copyright: years: 2018 lastupdated: "2018-12-10"
Enabling differentiated services on Voice Gateway
Differentiated services is a quality of service network architecture that provides a way of classifying network traffic. You can use it to improve the latency and assure packet delivery of voice over IP traffic. This architecture uses a 6-bit value that is defined as the Differentiated Services Code Point (DSCP) to classify the packet. You can learn more about differentiated services in RFC 2474.
Note: This is only supported on systems that support the iptables
command, such as Ubuntu and Red Hat Enterprise Linux (RHEL)
Use the iptables
command to set the DSCP for outgoing traffic on the system where Voice Gateway is deployed.
Setting DSCP for outbound RTP traffic
On the system where Voice Gateway is deployed, use the iptables
command to set the DCSP, like in the following code example.
iptables -t mangle -A POSTROUTING -p udp -m udp \
--sport [first-port]:[last-port] \
-j DSCP --set-dscp-class [class]
If the port range set by the RTP_UDP_PORT_RANGE
environment variable in the Media Relay container is 16384-16484
, you can use the DSCP class, EF
for Expedited Forwarding,
for traffic outgoing from that port range. For more information about other DSCP classes, see RFC 7657 Differentiated Services and Real-Time Communication.
iptables -t mangle -A POSTROUTING -p udp -m udp \
--sport 16384:16484 \
-j DSCP --set-dscp-class EF
Disabling DSCP for outbound RTP traffic
You can remove a previously set iptables
command to stop using the DSCP with the following command example.
iptables -t mangle -D POSTROUTING -p udp -m udp \
--sport [first-port]:[last-port] \
-j DSCP --set-dscp-class [class]
For example, if the iptables
command was previously used on port range 16384-16484
, you can execute the following command to remove the DSCP.
iptables -t mangle -D POSTROUTING -p udp -m udp \
--sport 16384:16484 \
-j DSCP --set-dscp-class EF
Setting DSCP for SIP traffic
UDP SIP Traffic
You can set up DSCP for SIP traffic on the system where Voice Gateway is deployed by using the following code example as the template for the command.
iptables -t mangle -A POSTROUTING -p udp -m udp \
--sport [sip-port] \
-j DSCP --set-dscp-class [class]
The default value for the SIP port is 5060
. This value can be configured with the SIP_PORT
environment variable in the SIP Orchestrator container. For example, you can set the value to AF31
, which means
assured forwarding with low probability rate.
iptables -t mangle -A POSTROUTING -p udp -m udp \
--sport 5060 \
-j DSCP --set-dscp-class af31
See Assured Forwarding for more information.
Disabling DSCP for outbound SIP traffic
You can remove a previously set iptables
command to stop using the DSCP with the following command example.
iptables -t mangle -D POSTROUTING -p udp -m udp \
--sport [sip-port] \
-j DSCP --set-dscp-class [class]
For example, if the iptables
command was previously used on port 5060
, you can use the following command to remove the DSCP.
iptables -t mangle -D POSTROUTING -p udp -m udp \
--sport 5060 \
-j DSCP --set-dscp-class af31
Validating DSCP is enabled
After Voice Gateway is deployed, you can use a command line network capture tool, such as a tcpdump
, to validate the outgoing network traffic is set with the correct DSCP code. Run this tool from the system where {{site.data.keyword.vgw_short}
is deployed, or where the SIP client is running.
The DSCP code is set in the IPv4 packet header. Filter on packets that contain a specified DSCP value by using the following command.
tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == [hex-value of dscp code])'
The DSCP value is extracted from the second byte of the IPv4 packet header, (ip[1] & 0xfc >> 2)
, then matched against the hex representation of the DSCP class code to filter packets.
