Hi,
I'm having a problem trying to set up policy based routing on an 1841 with Advanced IP Services 12.4(24)T3.
It's a no-NAT setup, and I've tried removing all the ACLs for test purposes, since firewalling is done on a separate box.
Two ADSL cards connect my 1841 to the Internet. The ISP shares out my ingress packets in proportion to the speed of each ADSL line. It all seems to work OK out of the box.
I'd just like to do some crude QoS for VOIP egress traffic. That is, when both ADSL lines are up, I'd like to force the VOIP egress traffic up one line, and force all other egress traffic up the other line. This should preserve VOIP call quality when I'm uploading files to the Internet. Also it would avoid the possibility of out-of-order VOIP packet delivery due to asymmetrical routing. The ISP already does QoS for VOIP on the downlink side, so protecting VOIP uplink traffic is the missing piece of the puzzle for me.
I was hoping this would work :-
access-list 110 permit ip host 81.187.151.42 any access-list 110 permit icmp host 81.187.151.42 any
route-map voip permit 10 match ip address 110 set interface dialer0
route-map voip permit 20 set interface dialer1
interface fa0/0 ip policy route-map voip
As far as I can tell, the egress traffic is indeed being forced up line
1 or line 2, depending on source IP within my network.However, whenever the route-map is applied to the Ethernet interface, my webserver 81.187.151.35 is unable to reply to incoming HTTP requests from the Internet. Tcpdump shows that the webserver receives the TCP SYN packets and responds to them, but the 1841 fails to route them to back to the Internet. For test purposes, there are no ACLs applied to the interfaces.
Am I missing something fundamental to making this work?
Or, is there an alternative way to provide QoS for VOIP? The egress traffic from the VOIP box is flagged at layer 3 with DIFFSRV IP TOS flags: 'EF' (expedited forwarding) for RTP audio frames, 'CS3' (Class 3 Assured Forwarding) for SIP signalling frames.
Grateful for any help!
Mildly sanitized config follows.
Thanks,
- Martin.
==========================================
version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out ! ! no aaa new-model dot11 syslog no ip source-route ! ip cef no ip bootp server ip name-server 8.8.8.8 ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ip tcp selective-ack ip tcp timestamp ! interface FastEthernet0/0 ip address 81.187.61.217 255.255.255.248 ipv6 address 2001:dead:beef:3::1/64 ipv6 enable no mop enabled ip policy route-map voip ! interface FastEthernet0/1 no ip address shutdown ! interface ATM0/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp load-interval 30 no atm ilmi-keepalive ! interface ATM0/0/0.1 point-to-point no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface ATM0/1/0 no ip address no ip redirects no ip unreachables no ip proxy-arp load-interval 30 no atm ilmi-keepalive ! interface ATM0/1/0.1 point-to-point no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 2 ! interface Dialer0 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp encapsulation ppp tx-ring-limit 3 tx-queue-limit 3 dialer pool 1 dialer-group 1 ipv6 address autoconfig ipv6 enable ppp authentication chap pap callin ppp chap hostname xxxx@a.1 ! interface Dialer1 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp encapsulation ppp tx-ring-limit 3 tx-queue-limit 3 dialer pool 2 dialer-group 1 ipv6 address autoconfig ipv6 enable ppp authentication chap pap callin ppp chap hostname xxxx@a.4 ! access-list 110 permit ip host 81.187.151.42 any access-list 110 permit icmp host 81.187.151.42 any
route-map voip permit 10 match ip address 110 set interface dialer0
route-map voip permit 20 set interface dialer1
interface fa0/0 ip policy route-map voip ! no ip forward-protocol nd ip forward-protocol spanning-tree ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 81.187.151.32 255.255.255.240 81.187.61.218 permanent
dialer-list 1 protocol ip permit dialer-list 1 protocol ipv6 permit no cdp run
ipv6 route 2001:dead:beef:1::/64 2001:dead:beef:3::2 ipv6 route 2001:dead:beef:2::/64 2001:dead:beef:3::2 ipv6 route ::/0 Dialer0 ipv6 route ::/0 Dialer1 ! control-plane ! scheduler allocate 20000 1000