• February 19, 2018, 03:16:48 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: ERS5510 IST / DMLT  (Read 934 times)

0 Members and 1 Guest are viewing this topic.

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
ERS5510 IST / DMLT
« on: January 07, 2017, 04:42:59 PM »
Hi All
Hope someone can assist on these quetions ( and I ask lots )

So here is what we have
site 1
 about 30 5510 & 2 5520 split accross 3 closets with Fibre interconnects as MLT,
2 leased lines smoothwall and sonicwall

we use VOIP ( mostly softphone with 6 physical phones and 8 ATA units,
the voip works well from this site

Here is the bad bit ( some vlans for things like dmz / internet / wifi hotspot ) but pretty much a flat network
no data segregation for voice / wifi / management. but dispite this it hold up well.

site 2
 6 5510 + 2 5520
I have little control on this  site , but it is two stacks of 4, the two stack it would seem have been connected together with two fibres ( no ist or mlt etc )
they to have smothwall and sonicwall
they also use same voip softphone with no physical phones
again some vlans for dmz/internet / wifi

The VOIP is poor, dispite the network setups being more or less the same, To start with it seemed to be the wan latency at 350ms from India to UK, the findings were presented to isp and they took it onboard now the latency is about 130/140ms,
still poor quality. so Did a test with bog standard adsl router configured with wan address from ISp the connected to isp router, then connected a laptop on wifi to the router over wifi and then tried the call, call was ok. so it seems its LANside.

Firewalls are setup the same with the VOIP / persistant NAT and BWM set as per Voip provider guide.

on site two the two stack as stack 1 for servers  and stack 2 is for clients.

would not having the two stack not using IST/MLT/DMLT cause problems ? I would think that as its just two connections it will be one blocking and one forwarding ? which would be best way to connect together to give high throughput ?

I have aslo seen the auto QOS option, is this a global option or per port ?
the voip provider asked us to change an option on the firwall for qos on the connection to persistant 46 (EF)

currently no QOS on any switch / site

all the voip traffic leaves site on 100mb LL and all other trraffic via other 100MB LL

As it is the VOIP on site 2 is very unstable, not sure what is causing the issue as it does not happen on site 1


We are looking to at upgrading the network to newer kit not sure which vendor yet, but it will be built in lab first tested and then deployed,

But the priority is getting stable voice comms to site two while the decission made on new vendor for network hardware is made as it will be expensive 25k as there is 4 sites intotal.

It looks like the issue is LANside - any help advice greatly recieved - sorry if there is too much blah blah blah
 RH


Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: ERS5510 IST / DMLT
« Reply #1 on: January 11, 2017, 05:16:36 PM »
Set QOS trusted on all uplink/downlink ports and any port that has a phone attached.
This is assuming you have not configured ADAC.
The links to the firewalls must have this enabled as well as the firewalls must honor the QOS marking.
While the traffic exiting the firewall won't be able to mark QOS across the Internet, having priority as far as possible will order the frames better for VOIP.

Here is the documentation from our internal cheat-sheet.

For a 5500/4500 series:
 
Again from "configure terminal"
 
The following command creates the group:
5520-48T-PWR(config)#qos if-group name VoWLAN class trusted   
 
No need to first remove them from their current assignment just move them to the newly created group:
**  int faste 1/1-30 (or whichever ports trust DSCP is needed)
Note:  If ADAC is enabled, the Uplinks will already be in a trusted group.  Do NOT make this change on any ports except the AP ports if ADAC is enabled on the switch.

Actual running example on a stack of three 5698's:

qos if-group name VoWLAN class trusted

qos if-assign port 1/25,1/27,1/29,1/31,1/33,1/35,1/37,1/39,1/41,1/45,1/48,1/64,
1/90-91,1/94,1/96-98,2/25,2/27,2/29,2/31,2/33,2/35,2/37,2/39,2/41,2/76,2/95-96,
3/90-91 name VoWLAN

Hope this helps!

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: ERS5510 IST / DMLT
« Reply #2 on: January 12, 2017, 01:30:46 AM »
Hi thank-you very much for your response, It does help, the ADAC is not "ON" on these switches & as 90% of users are using a softphone would it cause problems to apply your response to all ports in any VLAN ?

On a side note the comm's to the second site is now stable ( for now ), It was a discovered while looking at another issue with clients connecting via the VPN were having issues, someone/no one / anyone had enabled flood protection on the FW :D

So I guess now its just tweaking to improve it better,

would you know if you do a port mirror is the monitoring port put into promiscuous mode ?

Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: ERS5510 IST / DMLT
« Reply #3 on: January 14, 2017, 11:37:59 AM »
Network switches do not have a promiscuous mode - that is relegated to the old Ethernet half-duplex world.
The best you can hope for is a full open capture of traffic and watch the Ethernet ports statistics for the promiscuous-mode equivalent data.

Softphones work best with QOS.  Microsoft's OS has QOS options, you will be able to enable QOS on the user ports and it will work, assuming you have QOS on all the uplink ports as well.

You need to have the switch accept the QOS markings from the user's device and pass them all the way to the target or VOIP gateway for VOIP quality to be effective.

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: ERS5510 IST / DMLT
« Reply #4 on: January 20, 2017, 05:27:28 AM »
Hi Tankll
    many thanks for your time in replying to my posts, I plan to implement your suggestion for the QOS on the stacks / ports.

If you could just clarify a couple of thinks for me ?

So I create the group - qos if-group name VoWLAN class trusted 
Then I need to assign the ports
qos if-assign port 1/1 etc

If I assign all ports 1/1-48 2/1-48 
So all ports regardless of their VLAN assignment this change is just telling them to trust the DSCP ?

will it mess up the Vlan's or MLT's that are in place or compromise them  ?
There are 7 vlan's
wan
wan2
DMZ
Dmz2
cluster link
csv
vlan 1

so stack 1 has all the vlans and servers / connectivity to the FW. Stack 2 ( conneted by MLT ) is client stack
or would it be better to apply it to WAN ports and the MLT and stack 2 ports ?

Thanks again



Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: ERS5510 IST / DMLT
« Reply #5 on: January 20, 2017, 06:50:01 AM »
Changing a port to accept any DSCP marker as I'm suggesting vs doing it at the VLAN level guarantees any and all marked traffic from any VLAN will be accepted.
It is up to you to put policies on for prioritizing the traffic by type afterwards.

What I would do is put all voice related servers/gateways into trusted ports (along with the uplinks and user ports) and leave the other servers in non-trusted ports.  Thus, the clients might be sending prioritized traffic to the various servers, but the voice traffic will always take priority on its way back to the clients.

Since you are using softphones on computers instead of wired phones, you have to manage the traffic a bit differently especially if not using policies.

Oh, and make sure you run a wireshark trace on a desktop to make sure DSCP 46 mark is actually seen on the wire.  Otherwise, only the voice hardware will benefit.  That will probably be an acceptable improvement, but you need to make sure the Microsoft stack is working properly too.

TankII