Re: [Asterisk-Users] QOS / Cisco / Asterisk
Sorry for the late, late reply, but I don't follow the -users list closely. On Tue, 2005-01-04 at 10:43 -0600, [EMAIL PROTECTED] wrote: What's wrong with doing it by port? If it is possible that something else out there may use the same TOS flags as Asterisk, by prioritizing port 4569 (IAX2 protocol) you know for sure that the only packets in that queue are VoIP traffic. Also, what about your incoming traffic? Are the TOS flags correct there? I'm not saying that TOS is bad, just that as you've seen, it can get changed along the way. I'm using port number to separate traffic and it is working great. Well, in a sense, we are both correct. You are looking at the problem from the perspective of an edge router. At the edge of your network, you can't trust the incoming QOS markings, so you need to use an ACL of some sort to differentiate priority traffic from non-priority traffic. However, inside the network, when you can (mostly) trust that packets have been generated with the correct QOS markings by the orginating device, internal routers/switches can use the QOS marking (be it the TOS, DiffServ markings, 802.1p priorities, etc.) to prioritize traffic. I'd be willing to bet that switches (and maybe even some routers) can prioritize based upon QOS markings more efficiently that they can run packets through ACLs. This is especially needed where traffic volumes are large. So, inside your network you need to examine the configuration of pretty much every device to make sure that they don't mess with the QOS markings where they aren't supposed to. Jeff signature.asc Description: This is a digitally signed message part ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] QOS / Cisco / Asterisk
Title: Message Yes yes, we've been through all that actually :-) We did find out it was one of the 3550's reseting the TOS. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 04, 2005 2:40 PMTo: asterisk-users@lists.digium.comSubject: RE: [Asterisk-Users] QOS / Cisco / Asterisksnip What's wrong with doing it by port? We're actually using SIP to terminate calls, going by rtp.conf the portscould range several thousand ports. What we're going for is onlyhonoring TOS for that particular customer, luckily these are T1customers hosted on our routers. They understand that their firewallscannot pass TOS, if they do (ie: we packet sniff and see this) thenthey're on their own.In a nutshell we wanted to avoid using hardcoded ports, what if say agame server was in that port range (and used udp lol), you would berather screwed. /snip Ahh OK. Well, how about configuring a laptop with ethereal (http://www.ethereal.com/) and capturing the packets you have in mind? It even runs on Windows. :p It's pretty easy to specify a particular destination or so, for limiting which traffic you sniff. You could use an old hub and start plugging the laptop in between routers using the hub so it can capture the packets. Should be fairly quick to isolate which router is modifying the TOS value. Just an idea... of course you have to have physical access to the network... HTH, -Ron ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] QOS / Cisco / Asterisk
Yes yes, your right. I forget these switches are smart!!! ;-) -Original Message- From: Julio Arruda [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 4:41 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] QOS / Cisco / Asterisk Matt Schulte wrote: We're trying to PQ (Priority Queue) packets on a Cisco using ACL's. What we're trying to avoid is hardcoding the IP address in the ACL. We were trying to match by TOS set by Asterisk however it seems we've run into a snag where the packet TOS tends to get reset somewhere on our network. Has anyone had this issue? We're running Cisco everywhere inbetween (even the switches). Is there an alternative way to match these? We've thought of by port but that's kind of ad-hoc IMHO. I know some LAN switching devices, in a default QoS configuration, would treat ports as diffserv untrusted ports, or access ports, meaning, the DSCP (a reuse of the TOS also) in packets inbound at that port are not to be trusted. Have you looked at your switches documentation ? Asterisk1 -- 3560 -- 2600 -- (T1) -- 7500 -- 2900 -- 3550 -- Asterisk2 Sniff: (note the dumps between the 2 machines are diff times however they show the same occurance) Asterisk1: 1.1.1.1 09:09:10.019191 IP (tos 0x10, ttl 64, id 58, offset 0, flags [DF], proto 17, length: 60) 1.1.1.1.12056 1.1.1.2.19726: [no cksum] UDP, length 32 09:09:10.030146 IP (tos 0x0, ttl 62, id 63, offset 0, flags [DF], proto 17, length: 60) 1.1.1.2.19726 1.1.1.1.12056: [no cksum] UDP, length 32 Asterisk2: Dump on 206.80.70.55 09:34:34.418386 IP (tos 0x0, ttl 62, id 261, offset 0, flags [DF], proto 17, length: 60) 1.1.1.1.14796 1.1.1.2.18996: [no cksum] UDP, length 32 09:34:34.422974 IP (tos 0x10, ttl 64, id 273, offset 0, flags [DF], proto 17, length: 60) 1.1.1.2.18996 1.1.1.1.14796: [no cksum] UDP, length 32 ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] QOS / Cisco / Asterisk
On Mon, 2005-01-03 at 13:53 -0600, Matt Schulte wrote: We're trying to PQ (Priority Queue) packets on a Cisco using ACL's. What we're trying to avoid is hardcoding the IP address in the ACL. We were trying to match by TOS set by Asterisk however it seems we've run into a snag where the packet TOS tends to get reset somewhere on our network. Has anyone had this issue? We're running Cisco everywhere inbetween (even the switches). Is there an alternative way to match these? We've thought of by port but that's kind of ad-hoc IMHO. If the TOS is getting reset somewhere out there you need to go through all of your switches and make sure that none of them are messing with the TOS. Unfortunately doing QOS on Cisco switches is a black art as the necessary commands depend on the hardware and the IOS version (or CatOS version if you are unlucky). Check the documentation for your switches for the mls qos trust command. Cisco routers, on the other hand, don't mess with IP TOS/DSCP labels unless you specifically ask them to. Jeff signature.asc Description: This is a digitally signed message part ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] QOS / Cisco / Asterisk
