Cisco Auto QoS tagging through WAN connections

I have three locations with Cisco IP phones. Let's call them home, location 1 and location 2. All traffic comes back to the phone servers housed at the home location. I want to set up QoS for my phones and it looks like Auto QoS is the easiest way to do this.

I have my phone traffic broken out into it's own VLAN. After reading this documentation ( http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/qos/configuration_guide/b_qos_152ex_2960-x_cg/b_qos_152ex_2960-x_cg_chapter_011.html#ID463 )
it looks like all I need to do is add 'auto qos voip cisco-phone' to my ports with phones plugged into them. As well as adding 'auto qos trust' to ports connecting to a "trust router or switch".

Attached is a rough diagram. For traffic flow, the default path for traffic between Home and Location 1 is the fiber between the switches. Between Location 1 and 2 the default path is the MPLS connection. And Home gets to Location 2 via Location 1.

I have several questions:

1) When everything's working, phone traffic flows like this: Phone Server---Home Core Switch---Location 1 Core Switch---Location 1 router---MPLS---Location 2 Core Switch. So I know I'm going to apply 'auto qos trust' to the interfaces connecting Home core switch and Location 1 Core Switch. But, how do I handle the MPLS connection and the Location 1 router? Would I just apply that command to the port that connects the Location 1 core switch and the router and also the interface on the Location 2 core switch that plugs into the MPLS? Could the router or the trip through the MPLS strip the QoS taggings off the traffic?

2) If any link is not working correctly, it can fail over via GRE tunnel through the internet to another location. Would I need to apply that 'auto qos trust' command on the ports that connect my core switches to the internet? (For Home and Location 1 this would be the ports connecting the core switches to the firewall directly I believe. For Location 2, that would the port connecting the core switch to the Router.)

Thanks in advance for anyways advice.
Screenshot-from-2015-09-24-14-12-43.png
travisryanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alex BaharCommented:
Hi,
Good question. Please see my comments below:
1- apply auto qos trust to all uplink interfaces between routers, switches, and WAN interfaces. Simply "you need to trust the QoS markings received from this device". Please note that all interfaces on the voice path should be trusted (if you really trust them... For example we do not trust internet.. see below)

Regarding MPLS.. If this is provided by the VPN service provider, then you can trust it if you have purchased VoIP grade MPLS VPN service. If you have purchased only data grade MPLS service (without any QOS), then your service provider will wipe off your QoS settings, and the MPLS will make everything best effort (DSCP 0). Basically, you will not get any QoS through the MPLS. Please make sure that your MPLS service is VoIP grade.

2- Internet does not offer any QoS. Everything is best effort. Hence, your GRE tunnel itself is best effort. You cannot provide any QoS to your GRE. Internet will treat it just like any other internet traffic. However you should put trust QoS on both ends of the GRE so that your VoIP will get the priority after it enters your corporate VPN after crossing the GRE (internet).

I hope this helps.
Regards,
Alex
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Voice Over IP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.