Help with routing prioirity

  • Afternoon, I am pretty sure this can be fixed with priority traffic routing (or am I wrong?)

    I have the following home scenario;

    <internet>-  <netscreen>- <vonage>/ <lan>Hanging off the netscreen is my work phone (an avaya IP phone which my quality is perfect).  That phone links to my companies IP PBX and my home phone is Vonage over the same internet connection and the quality is good on some day’s horrible on others.  I can kill the quality by a simple FTP upload but the avaya phone stays perfect.

    Since the IP work phone works so well, there must be a way to take all the vonage phone traffic and make that above all other internet traffic right?  If so, any help on that is appreciated.</lan></vonage></netscreen></internet>

  • This post is deleted!

  • Keeping it simple,

    Set up a policy where the source is the IP of the Vonage Box (make sure you use /32 mask when you specify the host). Your policy does not have to be tied to a service, you can also use ANY. Also enble logging for that policy. Once you have the log you can analyze and see exactly what ports Vonage uses, then create custom services if you want. But one policy with the vonage router as the source will be enough.

  • If traffic shaping doesn’t appear to be working… see if your vonage traffic is actually hitting the policy. In the example above you would run “get log traffic policy 20” and you should see some log entries.

    If you don’t see log entries then the chances are that your vonage traffic is going through a different policy that does not have traffic shaping on.

    As you know the Netscreen processes policies from top to bottom so to make sure the vonage traffic isn’t advertently going through a different policy, you could move the vonage policy to the very top. “set policy move 20 before ?”

    I would also recommend making sure your software is current at either 5.3r7 or 5.2r3d for the Netscreen if things still aren’t working for you.

  • Sry, the diagram was more to show the juniper was first.  It actually looks like;

    <internet>- <juniper>The Juniper than has the trusted ports as Vonage in one port, linksys in the other, so the 2 are really in parallel.  Already put what you posted to the test, setup the graph, pushed the max to 2k (more of a proof of concept) and couldn’t even get dial tone).  I am keeping it at 150K right now, they (Vonage) has 3 settings on their end, 30/50/90 for quality, so I am going to keep it at 30, and play a bit more but at least I know the guarentee is there and that should do what I need.</juniper></internet>

  • There is also a KB article (KB7838) that covers this. The last part in reference to SIP and ROUTE mode seems to be old info… according to the Vonage article.

    BTW it looks like you have all your LAN traffic coming through the Vonage Linksys Router. Why not move your LAN traffic onto another trusted port of the Netscreen? There’s no reason to have your LAN traffic going through the Linksys Router. This wont impact your VOIP prioritization but it will probably give you a little better performance for all your other traffic…

  • Here’s a link to the ports that need to be opened for Vonage. It looks like everything for voice on Vonage is now in the range of udp 10000 to 20000. On the Netscreen you should only need to prioritize that policy from trust to untrust.

    It looks like Vonage used SIP at one point but no longer do so… so you can’t use the SIP ALG or the SIP service in your policy.

    Create a service that looks like this or add guaranteed bandwidth (150K) if this doesn’t work for you.

    set service “vonage” protocol udp src-port 0-65535 dst-port 10000-20000
    set policy id 20 from “Trust” to “Untrust”  “Any” “Any” “vonage” nat src permit traffic priority 0
    set policy id 20
    set log session-init

    Your logs should then tell you if your vonage traffic is hitting the rule…

  • ok, I knew that much as the 1st sentence stated "I am pretty sure this can be fixed with priority traffic routing ", the question was how.  The policy has to be tied to a service.  There is no “vonage” or “voip” service to simply make that association with which was why the question was written that way.

    So I guess I am trying to find out what custom service to make in order to create that policy.

    Thanks again

  • You can create a specific policy and in that policy you can guarantee traffic or assign it a priority.