Replacing PBX with Asterisk, need feedback on my new architecture.

I’m about to receive approval to design and deploy an Asterisk-based
phone system for my company. I will immediately have to start writing
specifications. I’m working on the hardware design and the architecture
right now. I’d like a second, third, fourth, 1,000th opinion.

800 SIP phones. All will be G.722. I expect 200 concurrent calls, with
20% leaving to the outside world. There will be another 200 analog lines
that will for the time being remain on the TDM PBX switch they reside
on, and will be whittled down and converted to SIP as time and attrition
allows. These are primarily fax machines and conference “spider” phones.
Those are included in my 200 concurrent calls number. I’m looking to get
as close to 5-9′s reliability as I can, with 4-9′s mandatory. Proper
power filtering and backup is already available.

Here’s what I’m thinking for the architecture:

Server 1: PRI Gateway 1 – Support 2 outside PRI trunks for local and
long distance, plus a third PRI connecting to the existing TDM PBX.

Server 2: PRI Gateway 2 – Support 1 PRI trunk for local and long
distance with room for another, plus a second PRI connecting to the
existing TDM PBX.

Reason for two PRI Gateways is for redundancy and fail-over, but
processor capabilities is a concern. I expect in about two years I’ll be
ready to decommission the TDM PBX, but will be left with about 80 Analog
lines across the multiple buildings on my campus. I expect I’ll end up
purchasing channel banks to support the remaining analog lines, and
distribute across the campus using existing copper plant.

Server 3: Asterisk Master Server

Server 4: Asterisk Slave Server

I’m considering a clustered environment, but I believe a fail-over
solution would be easier to implement in the short term. This means each
system needs to handle all traffic by itself. These servers will be used
for Asterisk and Voice-mail. Conferencing will be enabled, but I’m not
considering it in the build. If I see conferencing becoming a factor, I
will build another server and offload that service.

Server 5: Boot Server – DHCP, RADIUS, SNTP, DNS, LDAP, FTP, HTTPS, SNMP,
etc…

This service will provide the phone network all the basic services. This
is a stand-alone phone network primarily because it would be too costly
to upgrade the entire data network to support both voice and data. The
phone network will not initially have Internet Access. This server will
be the server all the phones talk to for pulling their configs.

I’m considering a second Boot Server for redundancy, but since the
phones should store their configs, I’m not seeing this as horribly
critical. Am I smoking something?

Finally, I’ll have a Windows-based workstation that will be used to
remote into all the services, for administration, etc…

I need to plan to use FreePBX on all Asterisk Servers, but I don’t
intend to install it until I’m in regular MAC maintenance mode.

I have no plans at this time to build out any databases. I just plan to
use whatever Asterisk has. If it ever comes to that, I would make those
separate servers as well.

My goal is to build Asterisk Servers and PRI Gateways capable of
supporting 150% of what I anticipate, which would come out to 300
concurrent calls. Again, all phones will use G.722. The PRI Gateway
servers will do the heavy lifting of converting G.711 traffic from the
PRIs to G722, and connect to the Asterisk Servers via IAX2 trunk.

It’s my intention to build each server myself with high-quality off the
shelf components. I’d like all servers to be as close to identical as
possible, as I intend to keep spares on hand to facilitate quick repair
and minimize downtime. I’m considering RAID 1 + 0 (mirrored and stripped
drives) for all servers. I am considering dual redundant power supplies.

For a processor, I’m currently looking at the i7-3770K @ 3.5GHz or very
similar. Its Passmark compares to the Xeon E5-2630 @ 2.3GHz, but is half
the price.

I have no idea what amount of memory to consider, so I am thinking 8GB
per machine.

PCI-E is what I plan for all the cards.

Debian is the Linux flavor

A new network will be deployed using PoE layer-2 managed switches.
Battery backup capable of providing 8 hours will be installed as
required. There will be multiple VLANs in the network as I have multiple
dissimilar offices I need to keep separated from each other. We will
also have 802.11 SIP phones, and will be deploying a campus-wide WiFi
network used only by the phone system. Yes, I crunched the numbers. This
will be significantly cheaper than upgrading the entire existing data
network to support the new phone system. …and to be quite honest, I
don’t trust our network folks, and know adding that layer of bureaucracy
will only negatively impact the customer experience. I was a network
engineer for a top-three telecom company for many years, so I do have a
point of reference to make those statements.

…yes, I am one guy looking to do all this, with an estimated
completion date of the end of 2013. I’ll be building all this out in
addition to my normal “phone guy” job. I’ve built servers (hardware and
software) for 20+ years, but my Linux Kung Fu is weak. I’ll be learning
by doing and know there’ll be a lot of extra hours. The boss is good
about training, so I hope I can get into a good Linux Admin class in
addition to dCAP.

So tear it up! What do you think? Does the CPU have the oomph? What am I
missing? What am I overkilling? What would Brian Boitano do?

I appreciate any feedback, and thanks in advance.

10 Responses to “Replacing PBX with Asterisk, need feedback on my new architecture.”

  1. Paul Belanger said:

    May 06, 12 at 2:39 pm

    800 SIP phones on one server? I wouldn’t want to do it. Add a SIP proxy
    to your design and have it handle all your SIP. Then you can load
    balance across multiple asterisk boxes. You’ll be thankful you did this
    at the start, as it will allow you to increase resources more easily.

    Why?

    It is ashame you are going this far with your setup to rely on FreePBX.
    For something this complex, you are setting your self up for some
    heartache.

  2. Mitul Limbani said:

    May 06, 12 at 5:19 pm

    For 100% High Availibility and Hot Failover, I would recommend one of those
    Red-fone Fonebridges.

