read subject

Need to be able to give a range of ports or range of ips priority over others on bandwidth (up and/or down). Trying to get our VoIP upstream working better.

what's my cheapest solution here?

3/4/2008 3:36:26 PM

what is your upstream connection? an ethernet connection?

It may be more practical to use a router that meets your QoS requirements and a separate Gigabit switch.

3/4/2008 4:12:09 PM

don't know why i said 10+ ports... already have a 10/100 switch in place that should do fine for now.

upload is only 512kbitsps... which is why i need QoS for the VoIP each upstream call on the VoIP is ~4KBytes/sec and can't let that drop or the call goes to shit.

3/4/2008 4:58:35 PM

Get a router that can handle DD-WRT or Tomato ... your QoS problems are solved.

http://www.dd-wrt.com/wiki/index.php/Supported_Devices

http://www.polarcloud.com/tomatofaq#what_will_this_run_on

[Edited on March 4, 2008 at 5:25 PM. Reason : .]

3/4/2008 5:23:44 PM

dd-wrt is a good choice, so is pfsense on some old p3

3/4/2008 5:54:59 PM

either of those will work

i finally put ddwrt on my router a few days ago and I def recommend it... I've used pfsense a little bit too--both work well. it really is just up to what you have available. if you have an old pc laying around that you want to commit to pfsense, i'd go that route

3/4/2008 6:19:16 PM

i've used pfsense forever, even had m0n0wall back in the day. put ddwrt on a buffalo when i moved and just installed tomato. i think i like tomato better, but if you have the wrap board or the spare pc, pfsense rules all.

3/4/2008 8:36:28 PM

not using dd-wrt in a production environment...

3/4/2008 10:24:54 PM

You can get a cheapish Cisco 2600 series router with 2 ethernet ports to do your QOS.

3/4/2008 10:33:36 PM

^^I honestly don't see a problem using DD-WRT in a small-scale production environment. It's been extremely stable in my experience. But in our defense, you never said you were dealing with a "production environment".

Regardless, ^is correct, pick up a proper piece.

3/4/2008 11:20:16 PM

i'll get a 2611 with dual 10BaseT ports...

so this will do QoS for my purposes just fine eh? never messed with QoS in IOS back in the day, just routing mainly.

[Edited on March 4, 2008 at 11:37 PM. Reason : ]

3/4/2008 11:30:49 PM

yes you should have no problem doing qos on a cisco 2600. i have done it based on dscp

you can see some example configs here:

http://www.voip-info.org/wiki-QoS+Cisco

3/4/2008 11:43:14 PM

i wouldnt really worry about how many ports it has - a production router will generally only have 1 ethernet interface - no switchports

get a switch for that

3/5/2008 12:28:58 AM

^^^

Do your IP phones mark DSCP or IPP? If not, you'll have to match phone traffic based on source IP, which is a little more painful, but it sounds like a fairly small office, so it shouldn't be too big of a deal. The 2600 can definitely handle your QoS needs, provided that you're not running into a bottleneck at the switchport level.

If you're looking for a cheap SMB type switch, check out the Catalyst Express 500 Series. I think they go for a few hundred bucks.. cheaper on ebay.

[Edited on March 5, 2008 at 8:34 AM. Reason : adsf]

3/5/2008 8:33:53 AM

i can get a 2611 with 2 lan for $100 shipped... sounds good 64D/16F

then when we upgrade to a T-1 after we move i can just get the WIC for it.


BobbyDigital: I can assign phones with static IPs... but can I also do QoS based on destination port? i.e. the phones all go to the same outbound port since it's PBX hosted VoIP


[Edited on March 5, 2008 at 9:44 AM. Reason : ]

3/5/2008 9:43:27 AM

yeah, you can do that as well, using LLQ... would probably look something like this:

class-map match-any voip
  match ip rtp X Y <--- where X and Y are your UDP range for the RTP stream
  match access-group 150 <--- prioritize control packets (youll want to define an ACL for that as well)
!
policy-map VoIP
  class voip
    priority 50 <--- amount of bandwith for calls (use bandwidth link)
  class class-default
   fair-queue <--- fair queue all other traffic

3/5/2008 10:13:18 AM

Get a Mac Airport Extreme.

[Edited on March 5, 2008 at 12:35 PM. Reason : d]

3/5/2008 12:34:49 PM

shut the fuck up.

3/5/2008 12:36:08 PM

who is your voip provider

3/5/2008 7:06:26 PM

packet8

they suck, but our office has no cable connection, so our best bet is dsl 512kbps up... or 4x the cost and a t-1 when we're moving this year.

3/5/2008 8:48:25 PM

lol an old boss of mine ran a smaller scale ISP using a bunch of pfsense boxen.

