For performance behind or out Router


For performance pupouse. Having 40 to 50 cuncorrent call what is the best configuration, behind a router or having the asterisk server with static ip with linux firewall on?

Best regards,


The Asterisk Box doesnt care.
So try to check if your router is suffering…

For security purposes, you can leave the asterisk behind NAT. (but you wont be able to make a call from “outside”)


You will need a decent router anyway as you will using between 2 and 4meg of bandwidth depending on codecs. I would always go for an external address and use a external firewall as well, It will have to handle that continuous traffic with minimal latency. You could try it with iptables but it may slow the box down


Thank you for your input.

Does linux firewall, not iptables will be enough?



I have a hard time imaging that iptables would ‘slow the box down’.

iptables is the basis for many linux based firewalls… if the voice traffic for a single asterisk machine was too much to handle I don’t think people would deploy it as a gateway/firewall machine.

perhaps i’m wrong.


i will perform stress test with and without iptables or regular firewall and post result latter this week.



Hi Aberrio,

I would agree with Ian.

When it comes to latency sensitive traffic like VOIP “milliseconds matter”. I would use a Cisco router (sorry I am a Cisco snob) if I was doing the setup for business.

I can not see how an OS doing 50 or so VOIP calls and the rest, could outperform a dedicated router like a Cisco.

If you have a small/home setup you may be happy with a linux/firewall/Asterisk/iptables…


of cause you’ll be happy with “software” router
Cisco (i dont like it :smiley:) does lots in “hardware”, but not everything!

As your router has good hardware (NIC’s, mainboard) and doesnt perform traffic shaping, you just need to check it’s CPU load…

i think this pendulum can swing both ways. if you have many asterisk servers pushing huge amounts of data through your network, you may find your cisco no longer able to keep up… whereas the iptables solution scales linearly with the number of asterisk sservers you have.

I am always a fan of horizontal scalability. If your firewalling solutions can scale evenly with your application requirements… i think that’s a win!