Solved

Cisco 1760 VoIP QOS Fair Queue not working as expected

Posted on 2010-08-27
16
986 Views
Last Modified: 2012-05-10
I followed a guide how to setup a router to shape VoIP traffic.  But it seems I'm missing something because when I do a speed test my voip audio cuts out during the upload portion of my test.  It looks like my traffic is being mapped properly but it's not doing anything about it(I should see dropped packets in my default queue)

css#sh policy-map int
 Ethernet0/0

  Service-policy output: qos-voice

    Class-map: voice-traffic (match-all)
      800130 packets, 52757392 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 101
      Queueing
        Strict Priority
        Output Queue: Conversation 136
        Bandwidth 240 (kbps) Burst 6000 (Bytes)
        (pkts matched/bytes matched) 122/8064
        (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)
      15962329 packets, 1377580868 bytes
      5 minute offered rate 33000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 128
        (total queued/total drops/no-buffer drops) 0/0/0
css#

any input would be appreciated!

css#sh run
Building configuration...

Current configuration : 4199 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname css
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-25a.bin
boot-end-marker
!

!
aaa new-model
!
!
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip dhcp database data
no ip dhcp use vrf connected
!
ip dhcp pool data
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1 
   dns-server 8.8.8.8 
!
!
!
!         
!         
crypto pki trustpoint TP-self-signed-1550676821
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1550676821
 revocation-check none
 rsakeypair TP-self-signed-1550676821
!         
!         
!         
!         
!         
class-map match-all voice-traffic
 match access-group 101
!         
!         
policy-map qos-voice
 class voice-traffic
  priority 240
 class class-default
  fair-queue
!         
!         
!         
crypto isakmp policy 10
 encr 3des
 hash md5 
 authentication pre-share
 group 2  
!         
!         
crypto ipsec transform-set aesset esp-3des esp-sha-hmac 
!         
crypto map aesmap 10 ipsec-isakmp 
 set transform-set aesset 
 set pfs group2
 match address 103
!         
!         
!         
interface Ethernet0/0
 bandwidth 360   my ISP's upload limit
 bandwidth receive 3000 my ISP's download limit
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
! limit TCP download speed
 rate-limit input access-group 101 256000 128000 128000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 5  
 rate-limit input 2200000 65536 65536 conform-action transmit exceed-action drop
 half-duplex
 crypto map aesmap
 service-policy output qos-voice
!         
interface FastEthernet0/0
 no ip address
 speed auto
 full-duplex
!         
interface FastEthernet0/0.50
 encapsulation dot1Q 50 native
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!         
interface FastEthernet0/0.150
 encapsulation dot1Q 150
 ip address 172.17.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!         
ip forward-protocol nd
!         
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list acl_nat interface Ethernet0/0 overload
!         
ip access-list extended acl_nat
 deny   ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.20.0 0.0.0.255 any
 permit ip 172.17.20.0 0.0.0.255 any
!         
access-list 100 permit ip any any precedence critical
access-list 100 permit ip any any dscp ef
access-list 101 permit udp any any eq 4569
access-list 103 permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
!         
control-plane
!         
!         
line con 0
 speed 115200
line aux 0
line vty 0 4
!         
end

Open in new window

0
Comment
Question by:sean-keys
  • 8
  • 7
16 Comments
 
LVL 2

Expert Comment

by:InvokerLeir
ID: 33548734
You're only classifying access-list 101 (udp port 4569) as voice traffic.  Access-list 100 has the dscp ef traffic.  It would seem to make more sense, if all you were trying to do was classify DSCP EF, would be to match based off of DSCP EF or use NBAR to match rtp audio packets.  This should also take a recursive ACL lookup out of play.
0
 
LVL 9

Expert Comment

by:Alex Bahar
ID: 33549136
Change your class-map to match RTP stream as below. This will match your ACL as well as RTP.
class-map match-all voice-traffic
match access-group 101
match ip dscp ef
match ip dscp cs5
match ip precedence 5
0
 

Author Comment

by:sean-keys
ID: 33549899
Good advice and thanks. IAX uses 4569 at its RTP port.
Are my interface bandwidth parameters correct ?
I just tried another test and my voice cuts during the upload porting of the test.

css#sh policy-map int
 Ethernet0/0

  Service-policy output: qos-voice

    Class-map: voice-traffic (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 101
      Match: ip dscp ef (46)
      Match: ip dscp cs5 (40)
      Match: ip precedence 5
      Queueing
        Strict Priority
        Output Queue: Conversation 136
        Bandwidth 240 (kbps) Burst 6000 (Bytes)
        (pkts matched/bytes matched) 0/0
        (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)
      13280 packets, 1674223 bytes
      5 minute offered rate 45000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 128
        (total queued/total drops/no-buffer drops) 0/0/0

thx!
0
 

Author Comment

by:sean-keys
ID: 33549914
Actually after reviewing my post I see that IAX rtp traffic was no longer being classified as voice so I reverted back to my orig config.

