Forum Replies Created
-
AuthorPosts
-
The above is a general guideline, not a detailed instruction manual on how to use and setup AWS, nor is it an instruction manual on networking. Setup and configuration of multi-homed networks is where most users get stuck. The Telium support group can offer assistance for specific problems, but we cannot offer instructions on the basics of networks, multi-homing, routes, ARP, AWS EC2, EIP, ENI, etc.
Keep in mind that the support team can help you install HAAst on top of your platform, but you need to have a working Asterisk/FreePBX implementation with properly configured networks before Telium support staff can begin. (As a matter of policy Telium support staff cannot change NIC configurations, routes, rules, etc. on your nodes)
First of all, AWS Lightsail has hidden access to some features that you will need to make this work, so you will instead need to setup a couple of EC2 instances. Since you want to share a VoIP NIC (shared IP) between nodes, your two nodes must reside in the same region but can reside in different Availability Zones (AZ’s).
Since (in most configurations) each node will have two IP addresses, and each address cannot be in the same subnet as the other (basic routing limitation), you must create 2 subnets within your VPC. If you want your two nodes to reside in separate AZ’s, then you will have to create 2 subnets per AZ (since subnets cannot span AZ’s). You might have to manually ad private IP(s) to NIC(s) in Linux depending on your design. You must then setup a security group encompassing both nodes, which allows SSH traffic into the management IP, and VoIP traffic in/out of the VoIP IP.
And finally you have some choices around how many NIC’s and public addresses your want in your setup. The more you want, the more complex the setup. We have created four basic designs you can chose from (but there are more):
- Dual NIC, Dual public IP
- Single NIC, Dual public IP
- Dual NIC, Dual Private IP, Single public IP
- Single NIC, Single Private IP, Single public IP.
The first option is the one we normally implement as it is easy to manage, separates traffic across NIC based on traffic type, avoid loss of management connection in case of VoIP IP issues, etc. But this is also the hardest to implement for AWS EC2 novices. As well, setting up routing rules can be a challenge for someone who doesn’t do network management as part of their job. We also prefer only a single VoIP IP (not dual public VoIP IP’s).
The fourth option is by far the simplest (almost trivial) to setup and you won’t have to worry about routing rules, but you will NOT have external access to the management IP’s of your nodes. To work around this you would either have to create a VPN into your VPC, or setup a third host whose sole purpose is to allow SSH relay to the internal hosts (management IP’s). We can also swap public IP’s between nodes if this makes life easier – to ensure continued direct external access to both nodes (but this is painful to use during setup).
Here’s an overview of the four designs:
1. Dual NIC, Dual public IP
2. Single NIC, Dual public IP
3. Dual NIC, Dual Private IP, Single public IP
4. Single NIC, Single Private IP, Single public IP
This may be possible but it really depends on:
- If the endpoints use TCP for the SIP connection then they may detect the cluster failover (as the TCP connection closes, possibly with a FIN)
- If the endpoints generate SIP traffic (eg: reregistering) then the lack of response or out of sequence response may cause the endpoint to terminate RTP connections
Telium does not provide assistance for creating this type of configuration – but we know clients have made this work. Telium only endorses the method used by HAAst OEM edition, as this is the only proper means for call continuity.
in reply to: USB Dongle in VMware ESXi #6812Once you have received the USB dongle(s) containing your license,
1. Plug each dongle into the appropriate physical machine. (The dongle will have a tag attached showing the machine name, in case you have multiple dongles).
2. From the VMware console edit the virtual machine, and add a new USB device:
3. Select the device name which should be something similar to “Phillips Elite”, and click save. (On some occasions you have to shut down and restart the VM for the hardware to be added).
4. From the VM’s command line, confirm in Linux that the USB dongle is present using the “lsusb” command. Notice the Phillips (NXP) device is present – that is the USB dongle.
5. Telnet to the local PBXSync instance and issue the “license usbdongle” command and follow the steps presented on screen.
- This reply was modified 4 years, 10 months ago by WebMaster.
in reply to: USB Dongle in VMware ESXi #6814Once you have received the USB dongle(s) containing your license,
1. Plug each dongle into the appropriate physical machine. (The dongle will have a tag attached showing the machine name, in case you have multiple dongles).
