Speed up VoIP over VPNs

Speed up VoIP over VPNs
Tom Lancaster

More and more companies are finding that connecting remote offices with VPNs across the Internet is a very cost-effective solution compared to point-to-point data circuits. But they're also finding it puts a major kink in their VoIP plans. One of those challenges is the delay caused by encrypting the VPN tunnel. Unfortunately, with common security protocols such as IPSec using DES or 3DES, the level of security varies proportionally with the delay. That is, the longer your key-length, the longer it takes to encrypt and decrypt.

One possible solution to this problem is to simply not encrypt your voice traffic. Offhand, you might think sending unencrypted voice traffic over the Internet is very insecure, but it's arguably much more secure than traditional, unencrypted telephony, since it takes some fairly sophisticated and expensive equipment to intercept, capture and decode VoIP, but telephone tapping equipment is very cheap and requires little skill.

For a more appropriate solution, remember that VPNs don't actually have to use encryption. For instance, if you're using Cisco routers to connect to the Internet at each office, you could create a second tunnel and configure it with IPSec with just the Authentication Header (AH) such as MD5 or SHA, but without ESP. Then use access-lists to specify that only VoIP uses the 2nd tunnel, while all other data traffic uses the primary, encrypted tunnel.

    Requires Free Membership to View

This would allow you to maintain connectivity between your branches using private IP addresses and also allow you to retain the benefits of authentication without the expense of encrypting each packet.

As always, there are a few caveats:

First, dual paths create the possibility of routing loops. Any modern routing protocol should prevent that, but you may want to manually configure routing across the tunnels anyways.

Second, make sure you implement some prioritization scheme to prevent the main data tunnel from degrading the voice tunnel.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

Did you like this tip? Why not let us know? Send an email and sound off.

Related Book

Voice Over Packet Networks
Author : David Wright
Publisher : John Wiley & Sons
Published : Aug 2000

This was first published in May 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.