Cisco ASA/PIX Modular Policy Framework: Simple QoS for VoIP

Discussion in 'Other Cisco Equipment' started by eric_stewart, Mar 25, 2007.

Thread Status:
Not open for further replies.
  1. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I recently deployed my VoIP adapter into the DMZ on my ASA5505. I wanted to make sure that when inside host (both from the DMZ and the inside) were competing for precious bandwidth on my outside, DSL connection, that the VoIP conversations had priority. One of the new features that was released as part of the 7.x code for the PIX and ASA was the Modular Policy Framework. This framework is used to classify and dispatch traffic to other engines in the ASA such as the IPS (Intrusion Prevention System) module, advanced protocol handling module, etc. As it turns out, this fits in very well with the Qos Primer (part 1 of 2) that I wrote at this link Primer.htm : The VoIP adapter marks all the outbound VoIP traffic with the EF (Expedited Forwarding) Per-Hop Behaviour. This makes it relatively simple to differentiate from other flows. On the ASA, just as is explained in the primer, QoS is a 3-step process:

    1. Classify the Traffic using class maps

    2. Associate the class maps into a policy map, specify actions to take with the classified traffic;

    3. Apply the policy map either globally or on an interface.

    One of the actions to take (see step 2) is to dispatch the classified traffic (classified in step 1) to a high-priority queue on the interface where differentiated actions must be taken on the classified traffic. Here are the steps broken down into "Cisco-ese":

    ! Set up a priority queue on the outside interface
    ! This is a simple, LLQ (low-latency queue). It is not always there (don't know why) but
    ! if it doesn't exist, the QoS solution (ie: action = priority) won't work...
    priority-queue outside
    ! (Step 1) -------------Specify a class map which identifies the VoIP traffic
    ! On my network, the VoIP adapter uses the EF PHB (101110)
    class-map VoIP
    description High Priority = VoIP
    match dscp ef
    ! (Step 2) --------------Assign the class map to a policy map
    ! (remember this doesn't activate the policy)
    ! And, as an action, send it to the LLQ
    policy-map General-Purpose
    class VoIP
    ! (Step 3) -----------------Finally, activate the policy by assigning it to the
    ! outside interface:
    service-policy General-Purpose interface outside
    ! To see whether the policy is "working", issue this command and view the results:
    show service-policy
    Interface outside:
    Service-policy: General-Purpose
    Class-map: VoIP
    Interface outside: aggregate drop 0, aggregate transmit 1256

    Voila! Simple QoS on the ASA5505

    For a "prettier" version of this post (including diagram), please navigate over to:
  2. Toxic

    Toxic Administrator Staff Member

    For all you Vonage users like myself, the Linksys PAP2 under Vonage, uses Ports 5060-5060 and RTP 10000-20000. I have already run a packet capture on my ASA5505 interface with the PAP2. Eric has kindly checked the DSCP values on the PAP2 however they were not constant. therefore a different classifier (match) is needed. Below is the commands for a the ASA5505 when using a PAP2 on Vonage.

    priority-queue outside
    class-map VoIP
    match rtp 10000 10000
    policy-map general-purpose
    class-map VoIP
    service-policy general-purpose outside
    hope this helps.

    thx Eric!
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice