[asterisk-dev] Rate limiting traffic to address potential DoS issues?

Kristian Kielhofner kris at krisk.org
Wed Sep 27 07:42:58 MST 2006


Jared Smith wrote:
> On 9/26/06, *Steven* <critch at basesys.com <mailto:critch at basesys.com>> wrote:
> 
>     No, apache won't die. Apache will stop answering new requests till a
>     child process is able to process the request. 
> 
> 
> Steven makes an important point here -- Apache has some tunable 
> parameters that allow you to set it's behavior, depending on your 
> circumstances.  In the case of Asterisk, we should have a couple of 
> knobs we can tweak to control how Asterisk handles a high number of 
> incoming connections, whether they're just a traffic spike or a DoS 
> attack. 
> 
> I know that other VoIP vendors claim they can handle X number of invalid 
> connections per second while still keeping all the legitimate calls 
> working -- I'd obviously like to see Asterisk do the same (for 
> reasonable values of X, of course).  Unfortunately, in the limited load 
> testing I've done with Asterisk (specifically in the SIP channel), when 
> you start to send more than a few incoming calls per second, Asterisk 
> starts to freak out; namely, it responds to the wrong packets, sends 
> multiple replies, and/or crashes. 
> 
> I know I talked to several people about this at VON -- does anybody have 
> a lead on some good high-end VoIP call generators we can use to test 
> Asterisk and make it better?
>  
> -Jared
> 

Jared,

	sipp and sipsak (SIP, obviously) come to mind.

--
Kristian Kielhofner


More information about the asterisk-dev mailing list