Re: VoIP over IPsec

["Stephen Sprunk" <stephen () sprunk org>]

Thus spake "Charles Youse" <cyouse () register com>
> In order to cut costs in our telecom budget I'm toying with the idea
> of replacing a lot of our inter-office leased lines with VPN
> connections over the public Internet.  [...]
> Assume for the moment that latency and bandwidth are not an issue;
> e.g., any two points that will be exchanging voice data will both have
> transit from the same provider with an aggressive SLA.

Latency, bandwidth, and packet loss are moot.  Jitter is VoIP's enemy.

> Does anyone have any experience running VoIP over such tunnels?
> Is there a technical reason why this solution is not feasible?  Are
> Cisco routers not happy doing VoIP/IPsec/GRE in concert?

IPsec itself will not cause you problems; there's no theoretical conflict.

Unfortunately, IOS can introduce jitter when encrypting packets.  To
mitigate this, you can apply QOS, with a strict priotiy queue for the VoIP
packets and the "qos pre-classify" feature.  Your mileage will vary
depending on the CPU power of the router, the traffic levels, and whether
you're using hardware encryption.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking