Home page logo
/

nanog logo nanog mailing list archives

RE: VoIP over IPsec
From: "Charles Youse" <cyouse () register com>
Date: Mon, 17 Feb 2003 13:37:58 -0500


Using hardware encryption with the qos pre-classify feature, I imagine that jitter will no longer be an issue - (that 
is, the jitter you mention previously is introduced by the lack of prioritization into the encryption queue).  Or am I 
missing something?

C.

-----Original Message-----
From: Stephen Sprunk [mailto:stephen () sprunk org]
Sent: Monday, February 17, 2003 2:24 AM
To: Charles Youse
Cc: nanog () merit edu
Subject: Re: VoIP over IPsec


Thus spake "Charles Youse" <cyouse () register com>
In order to cut costs in our telecom budget I'm toying with the idea
of replacing a lot of our inter-office leased lines with VPN
connections over the public Internet.  [...]
Assume for the moment that latency and bandwidth are not an issue;
e.g., any two points that will be exchanging voice data will both have
transit from the same provider with an aggressive SLA.

Latency, bandwidth, and packet loss are moot.  Jitter is VoIP's enemy.

Does anyone have any experience running VoIP over such tunnels?
Is there a technical reason why this solution is not feasible?  Are
Cisco routers not happy doing VoIP/IPsec/GRE in concert?

IPsec itself will not cause you problems; there's no theoretical conflict.

Unfortunately, IOS can introduce jitter when encrypting packets.  To
mitigate this, you can apply QOS, with a strict priotiy queue for the VoIP
packets and the "qos pre-classify" feature.  Your mileage will vary
depending on the CPU power of the router, the traffic levels, and whether
you're using hardware encryption.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault