[asterisk-dev] Rate limiting traffic to address potential DoS
issues?
Kristian Kielhofner
kris at krisk.org
Wed Sep 27 07:42:58 MST 2006
Jared Smith wrote:
> On 9/26/06, *Steven* <critch at basesys.com <mailto:critch at basesys.com>> wrote:
>
> No, apache won't die. Apache will stop answering new requests till a
> child process is able to process the request.
>
>
> Steven makes an important point here -- Apache has some tunable
> parameters that allow you to set it's behavior, depending on your
> circumstances. In the case of Asterisk, we should have a couple of
> knobs we can tweak to control how Asterisk handles a high number of
> incoming connections, whether they're just a traffic spike or a DoS
> attack.
>
> I know that other VoIP vendors claim they can handle X number of invalid
> connections per second while still keeping all the legitimate calls
> working -- I'd obviously like to see Asterisk do the same (for
> reasonable values of X, of course). Unfortunately, in the limited load
> testing I've done with Asterisk (specifically in the SIP channel), when
> you start to send more than a few incoming calls per second, Asterisk
> starts to freak out; namely, it responds to the wrong packets, sends
> multiple replies, and/or crashes.
>
> I know I talked to several people about this at VON -- does anybody have
> a lead on some good high-end VoIP call generators we can use to test
> Asterisk and make it better?
>
> -Jared
>
Jared,
sipp and sipsak (SIP, obviously) come to mind.
--
Kristian Kielhofner
More information about the asterisk-dev
mailing list