Hi everyone.
We've got a fairly large base of customers who use our Asterisk server for phone service in a
virtual PBX kind of way, where the server is security hardened and exposed to the internet for
them to connect to remotely with SIP and IAX. It's certainly not the sort of affair where
we're running it as a PBX just within the building. As a result, we see network traffic coming
through eth0 between 512 Kbps and about 3.0 Mbps, depending on the time of day.
We haven't so far been using a hardware firewall/router on our server network, but it's
becoming increasingly clear that we need to. We have enough experience to know that Asterisk
is pretty sensitive when it comes to network hardware in our situation - we've had to replace
one otherwise perfectly good 100 Mbps network switch because it simply wasn't able to keep up
with the amount of streaming audio we put through it, and it badly affected voice quality. We
have other traffic flowing through our server network too, including a significant amount of
e-mail and web traffic, although that's not quite as sensitive to the quality of our network
hardware.
If you've got these large requirements for Asterisk, I'd love to hear what you use for a
router, and whether that router has met your needs. It would also be nice to hear about what
kinds of routers to avoid that you may have tried in the past and found lacking.
I am working at a scale of about 10 Mbps and I am using customized pfSense setups. Essentially,
I am also using Asterisk as a session border controller as part of the router/firewall. I am
using a multi step procedure to keep unwanted traffic away from the application software, which
includes geo IP filtering and blocking based on Snort alarms. So far I haven't seen the
necessity to block anything based on Asterisk logs, but I'll plan to add that feature to
pfBlockeNG as a custom IPv4 (and IPv6) list.
It's too early for recommendations or public demo software, but I am planning to add my SBC to
pfSense 2.3 superseding the current Asterisk package. If necessary, pfSense allows for traffic
shaping and a couple of other neat feature, that are usually not part of small firewalls.
jg
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
