Reply
Emerging Member
Posts: 42
Registered: ‎12-17-2015

Differente COS on WAN

Hi,

 

It's possible to send packet with TAG COS (0-7) on wan ?

 

If the Edgerouter Match a ACL or Traffic policy he tag COS 0 or 5 ?

 

My Isp necassary this TAG COS to priorize the Voip packet one VLAN PPPoE and it's necesarry to send COS 5 when is the VOIP packet

 

I test to use Match to traffic-policy but don't work Man Sad 

 

this is my config edgerouter :

 

firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name LAN_IN {
default-action accept
description VOICE
rule 10 {
action drop
description "Block VOIP LAN DATA"
destination {
address 10.10.0.0/24
}
log disable
protocol all
}
}
name LAN_IN_VOICE {
default-action accept
description "VLAN VOICE"
rule 1 {
action accept
description "VOIP Allow"
destination {
address 10.10.0.0/24
}
log disable
protocol all
source {
group {
}
}
state {
established enable
invalid enable
new enable
related enable
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
duplex auto
speed auto
traffic-policy {
out upstream
}
vif 2900 {
description CEE_SFR
egress-qos "0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7"
pppoe 0 {
default-route auto
mtu 1492
name-server auto
password ****************
user-id xxxxxxx
}
}
}
ethernet eth1 {
address 192.168.1.1/24
description "Subnet DATA"
duplex auto
firewall {
in {
name LAN_IN
}
}
speed auto
vif 2 {
address 192.168.2.1/24
description "Subnet VOICE"
firewall {
in {
name LAN_IN_VOICE
}
}
}
}
ethernet eth2 {
address 192.168.20.1/24
description "Local 2"
disable
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
tftp-server-name xxxxxxxxxxxx
unifi-controller 192.168.1.40
}
}
shared-network-name Subnet_VOICE {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.10 {
stop 192.168.2.250
}
tftp-server-name xxxxxxxxxx
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on eth1.2
name-server 8.8.8.8
name-server 8.8.4.4
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
connection wss://wwwww.xxxxxxxx.zzzzz:443+LtQwHo+allowUntrustedCertificate
}
}
system {
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipv4 {
forwarding enable
gre enable
pppoe enable
vlan enable
}
}
static-host-mapping {
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Paris
traffic-analysis {
custom-category Block_Youtube {
name Youtube
}
dpi enable
export enable
}
}
traffic-policy {
shaper upstream {
bandwidth 4mbit
class 10 {
bandwidth 30%
burst 15k
ceiling 100%
description rtp
match voip-rtp {
ip {
dscp 46
}
}
queue-type fair-queue
}
class 20 {
bandwidth 5%
burst 15k
ceiling 100%
description sip
match voip-sip {
ip {
dscp 26
}
}
queue-type fair-queue
}
default {
bandwidth 65%
burst 15k
ceiling 100%
queue-type fair-queue
}
description Upload-policy
}
}

 

This is the visio file to explain ma situation :

 

2018-10-04_15-04-05.png

 

Thank's for your Help

Excuse my bad english

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

I see you're already using the egress-cos command.

However,  vlan3001 (or 2900??)  only sees pppoe encapsulated packets, so it probably won't translate DSCP to COS values

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

[ Edited ]

the correct vlan is 3001 (the vlan 2900 is for my lab Man Happy )

 

 

is it possible to do it another way ?

 

Because i do not understand how to tell the router to put the packet in the queue (in RED color) and tag to appropriate COS for DATA packet (in BLUE color) and VOIP packet (in GRENN Color) 0:2 1:2 2:2 3:2 4:2 5:5 6:2 7:

 

all i can sais is that with tha configuration i post abose all the packets hoes through the queue 0

 

Confused5

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

Recently, there was a similar thread

My conclusion was: The CoS tagging probably doesn't work on pppoe encapsulated packets.  Note pppoe has different ethertype then  normal Ipv4.

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

My config is OK and work fine 

but the router tag all packet with cos 0 

 

how to indicate in router config paquet send to queued 0,1,2,3,4,5,6,7 ? (The queue used to tag Cos on command egress-xxxx)

 

is necessary i send you tcpdump on my wan port (eth0) to view thé configuration work Man Happy

Senior Member
Posts: 5,692
Registered: ‎01-04-2017
Kudos: 795
Solutions: 288

Re: Differente COS on WAN

try setting the egress-qos on the lan vlan's.

voip vlan would be 0:2 1:2 2:2 3:2 etc etc
Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

My "doesn't work" is about the CoS tags not showing up on WAN port. 

