we all know or at least heard about asterisk by now. an open source PBX, which provide small and big enterprises the opportunity to cut costs and improve their old fashioned telephony systems.
the problem with old fashioned pbx systems made by avaya/alcatel/etc. is that they are way over priced, For years they had the ability to set the price for their systems license for almost every component in the system , and most of the times also force us to use their proprietary phones.
PBX based on AsteriskĀ is first of all free, all you need to take care of is the hardware, ranging from a free vmware appliance on your office server for your small business to a dedicated heavy duty server for your call centre.
I recently implemented an asterisk based pbx for a 30 people office, inter connect it with 2 other locations with SIP trunks, and I can tell you… what a joy!
easy to configure, extensions were bulk loaded, PRI took 2 minutes to activate with the operator, 30 SNOM300 phones were configured easy and the office telco is up and running, free features such as: conference rooms,softphone video conversations, fax to email, and many more, no more licenses! upgrades are free, the only cost is per extension is a physical phone roughly $100 and if that person want a headset it’s even free using a softphone on the computer.
the pbx software is used there was elastix, and it’s a very very fun tool to use.
how much it costs?
software/licenses: FREE
Hardware: $2500 (for small office can be summed up by $1000 with PRI support, we chose to have it ready for expansion)
Phone:$100
softphone: FREE
all together (30 extensions): $5500
having this one implemented successfully, we decided to switch our main office from the old digital/analog pbx to the same system.
about 80 people with expectation to grow, the system cost us only double than what we should have paid to increase the capacity on our old pbx.
Elastix PBX Config
to sum it up, if you are afraid of switching your office telecommunications to an open source product, fear not! that system and i am only a small example is being implemented every day in avery complex places and scenarios.
the costs cut is unbelievable.
to sum it up GO asterisk GO!
FLASH Operator Panel
If you are an experienced “networking administrator”, UNIX/Linux Guru or a php/perl programmer and you are looking for a place to host your wisdom, we will be more than happy to give you a stage, for your applications ,tutorials or guides.
Please drop me an email to lior@shukipel.com
working closely with load balancers throughout the years made me aware of quite a few difficulties and tricks, and hard learned lessons about the problems and the best ways of implementing a load balancer into your web farm.
I hope you enjoy the things i have to say here, and i will listen to what you have to say , correct and update this article.
1. Web application, clock synchronization.
In load sharing setup, one must not count on the servers clocks to be used for writing data to the database or presenting data to the user.
The clock of every server skew, some servers skew more than others, so even a clock sync of once a day, doesn’t make it sure that the servers are synchronized, lets look at the example:
User login to your website, your application took the server’s time and inserted the login time as 14:00.
Now the user submits a form, and the second request is being sent through a different server, now another entry is being sent to the database at 13:59, becauseĀ there was a few seconds difference between the clocks.
A later action was registered in the database as if it happened before the earlier one.
The best way to avoid it, is to use the database clock for all read and write actions, that ensures a steady time across various actions, through no matter how many servers you have in the pool.
2. application sessions type
If your application uses sessions, its better to use database based sessions, this will keep the user session alive no matter which server in your pool the request is being made from.
be sure to keep your servers equally loaded. you should be able to set your content group up as round robin with no stickiness.
If you must use server based session, then you must setup some kind of stickiness on your Load Balancer content group, so if you do, make sure the stickiness is based on source IP AND source port.
Pay attention, with some Load Balancers, when you chose sticky source IP they disregard the source port, this result in all requests coming from a certain IP to go to one server regardless of the amount of different requests, or different people initiating the requests, make sure the stickiness is based on source port as well, This will avoid search engines bots to load one of the servers while indexing your site, this could cause lack of performance on the loaded server.
4.server keep alive
if your Load Balancer support keep alive URI, which being used by the Load Balancer to make sure the server is alive, be sure to use a keep alive file which also uses the servers scripting engine(.php,.aspx,etc…) sometimes there is a problem with the scripting engine while the server itself is fine and still handing out responses, and you want that server to be removed from the pool and not resulting in application errors for your users.
Using a URI keep alive rather than other methods such as icmp, gives you the possibility to remove a server from the pool easily by renaming the keep alive file that the Load Balancer is checking for.
This can be used for maintenance, version updates, without doing any action on the Load Balancer itself.
5. Alerts
If possible, configure email/snmp traps alerts for major incidents, such as server unavailable, service unavailable,etc.
This helps identifying problems in the system, and to give you information when your environment status is being degraded.
6. Monitoring
Graph your interfaces, the bandwidth of each service, the hits of each service, and anything else you can possibly graph.
When investigating a fault, graphs of past behavior will help you to understand what could possibly went wrong.
7. Access lists
Setup access lists to restrict traffic going through the Load Balancer, maybe you are serving different internal networks, some Load Balancers by default behave like a router between different networks, which results in an unfiltered traffic between supposedly filtered networks.
Put explicitly allow access lists on all interfaces, and use logging, this will help identify access problems and/or unwanted traffic generated on the network.
Feel free to comment,
Lior.
This one time I was suppose to setup an SQL server 2005 Cluster.
The setup was failing its checkup time after time no matter what I did.
Apparently the problem was that the other node was logged in.
Strange as it sounds , logging off the other node stopped failing the checkup, and installation was finished sucessfuly.
strange eh ?
I just wanted to comment here on a problem I had which took me a while to understand and i couldn’t find any solution anywhere.
The setup is a cisco CSS 11500 Series with 2 web servers and 2 application server.
it was a Cisco ASA Firewall (192.168.1.1) -> Cisco CSS (192.168.1.2)
|-> Servers (192.168.1.10,11,12,13)
So the cisco CSS and the servers were sitting on the same network as the internal interface of the ASA Firewall. servers ofcourse has the CSS as the default gateway.
The application content group was configured with sticky sessions at the time.
The problem was that now and then our connection to the website was dropped and we couldn’t connect back for few minutes and then it was back up, during the time the website was accessible from anywhere else.
This problem drove us nuts, and took us a while to resolve this.
CSS was noticing quite a lot SYN ATTACKS. (CSS never drop traffic because of a DOS attack its just marks them )
so we were thinking maybe there’s a DDoS mitigation device along the way suspecting an attack and blocking the traffic, that was not it.
The problem was an ICMP redirect packets sent from the CSS telling the servers about a better route for the external addresses, the firewall.
for example coming from IP 2.2.2.34 the CSS would send an ICMP redirect message to the servers (windows server 2003) the windows machine would then inject this route in the routing table.
traffic would come from the CSS to the server , packets back were sent to the firewall and got lost there. this was causing the blockage.
By default, ICMP redirect routes were stayed in the routing table for 10 minutes , and then removed.
so to avoid this from happening, you either disable ICMP redirects on the CSS, (I don’t know why its turned on by default anyway)
or change a registry value in windows to disable icmp redirects route injection,(possible to disable in unix as well)
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parametersby
change the setting of EnableICMPRedirect entry to 0 (in most cases it will set to active – 1 by default)
Hope that would help others as well,
Lior
