Cisco: Mark voice packets at the network edge

You know how Cisco always advise to mark the packet as close to the your network edge as you can? Even more you can find a lot of example where Cisco show how to trust the packets directly on the access switch, but not all the time you can do this.

First because not everybody has devices that mark correct packets (like Cisco IP Phones) but we still have to deal somehow with packet marking as maybe your provider treat packets different on their backbone based on their marking.

In this idea what I’m taking care the most are the voice packets as usually this has to be prioritized on the network. Let’s face it, if you have a TCP connection and some FTP packet are retransmitted you don’t notice this too much, but if you have delay on your phone conversation with your boss, that it’s not so good.

Please have a look at the topology below:

In this scenario we have a Voice server and some IP Phones (I know they look like Cisco IP phone, but pretend they are not) connected to the access switch. Let’s assume that  we cannot trust marking on this packets as they arrive from this devices.

Here we run into one of the two issues. First if we trust the marking on the access port, than we don’t know what we are stuck with. If we don’t trust them, then the packets header DiffServ (TOS) bits are rewrite with a value of zero making no difference between voice packets and regular ones.

My solution is the following. I’m not saying that’s the only solution or the best, but it’s working:

On the access switch:

1. enable globally:

mls qos

2. configure and access-list that match the voice packet; this is a very general list:

access-list 101 permit udp any any range 16384 32767
access-list 101 permit udp any range 16384 32767 any
access-list 101 permit udp any any range 5060 5061
access-list 101 permit udp any range 5060 5061 any

3. match the access-list in a class-map

class-map match-all VOIP
match access-group 101

4.configure a policy-map with the class-map above and set the DSCP value to EF (decimal 46) or COS or whatever you need

policy-map ASTERISK
class VOIP
set dscp ef

5.on the access port configure the service-policy direction inbound

int x/y
service-policy input ASTERISK

6.on all trunks from your access switch to your first Layer 3 device trust this DSCP  value (or what you have set, as now we are sure what values we set) with:

mls qos trust dscp

Let me know if it’s working!

Cisco Borderless Network – Phase 2

Everywhere where I turn my look in the last days I hear about the quick coming of Phase 2 of Cisco Borderless Network. If you are interested, you can register for the event on Cisco website .

I tried to search some documentation to understand what is Cisco Borderless Network and which is the big difference from Unified Communication , but all I could find is mostly marketing related documents which promise the next network miracle, everything interconnected, controlled and monitored from distance.

Then I turn myself to the Cisco blogging community to see what’s there, but also it seems that the things are not so clear there as well. Everybody know about the 5 phases of the new Cisco service:

  • Phase 1: Borderless Network Services – Delivering innovations IN and ON the network that optimize network availability, performance, and security.
  • Phase 2: Borderless User Services – Embedding key services spanning mobility, security, and application performance across all elements of the network.
  • Phase 3: Borderless Policy – Implementing a unified policy framework for managing security, identity, and access to the network and network resources.
  • Phase 4: Borderless Integration Framework – Bringing end-to-end network-to-endpoint intelligence through open, extensible interfaces into the network.
  • Phase 5: Borderless Experience – Converging services and systems to provide a superior customer and employee experience regardless of location, device, or application.

but I which also look more like a marketing ad, than network related topics. On phase 1, I was lucky enough and I could find some direction on technical blog of Ivan Pepelnjak, and in this phase it seems that everything was about the new ISR G2 release. Ivan have some objective observation about the Phase 1 of Cisco Borderless Network:

  • All the embedded “WAN” ports are Gigabit Ethernet uplinks. Good.
  • They claim up to 5-times higher performance than the previous routers. Average. The ISR series was launched in 2004 and Moore’s law predicts 5.8-times increase.
  • Lots of the old interface modules are supported. Amazing; I’m just hoping it doesn’t hurt the performance.
  • They’ve replaced the old half-hearted attempts to include an x86 generic application platform within a router with the Service Ready Engine (another great marketing invention … sounds so much better than a Linux blade) modules, having up to 4GB of RAM and 1TB of hard disk. I don’t want to know how the people who bought the old AXP platform feel reading these specs.
Now going back to the Phase 2, Jim Duffy on NetworkWorld.com Cisco subnet is presuming that this will include :
  • innovations in Cisco’s switching portfolio and how they are relevant to the company’s business
  • service-enabling solutions for video, energy management and trusted access
  • a competitive switching offer for the price-sensitive market segment
  • enhanced support and services

but still there is enough fog around the subject. I think I will register for the Phase 2 European event, on March 18 maybe I will get some more clues about Cisco Borderless Network.

Skipping all this marketing and technical stuff, I’m wondering if the world is really prepared for this. And when I’m saying world I mean networks. I really don’t know what to say. I mean I know it’s cool and maybe positive from financial perspective to turn off light in some remote location, but how your network will support this. If you turn your look around you’ll see that network engineers have more stressing problems with day by day operation like VoIP services, slow data transfer between data centers and LAN security, just to name a couple of my problems.

Another problem is the word of the day: costs. How much it will cost to implement all of this and will companies be interested in implementing such a solution? I know that from marketing perspective everything looks great, because that’s their job, to make it look great, but network engineers might have a different opinion.

If you have some news or thoughts in regard to this topic, please use with trust the comment form.