 

I doubt setting CoS value on internal VLANs will help.  At least it might show CoS command works on interfaces having normal IP packets (not pppoe encapsulated) on them.

Senior Member
Posts: 5,692
Registered: ‎01-04-2017
Kudos: 795
Solutions: 288

Re: Differente COS on WAN


@16again wrote:

My "doesn't work" is about the CoS tags not showing up on WAN port. 

 

I doubt setting CoS value on internal VLANs will help.  At least it might show CoS command works on interfaces having normal IP packets (not pppoe encapsulated) on them.


Do you think they'll be stripped?  Or just not the correct direction?

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

Setting CoS on LAN is in wrong direction.

CoS is a layer 2 thingy, it won't pass routers.  So even if the phone sends it with proper CoS (requires tagging!), it'll be stripped on next router hop

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

The configuration is OK for me with egress-cos but don't tag packet VOIP (A92.168.2.0/24 on COS 5 and all other packet to COS 2

 

egress-cos "0:2 1:2 2:2 3:2 4:2 5:5 6:2 7:2"

 

 

I re-send the pictures to explain my problem : 2018-10-05_11-29-14.png

 

 

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

here the config on a router oneacces I would do the equivalent on edgerouter : 

 

ip access-list extended VLAN_VOIX
 permit ip 192.168.2.0 0.0.0.255 10.10.0.0 255.255.255.255 log
 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 log
exit
ip access-list extended VLAN_DATA
 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 log
 permit ip 192.168.1.0 0.0.0.255 0.0.0.0 255.255.255.255 log
exit
class-map DATA
 match access-group VLAN_DATA
exit
class-map VOIX
 match access-group VLAN_VOIX
exit
policy-map COS
 class DATA
  set cos 2
 exit
 class VOIX
  set cos 5
 exit
exit
interface dialer 1
 encapsulation ppp
 dialer pool 1
 ip mtu 1492
 ip nat inside overload
 service-policy output COS
exit
Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

Nothing To Help Me ? 

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

@UBNT-afomins

Is CoS setting not working on PPPoE  a known issue?

 

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

yet with my config PPPoe + vlan 2900 on the WAN interface and the command line egress-cos it works but it tag tt the packets with the same COS I would say that it tag the package VOIP in COS 5

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

Can you do a tcpdump of a couple of pppoe packets?  

As there is a vlan tag, there always is a CoS value.  but I guess it's always set to default=0 as the dscp to Cos mapping can't figure out pppoe packets

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

Yes I have a TCPDUMP : 

 

10.10.11.201 = IP WAN ETH0 EDGEROUTER With PPPoE

 

2018-10-09_18-34-48.png

 

Now It's necessary to tag COS 5 on paquet VOIP or destination IP 10.10.0.17-18 (Sip Proxy) But I don't know how to configure that

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

(Weird to see no public IP on outgoing packet)

 

Packet has correct CoS value=2.  Can you expand on a packet that has internal DSCP value=5 showing both DSCP and CoS?

Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

[ Edited ]

here the diagram of network on ISP in France to explain why not have a Public IP on Router (The public IP is on Firewall on ISP "Cloud service firewall" and Voip is directly on Network of ISP Not necessary to have a public IP for access to SBC (Session border Controller) : 

 

2018-10-09_23-15-15.png

 

And it's the packet to receive on LAN (ETH1.2) the phone -> router   : 

 

2018-10-09_23-07-18.png

Veteran Member
Posts: 7,239
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Differente COS on WAN

That screenshot if for a  packet on LAN

It has cos=5 , but dscp isn't shown.   It's dscp that is/should be used on creating new outgoing CoS value, not incoming CoS.

On screenshot from post 16, expand "internet protocol version 4" to find dscp.  (or post pcap file)

 

 

Highlighted
Emerging Member
Posts: 42
Registered: ‎12-17-2015

Re: Differente COS on WAN

@16again here is the information ask

 

Capture on LAN interface eth1 (PHONE -> EDGEROUTER) :

 

SIP SIG : 

2018-10-11_18-43-13.png

 

SIP RTP :

 

2018-10-11_18-43-22.png

 

 

Capture on WAN interface eth0 (EDGEROUTER -> INTERNET) :

 

SIP SIG : 

 

2018-10-11_18-47-13.png

 

SIP RTP : 

 

2018-10-11_18-47-23.png

 

 

Thank's for your help Man Happy

Reply