This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro Red and QoS

Hi,
we plan to buy a astaro red for our branch office.
We want to use telefon with voip.
Can I use the Red device with bandwith controll for the voip traffic?
At the moment we use a fritzbox with a site-to-site vpn connection. But with this configuration I cannot use QoS, or?

Thanks
Markus

This thread was automatically locked due to age.

Parents

0 BAlfson over 14 years ago
The IPSEC VPN implementation supports copying of TOS/DSCP bits onto packets in the tunnel, but it will NOT prioritize them as far as how they are assembled / disassembled inside the tunnel and endpoints.

Bruce, I haven't done it personally, and I haven't seen anyone here do it successfully, but, according to Alan Toews, it should work.

As I understand it, the following should work:
On the 'Advanced' tab of 'Site-to-Site >> IPsec', check the box for 'Copy TOS (Type of Service) value'.
On the 'Status' tab of QoS, configue the External interface with 'Download Equalizer' checked and 'Upload Optimizer' not checked.
Create a traffic selector 'External (Address) -> IPsec -> Any' for each DSCP value of the VoIP system.
Create a bandwidth pool on the External interface using the VoIP IPsec traffic selectors above.

Hopefully, someone who's successfully done QoS for VoIP via IPsec will see this and either confirm it or correct it.

Cheers - Bob
PS Oops! Bruce was specifically addressing the fact that OpenVPN doesn't support TOS bits, and he's 100% correct!
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 14 years ago
The IPSEC VPN implementation supports copying of TOS/DSCP bits onto packets in the tunnel, but it will NOT prioritize them as far as how they are assembled / disassembled inside the tunnel and endpoints.

Bruce, I haven't done it personally, and I haven't seen anyone here do it successfully, but, according to Alan Toews, it should work.

As I understand it, the following should work:
On the 'Advanced' tab of 'Site-to-Site >> IPsec', check the box for 'Copy TOS (Type of Service) value'.
On the 'Status' tab of QoS, configue the External interface with 'Download Equalizer' checked and 'Upload Optimizer' not checked.
Create a traffic selector 'External (Address) -> IPsec -> Any' for each DSCP value of the VoIP system.
Create a bandwidth pool on the External interface using the VoIP IPsec traffic selectors above.

Hopefully, someone who's successfully done QoS for VoIP via IPsec will see this and either confirm it or correct it.

Cheers - Bob
PS Oops! Bruce was specifically addressing the fact that OpenVPN doesn't support TOS bits, and he's 100% correct!
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Ed.Kok over 14 years ago in reply to BAlfson

Since a few weeks we have a RED in a branche-office in Paris and HQ is in the Netherlands. Both office use Cisco-telephony with voip. This works fine over the tunnel but if traffic is high the quality of sound decreases. So I started playing with QoS; the first thing I did was:
- Interfaces & Routing
- Quality of Servive
- Edit Paris-interface (RED) for 'Down- and Uplink' speed to 6144 (= 6 Mb) which is the correct bandwidth (stacked 3x 2Mb DSL)
- the three checkboxes for Limit uplink, Download Equalizer and Upload Optimizer are all enabled.
As soon as I hit the traffic-light to enable the CPU-utilization goes to 100 % and needless to say: all internet-traffic is stopped. It is almost impossible the check back into the settings to disable this again.
Maybe I'm doing something wrong here?

Ed
Cancel
Vote Up 0 Vote Down

Cancel