2. From the VMware console edit the virtual machine, and add a new USB device:
3. Select the device name which should be something similar to “Phillips Elite”, and click save. (On some occasions you have to shut down and restart the VM for the hardware to be added).
4. From the VM’s command line, confirm in Linux that the USB dongle is present using the “lsusb” command. Notice the Phillips (NXP) device is present – that is the USB dongle.
5. Telnet to the local HAAst/SecAst instance and issue the “license usbdongle” command and follow the steps presented on screen.
- This reply was modified 4 years, 10 months ago by WebMaster.
in reply to: Asterisk 16 support #6813Asterisk 16 has numerous architectural changes that impact connected products. Our development team has implemented Asterisk 16 compatibility, but will not release thr code until Asterisk 16 has stabilized, and we see companies implementing Asterisk 16 in production.
As of March 2019 Asterisk 16 is not widely placed into production yet, and so we advise you to NOT upgrade to Asterisk 16 at this time. Since you are a registered HAAst user you are welcome to download a pre-release version of HAAst which supports Asterisk 16.
Asterisk 16 has undergone some significant changes since initial release, and until the product has stabilized we do not recommend placing Asterisk 16 in production.[/i][/color]
in reply to: Asterisk 16 support #6829PBXSync fully supports Asterisk 16.
in reply to: Asterisk 16 support #6810Yes – you will need HAAst version 2.5.0 or later for Asterisk 16 support
in reply to: How to configure IP for each NIC #6808The problem you are encountering has nothing to do with HAAst, and everything to do with the basics of networking. You have setup 2 NIC’s in each PC, but they are on the same subnet! That means that Linux has no idea where (out which NIC) to route traffic for your 192.168.1.0/24 subnet. You should not do this as it confuses Linux. This topic is part of what’s known as “multihoming”, and I would suggest you research this topic a bit further before you continue to setup your networks. As well, reread the HAAst installation guide – there’s a bit more information on this topic there. (This isn’t the first time we’ve seen this issue in the support group).
By shutting down NIC1 on either PC you allow Linux to figure out how to properly route, but then your management NIC is gone so the cluster fails over.
The solution (for 2 NIC’s per PBX) is to ensure that each NIC is on it’s own subnet. For example:
in reply to: Is your module signed by Sangoma #6805Telium’s software is an standalone product, which can run with pure Asterisk, as well as with configuration generators like Issabel, FreePBX, PIAF, etc. Telium’s software is not a plug-in module of FreePBX. (Sangoma signing applies only to FreePBX modules. ) HAAst operates between the operating system and Asterisk levels, while FreePBX operates above Asterisk as a ‘configuration generator’ that presents a pretty GUI and creates Asterisk config files for you.
You should also be aware that some companies use module signing to protect their system, while other companies use module signing solely as a way of generating profits. In the latter case any developer can have their module signed if they pay for a signing key – even a bad module which steals your data or crashes your PBX can be signed. So signing is not always meaningful, but will always increase your cost.
So module signing does not apply to HAAst, but be sure you understand the benefits really provided by module signing in the case of FreePBX.
in reply to: Best way to install HAAst into live environment #6803Whenever you switch from a standalone to a clustered PBX there will be an outage. This can last from seconds to an hours depending on how to perform the cutover.
It is possible to install HAAst into a live environment, but the “best” way depends a bit on your situation. If you cannot tolerate downtime, then you need to:
- Install HAAst on the live system but do not start the HAAst service
- Setup the second node (Asterisk and HAAst) but do not start the HAAst service
- Fully configure HAAst so the nodes will see each other
- At the next failure, maintenance window, or opportunity you chose, start the HAAst service on both nodes and the cluster will form
If you are running FreePBX as your configuration generator we do not generally recommend the above approach, as FreePBX will crash/misbehave if you synchronize configuration data from (even slightly) different versions / enabled options / installed options. (And it’s very easy to accidentally install/enable different modules on FreePBX nodes). For this reason if you run FreePBX we recommend the following procedure:
- Install HAAst on the live system (per the installation guide)
- Configure HAAst on the live system
- Apply any Asterisk updates you wish
- Finalize your Asterisk dialplan and ensure Asterisk works as you wish
- During your maintenance window shutdown the PBX
- Use ‘dd’ or similar tool to mirror the PBX to a second PBX
- Restart both PBX’s (leave the new PBX unplugged from the network)
- Customize the second PBX with unique network and HAAst information
- Reconnect the second PBX to the network and the nodes should find each other
- The nodes should now report the cluster is live
At a high level this should get you up and running with a working cluster. Our detailed installation guide has more specifics that take you through each of the steps above. As well, be sure to read the maintenance guide for instructions on updating.
