Asterisk Sunday News


A named ACL is an Access Control List that can be manipulated after configuration and live in it’s own name space. The NACL module manage a list of NACL objects that can be used by other modules, like channel drivers, manager and dialplan apps.

Several SIP devices can share the same access control list and there will be one for the whole SIP channel. An external application that reads the security events in 1.8 can manipulate the NACLs in real time through AMI and block/unblock devices. There’s also an API so that Asterisk modules can modify NACLs internally. Applications can be added, so that NACLs can be manipulated through the dialplan. Call in, identify yourself and add yourself to an NACL for the next call…

Amongst the future ideas are NACLs that can be set by referring to a DNS name and use the DNSmgr to stay up to date with DNS. That requires some changes to the ACL.c api that will happen in the trunk version only.

I have also been playing with the idea of having a callback so that an app will know when a NACL is matched or some sort of counters to measure activity per time period and trigger alarms. Kamailio has one implementation of something like this in the pike module.

A lot of security-related ideas for Asterisk has been based on named ACLs, so I thought that was a starting point and a good holiday hack :-) The code is in the deluxpine branches for your testing!

Feedback and comments are, as always, welcome./olle

The Asterisk Developer Team is proud to announce the Asterisk SPE v1.0 Beta Releasefor immediate download on tftp.digium.com.The SPE has been developed as a joint project between Digium, the Asterisk Company,Voop, the European Asterisk Dialtone provider and the Asterisk community.The Asterisk Service Provider Edition is focused on the needs for the new breedof Telecom companies – the Voice over IP Service Providers. It will be availableboth as a free download in Open Source and as a commercial productcalled Asterisk Commercial Service Provider Edition, ACSPE.

– “We felt the need to focus on being an enabler for this new kind of telco ,making sure that Asterisk fits into their network as well as business modelsin a professional way” says Matt Penser, Asterisk innovator. “The previous versions was more targeted to the needs of the business user, a market where Asterisk already is stronger than any other offering on the marke\”. 

The Asterisk SPE has a number of new features, that makes it the most powerful platform for these companies. No other Open Source package can deliver amatching feature set:

  • All the features from Asterisk 1.4 and the business edition
  • Asterisk VoipRoute(R) technology for SmartRTP(R) bridging
  • Asterisk RateRoute(TM) technology for route selection
  • Asterisk SpitWall(R) core for SPIT filtering

These new solutions will enhance Asterisk and will help the VSP’s toleap light years ahead of their competion.

Asterisk VoipRoute(R) SmartRTP(R) Bridging

The VoipRoute SmartRTP bridging technology enhances the Asterisk RTPbridge with a new scheme. In addition to the current RTP bridges – the native bridge,the remote bridge and the hybrid RTP-direct bridge, SmartRTP uses a combinationof the BGP IP routing protocols and the TRIP VoIP routing system to find thebest and fastest way to route calls between IP nodes on the Internet or local network.

– “The SmartRTP bridge system, based on our patented VoipRoute core, makes sure that call latency is minimal. We also enhanced it with a MediaRescue solution that will capture lost media frames and re-insert them in the audio or video stream before it reaches the destination.” says Josua Polk, the Asterisk RTP developer.“This system implements an Asterisk VoipRoute layer on top of the Internet and uses Dundi(TM) to automatically discover new SmartRTP relays and their properties. It practically erases packet loss, jitter and latency from the list of issues for the provider’s support department. We call it SPEake-friendly calls!” 

Asterisk RateRoute(TM) Least Cost Routing

The RateRoute(TM) solution is only available in the ACSPE due to licenses fromother vendors, soon to be disclosed. The RateRoute system analyze the call from fifteen distinct properties and use an external hardware accelerator to find the best route to forward the call, be it PSTN or VoIP channels. By using the hardware accelerator RR520P PCI express card, LCR decisions is now down to microseconds without accessing external databases.

– “We’ve implemented this in our commercial VoIP network during development, and it cut our costs by at least 75% and enhanced call quality. Billing and CDRmediation is much easier, since the RateRoute system always picked one outbound service provider that always matched the fifteen criteria for carrier selection” says Anders Runnstam at PulseVoip in Bergen, Norway. 

Asterisk SPITwall(R) – filtering away tomorrows VoIP spam today!

The SPITwall(R) technology is developed by Olle E. Johansson, a member of the Asterisk developer team and Senior Technical Advisor for Voop in Bergen, Norway – the Asterisk Dialtone provider.

- “I got more and more annoying calls during development, which disturbed me a lot and caused me to loose concentration. On the other hand, it inspired me to develop SPITwall to be able to filter them out.
I have measured up to 95% success rate on call filtering, which is far beyond any similar products on the market. By not bothering with answering the final 5%, I could concentrate on development again and succesfully finish my development projects.” says Olle. 

The SPITwall is built on a shared database and use bayesian techniques to analyze the content of the call. It requires Asterisk ChanSpy to be ableto listen in and warn the callee about ongoing unsolicited calls. The callee can also press certain DTMF sequences during the call to mark the call as SPIT. The voice pattern, SPITwall checksums and call properties will then immediately be stored in the Digium SPITcore repository to be available for all other users.

– “Using the community to build a SPIT-fighting database is natural for an Open Source project. The community is the power of Asterisk and by sharing a resource like this, we can make sure that everyone contributes. The SPITshare(r) analyzer makes sure that companiest hat does not contribute will get older data and more SPIT calls” says Jill Timmer, VP or marketing. 

SPITwall 1.0 is available with English, Norwegian and Swedish language support. Some support for Canadian and southern US dialects is implemented, and will be finished by release time.


In addition to these revolutionary features, Asterisk Service Provider Edition will contain full T.39 faxing (leapfrogging systems that only support up to version 38), the Codename Pomengranade SIP Stack, the Project Okapi IAX3 trunking technology featuring IAX3 over SS7 transport, the VoipVotedigital phone voting system with app_preselect cheating technology and a fully working version of the VirtuAST virtual PBX hosting Asterisk virtualisation core. 


Asterisk SPE v1.0 beta is available for immediate download. At thistime we’re looking for feedback from service providers.
Release date for the 1.0 version is to be released, pending beta tests. ACSP Edition will be available with Telco level 24/8 support May 15th, 2007. The RR520 RateRoute hardware accelerator is in distribution through authorized resellers starting April 10th.Asterisk, Digium, SPITwall, SpitShare, VoipRoute, SmartRTP, RateRoute and Dundi are trademarks that may be registered by Digium, Inc.For immediate release, April 1st 2007. On behalf of the Asterisk development team and project 0401/Olle