Need advice on QOS, on the cheap
Submitted by Basildane on Mon, 04/14/2008 - 6:33am.
My current configuration is Trix 2.4, on a gig ethernet backbone in my house.
Everything is on one subnet. Switch is a simple netgear gigabit unmanaged switch. My firewall is a dedicated 2003 server running ISA 2006.
The problem is, there is no QOS. If someone is on a call, any internet activity, for example, loading a webpage, causes dropouts on the call. Last night, wife was on a call and sent an email with a large attachment at the same time. It was so bad it actually caused the call to hangup.
Now I know we need to implement QOS, but the network devices in the house don't support it.
What I am proposing is to put in a level-3 switch, and do priority scheduling based on the ports that the VoIP devices are plugged in to. I'm wondering if folks out there think this is a reasonable way to go?
That's way too much work
Mon, 04/14/2008 - 7:10am
That's way too much work (it's layer 3 by the way!)
Can you assign priority in the MS routing services? If so why not just place another NIC in the server and then use a separate switch and LAN for the phones.
If they share the same cable then you find a cheap managed switch (Cisco 12 ports can be had on eBay for under $100). and run VLANS to the phones.
Then with the traffic segmented it will be easy to do QoS at the edge. If you can't assign priority based on origination IP in the MS server then we will have to look at a different edge device.
The VLAN's don't solve the problem, getting the traffic segmented so it can be shaped does.
--
Scott
aka "Skyking"
Yeah, I can assign the
Mon, 04/14/2008 - 7:22am
Yeah, I can assign the priority on the MS server, but the actual hardware doesn't obey it, so it won't have an effect. Replacing the firewall is not really an option, its a 1U rack mounted: it would be too much expense and trouble. I understand that would be the ideal situation, if it wasn't a home installation.
Part of the reason I was thinking of going with a full blown switch is, I want to do POE to the phones, Gig to the workstations, and ... just the cool factor.
The problem is not congestion on my LAN, the problem is prioritizing requests to the ISP. My switch needs to give priority to voip requests to the internet, not WWW. (if i undestand correctly).
BTW: everything is home run. They don't share cable.
Oh, another problem, dumb old ISA server doesn't seem to robustly support qos. It just does Diffs. And if I understand it, that is useless for voip. Even if I put another nic in the firewall, I can't give that network priority just based on the network.
That's why I was thinking switch.
Being the voice of the
Mon, 04/14/2008 - 7:34am
Being the voice of the obvious here:
If MS2K3 can't do QoS to your satisfaction, replace it. Most modern routers, even cheap home routers, can do QoS and prioritize based on IP port number, IP, or other qualifications. If you have to keep the MS2K3 box for other reasons, if you're serving web pages or whatever, you can just use another router to port forward to it.
I'm the furthest thing from a Windows guy, but I find it hard to believe that 2K3 can't do something as simple as prioritizing packets. A quick google search doesn't turn up anything obvious, though, so I guess that may be right.
I'm using an el-cheapo WRT54GS with the native firmware, and I can do QoS to my satisfaction. As a matter of fact, last night I was experimenting with my connection to determine where I needed to set the download cap for torrents. I was doing 400k down, 10k up on the torrents, browsing the internet on at least three machines and voice quality was clear as a bell.
The more I think about this
Mon, 04/14/2008 - 8:48am
The more I think about this I agree with Kodak. Keep the Win2003 server just don't use the routing services.
Exposing the server to the public Internet is bad idea anyway. It's the wrong place to be doing NAT.
The Linksys WRT-54gl runs a full version of Linux and can do all sorts of cool perimeter tasks including QoS, and a dynamic DNS client.
If you want something spiffy and rack mounted get a Cisco 2611 wilth dual fast Ethernet ports and run the IP Firewall image on it. You could also get a Cisco PoE switch. This stuff is available very inexpensively on eBay.
--
Scott
aka "Skyking"
Recipe for simple,
Mon, 04/14/2008 - 10:17am
Recipe for simple, excellent, cost effective voip QoS.
A. Get a linksys WRT-54GL 4 port router (approx $45) to act as your gateway/router/QoS
B. PoE switch (8 port or as many as you need to connect all your voip devices)
C. GbE switch (8 port or as many as you need for your networked computers)
1. Install Tomato firmware (great QoS) on WRT-54GL. See http://www.linksysinfo.org
2. Configure trixbox and all voip devices to a serperate subnet than your data.
Ex. Data = 192.168.1.255 , Voip = 192.168.2.255 (or 10.x.x.x subnet)
3. Connect the PoE switch uplink to port 1 on the WRT-54GL
4. Connect the GbE switch uplink to port 2 on the WRT-54GL
5. QoS - Configure Tomato to give highest priority to port 1 and/or subnet 192.168.2.255
6. Sit back and enjoy the fact that you spent very little and it works flawlessly :)
7. (optional bonus) Install a 1500VA UPS, plug in the modem, WRT, PoE switch and trixbox (entire phone system including handsets will work during power outage).
MiB,
Mon, 04/14/2008 - 10:31am
MiB,
On a non L WRT-54g the 4 switch ports are one physical interface. Do I read your post correctly that using the l model each Ethernet port is a discrete interface to Linux?
Update -
Looked at Tomato, no answer to my interface question however it lacks a bunch of stuff that I use in DD-WRT, VPN and SIP proxy stick out.
