Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Using Asterisk and Kamailio for Reliable,
Scalable and Secure Communication Solutions
Using Asterisk and WHAT?????
Kah-mah-illie-oh
● Kamailio
● Hawaiian word
– to communicate
– to coverse
Who am I?
● Fred Posner
● @fredposner
● https://qxork.com
Better Together
Let’s start at the beginning...
Why Did I Switch to Asterisk?
“...many needs are actually wants. And
there’s a good chance you can save more
money simply ...
Needless to say...
● Features
● Ability to customize
● Stability
● Scalability (growth)
● Licensing/Long Term Cost
Registrations
Carrier Routing
Security
Call Handling
Media
Queues
Features You Need
● Transcoding
● B2BUA
● AGI (Gateway Interface)
● ARI (Rest Interface)
● Database Integration
● ISDN/PRI...
● 5k — 20,000 users in 3
months
● 6 Asterisk Servers
● 2 AcmePacket (HA)
● > 1 million min/month
We Experienced Rapid Grow...
Fiber Cut… x2
● Thundering Herd
● Replaced AcmePacket with
Kamailio (OpenSER)
Enter Kamailio (OpenSER)
● SIP Proxy Server
● SIP Registrar Server
● SIP Location Server
● SIP Application Server
● SIP Di...
Kamailio Provides
● Modular Design
● Modular SIP Proxy, Registrar and
Redirect server
● IPv4, IPv6, UDP, TCP, TLS, SCTP,
W...
Kamailio is not...
SIP Phone
Media Server
B2BUA
Asterisk Does what Kamailio
Does Not
Can I SBC?
● No
– Not a B2BUA
– No Transcoding
– Etc.
● Well…
– Inconceivable
– Do you want a “true” SBC?
Please read Alex...
Tell me more!
● 150+ Modules
● Many Modules for Security
● Dedicated Resources
● Protects Multiple Servers
Where does he g...
Security
● SQL Injection?
● Friendly Scanner?
● Script Kiddies?
A SIP Server needs not these
things.
SQL Injection & UA Filtering
if ($ua =~ "(friendly-scanner|sipvicious|sipcli)") {
sl_send_reply("200","OK");
exit;
}
if($a...
Improved Security
● SIP Brute Force Attacks
– Registrations, calls, etc.
● User-Agent Filtering
– Sipvicious, Scanners, et...
Deploying Kamailio & Asterisk
Internet
ASA
pfsense
etc.
Kamailio Asterisk
Asterisk Asterisk
Asterisk
SIP/RTP
Scalability — LCR
Asterisk
NAT
Kamailio
Public IP
Asterisk
NAT
Asterisk
NAT
Carrier 1
Carrier 2
Carrier 3
Internet
PSTN
Scalability — Load Balancing
Asterisk
NAT
Kamailio
Public IP
Asterisk
NAT
Asterisk
NAT
Internet
PSTN
Scalability — Load Balancing HA
Asterisk
Inbound
Kamailio
Public IP
Asterisk
Recorded
Asterisk
Inbound
Internet
PSTN Aster...
Scalability — Scaling
Asterisk
Inbound
Kamailio
Public IP
Asterisk
Recorded
Asterisk
Inbound
Internet
PSTN Asterisk
Queue
...
Choosing Hardware
● Too many considerations
– SQL on same box?
– RTP Proxying on same box?
– Dialog sessions?
● Calls per ...
500cps Example
With great power
comes great
responsibility.
500cps Example
● 4 core (ARM)
● 1GB RAM
● 1GB NIC
● Dispatcher
● RTPENGINE
● Raspberry Pi 3
What about Virtualization?
● Simple answer, yes.
● Large amount of
deployments
● Not a simple question
● Pros/Cons approac...
In Summary...
Asterisk
Inbound
Kamailio
Public IP
Asterisk
Recorded
Asterisk
Inbound
Internet
PSTN Asterisk
Queue
Asterisk...
Questions? Cookies?
Fred Posner
@fredposner
https://qxork.com
● Kamailio
– kamailio.org
● Asterisk
– asterisk.org
– Digium...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
Upcoming SlideShare
Loading in …5
×

Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions

Presentation from AsteriskWorld 2017 at ITEXPO. Discussion of how I started with Asterisk and Kamailio as well as how to build Reliability, Scalability, and Security into your telephony platform.

