Avaya Remote Phones & QoS

Posted on 2011-04-20
Last Modified: 2012-05-11
I have an Avaya IP Office Solution at the main office.  The ISP & SIP Provider are providing a dual handoff to our network with 0/0 going to the data network and 0/1 going to the WAN of the Avaya IP Office.  The remote handsets connect to the IP office through VPN which is terminating through the ISP's router 0/0 and finally at a Cisco ASA.  

Our network is unique as we also have a Watchguard Firebox running side by side with the Cisco ASA.  Normal data traffic is routing through the Watchguard.  Currently the only thing that the ASA is doing is performing VPN termination and once the VPN's are termianted forwarding the traffic to the phone server.  Obviously remote handset to remote handset RTP traffic is being routed through the ASA, and signaling forwards to the phone server.

1.)  Our remote handsets are experiencing QoS issues (low audio, choppy calls, disconnected calls).  
2.) Our local handsets are not have any problems whatsover (as the QoS is being performed by the ISP's router)
3.)  Remote sites have 20Mbit connections to the internet, and the main site has a T1x3 connections.  

Theory:  I believe that the Voice packets encapsulated in the IPSec VPN are being treated as raw data and not prioritized as being Voice traffic.  

Also because we are not using one firewall to manage the LAN QoS this could actually be causing more problems as their is no prioritization of the VPN traffic over standard data.

The question is:   Is this what is actually happening and if so what are the recommended solutions for this repair.
Question by:TechGuy_007
    LVL 7

    Accepted Solution

    Are you saying that the remotes sites are connecting to the main site through VPN connections through the 'regular' Internet? Not through something like the ISPs MPLS/VPN service, or such? If so, then that is your problem. It doesn't matter what QoS you do at the remote site, or what QoS you do at the main site, but you have no control over the 'in between' - all the general Internet between the remote and the main. It doesn't matter that you are using a VPN. That's just securing the data, not prioritizing it. There is no way to prioritize the data over the Internet.

    That being said, at both the remote and main, you definitely want to prioritize the voice as best you can to the point of the Internet router/firewall (like the ASA at the main). You want to make sure that a large file download, Internet browsing, whatever, doesn't monopolize the Internet bandwidth at either site, so that the Voice/VPN always has enough bandwidth to at least out-compete local traffic to the Internet.

    But all bet's are still off over the Internet. You would need to look in to something like MPLS, where the ISP can provide end-to-end QoS through the complete link, and also provide minimal and consistent latency and jitter....

    Author Comment

    The phones are indeed traveling over open internet, and no they are not using MPLS.  And this may be the cause, however there are countless of Avaya remote users that use their handsets remotely in this manner and do not have the problems we are experiencing.

    At this point I need to know how the ISP router would see the VPN traffic.  Since it's encrypted in VPN tunnel, does it see it as voice packets or data packets.  

    And is there a way to assign priority over this traffic over the regular data traffic that's flowing in and out of the main site.  

    LVL 7

    Expert Comment

    Not an 'expert' on the Cisco ASA, but generally, the VPN is only a tunnel that is created from one interface on a device to another. In your case, this would be from a WAN port on the Cisco to the WAN port at the remote side. Traffic is then directed through this tunnel from interface to interface. The VPN doesn't go THROUGH the device... Generally speaking, after the traffic enters (ingress) or before is leaves (egress) the interface, it is processed according to any applicable firewall/bandwidth/routing/prioritization rules that are in place on the device, then directed (or not) accordingly...

    So for example, you can set an egress rule saying "give priority to voice traffic through the VPN on this interface" or "reserve x amount of bandwidth for voice traffic through the VPN on this interface", with corresponding ingress rules on the other side.... so now you are controlling how data enters the VPN tunnel and how it leaves on both sides... the other devices through the network on each side would also need similar QoS rules set up (I believe you are saying that is already in place)... you need to make sure those rules are set up on the interfaces of the ASA and the routers at the other sides...

    Now, as the VPN tunnel gets 'routed' through the Internet, of course all those devices see is the VPN tunnel and not the data within, but since you cannot control those anyway, so it doesn't matter... when you have MPLS/VPN services, for example, the whole 'middle' betwen your sites that make up the VPN over the MPLS services DO see the data in all that traffic, so the provider can prioritize the voice over the normal data (that's a simplified explanation, but I think it gets the point across)...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Implementing Avaya's One-X portal is pretty painless, until you want to deploy this to the Android and iPhone clients when these clients are outside of your network. The clients will also work within your local network. Here is our experience and so…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now