--
Scott
aka "Skyking"
diff between the G and GL
Mon, 04/14/2008 - 10:43am
diff between the G and GL model is the GL is sure to be linux based (so it can be flashed with 3rd party firmware). Linksys moved away from linux on later G models.
Other than this I beleive they're the same. But it doesn't really make a diff because the NAT interface will prioritize traffic on port 1 via QoS, or you can simply prioritize the specific voip subnet.
Tomato does in fact have an integrated OpenVPN server version (which I have installed with RSA certs) and a road warrior open vpn setup on my laptop. Works great
IMHO DD-WRT is quite unstable, buggy, and losing signifcant ground to Tomato.
But if you prefer DD-WRT, i'd still be your friend :)
There's a live vm of Tomato here, but the version is quite old. The newer builds have even more functionality.
http://lampiweb.com/tomato/status-index.htm
Quote:
Other than this I
Mon, 04/14/2008 - 10:59am
Quote:
Other than this I beleive they're the same.
I believe the L version has more RAM than the non-L version. Also, I don't think you can buy anything but the GS and GL anymore. The GS is more "cost reduced" and may have even less RAM.
Quote:
IMHO DD-WRT is quite unstable, buggy, and losing signifcant ground to Tomato.
I agree with this (well, the buggy dd-wrt part -- I've never installed Tomato,) but don't forget about openwrt. It's got modules for everything, and their code seems to be both more mature and stable than dd-wrt.
I can't get pptp to work over dd-wrt, and the one dd-wrt box I ever put into production was constantly locking up. I ended up putting x-wrt (an openwrt derived distro) on it and it's been running smooth since.
Well here is where I can't
Mon, 04/14/2008 - 12:13pm
Well here is where I can't voice an opinion. We have dd-wrt in production at over 50 sites.
I know that we use a custom build so it is not fair to compare our experience. However we are having trouble adding features.
Our build is simply using NAT and SIP Proxy, that is the only functionality we are looking for.
--
Scott
aka "Skyking"
@Kodak
Considering the GL
Mon, 04/14/2008 - 1:22pm
@Kodak
Considering the GL can be had for $55 from places like newegg, I would consider buying anything else for the moment. Flashed with a good 3rd party firm like Tomato creates incredible value. Similar to what trix does to a $250 pc.
I gave up on DD-WRT last year when it just spun out of control stability wise. Switched to tomato and haven't looked back. It's tight, very well coded and as close to the stock firmware but yet updated with new features very often. It's QoS considered best in class of the 3rd party firms.
Bug in Asterisk / Trixbox
Tue, 04/15/2008 - 6:17am
Folks, I appreciate all your help and comments.
I have QOS up and running on my switch, router, and firewall now.
I discovered a bug. The default setting in Freepbx of tos_audio=ef is ignored.
It doesn't send any tos. ECN: 00
I changed it cs3 and now it is sending qos on the network.
It remains to be seen if it will solve my problem, but I wanted to discuss the fact that tos_audio=ef doesn't do anything.
Less important, but the sip tos setting is not perfect either. Some sip packets are correctly set to cs3, some are 00.
I have seen the TOS bit
Tue, 04/15/2008 - 10:30am
Hope it makes sense.
Sat, 04/19/2008 - 2:43pm
This is the config that I decide to go with.
I actually ran into this same excat issue a few years ago.
Because I was using Microsoft ISA 2004 at the time and now 2006 and still Microsoft didnt create QOS. I did see a Beta of the new ISA and if I recall correctly it supports QOS.
So I didnt want to get rid of my Microsoft Application firewall. But I needed QOS and I needed it bad. Which btw still havent had a chance to finish the config. Besides the point heres how I planned to accomplish.
I ordered a WRT54GL I loaded Openwrt
I then created a VLAN on the Openwrt. That VLAN was for my servers and for my workstations.
So lets see how I can explain this without getting to confusing.
So lets say my openWRT had a different subnet and IP of 192.168.1.1
I created a new VLAN subnet 10.0.1.1 and this was port 4 for example of my Linksys.
So then I plug my ISA wan into that port. and give my ISA box an IP of 10.0.1.2 and a gateway of 10.0.1.1 and then all the clients behind my isa got an IP of my 10.0.1.X subnet but a gateway of my ISA which is .2
I then took my Trixbox and I placed on the subnet of the Openwrt for and give it 192.168.1.15 with a gateway of 192.168.1.1
So then I loaded Rudys QOS for the Openwrt. It messed around with the config a bit.
Last I config all firewall.user on my Openwrt. I kind of placed my ISA box in the DMZ of the openwrt so that way all outside traffic hit my ISA box so that way I can use the ISA as my main firewall.
Essentially the config I accomplished was from an isaserver.org article.
That was called Playing well with Pix. But in my case instead of a Pix I used Openwrt.
The config in the diagram below is simlar to what I setup.
http://www.isaserver.org/img/upl/2004is31116602627203.gif
I just purchased a Cisco
Sun, 06/01/2008 - 5:26am
I just purchased a Cisco 1721 with a DSL WIC on Ebay for $100.
Since I have 5 usable IP's I set my VoIP network to use a specific IP.
I then set QOS for that Network and Tagged them (Layer 2)with a class of service 5.
I find that I can bearly tell the difference between a call going out the pots line vs the VoIP line. This works well since many calls are transferred to my Cell so any additional latency or quality would be affected dramatically.
Success - update
Thu, 08/07/2008 - 10:25am
Member Since:
2007-06-30