Member_2_6600295
asked on
QoS over VPN tunnel
Hello,
Does anyone have experience with setting up QoS across a site-to-site VPN tunnel, whereby a portion of the WAN bandwidth is reserved and dedicated to the tunnel itself or certain endpoints and service ports. I have a remote network with a Sonicwall TZ400 and also am working on setting up a Mikrotik Cloud Core router with a configuration like I have on the sonicwall. I am looking to do QoS for VOIP traffic. Our phones are at the remote side and our PBX is on the main side. I am unclear on whether playing with QoS settings on the remote VPN side has an impact on the WAN traffic shaping because it is a separate interface / network than LAN to WAN traffic. Ideally I would like to have steps on getting this working on both a sonicwall and a Mikrotik. I don't want heavy load on my remote side WAN to impact the quality of calls across the VPN for my SIP phones. Thank you.
Does anyone have experience with setting up QoS across a site-to-site VPN tunnel, whereby a portion of the WAN bandwidth is reserved and dedicated to the tunnel itself or certain endpoints and service ports. I have a remote network with a Sonicwall TZ400 and also am working on setting up a Mikrotik Cloud Core router with a configuration like I have on the sonicwall. I am looking to do QoS for VOIP traffic. Our phones are at the remote side and our PBX is on the main side. I am unclear on whether playing with QoS settings on the remote VPN side has an impact on the WAN traffic shaping because it is a separate interface / network than LAN to WAN traffic. Ideally I would like to have steps on getting this working on both a sonicwall and a Mikrotik. I don't want heavy load on my remote side WAN to impact the quality of calls across the VPN for my SIP phones. Thank you.
ASKER
Yeah. I got it running better by limiting bandwidth of general services. Do you have an example config on a sonicwall for the first option you proposed?
See if the following helps you .
https://www.sonicwall.com/en-us/support/knowledge-base/170505913092395
you did not include which sonicwall you have,
the two examples, and the searching for sonicwall reserve bandwidth could provide examples that could be usefull to illustrate the available options, considerations.
https://www.sonicwall.com/en-us/support/knowledge-base/170505922916978
https://www.sonicwall.com/en-us/support/knowledge-base/170505913092395
you did not include which sonicwall you have,
the two examples, and the searching for sonicwall reserve bandwidth could provide examples that could be usefull to illustrate the available options, considerations.
https://www.sonicwall.com/en-us/support/knowledge-base/170505922916978
ASKER
OK, so I have a TZ400 and the second link is somewhat helpful. So it would be effective to have that rule set per the article for LAN to VPN / VPN to LAN priority and then a bandwidth limiting rule for LAN to WAN for general traffic so that there is room left in the total WAN pipe for the guaranteed VPN bandwidth - assuming we are not getting much WAN to LAN traffic?
The bandwidth is bi-directional
so traffic from lan to WAN is impacted only by responses ..
check your available bandwidth through a speed test.
i.e. if you have a business feed, it could be the same allocation i.e. 20Mbps download and 20Mbps upload.
in other cirumstance you may have x downloads and y uploads where y < x.
outgoing webtraffic has very small footprint, the majority of the data is the response.
When using QoS prioritization, make sure to apply to both ...dealing with services extraneous to the issue you are concerned about.
so traffic from lan to WAN is impacted only by responses ..
check your available bandwidth through a speed test.
i.e. if you have a business feed, it could be the same allocation i.e. 20Mbps download and 20Mbps upload.
in other cirumstance you may have x downloads and y uploads where y < x.
outgoing webtraffic has very small footprint, the majority of the data is the response.
When using QoS prioritization, make sure to apply to both ...dealing with services extraneous to the issue you are concerned about.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
you then have a qos for traffic within the vpn.
you would need similar setup on both sides. the vpn will drop if either site saturates..
not sure whether microtik has those granular optios.
the alternate is deprioritize web .....type traffic.