[55923] in North American Network Operators' Group
RE: VoIP over IPsec
daemon@ATHENA.MIT.EDU (Charles Youse)
Mon Feb 17 13:38:20 2003
Date: Mon, 17 Feb 2003 13:37:58 -0500
From: "Charles Youse" <cyouse@register.com>
To: "Stephen Sprunk" <stephen@sprunk.org>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Using hardware encryption with the qos pre-classify feature, I imagine =
that jitter will no longer be an issue - (that is, the jitter you =
mention previously is introduced by the lack of prioritization into the =
encryption queue). Or am I missing something?
C.
-----Original Message-----
From: Stephen Sprunk [mailto:stephen@sprunk.org]
Sent: Monday, February 17, 2003 2:24 AM
To: Charles Youse
Cc: nanog@merit.edu
Subject: Re: VoIP over IPsec
Thus spake "Charles Youse" <cyouse@register.com>
> In order to cut costs in our telecom budget I'm toying with the idea
> of replacing a lot of our inter-office leased lines with VPN
> connections over the public Internet. [...]
> Assume for the moment that latency and bandwidth are not an issue;
> e.g., any two points that will be exchanging voice data will both have
> transit from the same provider with an aggressive SLA.
Latency, bandwidth, and packet loss are moot. Jitter is VoIP's enemy.
> Does anyone have any experience running VoIP over such tunnels?
> Is there a technical reason why this solution is not feasible? Are
> Cisco routers not happy doing VoIP/IPsec/GRE in concert?
IPsec itself will not cause you problems; there's no theoretical =
conflict.
Unfortunately, IOS can introduce jitter when encrypting packets. To
mitigate this, you can apply QOS, with a strict priotiy queue for the =
VoIP
packets and the "qos pre-classify" feature. Your mileage will vary
depending on the CPU power of the router, the traffic levels, and =
whether
you're using hardware encryption.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
