[asterisk-biz] New IP PBX lifting the bar

Kristian Kielhofner kristian.kielhofner at gmail.com
Fri Oct 26 13:06:03 CDT 2007 

On 10/26/07, JR Richardson <jmr.richardson at gmail.com> wrote:
> > This new bread of gear seems to be PBX, Firewall, Router, POE switch etc
> > rolled into one unit.
> >
> > Has anyone else seen new commercial new gear that has equally impressive
> > feature sets?
> >
>
> I believe someone came up with a combo Asterisk PBX with Router/VPN/Firewall
> image a couple of years ago.  Don't ask me to point it out, it's lost in the
> ether I think.  I didn't hear any specifics about commercial installs and
> how well the system performed in real world.

  That may have been me...  Was it AstLinux?

> My biggest concern is resource contention on the platform, what happens when
> the router/vpn/firewall has 8 vpn connections, natting 60 sessions and
> applying QOS to the outbound RTP stream for 10 calls whilst the PBX is
> recording calls, playing a couple of auto attendant loops and hosting a 6
> person conference bridge?
>
> JR
> ---
> JR Richardson
> Engineering for the Masses
>

JR,

  Normally, this isn't much of a problem.  Regardless of VPN setup,
NAT table entries, QoS, etc almost all of the functions of a router
are usually bound by I/O (upstream bandwidth, downstream bandwidth,
etc).  It doesn't matter if you have eight VPN tunnels.  As long as
it's sitting on that T1 (or some other low speed WAN connectivity)
you'll never have to encrypt/decrypt more than 1.5Mbps in either
direction.

  Cisco survived on that model for a long, long time.  Look at the
difference between the 2600 and the 2800.  The 2600 (maybe not the
XMs) were pathetic.  A 2621 couldn't NAT any faster than 20Mbps.  VPN?
 Forget about it.  EVERYTHING was done in software.

  The XMs improved on that a bit but the 2800s take it to the next
level.  Wire speed on all ports.  Still software forwarding but enough
CPU power to get the traffic there with services in some cases.  Add
hardware VPN acceleration and you've got a nice box.

  As always competition is a good thing...  AstLinux now supports
crypto acceleration with VIA padlock.  Geode AES128 acceleration
(Geode LX based boxes) is coming soon.  Those VIAs can basically do
IPSEC with no speed/performance penalty.  And because it's implemented
in the kernel and openssl, it applies to almost any app on the system
that needs it - mini_httpd, openssh, openssl, KAME-like IPSEC, etc.
It's AWESOME!

  The issues you describe can be a problem on any Asterisk system
(especially call recording).  Optimize your dialplan, cut down on
modules, do as little transcoding as possible, etc.  Most of these
tweaks are a good thing to do whether your on a Core 2 Duo or a 233Mhz
Geode.

-- 
Kristian Kielhofner

More information about the asterisk-biz mailing list