Validating RTP traffic
For RTP traffic, if you use the Expedited Forwarding code, you can use the equivalent hex value is 0x2e
to validate outgoing RTP traffic with the following command.
tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == 0x2e) && udp src portrange 16384-16584'
When you place a call against your deployed instance of {{site.data.keyword.vgw_short}}, any output from the command confirms that differentiated services was enabled for RTP traffic. For example:
root@example-machine.com:~# tcpdump -i any '(ip and (ip[1] & 0xfc) >> 2 == 0x2e) && udp src portrange 16384-16485' -v
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:44:25.354736 IP (tos 0xb8, ttl 63, id 32711, offset 0, flags [DF], proto UDP (17), length 200)
example-machine.com.16384 > 192.0.2.2.font-service: UDP, length 172
12:44:25.375664 IP (tos 0xb8, ttl 63, id 32713, offset 0, flags [DF], proto UDP (17), length 200)
example-machine.com..16384 > 192.0.2.2.font-service: UDP, length 172
Validating SIP traffic
For SIP traffic, if you use the Assured Forwarding code, AF31, you can use the equivalent hex value is 0x1A
to validate outgoing RTP traffic with the following command. For more information on other DSCP classes,
see RFC 7657 Differentiated Services and Real-Time Communication.
tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == 0x1a) && udp src port 5060'
When you place a call to your deployed instance of Voice Gateway, any output from the command confirms that differentiated services are enabled for SIP traffic. The following example shows a possible output that indicates differentiated services are enabled.
root@example-machine.com:~# tcpdump -i any -v '((ip[1] & 0xfc) >> 2 == 0x1a) && udp src portrange 5060'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:13:30.215156 IP (tos 0x68, ttl 63, id 51070, offset 0, flags [DF], proto UDP (17), length 273)
example-machine.com.sip > 192.0.2.2.5062: SIP, length: 245
SIP/2.0 100 Trying
Call-ID: wDkCdVtAhn
CSeq: 20 INVITE
From: sip:caller@192.168.1.140;tag=MG-20x6D-
To: sip:watson@192.0.2.5
Via: SIP/2.0/UDP 192.0.2.2:5062;branch=z9hG4bK.54dNpppo2;rport=5062;received=192.0.2.2
Content-Length: 0
13:13:30.222255 IP (tos 0x68, ttl 63, id 51071, offset 0, flags [DF], proto UDP (17), length 353)
example-machine.com.sip > 192.0.2.2.5062: SIP, length: 325
SIP/2.0 180 Ringing
Call-ID: wDkCdVtAhn
CSeq: 20 INVITE
From: sip:caller@192.168.1.140;tag=MG-20x6D-
To: sip:watson@192.0.2.5;tag=10502615469882548_wlp_17_15
Via: SIP/2.0/UDP 192.0.2.2:5062;branch=z9hG4bK.54dNpppo2;rport=5062;received=192.0.2.2
Contact: <sip:192.0.2.5:5060;transport=udp>
Content-Length: 0
13:13:30.477081 IP (tos 0x68, ttl 63, id 51128, offset 0, flags [DF], proto UDP (17), length 607)
example-machine.com.sip > 192.0.2.2.5062: SIP, length: 579
SIP/2.0 200 OK
Call-ID: wDkCdVtAhn
CSeq: 20 INVITE
From: sip:caller@192.168.1.140;tag=MG-20x6D-
To: sip:watson@192.0.2.5;tag=10502615469882548_wlp_17_15
Via: SIP/2.0/UDP 192.0.2.2:5062;branch=z9hG4bK.54dNpppo2;rport=5062;received=192.0.2.2
Content-Type: application/sdp
Content-Length: 226
Contact: <sip:192.0.2.5:5060;transport=udp>
v=0
o=watson 1543256010474 1543256010474 IN IP4 192.0.2.5
s=Talk
c=IN IP4 192.0.2.5
t=0 0
m=audio 16384 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
a=sendrecv
Differentiated services code points
There are three fundamental forwarding behavior, Default Forwarding, Assured Forwarding, and Expedited Forwarding. The following links display the differentiated services code points for each behavior. See RFC 7657 for more information.
- Default Forwarding: Default fowarding value, which is an all-zero DSCP.
- Section 6: Assured Forwarding: For example, for
AF31
, the code point value is011010
. In hexadecimal form, the value is0x1A
. - Section 2.7: Expedited Forwarding. For expedited forwarding, you can use the code point
101110
, which in hexadecimal form is0x2E
.