Last test results still show no drops.

css#sh policy-map int
 Ethernet0/0

  Service-policy output: qos-voice

    Class-map: voice-traffic (match-all)
      3756 packets, 247546 bytes
      5 minute offered rate 10000 bps, drop rate 0 bps
      Match: access-group 101
      Queueing
        Strict Priority
        Output Queue: Conversation 136
        Bandwidth 240 (kbps) Burst 6000 (Bytes)
        (pkts matched/bytes matched) 4/264
        (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)
      20945 packets, 2934883 bytes
      5 minute offered rate 28000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 128
        (total queued/total drops/no-buffer drops) 0/0/0
css#
0
 
LVL 9

Expert Comment

by:Alex Bahar
ID: 33550228
Sorry my mistake
class-map match-all voice-traffic  is wrong.
It should be class-map match-any voice-traffic
0
 

Author Comment

by:sean-keys
ID: 33561870
sean-keys:
No need to apologize.  It's still choppy during the upload test.
 
css#sh policy-map int
 Ethernet0/0

  Service-policy output: qos-voice

    Class-map: voice-traffic (match-any)
      7273 packets, 479227 bytes
      5 minute offered rate 12000 bps, drop rate 0 bps
      Match: access-group 101
        2776 packets, 182952 bytes
        5 minute rate 12000 bps
      Match: ip dscp ef (46)
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: ip dscp cs5 (40)
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: ip precedence 5
        0 packets, 0 bytes
        5 minute rate 0 bps
      Queueing
        Strict Priority
        Output Queue: Conversation 136
        Bandwidth 240 (kbps) Burst 6000 (Bytes)
        (pkts matched/bytes matched) 8/528
        (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)
      110545 packets, 10763844 bytes
      5 minute offered rate 31000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 128
        (total queued/total drops/no-buffer drops) 0/0/0
css#
0
 
LVL 9

Expert Comment

by:Alex Bahar
ID: 33564505
Ok initially I thought your Voip stream is using ITU standard RTP streams. Based on the last couple of messages I understand that it is IAX voice stream. The last show command output confirms that your initial classificiation using the access-list 102 was correct. You do not need the ip precedence, dscp statements because IAX is not using those markings.
We also confirmed that the matches IAX stream is not dropping any packets.
5 minute offered rate 12000 bps, drop rate 0 bps
Your WAN link is not congested either.
5 minute offered rate 31000 bps, drop rate 0 bps
This raises the question about stability or bandwidth availability of the WAN cloud. By studying your configuration, I had the feeling that you are using ADSL for your WAN.
Could you please confirm if you are using ADSL?
Is this going through public internet?

0
 
LVL 9

Accepted Solution

by:
Alex Bahar earned 500 total points
ID: 33565920
Adding to my previous reply,
  1. No matter what QoS you configure on your network, if there is congestion on public internet, your voice stream quality will suffer. Because your packets will be treated just like any other traffic and they will get dropped and delayed.
  2. If you are using ADSL, then your downloads will affect your upload speed. That means while you are downloading things, your upload speed/bandwidth will be decreased depending on your download speed. For example I am on an 800 upload, 8000 download ADSL plan. Normally I get about 600-650 kbps upload speed. When I test my upload speed while running massive downloads, I get as little as 50-60 kbps upload speed. Which means many of my upload packets are delayed and dropped. For Voip you need to use SHDSL/SDSL. SDSL/SHDSL downloads do not affect upload speed.  
For the above reasons ADSL and public internet is not recommended for voip in commercial environments.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:sean-keys
ID: 33568843
No this is NOT an ADSL link, but yes it is using public internet. I'm using a cable modem 368up 3100down.

Thank you, you have some very good points but I have been able to get this to work pretty well using Pf-sense by doing the following(even with ADSL).

1. block all UDP traffic except VoIP.
2. Limit TCP download speed
3. Prioritize outgoing packets giving VoIP the highest priority.