Related Books

Free with a 30 day trial from Scribd

See all
  • Login to see the comments

Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions

  1. 1. Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication Solutions
  2. 2. Using Asterisk and WHAT????? Kah-mah-illie-oh ● Kamailio ● Hawaiian word – to communicate – to coverse
  3. 3. Who am I? ● Fred Posner ● @fredposner ● https://qxork.com
  4. 4. Better Together
  5. 5. Let’s start at the beginning...
  6. 6. Why Did I Switch to Asterisk? “...many needs are actually wants. And there’s a good chance you can save more money simply redesigning a business process than it would cost to support those customization wants.” —Experts at Mitel
  7. 7. Needless to say... ● Features ● Ability to customize ● Stability ● Scalability (growth) ● Licensing/Long Term Cost
  8. 8. Registrations Carrier Routing Security Call Handling Media Queues
  9. 9. Features You Need ● Transcoding ● B2BUA ● AGI (Gateway Interface) ● ARI (Rest Interface) ● Database Integration ● ISDN/PRI/Analog ● SIP ● WEBRTC ● Custom CDRS ● Full PBX features ● IVR ● Call Center ● Conferences ● Too Much to List
  10. 10. ● 5k — 20,000 users in 3 months ● 6 Asterisk Servers ● 2 AcmePacket (HA) ● > 1 million min/month We Experienced Rapid Growth
  11. 11. Fiber Cut… x2 ● Thundering Herd ● Replaced AcmePacket with Kamailio (OpenSER)
  12. 12. Enter Kamailio (OpenSER) ● SIP Proxy Server ● SIP Registrar Server ● SIP Location Server ● SIP Application Server ● SIP Dispatcher Server ● SIP Websocket Server
  13. 13. Kamailio Provides ● Modular Design ● Modular SIP Proxy, Registrar and Redirect server ● IPv4, IPv6, UDP, TCP, TLS, SCTP, WebSocket ● NAT Traversal, internal and external caching engines ● JSON, XMLRPC, HTTP APIs ● IMS Extensions, SIP-I/SIP-T, IM & Presence ● SQL and NoSQL backends ● Asynchronous processing (TCP/TLS, SIP routing), external event API ● Embedded interpreters (Lua, Perl, Python, .Net, Java) ● Load balancing, LCR, DID routing, Number portability
  14. 14. Kamailio is not... SIP Phone Media Server B2BUA Asterisk Does what Kamailio Does Not
  15. 15. Can I SBC? ● No – Not a B2BUA – No Transcoding – Etc. ● Well… – Inconceivable – Do you want a “true” SBC? Please read Alex Balashov’s great article: ➔ http://osolo.co/sbc (redirects to https://likewise.am) ➔ “Kamailio as an SBC (Session Border Controller)”
  16. 16. Tell me more! ● 150+ Modules ● Many Modules for Security ● Dedicated Resources ● Protects Multiple Servers Where does he get those toys?
  17. 17. Security ● SQL Injection? ● Friendly Scanner? ● Script Kiddies? A SIP Server needs not these things.
  18. 18. SQL Injection & UA Filtering if ($ua =~ "(friendly-scanner|sipvicious|sipcli)") { sl_send_reply("200","OK"); exit; } if($au =~ "(=)|(--)|(')|(#)|(%27)|(%24)" and $au != $null) { sl_send_reply("200","Drop Table LOLz"); exit; }
  19. 19. Improved Security ● SIP Brute Force Attacks – Registrations, calls, etc. ● User-Agent Filtering – Sipvicious, Scanners, etc. ● IP Authentication ● SQL Injection ● LOG Injection ● Spoofing ● Centralized Security
  20. 20. Deploying Kamailio & Asterisk Internet ASA pfsense etc. Kamailio Asterisk Asterisk Asterisk Asterisk SIP/RTP
  21. 21. Scalability — LCR Asterisk NAT Kamailio Public IP Asterisk NAT Asterisk NAT Carrier 1 Carrier 2 Carrier 3 Internet PSTN
  22. 22. Scalability — Load Balancing Asterisk NAT Kamailio Public IP Asterisk NAT Asterisk NAT Internet PSTN
  23. 23. Scalability — Load Balancing HA Asterisk Inbound Kamailio Public IP Asterisk Recorded Asterisk Inbound Internet PSTN Asterisk Queue Asterisk Voicemail Asterisk Queue
  24. 24. Scalability — Scaling Asterisk Inbound Kamailio Public IP Asterisk Recorded Asterisk Inbound Internet PSTN Asterisk Queue Asterisk Voicemail Asterisk Queue Kamailio Public IP Asterisk Queue Asterisk Inbound Asterisk Inbound Carrier Carrier Carrier Carrier Carrier Carrier
  25. 25. Choosing Hardware ● Too many considerations – SQL on same box? – RTP Proxying on same box? – Dialog sessions? ● Calls per second? ● Simultaneous calls? ● Kamailio is very fast ● Can store much in RAM ● As with everything context is king
  26. 26. 500cps Example
  27. 27. With great power comes great responsibility.
  28. 28. 500cps Example ● 4 core (ARM) ● 1GB RAM ● 1GB NIC ● Dispatcher ● RTPENGINE ● Raspberry Pi 3
  29. 29. What about Virtualization? ● Simple answer, yes. ● Large amount of deployments ● Not a simple question ● Pros/Cons approach works best
  30. 30. In Summary... Asterisk Inbound Kamailio Public IP Asterisk Recorded Asterisk Inbound Internet PSTN Asterisk Queue Asterisk Voicemail Asterisk Queue Kamailio Public IP Asterisk Queue Asterisk Inbound Asterisk Inbound Carrier Carrier Carrier Carrier Carrier Carrier
  31. 31. Questions? Cookies? Fred Posner @fredposner https://qxork.com ● Kamailio – kamailio.org ● Asterisk – asterisk.org – Digium.com

×