Using VLANs and QoS to Improve VoIP Performance

When designing a network to support voice over IP (VoIP) services alongside traditional data services (e.g. from PCs, servers, and the like), it is important to ensure that voice and data traffic are segregated as much as is possible. This is accomplished using VLANs, which function as logically separate networks on single, shared hardware appliances (switches, routers, etc.); this has long been the industry-recommended practice and virtually all VoIP vendors and service providers recommend the use of a separate voice VLAN as it provides the most reliable and consistent call quality. The benefits of voice and data segregation are as follows:

  1. Improved Performance: A VLAN effectively operates like a separate layer 2 switch; it does not inherently involve nor require any routing/layer 3 capability. This improves performance firstly by preventing broadcast traffic that is common between PCs and servers from impacting connectivity on the phones (since all devices on a network subnet must necessarily receive broadcast traffic). Using a separate VLAN also commonly serves as a precursor to the implementation of Quality of Service (QoS) policies (by serving as a classification method for voice traffic). Note that when a relatively slow connection (such as an Internet connection) becomes saturated, a router/firewall will, by default simply send traffic to the Internet in the order in which it was received. This means that a device streaming music or downloading a file may take precedence over voice traffic simply by transmitting first. This is undesirable as voice traffic is latency sensitive (i.e. call quality will suffer), while file download traffic, even if legitimate, is not latency sensitive (i.e. a few extra seconds to download a file will usually not impact experience), and music/video streaming is generally not business-relevant. This problem is addressed by having the router/firewall classify and then actively decide to dedicate bandwidth to, and prioritize traffic from the voice network (i.e. the phones) to the Internet. Using VLANs is a common mechanism for this classification step. See the figure below for an illustration of this process. In the first diagram on the top, the user suffers from poor call quality as voice traffic is repeatedly interrupted by competing Internet-bound traffic. In the second diagram, the streaming audio and file download are queued and sent out after the VoIP traffic to ensure that acceptable call quality is maintained.

VLAN

  1. Improved Security: Because a VLAN operates like a separate switch, it ensures that any unusual behavior, such as that caused by a worm or virus, would not impact the quality of phone calls since the VLANs are logically separated from each other. Logical separation means that the switch will not allow traffic between the two networks. Note that while some devices (routers and layer 3 switches) can allow inter-VLAN communication, this is generally not recommended as such communication (i.e. between phones and PCs) is typically unnecessary.

Reference: Cisco_IT_Case_Study_IP_Telephony_Management