Home Forums HAast (High Availability for Asterisk) Configuration & Optimization Detect running out of RTP ports

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • Avatar photoCustomer Inquiry
    Post count: 197

    Our PBX is being attacked regularly, and the DoS attack is causing Asterisk to run out of free RTP ports. Existing calls work fine, but new calls fail in Asterisk.

    Why won’t HAAst automatically failover in this situation?

    Avatar photoTelium Support Group
    Post count: 258

    HAAst is correctly NOT failing over because your PBX is operational and in-progress calls remain up. From HAAst’s perspective your PBX has reached capacity (but is still operational).

    First of all, be careful you don’t try to solve a security problem with an HA solution. Even if HAAst fails over to the other node, then that other node will subsequently be subject to those same DoS attacks and it will fail back, etc. So HA failover is not a solution. If you want HAAst to failover once your number of RTP ports in use reach a threshold you set, you can setup a HAAst sensor to monitor the number of RTP ports in use and factor this into each node’s health score. Then, HAAst will failover once the threshold you set for that sensor has been reached.

    Second, a more appropriate solution is to block the DoS attacked. Have a look at our Security for Asterisk product (http://www.autocommander.aws2.ocg.ca/?secast) which is designed to block DoS attacks (and a lot more).

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.