QOS for ShoreTel VoIP Deployments!
March 23rd, 2010
Setting up QOS on your routers to support ShoreTel VoIP across a WAN connection requires that you employ some creativity in your configuration.   Think of Class Marking as a way of “coloring” packets so that the routers no how to treat the packets when there is any kind of congestion.   We want voice packets to have a priority over data packets, so we color them and tell the carrier or WAN router which color is voice.   Generally, QOS strategies employ the use of Differential Service Control Points or DSCP values. These values are established by convention and can be generally summarize as IP Precedence Level 5 (101xx000 = DSCP bits) or DSCP Values of 160-184 to representing  “Express Forwarding” with a decimal value of 41.   The TOS byte in the IP header allocates the high order 6 bits to the DSCP value,  making Express Forwarding or EF equal to decimal 41 or 10111000 binary. Most carriers will comply with this class marking and will put IP packets marked with this value in the Low Latency or “go fast”  queue.  (See note below). In the ShoreWare Director Portal you will find a link under Call Control to “options”.  On this page, you will find a box for DiffServ/ToS Byte (0-255).  This is where you will set your DSCP value, generally 184.   This will mark all voice packets originating from ShoreTel Voice Switches and IP phones.   A QOS configuration generally consists of three elements;  The Class Map, the Policy Map and the Service Map.  The Class Map tells us what it is we are looking for.   The Policy Map tells us what do when we find what we are looking for and the Service Map applies this information to the proper interface, generally the WAN side of your router. Here is an example of a simple QOS configuration: class-map match-any VoIP match ip dscp ef policy-map QoS class VoIP set ip dscp ef priority percent 50 Basically, we are telling the router to look for incoming IP packets that have a DSCP value equal to Express Forwarding.   When we see these values we are going to know they are VoIP packets  and move them to our LLC where we have reserved 50% of the available bandwidth for use by the voice application.   It is important to note that queues in routers only take effect when we have contention for bandwidth.  The QOS statements help the router make decisions as to what queue gets serviced first.   Understand that, should queues fill up, the router will start “tail drop” and throw out packets no matter what the class mark!   This is a key issue, as the queue is for outbound processing.  What happens if some idiot is down loading Avatar from NetFlixs?  The incoming data flow could drown out any attempt to service outbound queue handling. Lets look at modifiying our ShoreTel QOS strategy to provide for some additional configuration options.  One option is to set up an Access-List to capture information that might not be generated by a ShoreTel switch or IP phone.  ShoreTel uses a specific set of TCP/DUP ports that we can easily identify.  You also know the IP address of your ShoreTel server.  Why not set up an access list to look for traffic originating from the ShoreTel server or traffic originating or terminating on specific ports?  Here is an example, created by Brain Krail,  of a configuration that establishes the access list and also sets up several classes of service for voice, mission critical data and best efforts data: access-list 197 remark "All SHoreTel" access-list 197 permit ip any any dscp ef access-list 197 permit udp any any eq 2427 access-list 197 permit udp any any eq 2727 access-list 197 permit udp any any eq 5004 access-list 197 permit udp any any range 5440 5446 access-list 197 permit udp any any eq 5060 access-list 197 permit tcp any any eq 5060 access-list 197 permit udp any any eq 111 ! access-list 198 remark Mission Critical access-list 198 permit tcp any any eq ftp access-list 198 permit tcp any any eq telnet access-list 198 permit tcp any any eq smtp access-list 198 permit tcp any any eq 3389 access-list 198 permit udp any any eq 3389 ! access-list 198 remark VPN Traffic access-list 198 permit esp any any class-map match-any VoIP match access-group 197 match ip dscp ef class-map match-any mission match access-group 198 ! policy-map QoS class VoIP set ip dscp ef priority percent 50 class mission set ip dscp af41 bandwidth percent 30 class class-default set ip dscp default fair-queue random-detect int ser 0/1/0 max-reserved-bandwidth 100 service-policy output QoS ! In this configuration we use our Class Map to look for packets that match our Access-List.  Clearly, we are scanning for matches and based on the match, we classify the traffic as voice or mission critical.  The Policy map then assigns the proper value or class marking based on the Class Map matches.   The Service-Policy at the end applies the Policy to the Serial Interface on this router, most likely going off to the Carrier.  Your previously co-ordinate  agreement with the carrier will result in them treating the packets as marketed an handling them accordingly.  We find that QOS configurations that use Access-Lists to further search out traffic and host IP addresses that generate voice media streams, do a much better job than those that rely solely on the DSCP mark setup in the ShoreTel Director. Now about that ugly issue of the user downloading NetFlix! How do we tell the carrier not to exceed a certain about of traffic inbound to our router?  The following configuration is an example of “Policing” an inbound interface to throw away any traffic that exceeds the CIR rate we set up.   This configuration increases the likely hood that QOS will be effective outbond, by making sure the inbound bandwidth is not over subscribed by a user downloading over your voice traffic! access-list 199 permit ip any any dscp default class-map match-all test match access-group 199 policy-map testPolice class test set ip dscp default police cir 1000000 conform-action transmit exceed-action drop QOS is an essential part of any VoIP deployment.   ShoreTel Deployments  can benefit measurably by getting creative with your Configurations and thinking outside the simplicity of DSCP!    NOTE – you need to dig deep on circuits provided by carriers that are peering with another carrier to deliver a complete circuit solution.   We have experienced situations in which the carrier taking the order adhered to our QOS markings and acted according to plan.  However, when that carrier hands the packet off to another carrier for final delivery, you need to make sure that they are in fact, honoring the same QOS markings.    In one situation, though our carrier was handling DSCP as agreed, the carrier that they handed off the packet to for final delivery, did not use DSCP on the MPLS circuit in question.  Some carriers, by inter-carrier agreement, use the Experimental Bits to deal with QOS.  Be Careful as the techs you are working with may not even know this, swearing all the time that QOS is setup per DSCP value! Give us a call if you want assistance on QOS setup for Voice and Video!