Storm D. J. Petersen wrote:
Any network device (ie: switch, router, firewall) will add a small amount of
latency. To test the latency your firewall adds, you could simply try to do
a ping www.google.com, directly in front and behind the firewall, and look
at the ms response times.
Cheers,
S.
S.
This is true! However, pinging www.google.com is really not very good
from a testing perspective. They use Akamai, and they employ all kinds
of tricks to speed up response time and increase availability.
dig www.google.com:
;; ANSWER SECTION:
www.google.com. 900 IN CNAME www.l.google.com.
www.l.google.com. 202 IN A 64.233.161.99
www.l.google.com. 202 IN A 64.233.161.104
www.l.google.com. 202 IN A 64.233.161.147
So here Google has three possible IP's (they are on the same network,
but still)...
Find the IP address of a solid reliable server or router at an ISP near
you. Always ping by IP when testing!
Back to the original point, a firewall will add latency. However, it
depends a lot on the firewall software, underlying hardware, and
configuration. Most hardware these days is more than sufficient for
decent firewall software, and most firewall software is decent.
iptables, pf, ipf are all excellent open source solutions. As far as
proprietary software/hardware, I haven't found one that I have liked so far!
The ordering of rules is the most important. For stateful firewalls,
allow connections that match an existing state as one of your first
rules. That way, incoming connections only have to traverse the entire
firewall rule set on the first packet, and not for each subsequent
packet. That will speed things up significantly.
Also, order your rules so that the most latency sensitive and often
requested services are first. So, in your case, put
IAX2/SIP/H323/whatever traffic right after the "stateful accept" rule
from above.
Of course, if you are talking about using a dumb Linksys/etc router,
you probably don't have much choice. Just hope that they configured
"the guts" properly!
--
Kristian Kielhofner
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
