GitHubContribute in GitHub: Edit online

copyright: years: 2018 lastupdated: "2018-12-10"

Enabling differentiated services on Voice Gateway

Differentiated services is a quality of service network architecture that provides a way of classifying network traffic. You can use it to improve the latency and assure packet delivery of voice over IP traffic. This architecture uses a 6-bit value that is defined as the Differentiated Services Code Point (DSCP) to classify the packet. You can learn more about differentiated services in RFC 2474.

Note: This is only supported on systems that support the iptables command, such as Ubuntu and Red Hat Enterprise Linux (RHEL)

Use the iptables command to set the DSCP for outgoing traffic on the system where Voice Gateway is deployed.

Setting DSCP for outbound RTP traffic

On the system where Voice Gateway is deployed, use the iptables command to set the DCSP, like in the following code example.

iptables -t mangle -A POSTROUTING -p udp -m udp \
  --sport [first-port]:[last-port] \
  -j DSCP --set-dscp-class [class]

If the port range set by the RTP_UDP_PORT_RANGE environment variable in the Media Relay container is 16384-16484, you can use the DSCP class, EF for Expedited Forwarding, for traffic outgoing from that port range. For more information about other DSCP classes, see RFC 7657 Differentiated Services and Real-Time Communication.

iptables -t mangle -A POSTROUTING -p udp -m udp \
  --sport 16384:16484 \
  -j DSCP --set-dscp-class EF

Disabling DSCP for outbound RTP traffic

You can remove a previously set iptables command to stop using the DSCP with the following command example.

iptables -t mangle -D POSTROUTING -p udp -m udp \
  --sport [first-port]:[last-port] \
  -j DSCP --set-dscp-class [class]

For example, if the iptables command was previously used on port range 16384-16484, you can execute the following command to remove the DSCP.

iptables -t mangle -D POSTROUTING -p udp -m udp \
  --sport 16384:16484 \
  -j DSCP --set-dscp-class EF

Setting DSCP for SIP traffic

UDP SIP Traffic

You can set up DSCP for SIP traffic on the system where Voice Gateway is deployed by using the following code example as the template for the command.

iptables -t mangle -A POSTROUTING -p udp -m udp \
  --sport [sip-port] \
  -j DSCP --set-dscp-class [class]

The default value for the SIP port is 5060. This value can be configured with the SIP_PORT environment variable in the SIP Orchestrator container. For example, you can set the value to AF31, which means assured forwarding with low probability rate.

iptables -t mangle -A POSTROUTING -p udp -m udp \
  --sport 5060 \
  -j DSCP --set-dscp-class af31

See Assured Forwarding for more information.

Disabling DSCP for outbound SIP traffic

You can remove a previously set iptables command to stop using the DSCP with the following command example.

iptables -t mangle -D POSTROUTING -p udp -m udp \
  --sport [sip-port] \
  -j DSCP --set-dscp-class [class]

For example, if the iptables command was previously used on port 5060, you can use the following command to remove the DSCP.

iptables -t mangle -D POSTROUTING -p udp -m udp \
  --sport 5060 \
  -j DSCP --set-dscp-class af31

Validating DSCP is enabled

After Voice Gateway is deployed, you can use a command line network capture tool, such as a tcpdump, to validate the outgoing network traffic is set with the correct DSCP code. Run this tool from the system where {{site.data.keyword.vgw_short} is deployed, or where the SIP client is running.

The DSCP code is set in the IPv4 packet header. Filter on packets that contain a specified DSCP value by using the following command.

tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == [hex-value of dscp code])'

The DSCP value is extracted from the second byte of the IPv4 packet header, (ip[1] & 0xfc >> 2), then matched against the hex representation of the DSCP class code to filter packets.