snip We're trying to PQ (Priority Queue) packets on a Cisco using ACL's. What we're trying to avoid is hardcoding the IP address in the ACL. We were trying to match by TOS set by Asterisk however it seems we've run into a snag where the packet TOS tends to get reset somewhere on our network. Has anyone had this issue? We're running Cisco everywhere inbetween (even the switches). Is there an alternative way to match these? We've thought of by port but that's kind of ad-hoc IMHO. If the TOS is getting reset somewhere out there you need to go through all of your switches and make sure that none of them are messing with the TOS. Unfortunately doing QOS on Cisco switches is a black art as the necessary commands depend on the hardware and the IOS version (or CatOS version if you are unlucky). Check the documentation for your switches for the mls qos trust command. Cisco routers, on the other hand, don't mess with IP TOS/DSCP labels unless you specifically ask them to. /snip What's wrong with doing it by port? If it is possible that something else out there may use the same TOS flags as Asterisk, by prioritizing port 4569 (IAX2 protocol) you know for sure that the only packets in that queue are VoIP traffic. Also, what about your incoming traffic? Are the TOS flags correct there? I'm not saying that TOS is bad, just that as you've seen, it can get changed along the way. I'm using port number to separate traffic and it is working great. -Ron___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] QOS / Cisco / Asterisk
What's wrong with doing it by port? We're actually using SIP to terminate calls, going by rtp.conf the ports could range several thousand ports. What we're going for is only honoring TOS for that particular customer, luckily these are T1 customers hosted on our routers. They understand that their firewalls cannot pass TOS, if they do (ie: we packet sniff and see this) then they're on their own. In a nutshell we wanted to avoid using hardcoded ports, what if say a game server was in that port range (and used udp lol), you would be rather screwed. same TOS flags as Asterisk, by prioritizing port 4569 (IAX2 protocol) you know for sure that the only packets in that queue are VoIP traffic. Also, what about your incoming traffic? Are the TOS flags correct there? I'm not saying that TOS is bad, just that as you've seen, it can get changed along the way. I'm using port number to separate traffic and it is working great. -Ron ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] QOS / Cisco / Asterisk
snip What's wrong with doing it by port? We're actually using SIP to terminate calls, going by rtp.conf the ports could range several thousand ports. What we're going for is only honoring TOS for that particular customer, luckily these are T1 customers hosted on our routers. They understand that their firewalls cannot pass TOS, if they do (ie: we packet sniff and see this) then they're on their own. In a nutshell we wanted to avoid using hardcoded ports, what if say a game server was in that port range (and used udp lol), you would be rather screwed. /snip Ahh OK. Well, how about configuring a laptop with ethereal (http://www.ethereal.com/) and capturing the packets you have in mind? It even runs on Windows. :p It's pretty easy to specify a particular destination or so, for limiting which traffic you sniff. You could use an old hub and start plugging the laptop in between routers using the hub so it can capture the packets. Should be fairly quick to isolate which router is modifying the TOS value. Just an idea... of course you have to have physical access to the network... HTH, -Ron ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] QOS / Cisco / Asterisk
Matt Schulte wrote: We're trying to PQ (Priority Queue) packets on a Cisco using ACL's. What we're trying to avoid is hardcoding the IP address in the ACL. We were trying to match by TOS set by Asterisk however it seems we've run into a snag where the packet TOS tends to get reset somewhere on our network. Has anyone had this issue? We're running Cisco everywhere inbetween (even the switches). Is there an alternative way to match these? We've thought of by port but that's kind of ad-hoc IMHO. I know some LAN switching devices, in a default QoS configuration, would treat ports as diffserv untrusted ports, or access ports, meaning, the DSCP (a reuse of the TOS also) in packets inbound at that port are not to be trusted. Have you looked at your switches documentation ? Asterisk1 -- 3560 -- 2600 -- (T1) -- 7500 -- 2900 -- 3550 -- Asterisk2 Sniff: (note the dumps between the 2 machines are diff times however they show the same occurance) Asterisk1: 1.1.1.1 09:09:10.019191 IP (tos 0x10, ttl 64, id 58, offset 0, flags [DF], proto 17, length: 60) 1.1.1.1.12056 1.1.1.2.19726: [no cksum] UDP, length 32 09:09:10.030146 IP (tos 0x0, ttl 62, id 63, offset 0, flags [DF], proto 17, length: 60) 1.1.1.2.19726 1.1.1.1.12056: [no cksum] UDP, length 32 Asterisk2: Dump on 206.80.70.55 09:34:34.418386 IP (tos 0x0, ttl 62, id 261, offset 0, flags [DF], proto 17, length: 60) 1.1.1.1.14796 1.1.1.2.18996: [no cksum] UDP, length 32 09:34:34.422974 IP (tos 0x10, ttl 64, id 273, offset 0, flags [DF], proto 17, length: 60) 1.1.1.2.18996 1.1.1.1.14796: [no cksum] UDP, length 32 ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users