nanog mailing list archives
Re: VoIP over IPsec
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Mon, 17 Feb 2003 01:24:27 -0600
Thus spake "Charles Youse" <cyouse () register com>
In order to cut costs in our telecom budget I'm toying with the idea of replacing a lot of our inter-office leased lines with VPN connections over the public Internet. [...] Assume for the moment that latency and bandwidth are not an issue; e.g., any two points that will be exchanging voice data will both have transit from the same provider with an aggressive SLA.
Latency, bandwidth, and packet loss are moot. Jitter is VoIP's enemy.
Does anyone have any experience running VoIP over such tunnels? Is there a technical reason why this solution is not feasible? Are Cisco routers not happy doing VoIP/IPsec/GRE in concert?
IPsec itself will not cause you problems; there's no theoretical conflict. Unfortunately, IOS can introduce jitter when encrypting packets. To mitigate this, you can apply QOS, with a strict priotiy queue for the VoIP packets and the "qos pre-classify" feature. Your mileage will vary depending on the CPU power of the router, the traffic levels, and whether you're using hardware encryption. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
Current thread:
- VoIP over IPsec Charles Youse (Feb 16)
- Re: VoIP over IPsec Petri Helenius (Feb 16)
- Re: VoIP over IPsec Jared Mauch (Feb 17)
- Re: VoIP over IPsec Stephen Sprunk (Feb 16)
- Re: VoIP over IPsec Steven M. Bellovin (Feb 17)
- Re: VoIP over IPsec Charlie Clemmer (Feb 17)
- Re: VoIP over IPsec Stephen Sprunk (Feb 17)
- Re: VoIP over IPsec Steve Feldman (Feb 17)
- Re: VoIP over IPsec Iljitsch van Beijnum (Feb 17)
- Re: VoIP over IPsec Petri Helenius (Feb 17)
- Re: VoIP over IPsec Iljitsch van Beijnum (Feb 18)
- RE: VoIP over IPsec David Luyer (Feb 18)
- RE: VoIP over IPsec Vadim Antonov (Feb 18)
- Re: VoIP over IPsec Stephen Sprunk (Feb 18)
- Re: VoIP over IPsec Iljitsch van Beijnum (Feb 17)
- Re: VoIP over IPsec Petri Helenius (Feb 16)