3/5/2008 9:40:09 PM

Quote :

"Firmware: DD-WRT v24 RC-4 (10/10/07) std Time: 21:49:31 up 64 days, 2:09, load average:"

its a RC and its been up and stable for 64 days...not longer because i dont have it on a UPS

you would be fine in a production environment

3/5/2008 9:50:45 PM

I second bobby's qos config.

Just remember that the priority x command is x measured in kbps. You MUST configure this for MORE than the rate of expected voice traffic. So lets say you have 5 phones which would send voice at rates of 50kbps each, so you would need to set 'priority 250'.

If you dont do this, then anything over the rate you configure will be dropped, even if there is extra bandwidth available on the interface.

3/5/2008 10:02:20 PM

pfsense is the end all be all of routing platforms

with the exception of the cisco IOS

3/5/2008 10:28:18 PM

with the exception of JunOS

3/6/2008 12:31:19 PM

Cisco 2611 with 2E shipped for $118. Will post success story next week

3/6/2008 3:21:14 PM

ah shit, i didn't know you hadn't bought one yet.

I have one gathering dust that i bought a while back when i was going to build my own CCIE rack.

3/6/2008 8:53:20 PM

funny how the thread went from

10+ port 10/100/1000 Router

to

2 port 10 Router

3/6/2008 9:39:37 PM

yeah it was mainly if there was a cheap GigE solution... figured $100 and keep 100mbps was fine.

3/6/2008 10:30:53 PM

I am having a problem getting NAT to work... I need computers from the outside to be able to shoot e-mails via port 25 to my exchange server, and allow that server to have http and https open (80 and 443)...

right now I can't seem to get it working...

Current configuration : 1682 bytes
!
! Last configuration change at 18:49:44 EDT Fri Mar 14 2008
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 debugging
enable secret 5 HIDDEN
!
clock timezone PST -5
clock summer-time EDT recurring
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
ip domain name HIDDEN.net
ip name-server 74.x.x.25
!
ip cef
ip dhcp-server 192.168.1.2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 description to DSL
 ip address 74.x.x.26 255.255.255.252
 ip nat outside
 full-duplex
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
!
interface Ethernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 full-duplex
 no cdp enable
!
ip default-gateway 74.x.x.25
ip nat pool Server 74.x.x.26 74.x.x.26 netmask 255.255.255.252
ip nat inside source list 1 pool Server overload
ip nat inside source static tcp 192.168.1.2 25 74.x.x.26 25 extendable
ip nat inside source static tcp 192.168.1.2 80 74.x.x.26 80 extendable
ip nat inside source static tcp 192.168.1.2 443 74.x.x.26 443 extendable
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 74.x.x.25
!
!
access-list 1 permit any
access-list 2 permit any
!
!
!
!
!
alias exec s sh run
!
line con 0
 password 7 HIDDEN
 logging synchronous
 login
line aux 0
 password 7 HIDDEN
 logging synchronous
 login
line vty 0 4
 password 7 HIDDEN
 logging synchronous
 login
!
ntp clock-period 17208135
ntp server 132.163.4.101
!
end

3/14/2008 5:54:03 PM

also, i'm noticing that the internet is going EXTREMELY SLOW compared to using the windows server 2003 as the router...

can anyone verify my config is okay?

3/14/2008 6:22:26 PM

paging BobbyDigital

3/14/2008 7:55:08 PM

got NAT working it seems after a couple of tweaks.

now to test out the QoS for VoIP



one weird thing i've noticed... if i point my computers to the router (192.168.1.1) as the DNS server, it doesn't work...

[Edited on March 14, 2008 at 8:42 PM. Reason : ]

3/14/2008 8:42:17 PM

^ it SHOULDNT work. its a router, not a dns server.

3/15/2008 12:32:51 PM

yup.

looks like you should point the DNS server to 74.x.x.25

based on:

ip name-server 74.x.x.25

3/15/2008 1:28:37 PM

god damn that's why I never bothered to learn IOS

3 pages of configuration for a NAT gateway

3/15/2008 2:21:16 PM

i figured it would forward dns queries from 192.168.1.1 (router) to the name-server in its config.


it's weird how after 4 years from working with routers 8 months straight... i go to the terminal for the first time and instantly type sh ip int b

[Edited on March 15, 2008 at 4:12 PM. Reason : ]

3/15/2008 4:08:26 PM

^^ umm... the actual NAT config is only 7 lines worth.

3/15/2008 5:26:19 PM

added 2 lines for pptp and rdp

3/15/2008 10:18:29 PM

You got the VOIP qos working yet?

You may need to create a hierarchical policy on this thing:

policy-map PARENT
class class-default
shape average 512000 (whatever your dsl rate is)
service-policy VOIP

int e0/0
service-policy output PARENT

The idea behind this is that you currently have an upstream bottleneck of your dsl device.
This puts the bottleneck on your router, where you can control what gets prioritized and what doesn't.

3/16/2008 2:19:44 PM

so that would be in addition to what Bobby posted?

i haven't tested the QoS yet. i want to make sure tomorrow goes well with employees before i try the QoS.

3/16/2008 6:44:05 PM

^^^^ I think my post made it pretty obvious I neither speak IOS nor care to.

3/16/2008 9:34:50 PM

OK I NEED SOME SERIOUS HELP!

We are only able to download at like 20K/sec on an 8mbps down connection with the new router. People are starting to riot

ANY help is much appreciated. ALL computers have been rebooted and set to DHCP. They all have the proper IPs, Gateway, DNS, WINS, etc.

Mar 17 13:31:01.003: %SYS-5-CONFIG_I: Configured from console by console
CISCO#sh run
Building configuration...

Current configuration : 2315 bytes
!
! Last configuration change at 09:31:01 EDT Mon Mar 17 2008
! NVRAM config last updated at 22:15:56 EDT Sun Mar 16 2008
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 debugging
enable secret 5 BLAH
!
clock timezone PST -5
clock summer-time EDT recurring
no aaa new-model
ip subnet-zero
!
!
ip name-server 74.x.x.25
ip name-server 205.152.37.23
ip name-server 205.152.132.23
!
ip cef
ip dhcp-server 192.168.1.2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
class-map match-any voip
  match ip rtp 51044 0
  match access-group 2
!
!
policy-map VOIP
  class voip
   priority 36
  class class-default
   fair-queue
policy-map PARENT
  class class-default
   shape average 512000
   service-policy VOIP
!
!
!
!
interface Ethernet0/0
 description to DSL
 ip address 74.x.x.26 255.255.255.252
 ip nat outside
 full-duplex
 no cdp enable
! -> DISABLED THE service-policy output PARENT
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
!
interface Ethernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 full-duplex
 no cdp enable
!
ip default-gateway 74.x.x.25
ip nat pool Server 74.x.x.26 74.x.x.26 netmask 255.255.255.252
ip nat inside source list 1 pool Server overload
ip nat inside source static tcp 192.168.1.2 25 74.x.x.26 25 extendable
ip nat inside source static tcp 192.168.1.2 80 74.x.x.26 80 extendable
ip nat inside source static tcp 192.168.1.2 443 74.x.x.26 443 extendable
ip nat inside source static tcp 192.168.1.2 3389 74.x.x.26 3389 extendable
ip nat inside source static tcp 192.168.1.2 1723 74.x.x.26 1723 extendable
ip nat inside source static tcp 192.168.1.2 4125 74.x.x.26 4125 extendable
ip nat inside source static tcp 192.168.1.2 11091 74.x.x.26 11091 extendable
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 74.x.x.25
!
!
access-list 1 permit any
access-list 2 permit any
!
!
!
!
!
alias exec s sh run
!
line con 0
 password 7 BLAH
 logging synchronous
 login
line aux 0
 password 7 BLAH
 logging synchronous
 login
line vty 0 4
 password 7 BLAH
 logging synchronous
 login
!
ntp clock-period 17208361
ntp server 132.163.4.101
!
end

3/17/2008 8:39:09 AM

Sounds like what happened when I tried to put in a Linksys RV016 router to handle our internet.. linksys FINALLY (a year later) released firmware that fixed the problem but I went through 3 routers and all of them would cause intermittent internet connectivity about every 30 seconds--making it damn near impossible to get anything downloaded and being slow as shit when it did decide to work..

Ah well, shit's fixed now

Oh, good luck

3/17/2008 8:44:36 AM

i took out the class-map and 2 policy-maps also (even though not attached to an int) and it's still slow as shit...


put half-duplex on E0/0 E0/1 and it is 100x faster now... was having collisions and shit with full-duplex!

[Edited on March 17, 2008 at 8:56 AM. Reason : ]

3/17/2008 8:44:39 AM

if you were having collisions with full-duplex, the only way that could happen is if you had a duplex mismatch, and the other end of E0 was at half duplex, while E0 was full duplex.

or some weird hardware issue.

3/17/2008 10:41:35 AM

IOS bug maybe?

3/17/2008 10:42:54 AM

Even with half-duplex I am getting collisions on e0/0 at 1.5% and e0/1 at 3%.

that is ridiculous.

e0/0 is plugged into a dsl modem so full duplex should be fine.
e0/1 is plugged into a 10/100mbps 24 port switch so full duplex should be fine.


half-duplex still DID make a difference, i just don't know why.



I still haven't upgrade the IOS on this puppy, so maybe i should try an upgrade?

3/17/2008 1:30:03 PM

seems as though the switch (which isn't owned by us and is in a server closet outside of our office even though we only use it) is 100baseTX / 10baseT and may not support full-duplex 10mbps?

may be time for an upgrade on the switch to support full duplex.

3/17/2008 1:50:56 PM

AFAIK 10mbs is only half duplex, could very well be wrong tho.

3/17/2008 1:56:10 PM