Prioritize VOIP Over Everything Else
-
If you run through the shaping wizard there is a voip section.
-
Hi,
I would like to implement traffic shaping to do one thing and one thing only, prioritize VOIP traffic over everything else. Is there an easy way to just tell it to process VOIP packets first? This is my first time using qos/traffic shaping so I'm sorry if I am being vague. I'm just not sure where to start.
Thanks!
If you are using the HSFC traffic shaping wizard, the first section will be VOIP. This is meant for VOIP machines that has a unique IP, because the default rules added does not actually specify port. Anything going to and from that IP will get the highest priority. So make sure you know your VOIP phone IP.
If you are using a software on the computer, find out what port it runs on. Add rules in the firewall to send traffic with those ports into the qVOIP queue because it has the highest priority. The wizard would've already put in some floating rules for you, so you can just clone it and modify the ports and protocol.
-
That is true, but I tweaked the resulting floating rules to incorporate my phone and not a single device. :P
-
Thanks for the replies. Let me clarify my setup a little bit. I am using two pfsense boxes with an IPSEC site to site VPN. I have an Avaya IP office phone system on one end, and five Avaya IP phones on the other end. The IP phones connect to the phone system box over the VPN. Does the traffic shaper wizard still work for this setup?
Thanks!
-
Ok. Here is what I have done so far:
-Went through the wizard on each end.
-I told it to prioritize voip (I left the provider on generic and the address blank)
-I was told by our phone tech that the phones would use a maximum of 128 kbps on a call, so I multiplied that by our 5 ip phones and set the upload and download to 640 kbps.
-The only other setting I changed in the wizard was to give IPSEC tunnels higher prioritization.
-I then created a layer 7 container that sends H323 protocol data (which is what I was told our phones use) to the qVoIP queue.So my questions are:
-Will this setup work for me (see previous post for how our network is setup)?
-Is the layer 7 container necessary?Thanks!
-
There is a queue monitor. If you make a phone call and you don't see traffic in there, then it is probably not working. Given your setup though, you need to prioritize IPSEC traffic just as high as VOIP since the voip setup is dependent on it. JMO.
-
There is a queue monitor. If you make a phone call and you don't see traffic in there, then it is probably not working. Given your setup though, you need to prioritize IPSEC traffic just as high as VOIP since the voip setup is dependent on it. JMO.
Right now, IPSEC traffic is supposed to be going to the qOthersHigh queue (the wizard set that up). However, I hardly ever see any traffic going through it on the queue status page. I opened up the traffic graph for IPSEC and confirmed that there IS traffic going over the VPN, but it doesn't seem to be going through the queue it is set to. I haven't changed the settings except giving IPSEC higher priority through the wizard, is there any additional configuration (create some additional rules?) that needs to be done to prioritize site to site IPSEC traffic?
-
I have come across a post on this forum recommending that the IP addresses of the IP phones could be used to prioritize the traffic. I have looked through the setup pages and help documentation, but I cannot seem to figure out how to prioritize by IP address. Any suggestions?
Thanks!
-
In the floating rules there is a source and a destination. Just specify the IP range of the phone as the source for outgoing connections and the destination for inbound queue.
-
In the floating rules there is a source and a destination. Just specify the IP range of the phone as the source for outgoing connections and the destination for inbound queue.
That would work for one phone, but how would I do this with five IP phones?
Thanks!
-
In the floating rules there is a source and a destination. Just specify the IP range of the phone as the source for outgoing connections and the destination for inbound queue.
That would work for one phone, but how would I do this with five IP phones?
Thanks!
Create an Alias, and input the IPs of the phones inside the Alias.
In the floating rule, specify the alias instead of IP. -
I created a subnet just for phones off another interface and used VLANs to separate phone from all other traffic. Before that, I used a subnet for the rule, like 10.0.0.184/29. That covers the range from 184-191 which is more that enough for my phones. The phone where handed out a reserved IP within this range by DHCP.
-
Thanks for the replies. Let me clarify my setup a little bit. I am using two pfsense boxes with an IPSEC site to site VPN. I have an Avaya IP office phone system on one end, and five Avaya IP phones on the other end. The IP phones connect to the phone system box over the VPN. Does the traffic shaper wizard still work for this setup?
iirc pfsense can't shape traffic inside an IPsec tunnel, at least not "directly" – you'd need to shape the ESP packets on WAN if (search forum for previous posts on the subject).
-
@kyu:
In the floating rules there is a source and a destination. Just specify the IP range of the phone as the source for outgoing connections and the destination for inbound queue.
That would work for one phone, but how would I do this with five IP phones?
Thanks!
Create an Alias, and input the IPs of the phones inside the Alias.
In the floating rule, specify the alias instead of IP.kyu, thanks for the tip on the Alias!
So I made an alias, and put that in for the VOIP adapter in the traffic shaping wizard. I have been monitoring my queues though, and it doesn't seem to be doing much. If I monitor my queues on the pfsense box on the side with our phone system, I see around 50 kb/s per call in the qVoIP on WAN queue. But at the same time, on the pfsense box on the side with the 5 IP phones, I am only seeing around 900 b/s per call. The only difference in configuration is that I used the IP address of our phone system for the VOIP adapter in the wizard on the side with the phone system, and an alias with the IP addresses of the 5 IP phones on the side with the IP phones. Any ideas?
Thanks!