Using hardware encryption with the qos pre-classify feature, I imagine that jitter will no longer be an issue - (that is, the jitter you mention previously is introduced by the lack of prioritization into the encryption queue). Or am I missing something? C. -----Original Message----- From: Stephen Sprunk [mailto:stephen@sprunk.org] Sent: Monday, February 17, 2003 2:24 AM To: Charles Youse Cc: nanog@merit.edu Subject: Re: VoIP over IPsec Thus spake "Charles Youse" <cyouse@register.com>
In order to cut costs in our telecom budget I'm toying with the idea of replacing a lot of our inter-office leased lines with VPN connections over the public Internet. [...] Assume for the moment that latency and bandwidth are not an issue; e.g., any two points that will be exchanging voice data will both have transit from the same provider with an aggressive SLA.
Latency, bandwidth, and packet loss are moot. Jitter is VoIP's enemy.
Does anyone have any experience running VoIP over such tunnels? Is there a technical reason why this solution is not feasible? Are Cisco routers not happy doing VoIP/IPsec/GRE in concert?
IPsec itself will not cause you problems; there's no theoretical conflict. Unfortunately, IOS can introduce jitter when encrypting packets. To mitigate this, you can apply QOS, with a strict priotiy queue for the VoIP packets and the "qos pre-classify" feature. Your mileage will vary depending on the CPU power of the router, the traffic levels, and whether you're using hardware encryption. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking