cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

VPN and QOS

Jump to solution

We have a few Adtran 3448s (18.02.02.00.E) setup to VPN to our Adtran 1335 (18.02.02.00.E) at office. We use the VPN to connect home ATAs to our PBX so we can have a home phone line. We are experiencing intermittent voice quality issues. I have the Adtran setup to prioritize the voice packets (cos 5) and can see it matching the packets. The ISP for all connections is Comcast and there seems to be plenty of bandwidth while the issues are happening. Is there anything else I can try?

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: VPN and QOS

Jump to solution

Ned:

Thank you for replying with the configurations.  I noticed in the QoS configuration you are matching IP Precedence 5, and giving that a priority of "unlimited."  Further, in that same QoS configuration you have another sequence with an ACL matching UDP and TCP port 5060 and are marking it with a DSCP value of 26.

Can you elaborate on what you are attempting to accomplish with these two portions of the QoS configuration?  Are the phones configured with IP Precedence 5?  If so, then this portion of the QoS is configured properly.  Unfortunately, the second sequence in the QoS configuration will not be implemented because the ports that are supposed to be matched in the ACL will be encrypted by the VPN and will not be seen by the QoS map.  Therefore, if you are attempting to mark 5060 traffic with a DSCP value of 26, then you will need to create another QoS map and apply it on the inbound interface (LAN) before it hits the VPN engine of the ADTRAN.

Also, keep in mind that the ADTRAN is performing QoS outbound toward the Internet.  So, the traffic has large potential to hit latency while traversing the public Internet.

I hope that makes sense, but please to not hesitate to reply with additional information or questions.  I will be happy to help in any way I can.

Levi

View solution in original post

5 Replies
Anonymous
Not applicable

Re: VPN and QOS

Jump to solution

Ned,

Since we are going over the internet, there is some QoS limitation because we have no control as to how traffic is prioritized over the connection. Although it is not as clear-cut as setting up QoS over a private network, we can set up a QoS policy to at least ensure that the NetVantas prioritize certain traffic types. When setting up QoS for voice traffic going over a VPN, you must match either the DSCP value or IP precedence value. Matching by any other parameter will not work as those other parameters will be encrypted before QoS has a chance to prioritize how the traffic is sent out.

I'd be more than happy to take a look at your configuration and see if there are any settings that can be tweaked to improve the issues you are running into. Please remember to remove any information in your configuration which may be sensitive to your company's network. Let us know if you have any further questions regarding the topic above.

Thanks,

Noor

Anonymous
Not applicable

Re: VPN and QOS

Jump to solution

Sure, please have a look.

Anonymous
Not applicable

Re: VPN and QOS

Jump to solution

Ned:

Thank you for replying with the configurations.  I noticed in the QoS configuration you are matching IP Precedence 5, and giving that a priority of "unlimited."  Further, in that same QoS configuration you have another sequence with an ACL matching UDP and TCP port 5060 and are marking it with a DSCP value of 26.

Can you elaborate on what you are attempting to accomplish with these two portions of the QoS configuration?  Are the phones configured with IP Precedence 5?  If so, then this portion of the QoS is configured properly.  Unfortunately, the second sequence in the QoS configuration will not be implemented because the ports that are supposed to be matched in the ACL will be encrypted by the VPN and will not be seen by the QoS map.  Therefore, if you are attempting to mark 5060 traffic with a DSCP value of 26, then you will need to create another QoS map and apply it on the inbound interface (LAN) before it hits the VPN engine of the ADTRAN.

Also, keep in mind that the ADTRAN is performing QoS outbound toward the Internet.  So, the traffic has large potential to hit latency while traversing the public Internet.

I hope that makes sense, but please to not hesitate to reply with additional information or questions.  I will be happy to help in any way I can.

Levi

Anonymous
Not applicable

Re: VPN and QOS

Jump to solution

Ned:

I marked the question as "assumed answered" because there were no more follow up questions.

Please, do not hesitate to add additional information to this post if necessary.

Levi

Anonymous
Not applicable

Re: VPN and QOS

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi