[55913] in North American Network Operators' Group
Re: VoIP over IPsec
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Mon Feb 17 02:25:31 2003
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "Charles Youse" <cyouse@register.com>
Cc: <nanog@merit.edu>
Date: Mon, 17 Feb 2003 01:24:27 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake "Charles Youse" <cyouse@register.com>
> In order to cut costs in our telecom budget I'm toying with the idea
> of replacing a lot of our inter-office leased lines with VPN
> connections over the public Internet. [...]
> Assume for the moment that latency and bandwidth are not an issue;
> e.g., any two points that will be exchanging voice data will both have
> transit from the same provider with an aggressive SLA.
Latency, bandwidth, and packet loss are moot. Jitter is VoIP's enemy.
> Does anyone have any experience running VoIP over such tunnels?
> Is there a technical reason why this solution is not feasible? Are
> Cisco routers not happy doing VoIP/IPsec/GRE in concert?
IPsec itself will not cause you problems; there's no theoretical conflict.
Unfortunately, IOS can introduce jitter when encrypting packets. To
mitigate this, you can apply QOS, with a strict priotiy queue for the VoIP
packets and the "qos pre-classify" feature. Your mileage will vary
depending on the CPU power of the router, the traffic levels, and whether
you're using hardware encryption.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