    Also getting 800 Phones all register on single server is crazy, add a SIP
    proxy to distribute load evenly between 2 Ast boxes.

    For Wireless you might consider using DECT phones from Snom instead of std
    802.11 based wifi phones. Giving QoS on wifi is a big pain.

    Hope that helps,

    Regards,
    Mitul Limbani
    Enterux Solutions

  3. Steve Edwards said:

    May 07, 12 at 2:12 am

    Aside from capacity, think about maintenance.

    If you ‘front’ your Asterisk servers with Kamailio running on 2 servers
    (even if these servers are also your Asterisk servers) you have the
    ability to take an Asterisk server out of production just by reconfiguring
    Kamailio and waiting the calls in progress to finish.

    Then you can install patches, replace failing disks, etc, etc, etc.

  4. Nunya Biznatch said:

    May 07, 12 at 8:40 am

    Unfortunately, the existing PBX Administration Software only works on
    WinBloze. I’m stuck with it until I can decommission it.

    It is my intention to do everything from the command line. However,
    there will be times when I’ll have Interns coming in and doing some of
    the MAC activities, and I thought this might be an easier way for the
    day to day to get done. I’ve never seen it myself either, so am curious.
    Finally, there’s the “glitter” factor. When my bosses come in and want a
    dog and pony show on the new phone system, they want to see fluffy
    bunnies and kittens, not the Ox that’s doing the pulling. CLI = “old” in
    the minds of those that don’t comprehend.

  5. Steve Edwards said:

    May 07, 12 at 8:24 pm

    Sounds like a recipe for hard to find problems to me.

    You’ll change something, they’ll change something, something will be
    broken.

    I’d suggest one or the other.

    Personally, I like plain text configuration files because I can annotate
    them with a modification history showing what I* changed, when, and why.

    I can also use tools like ‘diff’ to compare working to broken
    configurations.

    I back up all of the configuration files for all of the hosts** for all of
    the clients I administer every day. Each host runs a script to stuff
    everything I think is important into a tarball and email it to a ‘backup’
    email address at my office. If I really trash something on a client host,
    I can always get the last known good files.

    I have the tarballs going back 5 years so if a client every said ‘hey,
    remember when you did…’ I can pull a rabbit out of my hat.

    *) I usually work alone or in small (2-4) teams.

    **) I skip hosts that are supposed to be exact clones of other hosts.

  6. Chad Wallace said:

    May 08, 12 at 8:16 pm

    On Mon, 07 May 2012 06:40:46 -0600
    Nunya Biznatch wrote:

    I just installed FreePBX, and I’m pretty sure that “do everything from
    the command line” and “use FreePBX” are mutually exclusive situations.

    When you install FreePBX, it replaces (overwrites!) your config, and
    then you manually enter everything (devices, queues, IVR, etc.) in the
    GUI–or use a bulk import/export tool if there is one. It takes over
    your Asterisk install, and you have to adapt to it, not the other way
    around.

    If you want to set it up with standard Asterisk configs and your own
    dialplan, you’ll need to find another way to do the GUI for the
    noobs/interns.

    For the bosses, I would suggest sending them to an actual dog and pony
    show instead. But that’s just me. ;-)

  7. Anton Kvashenkin said:

    May 09, 12 at 12:13 am

    Don’t blame me guys, but if you are a new to VOIP and aint’t using asterisk
    for a while, checkout freeswitch (freeswitch.org). Also do not forget at
    least about this
    http://www.opensips.org/html/docs/modules/1.6.x/load_balancer.html for
    loadbalance to your pbx boxes. Just my 2 cents.

    2012/5/9 Chad Wallace

  8. "Bryant Zimmerman" said:

    May 09, 12 at 8:47 am

    I agree with Chad on this one. FreePBX is for a different kind of installs
    from what you described. I believe if you pitch it as your solution; as you
    have stated you will be disappointing. Before you start offering it up to
    the bosses as the silver bullet. I would do a test install on some spare
    hardware (You can use VM Ware or Hyper-V if you know what you are doing).
    Other wise you might be the one being shot with the silver bullet. We have
    used free PBX and it works great as long as your install needs are
    standard, but if you go beyond the standard you need something more. We are
    a sip trunk provider and hosted PBX provider, and we have wholesalers that
    try to use FreePBX to deliver customer sip trunks and they have issues.. It
    is the square peg round hole issue. Get the right shape peg for your
    communications hole..

    Thanks

    Bryant Zimmerman (ZK Tech Inc.)
    616-855-1030 Ext. 2003

  9. "Kevin P. Fleming" said:

    May 11, 12 at 5:40 pm

    As has already been pointed out by others in this thread, 800 phones on
    a single Asterisk server (using Asterisk 1.8.x or later and a decent
    spec server) is really no problem. If all of those phones are going to
    be subscribing to hints for a dozen or more of the other phones, then
    yes, that could be an issue, as the amount of NOTIFY traffic would be
    quite high… but for registration and normal calling, even if all these
    phones were in use at once, I would not expect any issues at all due to
    performance.

    The other comments about being able to take down a server for
    maintenance and not lose calling ability are certainly worth taking into
    consideration as well, but if your planned deployment would allow for
    reasonable scheduled maintenance windows, even that wouldn’t justify the
    complexity of adding in one SIP proxy (or a pair of them) to the equation.

  10. "Kevin P. Fleming" said:

    May 11, 12 at 9:42 pm

    Yes, frequent registrations could be an issue, but when deploying a new
    systems it would be wise to not configure the endpoints that fashion :-)
    The reasons that people used to do so can now be addressed via other
    mechanisms that don’t carry the performance penalty of registrations.

    However, it would not surprise me in the least if Asterisk 1.8.x and
    later handled that volume of registrations without much of a problem.