[asterisk-biz] New IP PBX lifting the bar

JR Richardson jmr.richardson at gmail.com
Sat Oct 27 10:57:02 CDT 2007 

> > My biggest concern is resource contention on the platform, what happens
> when
> > the router/vpn/firewall has 8 vpn connections, natting 60 sessions and
> > applying QOS to the outbound RTP stream for 10 calls whilst the PBX is
> > recording calls, playing a couple of auto attendant loops and hosting a
> 6
> > person conference bridge?
> >
> > JR
> > ---
> > JR Richardson
> > Engineering for the Masses
> >
> 
> JR,
> 
>   Normally, this isn't much of a problem.  Regardless of VPN setup,
> NAT table entries, QoS, etc almost all of the functions of a router
> are usually bound by I/O (upstream bandwidth, downstream bandwidth,
> etc).  It doesn't matter if you have eight VPN tunnels.  As long as
> it's sitting on that T1 (or some other low speed WAN connectivity)
> you'll never have to encrypt/decrypt more than 1.5Mbps in either
> direction.
> 
>   Cisco survived on that model for a long, long time.  Look at the
> difference between the 2600 and the 2800.  The 2600 (maybe not the
> XMs) were pathetic.  A 2621 couldn't NAT any faster than 20Mbps.  VPN?
>  Forget about it.  EVERYTHING was done in software.
> 
>   The XMs improved on that a bit but the 2800s take it to the next
> level.  Wire speed on all ports.  Still software forwarding but enough
> CPU power to get the traffic there with services in some cases.  Add
> hardware VPN acceleration and you've got a nice box.
> 
>   As always competition is a good thing...  AstLinux now supports
> crypto acceleration with VIA padlock.  Geode AES128 acceleration
> (Geode LX based boxes) is coming soon.  Those VIAs can basically do
> IPSEC with no speed/performance penalty.  And because it's implemented
> in the kernel and openssl, it applies to almost any app on the system
> that needs it - mini_httpd, openssh, openssl, KAME-like IPSEC, etc.
> It's AWESOME!
> 
>   The issues you describe can be a problem on any Asterisk system
> (especially call recording).  Optimize your dialplan, cut down on
> modules, do as little transcoding as possible, etc.  Most of these
> tweaks are a good thing to do whether your on a Core 2 Duo or a 233Mhz
> Geode.
> 
> --
> Kristian Kielhofner

Obviously there are very intricate details of how to implement such a
unified device properly so resource contention is a non-issue.  I really
like the idea of using hardware accelerators.

I don't think the distro I was referring to earlier was AstLinux.  Your
moniker has been well known to me for some time and is not easily forgotten.
You have done some great work in this space, thank you for all your efforts.

So to the original post, use AstLinux with a VIA padlock system and be done
with it.

JR
---
JR Richardson
Engineering for the Masses

More information about the asterisk-biz mailing list