VoIP QoS tips and configuration in best practice
Remember "QoS is ONLY happening, when congestion on the circuit".
In general QoS is more useful on WAN, but not LAN.
Low Latency Queuing(LLQ) is most common method of VoIP QoS.
Low Latency Queuing(LLQ)
= Priority + Custom + Qeighted Fair Queuing
* Priority queue; Policying applying, so make sure you have enough bandwidth allocation
** LLQ feature not supported in input policy, but output ONLY.
Policing VS. Shaping
– Policying : Input and output
– Shaping : Only output
Conforming leve : Passing traffic
Exceeding level : In general, remarking it to low priority to drop, such as "Set IP Precedence 0"
Violating level : Drop
Basic VoIP QoS configuration example
1. Create an ACL
access-list 110 remark VoIP
access-list 110 permit ip 10.1.1.0 0.0.0.255 any
access-list 120 remark DATA
access-list 120 permit ip 20.1.1.0 0.0.0.255 any
* VoIP network 10.1.1.0/24
* Data network 20.1.1.0/24
2. Create a Class-map
class-map match-all VoIP
match access-group 101
class-map match-all HTTPS
match not access-group 101
match protocol secure-http
class-map match-any DATA
match protocol http
match protocol dns
match protocol h323
match protocol imap
match protocol ipsec
match protocol isakmp
match protocol pop3
match protocol pptp
match protocol rtsp
match protocol shell
match protocol tftp
match protocol smtp
match protocol secure-ftp
match protocol secure-ldap
match protocol secure-imap
match protocol secure-pop3
class-map match-any JUNK
match protocol bittorrent
match protocol kazaa2
match protocol icmp
match protocol ftp
match protocol ntp
match protocol skype
3. Create a Policy-map
policy-map QoS
class VoIP
priority percent 20
set ip dscp ef
class HTTPS
bandwidth remaining percent 30
set ip dscp af13
* Percentage method is handy, auto calculate of the bandwidth.
remaining percent 30 means rest of 20%(priority queue) of total bandwidth of 30% when circuit is congested.
class DATA
bandwidth remaining percent 60
set ip dscp af41
* Percentage method is handy, auto calculate of the bandwidth.
remaining percent 60 means rest of 20%(priority queue) of total bandwidth of 60% when circuit is congested.
class junk
bandwidth remaining percent 9
set ip dscp default
* Percentage method is handy, auto calculate of the bandwidth.
remaining percent 9 means rest of 20%(priority queue) of total bandwidth of 9% when circuit is congested.
** It cannot be "10" due to sum total of class bandwidth exceeds 99 percent
class class-default
4. Applying an interface
interface fa0/0
service-policy output QoS
5. How to verify
VoIP-QoS# sh policy-map int fa0/0
FastEthernet0/0
Service-policy output: QoS
queue stats for all priority classes:
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
Class-map: VoIP (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group 101
Priority: 20% (20000 kbps), burst bytes 500000, b/w exceed drops: 0
QoS Set
dscp ef
Packets marked 0
Class-map: HTTPS (match-all)
818 packets, 279571 bytes
30 second offered rate 13000 bps, drop rate 0 bps
Match: not access-group 101
Match: protocol secure-http
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 818/279571
bandwidth remaining 30% (24000 kbps)
QoS Set
dscp af13
Packets marked 818
Class-map: DATA (match-all)
2518 packets, 331668 bytes
30 second offered rate 1000 bps, drop rate 0 bps
Match: not access-group 101
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2518/331668
bandwidth remaining 60% (48000 kbps)
QoS Set
dscp af41
Packets marked 2370
Class-map: JUNK (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol bittorrent
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol kazaa2
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol icmp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ftp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ntp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol skype
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth remaining 9% (7200 kbps)
QoS Set
dscp default
Packets marked 0
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
6. Protocol status by Nbar
It is handy to know what traffic is being used, such as top-n.
Interface fa0/0
ip nbar protocol-discovery
Show ip nbar protocol-discovery stats bit-rate top-n 10
FastEthernet0/0
Last clearing of "show ip nbar protocol-discovery" counters 00:25:33
Input Output
—– ——
Protocol 30sec Bit Rate (bps) 30sec Bit Rate (bps)
———————— ———————— ————————
http 2399000 151000
secure-http 2096000 75000
icmp 60000 0
dns 2000 1000
snmp 0 0
ssh 0 0
ntp 0 0
netbios 0 0
pcanywhere 0 0
skinny 0 0
unknown 6000 5000
Total 4563000 232000
7. Limiting interface bandwidth
7-1. Physical speed change
Interface fa0/0
speed 10
7-2. Committed Access Rate (CAR) control
rate-limit input 5000000 2500 2500 conform-action transmit exceed-action drop
rate-limit output 5000000 2500 2500 conform-action transmit exceed-action drop
7-3. Policy map
policy-map LIMIT-BW
class class-default
police rate 5000000
interface fa0/0
service-policy input LIMIT-BW
service-policy output LIMIT-BW
7-4. Verifying
Router#sh interfaces fastEthernet 0/0 rate-limit
FastEthernet0/0
Input
matches: all traffic
params: 5000000 bps, 2500 limit, 2500 extended limit
conformed 138621 packets, 100518292 bytes; action: transmit
exceeded 14836 packets, 19420379 bytes; action: drop
last packet: 8ms ago, current burst: 0 bytes
last cleared 00:16:41 ago, conformed 803185 bps, exceeded 155177 bps
Output
matches: all traffic
params: 5000000 bps, 2500 limit, 2500 extended limit
conformed 63165 packets, 6492201 bytes; action: transmit
exceeded 95 packets, 105299 bytes; action: drop
last packet: 4ms ago, current burst: 0 bytes
last cleared 00:16:31 ago, conformed 52376 bps, exceeded 849 bps
8. Vendor QoS info
8-1. Nortel / Avaya Phones (1104e)
Default DSCP value for signaling : 40
Default DSCP value for RTP media stream: 46
* Nortel IP Phone marks the voice payload with CoS 6 and DSCP EF when it sends the traffic
to the switch.
8-2. Cisco IP phone (G7911)
Default DSCP value for signaling : 24/26
Default DSCP value for RTP media stream: 46 (EF)
* By default, both 40 and 46 will map to CoS 5 which is expedite queue.
** recommend that the signalling is mapped to a different queue, you can do this with the below command
Cisco_switch(config)# mls qos map dscp-cos 40 3