Validating RTP traffic

For RTP traffic, if you use the Expedited Forwarding code, you can use the equivalent hex value is 0x2e to validate outgoing RTP traffic with the following command.

tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == 0x2e) && udp src portrange 16384-16584'

When you place a call against your deployed instance of {{site.data.keyword.vgw_short}}, any output from the command confirms that differentiated services was enabled for RTP traffic. For example:

root@example-machine.com:~# tcpdump -i any '(ip and (ip[1] & 0xfc) >> 2 == 0x2e) && udp src portrange 16384-16485' -v
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:44:25.354736 IP (tos 0xb8, ttl 63, id 32711, offset 0, flags [DF], proto UDP (17), length 200)
    example-machine.com.16384 > 192.0.2.2.font-service: UDP, length 172
12:44:25.375664 IP (tos 0xb8, ttl 63, id 32713, offset 0, flags [DF], proto UDP (17), length 200)
    example-machine.com..16384 > 192.0.2.2.font-service: UDP, length 172

Validating SIP traffic

For SIP traffic, if you use the Assured Forwarding code, AF31, you can use the equivalent hex value is 0x1A to validate outgoing RTP traffic with the following command. For more information on other DSCP classes, see RFC 7657 Differentiated Services and Real-Time Communication.

tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == 0x1a) && udp src port 5060'

When you place a call to your deployed instance of Voice Gateway, any output from the command confirms that differentiated services are enabled for SIP traffic. The following example shows a possible output that indicates differentiated services are enabled.

root@example-machine.com:~# tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == 0x1a) && udp src portrange 5060'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:13:30.215156 IP (tos 0x68, ttl 63, id 51070, offset 0, flags [DF], proto UDP (17), length 273)
    example-machine.com.sip > 192.0.2.2.5062: SIP, length: 245
	SIP/2.0 100 Trying
	Call-ID: wDkCdVtAhn
	CSeq: 20 INVITE
	From: sip:caller@192.168.1.140;tag=MG-20x6D-
	To: sip:watson@192.0.2.5
	Via: SIP/2.0/UDP 192.0.2.2:5062;branch=z9hG4bK.54dNpppo2;rport=5062;received=192.0.2.2
	Content-Length: 0

13:13:30.222255 IP (tos 0x68, ttl 63, id 51071, offset 0, flags [DF], proto UDP (17), length 353)
    example-machine.com.sip > 192.0.2.2.5062: SIP, length: 325
	SIP/2.0 180 Ringing
	Call-ID: wDkCdVtAhn
	CSeq: 20 INVITE
	From: sip:caller@192.168.1.140;tag=MG-20x6D-
	To: sip:watson@192.0.2.5;tag=10502615469882548_wlp_17_15
	Via: SIP/2.0/UDP 192.0.2.2:5062;branch=z9hG4bK.54dNpppo2;rport=5062;received=192.0.2.2
	Contact: <sip:192.0.2.5:5060;transport=udp>
	Content-Length: 0

13:13:30.477081 IP (tos 0x68, ttl 63, id 51128, offset 0, flags [DF], proto UDP (17), length 607)
    example-machine.com.sip > 192.0.2.2.5062: SIP, length: 579
	SIP/2.0 200 OK
	Call-ID: wDkCdVtAhn
	CSeq: 20 INVITE
	From: sip:caller@192.168.1.140;tag=MG-20x6D-
	To: sip:watson@192.0.2.5;tag=10502615469882548_wlp_17_15
	Via: SIP/2.0/UDP 192.0.2.2:5062;branch=z9hG4bK.54dNpppo2;rport=5062;received=192.0.2.2
	Content-Type: application/sdp
	Content-Length: 226
	Contact: <sip:192.0.2.5:5060;transport=udp>

	v=0
	o=watson 1543256010474 1543256010474 IN IP4 192.0.2.5
	s=Talk
	c=IN IP4 192.0.2.5
	t=0 0
	m=audio 16384 RTP/AVP 0 101
	a=rtpmap:0 PCMU/8000
	a=rtpmap:101 telephone-event/8000
	a=fmtp:101 0-15
	a=ptime:20
	a=sendrecv

Differentiated services code points

There are three fundamental forwarding behavior, Default Forwarding, Assured Forwarding, and Expedited Forwarding. The following links display the differentiated services code points for each behavior. See RFC 7657 for more information.

  1. Default Forwarding: Default fowarding value, which is an all-zero DSCP.
  2. Section 6: Assured Forwarding: For example, for AF31, the code point value is 011010. In hexadecimal form, the value is 0x1A.
  3. Section 2.7: Expedited Forwarding. For expedited forwarding, you can use the code point 101110, which in hexadecimal form is 0x2E.