So far on my 1760 it seems OK except that #3 doesn't seem to be working.  During my upload test I should see dropped packets and I don't.  If I do a similar test with PF-Sense it WILL show dropped non-VoIP packets.  

I have a feeling my bandwidth parameters are incorrect.

Thanks in advance!





0
 
LVL 9

Assisted Solution

by:Alex Bahar
Alex Bahar earned 500 total points
ID: 33569256
With TCP, it is difficult to see dropped packets as it never utilizes 100% of available bandwidth.  Because of that, network load testing is usually performed using UDP, which does not have internal flow control mechanism.
Your #1 and #2 are good measures. However you have no control over how internet WAN treats your voice packets when there is congestion.
As I know cable modem gets affected from internet regional congestion worse than ADSL, due to shared bandwidth. It has some QoS mechanisms similar to wifi, but it is still not as efficient as full duplex traffic with dedicated TX RX channels.
BTW have you tried to implement packet fragmentation? Similar LFI and MLPP ? Your uplink is considered a slow link. Even if you implement priority queue for voice, if there is a large data packet already being transmitted, your voice packet has to wait until its transmission completes. This is called serialization delay. A 1500 byte packet can take as long as ~40ms to transmit on your uplink. To eliminate this delay, data packets are chopped into smaller pieces. So that you can interleave voice packets in between small data packets. Normally LFI is recoommended for all links slower than 768 kbps. It will help eliminate jitter (variable delay). Please remember that when jitter becomes excessive (it gets delayed in internet as well), the receiving voice device discards those -too late- packets. So, from your sending side, you will think you did not drop any packets and all are transmitted successfully, but the receiver may discard them for being too late if the gap between 2 packets (jitter) is greater than 200 ms.
 
0
 

Author Comment

by:sean-keys
ID: 33569680
One of the motives behind trying cisco gear was the fact that it could do LFI.  You are correct about the cable modem and the way it shares bandwith.  I have had hour long conversations while strreaming video from netflix. My problem occours when I try to upload a large file.  At that point my rx party says my voice is breaking up.   Upload traffic is the one I have most control over.  The fact that my upload is the only hang up is why I suspect my qos is not proper.  Maybe LFI will do the trick
0
 

Author Comment

by:sean-keys
ID: 33572892
Alright my WIC is a 10base ethernet and my cable modem connects directly to it meaning I cant use LFI.  But at my ADSL sites I can give it a try since LFI works over PPOE!

0
 
LVL 9

Assisted Solution

by:Alex Bahar
Alex Bahar earned 500 total points
ID: 33573075
As a last resort, you can change the IP MTU size for the ethernet interface. Voice packets are much smaller than data packets, so they do not get chopped unless you go below 200 and use G711.
The idea is to keep the serialization delay below 10ms. If you set the MTU size to around 400 bytes, it will meet the requirements. You should be able to do it by configuring "ip mtu 400" on the interface.
Please note that fragmenting/chopping large packets will create more number of packets for the same amount of payload. This means the bandwidth consumed by layer 2-3 overhead will be increased. So your data traffic will consume more bandwidth while minimising delay for voice.
0
 

Author Comment

by:sean-keys
ID: 33573137
Alright I came up with this idea.  If I manually cap off default traffic below the actual limit of the physical interface I can create "holes" for voip traffic to get though.  

Although I really despise this policy it does work.

policy-map qos-default
 class class-default
policy-map qos-voice
 class voice-traffic
  priority 240
 class class-default
  fair-queue
  random-detect
    police 150000

Isn't there a way to make
"
policy-map qos-voice
 class voice-traffic
  priority 240
"
really sensitive ?
During my test voice traffic is using about 50kbps.  It would seem that if I could clamp default traffic the second one voip packet missed a beat it would work without having a hard-limit.  Thoughts?

0
 

Author Closing Comment

by:sean-keys
ID: 33598061
abahar went above and beyond filling this thread with many good points.

Bottom line if you have less than about 1-mbps upload or download things get tricky.  

It looks like LFI and MLPP will work on PPOE links such as DSL.  But not for my cable-modem to Ethernet setup.

In my case I'm stuck and have to resort to less than ideal tricks. Such as hard setting a really low MTU.
 
0
 
LVL 9

Expert Comment

by:Alex Bahar
ID: 33601677
Thanks sean-keys. I hope your voice quality got better.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now