders encapsulated UDP packets in correct order. 
> Security matters as well.
>
> I'd suggest to route VNC packets rather over internet than VPN (so do 
> I), as VPN usually has the highest priority.
>
> On Thu, May 7, 2009 at 11:33 PM, Roberto Piola 
> <roberto.piola at visiant.it <mailto:roberto.piola at visiant.it>> wrote:
>
>     I do not have examples, but if you are using the 1700 series
>     router in order to originate the ipsec vpn, you may use command 
>     qos pre-classify (please search for it on cco.cisco.com
>     <http://cco.cisco.com>)
>
>
>     On Thu, May 7, 2009 at 9:54 PM, Brent Davidson
>     <brent at texascountrytitle.com <mailto:brent at texascountrytitle.com>>
>     wrote:
>
>         I've got multiple satellite office all linked back to the main
>         office
>         via VPN.  Each office has their own asterisk server which
>         registers back
>         to the main office's Asterisk server.  Each office also has a 1Mb
>         downstream / 384k - 768k upstream connection.  The branches
>         are using
>         Speex for their connections back to the main office.  The
>         issue I'm
>         having is that there are times that I need to VNC in to
>         machines at the
>         various offices for tech support while the user is also on the
>         phone.
>         Unfortunately the VNC connection apparently takes priority and
>         makes it
>         impossible for me to understand anything the person on the
>         phone is
>         saying, although they can still hear me fine.
>
>         Our Main office uses a Cisco PIX 506 for the main firewall and VPN
>         concentrator.  Each branch office used a Cisco 1700 series
>         router with
>         IPSec enabled in the IOS.  Is there any sort of QoS I can turn
>         on on the
>         main router or the branch routers to make sure the voice
>         quality takes
>         precedence over the VNC?  (Any example configs would be
>         greatly appreciated)
>
>         Would I be better off routing the voice packets over the
>         internet rather
>         than the VPN, and could I safely do that without exposing the
>         asterisk
>         boxes to unnecessary security risks?  (At present all of our
>         asterisk
>         boxes are behind the firewalls and only talk to each other
>         over the
>         VPN.  All PSTN connection is done through TDM boards so they
>         have no
>         direct exposure to the internet.)
>
>
>     _______________________________________________
>     -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
>     asterisk-users mailing list
>     To UNSUBSCRIBE or update options visit:
>       http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> -- 
> Mvh,
> Aurimas Skirgaila
> ------------------------------------------------------------------------
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list