Hi Chris,

> -----Original Message-----
> From: Chris Bagnall [mailto:m0n0wall at minotaur dot cc] 
> Sent: Monday, 22 August 2005 08:02
> To: Quark IT - Hilton Travis; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Asterisk behind DMZ w/ traffic shaper
> 
> We've recently deployed about 4 asterisk boxes to clients 
> behind m0n0wall
> firewalls.
> 
> > Is there anyone out there who has a m0n0wall Traffic Shaper 
> > ruleset for VOIP usage?  If there's no-one updating the 
> > manual with this information then I am willing to take this 
> > on, even though we don't use VOIP here ourselves yet, and 
> > I'll keep updating this section as we start to play ourselves.
> 
> I'll happily post my traffic shaping rules to the list once 
> I've cleared up the P2P limiting rules I also have running.

By "cleared up" I hope you don't mean "totally removed" as these will
probably be handy to see as well, if they are manual rules, not Magic
Shaper ones.  These rules obviously interact with the VOIP rules to
provide the solution that you have implemented.

> But a couple of points:
> 1) Bandwidth requirements can vary massively depending on 
> what VoIP systems you're running. For example, an Asterisk 
> server running g729 over IAX will use about 21kbps for the 
> first call, but only about 9kbps extra for additional 
> calls *provided* you have a timing device (use ztdummy if 
> you don't have a digium card installed) and of course the 
> remote IAX gateway supports trunking. By contrast, a g711 
> SIP call will be about 80kbps per call, with each call 
> using exactly the same bandwidth as the first call.
> Even a g729 SIP call will use about 32kbps per call. Where 
> possible use an IAX gateway if there are bandwidth 
> considerations.

Do you implement a local Asterisk server at these client locations or do
you connect only to an off-site Asterisk gateway?

> So on a 256kbps link, the number of concurrent calls could 
> vary anywhere between 3 and over 20 depending on codec and 
> signalling protocol used.

Always the way that with a better codec, the number of calls is reduced.
And IAX is better than SIP when a proper protocol/tunneling gateway is
in place.

> 2) Decide on how you want call quality to degrade (as 
> gracefully as possible). If you enable the jitter buffer, 
> your calls won't stutter as much when bandwidth becomes 
> scarce, but you will start to pick up an obvious echo. In 
> this case it might be better to write something into your 
> dialplan to refuse outbound calls if the number of 
> concurrent calls exceeds a certain number, and route 
> subsequent calls out via PSTN.

That's a sensible way to go about this.

> Regards,
> 
> Chris
> -- 
> C.M. Bagnall, Director, Minotaur I.T. Limited
> Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
> ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: 
> Minotaur_Chris
> This email is made from 100% recycled electrons

Thanks for this.  

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.