using asterisk and kamailio for reliable, scalable and secure communication solutions
TRANSCRIPT
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
Using Asterisk and WHAT?????
Kah-mah-illie-ohKamailio
Hawaiian wordto communicate
to coverse
Who am I?
Fred Posner
@fredposner
https://qxork.com
Better Together
Lets start at the beginning...
Why Did I Switch to Asterisk?
...many needs are actually wants. And theres a good chance you
can save more money simply redesigning a business process than it
would cost to support those customization wants.
Experts at Mitel
Needless to say...
Features
Ability to customize
Stability
Scalability (growth)
Licensing/Long Term Cost
RegistrationsCarrier RoutingSecurityCall HandlingMediaQueues
Features You Need
Transcoding
B2BUA
AGI (Gateway Interface)
ARI (Rest Interface)
Database Integration
ISDN/PRI/Analog
SIP
WEBRTC
Custom CDRS
Full PBX features
IVR
Call Center
Conferences
Too Much to List
5k 20,000 users in 3 months
6 Asterisk Servers
2 AcmePacket (HA)
> 1 million min/month
We Experienced Rapid Growth
Fiber Cut x2
Thundering Herd
Replaced AcmePacket with Kamailio (OpenSER)
Enter Kamailio (OpenSER)
SIP Proxy Server
SIP Registrar Server
SIP Location Server
SIP Application Server
SIP Dispatcher Server
SIP Websocket Server
Kamailio Provides
Modular Design
Modular SIP Proxy, Registrar and Redirect server
IPv4, IPv6, UDP, TCP, TLS, SCTP, WebSocket
NAT Traversal, internal and external caching engines
JSON, XMLRPC, HTTP APIs
IMS Extensions, SIP-I/SIP-T, IM & Presence
SQL and NoSQL backends
Asynchronous processing (TCP/TLS, SIP routing), external event API
Embedded interpreters (Lua, Perl, Python, .Net, Java)
Load balancing, LCR, DID routing, Number portability
Kamailio is not...
SIP PhoneMedia ServerB2BUA
Asterisk Does what Kamailio Does Not
Can I SBC?
NoNot a B2BUA
No Transcoding
Etc.
WellInconceivable
Do you want a true SBC?
Please read Alex Balashovs great article:http://osolo.co/sbc (redirects to https://likewise.am)
Kamailio as an SBC (Session Border Controller)
Tell me more!
150+ Modules
Many Modules for Security
Dedicated Resources
Protects Multiple Servers
Where does he get those toys?
Security
SQL Injection?
Friendly Scanner?
Script Kiddies?
A SIP Server needs not these things.
SQL Injection & UA Filtering
if ($ua =~ "(friendly-scanner|sipvicious|sipcli)") {sl_send_reply("200","OK");exit;}
if($au =~ "(\=)|(\-\-)|(')|(\#)|(\%27)|(\%24)" and $au != $null) {sl_send_reply("200","Drop Table LOLz");exit;}
Improved Security
SIP Brute Force AttacksRegistrations, calls, etc.
User-Agent FilteringSipvicious, Scanners, etc.
IP Authentication
SQL Injection
LOG Injection
Spoofing
Centralized Security
Deploying Kamailio & Asterisk
Internet
ASApfsenseetc.
KamailioAsteriskAsteriskAsteriskAsterisk
SIP/RTP
Scalability LCR
AsteriskNAT
KamailioPublic IP
AsteriskNATAsteriskNAT
Carrier 1Carrier 2Carrier 3
InternetPSTN
Scalability Load Balancing
AsteriskNAT
KamailioPublic IP
AsteriskNATAsteriskNAT
InternetPSTN
Scalability Load Balancing HA
AsteriskInbound
KamailioPublic IP
AsteriskRecordedAsteriskInbound
InternetPSTNAsteriskQueueAsteriskVoicemailAsteriskQueue
Scalability Scaling
AsteriskInbound
KamailioPublic IP
AsteriskRecordedAsteriskInbound
InternetPSTNAsteriskQueueAsteriskVoicemailAsteriskQueue
KamailioPublic IP
AsteriskQueueAsteriskInboundAsteriskInbound
CarrierCarrierCarrierCarrierCarrierCarrier
Choosing Hardware
Too many considerationsSQL on same box?
RTP Proxying on same box?
Dialog sessions?
Calls per second?
Simultaneous calls?
Kamailio is very fast
Can store much in RAM
As with everything context is king
500cps Example
With great power comes great responsibility.
500cps Example
4 core (ARM)
1GB RAM
1GB NIC
Dispatcher
RTPENGINE
Raspberry Pi 3
What about Virtualization?
Simple answer, yes.
Large amount of deployments
Not a simple question
Pros/Cons approach works best
In Summary...
AsteriskInbound
KamailioPublic IP
AsteriskRecordedAsteriskInbound
InternetPSTNAsteriskQueueAsteriskVoicemailAsteriskQueue
KamailioPublic IP
AsteriskQueueAsteriskInboundAsteriskInbound
CarrierCarrierCarrierCarrierCarrierCarrier
Questions? Cookies?
Fred Posner@fredposnerhttps://qxork.com
Kamailiokamailio.org
Asteriskasterisk.org
Digium.com