QoS on Cisco ASA 5505 (DSL)
in [Cisco]
|
Prev: 830 - worth to start with ?
Next: Cisco VPN Client
From: Joe on 17 Feb 2010 11:26 I have a site with a DSL connection and I'd like to implement outgoing QoS for VoIP. I am aware that the QoS cannot be guaranteed on the inbound (unless done from the ISP) but at this time I'm only having issues when the users on-site are uploading data to an FTP site. I had a similar site 2-3 years ago where I successfully did this, however I do not have a copy of the configuration file, and am having difficulty duplicating what I did back then. Basically as soon as they start uploading files to the FTP site the call data starts cutting in and out. This is my current config. I'm sure I'm close, but just missing something: ASA Version 7.2(3) ! hostname RAPID-ASA domain-name sitename.org enable password <removed> encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 10.240.30.250 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd <removed> encrypted ftp mode passive dns server-group DefaultDNS domain-name sitename.org access-list 110 extended permit icmp any any access-list 110 extended permit icmp any any echo-reply access-list 110 extended permit icmp any any time-exceeded pager lines 24 mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 access-group 110 in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http X.X.X.X 255.255.255.224 outside http 10.0.0.0 255.0.0.0 inside telnet 10.0.0.0 255.0.0.0 inside telnet timeout 25 ssh X.X.X.X 255.255.255.224 outside ssh timeout 60 console timeout 0 dhcpd dns <dns1> <dns2> dhcpd ping_timeout 750 dhcpd auto_config outside ! dhcpd address 10.240.30.1-10.240.30.32 inside dhcpd enable inside ! priority-queue inside queue-limit 250 priority-queue outside queue-limit 250 ! class-map outside-class1 description Voice-Call-Sig match dscp cs3 af31 class-map inspection_default match default-inspection-traffic class-map outside-class description Voice-Carrier match dscp cs5 ef ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp policy-map outside-policy description VOIP class outside-class priority class outside-class1 priority ! service-policy global_policy global service-policy outside-policy interface outside prompt hostname context Any help would be appreciated.
From: Rob on 17 Feb 2010 11:56 Joe <midas1108(a)gmail.com> wrote: > > I have a site with a DSL connection and I'd like to implement outgoing > QoS for VoIP. I am aware that the QoS cannot be guaranteed on the > inbound (unless done from the ISP) but at this time I'm only having > issues when the users on-site are uploading data to an FTP site. I > had a similar site 2-3 years ago where I successfully did this, > however I do not have a copy of the configuration file, and am having > difficulty duplicating what I did back then. Basically as soon as > they start uploading files to the FTP site the call data starts > cutting in and out. > > This is my current config. I'm sure I'm close, but just missing > something: Are you sure your DSL modem implements QoS? If not, there is little you can do from a device behind the modem. The problem with realtime data when uploading is that a transmit queue will build inside the modem where all traffic lines up, and realtime traffic gets delayed too much. This can be solved when the modem offers some way to cut around this queue (by TOS specification), but does it? It can also be solved by rate-limiting the FTP upload traffic to a rate a bit below the upload rate of your connection.
From: Joe on 17 Feb 2010 12:24 On Feb 17, 11:56 am, Rob <nom...(a)example.com> wrote: > Joe <midas1...(a)gmail.com> wrote: > > > I have a site with a DSL connection and I'd like to implement outgoing > > QoS for VoIP. I am aware that the QoS cannot be guaranteed on the > > inbound (unless done from the ISP) but at this time I'm only having > > issues when the users on-site are uploading data to an FTP site. I > > had a similar site 2-3 years ago where I successfully did this, > > however I do not have a copy of the configuration file, and am having > > difficulty duplicating what I did back then. Basically as soon as > > they start uploading files to the FTP site the call data starts > > cutting in and out. > > > This is my current config. I'm sure I'm close, but just missing > > something: > > Are you sure your DSL modem implements QoS? If not, there is little > you can do from a device behind the modem. The problem with realtime > data when uploading is that a transmit queue will build inside the > modem where all traffic lines up, and realtime traffic gets delayed > too much. This can be solved when the modem offers some way to > cut around this queue (by TOS specification), but does it? > It can also be solved by rate-limiting the FTP upload traffic to a > rate a bit below the upload rate of your connection. I don't know if it supports it or not, but it's the same setup I had before and it did the trick for me. Is there anything that you can see in my config that would make it not work?
From: Rob on 17 Feb 2010 12:30 Joe <midas1108(a)gmail.com> wrote: > Is there anything that you can > see in my config that would make it not work? I have experience only with the rate-limiting solution, so I cannot really tell... (I use "traffic-shape group" commands)
From: Joe on 17 Feb 2010 13:43
On Feb 17, 12:30 pm, Rob <nom...(a)example.com> wrote: > Joe <midas1...(a)gmail.com> wrote: > > Is there anything that you can > > see in my config that would make it not work? > > I have experience only with the rate-limiting solution, so I cannot > really tell... > (I use "traffic-shape group" commands) Do you have an example of some code to do this? I'd want to do this with ftp, and I have another site that I'd use it with SMTP (for a scan-to-email machine they have). |