When Telium performs a live site installation, we bring up the cluster with minimal interruption in phone service (unless of course the customer approves more extensive failover test) as described above.
I’ll start by answering this question in the context of ANY cluster (eg: gateway cluster, router cluster, file server cluster, etc.). If the nodes which make up the cluster cannot talk to one another then they have no way of knowing if the other node is dead or alive. As such, the correct action for any isolated cluster node is to promote to active and assume the other node is dead. Once the nodes contact each other again they discover that multiple nodes are active (a situation called “dual-active contention”). Then the nodes should negotiate who should remain active, and who should demote itself.
This is exactly what happens with HAAst. If the management connection between nodes is lost, then there is no way for either node to know that the other is alive. And so both nodes try to take over telephony service. Once the nodes reconnect then one node will automatically demote itself.
You will find this scenario plays out identically with any commercial HA product (eg: CISCO routers with HSRP). Dual-active contention is the worst case scenario for any cluster as the two nodes are competing, and they will both contend for the resources / traffic / data / etc.
There is a workaround called STONITH – available using event handlers in the Commercial Unlimited edition of HAAst. STONITH is an acronym for “Short The Other Node In The Head”, which basically tells one node to power off the other node. Although HAAst supports STONITH this functionality is disabled by default as the concept of STONITH is hotly debated as risky (a failing node may mistaking shoot the healthy node). And there are many scenarios where STONITH does not work (eg: two isolated nodes) without another out of band connection (eg: serial, 3rd network connection, etc)
in reply to: Free Version Call Limit #6800HAAst depends on Asterisk to report the number of calls in progress. From the Asterisk CLI issue the command “core show calls” and you will see how call are calculated/reported.
If you are running a configuration generator (eg: PIAF, FreePBX) then you will discover that the configuration generator triggers automatic internal (local) calls every X seconds to handle time variable updates and other checks. (Not a good design as they are loading up your PBX with background “calls”). There have been an number of discussions about this topic (on various websites) and causing a lot of frustration with users who are seeing their PBX being loaded up with CPU/disk activity to do little more than update a variable. Since some product vendors only have PHP development experience they must solve every problem using PHP scripts, call files, etc. Other vendors are quite sophisticated (eg: code in C++/C) and their products (eg: XCally) use minimal system resources.
If you are running only Asterisk then check for channels not being released. (There are some documented bugs in Asterisk – depending on the version you are running).
in reply to: Warning that hardware reporting may be inconsistent #6799This message means that the operating system is having trouble enumerating hardware on your host. This is due to a bug in your BIOS or Linux OS.
Telium software tries to work around this bug, and everything SHOULD work fine. But if you have any problem with hardware failure detection or licensed features please contact Telium support and we’ll try to incorporate a fix specific to your BIOS/Linux.
in reply to: Detect running out of RTP ports #6798HAAst is correctly NOT failing over because your PBX is operational and in-progress calls remain up. From HAAst’s perspective your PBX has reached capacity (but is still operational).
First of all, be careful you don’t try to solve a security problem with an HA solution. Even if HAAst fails over to the other node, then that other node will subsequently be subject to those same DoS attacks and it will fail back, etc. So HA failover is not a solution. If you want HAAst to failover once your number of RTP ports in use reach a threshold you set, you can setup a HAAst sensor to monitor the number of RTP ports in use and factor this into each node’s health score. Then, HAAst will failover once the threshold you set for that sensor has been reached.
Second, a more appropriate solution is to block the DoS attacked. Have a look at our Security for Asterisk product (http://www.telium.io/?secast) which is designed to block DoS attacks (and a lot more).
-
AuthorPosts