[Asterisk-Users] VPN/Asterisk combo

Colin Anderson ColinA at landmarkmasterbuilder.com
Tue Apr 19 11:30:04 MST 2005


It doesn't seem to honor the QoS bit, but you can simulate it with the
traffic shaper. I set it up to give SIP / IAX the highest priority and
things like SMTP the lowest. So far, so good - nobody's complained about
drop outs or anything like that. ALAW sounds so good it's spooky. 

Unless you have an insanely busy lan QoS isn't a *ton* of help. We run Mitel
VoIP as well and we have a very busy LAN with 250 hosts all doing stuff. We
went through a period where we obsessed over QoS being supported yadayada
and in the end it was difficult to support because of mongrel switches that
didn't honor the bits, bitchy servers that hated the QoS layer, etc so we
turned it off. No effect. We are processing about 2-3K calls a day + we do
lots of CAD / rendering / high bandwidth stuff, on a single subnet, no
VLAN'ing. Runs fine, Asterisk and MiNet, about 100 extensions behind the
firewall and 25 outside.

QoS is always a moving target on the Internet because if any of your
upstream provider's routers don't honor the bit, then the whole thing grinds
to a halt and traffic is treated equally. I gave up on QoS and focussed on
traffic shaping at the bottleneck i.e. our Internet connection.

Monowall's GUI is slick and easy to use but it's sometimes easy to shoot
yourself in the foot. I let Monowall create the rules to let traffic through
automagically when you create the NAT forwarding rule. For some reason, you
can create the same rule manually but it won't work. It's also blindingly
easy to set up a stupid rule that will let all sorts of bad traffic through,
so you have to be careful. 

One last catch: For whatever reason, hardware, software, nic, dunno, but we
always got better performance on our broadband (like, an order of magnitude
better) by forcing the NIC to 10baseT full duplex, instead of autodetect.
This was with Intel 82559 chipset NIC's, YMMV. Even still, i wouldn't dare
use anything other than Intel or 3Com NIC's in a BSD box, though. 

hth

-----Original Message-----
From: Chris Mason (Lists) [mailto:lists at masonc.com]
Sent: Tuesday, April 19, 2005 11:27 AM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: RE: [Asterisk-Users] VPN/Asterisk combo


Can it enforce QOS on the traffic?

Chris Mason
www.anguillaguide.com
 

> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com 
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of 
> Colin Anderson
> Sent: Tuesday, April 19, 2005 10:58 AM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: RE: [Asterisk-Users] VPN/Asterisk combo
> 
> >Can anyone suggest a better way or give me some advice?
> 
> Monowall:
> 
> http://www.m0n0.ch/wall/features.php
> 
> Totally rocks. 2-and-3 card DMZ's with routing between them, 
> traffic shaper, IPSec and PPTP VPN's that actually work, easy 
> to set up, good hardware support, boot from CD, configuration 
> in an XML file from floppy. Add 3 NIC's, 1 for your 
> broadband, 1 for your internal LAN, & 1 for a DMZ lan and all 
> you do is set up rules to pass IAX or SIP and a couple of 
> routes. I am using Monowall on a 10 mbit internet connection 
> with an * server inside, and
> 25 SNOM's outside, sometimes my PRI is almost maxed with 
> outbound and inbound PSTN and Monowall just keeps on 
> chugging. On a Compaq PII. With ALAW. (Yes, ALAW. If you have 
> the bandwidth, why not?)
> 
> Best part: Free.
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> 

_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list