Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
•Download as ODP, PDF•
6 likes•10,813 views
Presentation from AsteriskWorld 2017 at ITEXPO. Discussion of how I started with Asterisk and Kamailio as well as how to build Reliability, Scalability, and Security into your telephony platform.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
Similar to Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions (20)
More from Fred Posner
More from Fred Posner (7)
Recently uploaded
Recently uploaded (20)
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
- 1. Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
- 2. Using Asterisk and WHAT????? Kah-mah-illie-oh ● Kamailio ● Hawaiian word – to communicate – to coverse
- 3. Who am I? ● Fred Posner ● @fredposner ● https://qxork.com
- 8. Let’s start at the beginning...
- 9. Why Did I Switch to Asterisk? “...many needs are actually wants. And there’s a good chance you can save more money simply redesigning a business process than it would cost to support those customization wants.” —Experts at Mitel
- 11. Needless to say... ● Features ● Ability to customize ● Stability ● Scalability (growth) ● Licensing/Long Term Cost
- 13. Features You Need ● Transcoding ● B2BUA ● AGI (Gateway Interface) ● ARI (Rest Interface) ● Database Integration ● ISDN/PRI/Analog ● SIP ● WEBRTC ● Custom CDRS ● Full PBX features ● IVR ● Call Center ● Conferences ● Too Much to List
- 14. ● 5k — 20,000 users in 3 months ● 6 Asterisk Servers ● 2 AcmePacket (HA) ● > 1 million min/month We Experienced Rapid Growth
- 15. Fiber Cut… x2 ● Thundering Herd ● Replaced AcmePacket with Kamailio (OpenSER)
- 16. Enter Kamailio (OpenSER) ● SIP Proxy Server ● SIP Registrar Server ● SIP Location Server ● SIP Application Server ● SIP Dispatcher Server ● SIP Websocket Server
- 17. Kamailio Provides ● Modular Design ● Modular SIP Proxy, Registrar and Redirect server ● IPv4, IPv6, UDP, TCP, TLS, SCTP, WebSocket ● NAT Traversal, internal and external caching engines ● JSON, XMLRPC, HTTP APIs ● IMS Extensions, SIP-I/SIP-T, IM & Presence ● SQL and NoSQL backends ● Asynchronous processing (TCP/TLS, SIP routing), external event API ● Embedded interpreters (Lua, Perl, Python, .Net, Java) ● Load balancing, LCR, DID routing, Number portability
- 18. Kamailio is not... SIP Phone Media Server B2BUA Asterisk Does what Kamailio Does Not
- 19. Can I SBC? ● No – Not a B2BUA – No Transcoding – Etc. ● Well… – Inconceivable – Do you want a “true” SBC? Please read Alex Balashov’s great article: ➔ http://osolo.co/sbc (redirects to https://likewise.am) ➔ “Kamailio as an SBC (Session Border Controller)”
- 20. Tell me more! ● 150+ Modules ● Many Modules for Security ● Dedicated Resources ● Protects Multiple Servers Where does he get those toys?
- 21. Security ● SQL Injection? ● Friendly Scanner? ● Script Kiddies? A SIP Server needs not these things.
- 22. SQL Injection & UA Filtering if ($ua =~ "(friendly-scanner|sipvicious|sipcli)") { sl_send_reply("200","OK"); exit; } if($au =~ "(=)|(--)|(')|(#)|(%27)|(%24)" and $au != $null) { sl_send_reply("200","Drop Table LOLz"); exit; }
- 23. Improved Security ● SIP Brute Force Attacks – Registrations, calls, etc. ● User-Agent Filtering – Sipvicious, Scanners, etc. ● IP Authentication ● SQL Injection ● LOG Injection ● Spoofing ● Centralized Security
- 24. Deploying Kamailio & Asterisk Internet ASA pfsense etc. Kamailio Asterisk Asterisk Asterisk Asterisk SIP/RTP
- 25. Scalability — LCR Asterisk NAT Kamailio Public IP Asterisk NAT Asterisk NAT Carrier 1 Carrier 2 Carrier 3 Internet PSTN
- 26. Scalability — Load Balancing Asterisk NAT Kamailio Public IP Asterisk NAT Asterisk NAT Internet PSTN
- 27. Scalability — Load Balancing HA Asterisk Inbound Kamailio Public IP Asterisk Recorded Asterisk Inbound Internet PSTN Asterisk Queue Asterisk Voicemail Asterisk Queue
- 28. Scalability — Scaling Asterisk Inbound Kamailio Public IP Asterisk Recorded Asterisk Inbound Internet PSTN Asterisk Queue Asterisk Voicemail Asterisk Queue Kamailio Public IP Asterisk Queue Asterisk Inbound Asterisk Inbound Carrier Carrier Carrier Carrier Carrier Carrier
- 29. Choosing Hardware ● Too many considerations – SQL on same box? – RTP Proxying on same box? – Dialog sessions? ● Calls per second? ● Simultaneous calls? ● Kamailio is very fast ● Can store much in RAM ● As with everything context is king
- 30. 500cps Example
- 31. With great power comes great responsibility.
- 32. 500cps Example ● 4 core (ARM) ● 1GB RAM ● 1GB NIC ● Dispatcher ● RTPENGINE ● Raspberry Pi 3
- 33. What about Virtualization? ● Simple answer, yes. ● Large amount of deployments ● Not a simple question ● Pros/Cons approach works best
- 34. In Summary... Asterisk Inbound Kamailio Public IP Asterisk Recorded Asterisk Inbound Internet PSTN Asterisk Queue Asterisk Voicemail Asterisk Queue Kamailio Public IP Asterisk Queue Asterisk Inbound Asterisk Inbound Carrier Carrier Carrier Carrier Carrier Carrier
- 35. Questions? Cookies? Fred Posner @fredposner https://qxork.com ● Kamailio – kamailio.org ● Asterisk – asterisk.org – Digium.com