[nmglug] VoIP QoS question......
Nick Frost
nickf at nickorama.com
Tue Sep 15 19:38:35 PDT 2009
I'm hoping someone who is a Cisco and VoIP guru might have an answer
to this question.
I have recently replaced an Edgewater networks router with a Cisco ASA
5505 security appliance. The router replacement went fine and the new
router, IPSec VPN, and RADIUS (FreeRADIUS) configuration all function
properly.
My question is really "how to properly implement QoS (Quality of
Service) for VoIP (Voice Over IP) on a Cisco ASA 5505?". I have found
a couple good posts on the subject after doing much research (as
follows);
http://www.cisco-tips.com/cisco-asa-qos-for-voip-traffic/
http://www.breezy.ca/?q=node/152
However, not being a VoIP expert, I decided to examine the VoIP
traffic firsthand to gain a better understanding of the actual
protocol and port usage, and found the following.
- SIP appears to be merely a control channel for VoIP operating
primarily on port 5060 between the phone and the upstream provider,
whereas the actual audio datagrams (audiograms) are RTP datagrams
(UDP) and the QoS monitoring for RTP is on the adjacent odd port and
identified by Wireshark as RTCP. To further complicate the situation
in this instance I tested using an Aastra 9133i SIP IP phone and a
Polycom Soundpoint IP phone and found that the different phones/
firmwares use different ports for RTP and RTCP.
The Aastra phone uses local ports of 18000 (RTP) and 18001 (RTCP)
transmitting to remote RTP/RTCP ports of 29028 and 29029, in addition
to using 5060 (SIP), as well as other ports;
wanip:12623 remotehost:42604
wanip:14352 remotehost:42605
I used the packet capture capability of the Cisco ASA to capture
packets during the VoIP sessions with the two phones, saved the files
in pcap format and opened them with Wireshark (OS X). It would seem
that on the local network the Ethernet datagrams for VoIP have
assignable values for the DSCP portion of the Ethernet frames, and one
can change the programming in an Aastra phone for the DSCP field value
to a value of "ef" or "101110" for expedited forwarding, and write a
class-map on the ASA to prioritize traffic with datagrams having a
DSCP field value of "ef". This appears to succesfully/effectively
address outgoing VoIP QoS issues for outgoing calls on an Aastra
9133i, but the Polycom Soundpoint IP does not appear to have the
ability to change the DSCP Ethernet frame value;
------------
ciscoasa# show service-policy
Interface outside:
Service-policy: General-Purpose
Class-map: VoIP
Priority:
Interface outside: aggregate drop 0, aggregate transmit 2753
Class-map: class-default
------------
The issue remains that returning packets from the VoIP provider (re-
sold from Global Crossing) have pre-assigned DSCP values and it seem
like one would probably have to write custom access-lists for the
relevant ports used for RTP audiograms, and then create class-maps and
priority queueing accordingly on the ASA to achieve proper QoS for
VoIP traffic on the Cisco ASA. But, I'm hoping (and wondering if)
there is an easier way?
I'm wondering if anyone else has experience with QoS for VoIP on the
Adaptive Security Appliances, and what suggestions those people might
have?
Thanks,
-Nick
---------------------------------------
Nicholas S. Frost
----------------------------------------
More information about the nmglug
mailing list