mirror of
				https://github.com/asterisk/asterisk.git
				synced 2025-10-26 14:27:14 +00:00 
			
		
		
		
	git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@2175 65c4cc65-6c06-0410-ace0-fbb531ad65f3
		
			
				
	
	
		
			327 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			Plaintext
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			327 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			Plaintext
		
	
	
		
			Executable File
		
	
	
	
	
| Inter-Asterisk eXchange Protocol
 | |
| ================================
 | |
| 
 | |
| INTRODUCTION
 | |
| ------------
 | |
| 
 | |
| This document is intended as an introduction to the Inter-Asterisk 
 | |
| eXchange (or simply IAX) protocol.  It provides both a theoretical 
 | |
| background and practical information on its use.
 | |
| 
 | |
| WHY IAX
 | |
| -------
 | |
| The first question most people are thinking at this point is "Why do you 
 | |
| need another VoIP protocol?  Why didn't you just use SIP or H.323?"
 | |
| 
 | |
| Well, the answer is a fairly complicated one, but in a nutshell it's like
 | |
| this...  Asterisk is intended as a very flexible and powerful
 | |
| communications tool.  As such, the primary feature we need from a VoIP
 | |
| protocol is the ability to meet our own goals with Asterisk, and one with
 | |
| enough flexibility that we could use it as a kind of laboratory for
 | |
| inventing and implementing new concepts in the field.  Neither H.323 or
 | |
| SIP fit the roles we needed, so we developed our own protocol, which,
 | |
| while not standards based, provides a number of advantages over both SIP
 | |
| and H.323, some of which are:
 | |
| 
 | |
| 	* Interoperability with NAT/PAT/Masquerade firewalls
 | |
| 	     IAX seamlessly interoperates through all sorts of NAT and PAT
 | |
|              and other firewalls, including the ability to place and 
 | |
|              receive calls, and transfer calls to other stations.
 | |
| 
 | |
| 	* High performance, low overhead protocol
 | |
| 	     When running on low-bandwidth connections, or when running 
 | |
| 	     large numbers of calls, optimized bandwidth utilization is 
 | |
| 	     imperative.  IAX uses only 4 bytes of overhead
 | |
| 
 | |
| 	* Internationalization support
 | |
| 	     IAX transmits language information, so that remote PBX 
 | |
| 	     content can be delivered in the native language of the
 | |
| 	     calling party.
 | |
| 
 | |
| 	* Remote dialplan polling
 | |
| 	     IAX allows a PBX or IP phone to poll the availability of a 
 | |
| 	     number from a remote server.  This allows PBX dialplans to 
 | |
| 	     be centralized.
 | |
| 
 | |
| 	* Flexible authentication
 | |
| 	     IAX supports cleartext, md5, and RSA authentication, 
 | |
| 	     providing flexible security models for outgoing calls and 
 | |
| 	     registration services.
 | |
| 	
 | |
| 	* Multimedia protocol
 | |
| 	     IAX supports the transmission of voice, video, images, text, 
 | |
| 	     HTML, DTMF, and URL's.  Voice menus can be presented in both
 | |
| 	     audibly and visually.
 | |
| 
 | |
| 	* Call statistic gathering
 | |
| 	     IAX gathers statistics about network performance (including 
 | |
| 	     latency and jitter, as well as providing end-to-end latency
 | |
| 	     measurement.
 | |
| 
 | |
| 	* Call parameter communication
 | |
| 	     Caller*ID, requested extension, requested context, etc are
 | |
| 	     all communicated through the call.
 | |
| 
 | |
| 	* Single socket design
 | |
| 	     IAX's single socket design allows up to 32768 calls to be 
 | |
| 	     multiplexed.
 | |
| 	
 | |
| While we value the importance of standards based (i.e. SIP) call handling, 
 | |
| hopefully this will provide a reasonable explanation of why we developed 
 | |
| IAX rather than starting with SIP.
 | |
| 
 | |
| CONFIG FILE CONVENTIONS
 | |
| -----------------------
 | |
| Lines beginning with '>' represent lines which might appear in an actual 
 | |
| configuration file.  The '>' is used to help separate them from the 
 | |
| descriptive text and should not actually be included in the file itself.
 | |
| 
 | |
| Lines within []'s by themselves represent section labels within the 
 | |
| configuration file.  like this:
 | |
| 
 | |
| > [mysection]
 | |
| 
 | |
| Options are set using the "=" sign, for example
 | |
| 
 | |
| > myoption = value
 | |
| 
 | |
| Sometimes an option will have a number of discrete values which it can 
 | |
| take.  In that case, in the documentation, the options will be listed 
 | |
| within square brackets (the "[" and "]" ones) separated by the pipe symbol 
 | |
| ("|").  For example:
 | |
| 
 | |
| > myoption = [value1|value2|value3]
 | |
| 
 | |
| means the option "myoption" can be assigned a value of "value1", "value2", 
 | |
| or "value3".
 | |
| 
 | |
| Objects, or pseudo-objects are instantiated using the "=>" construct.  For 
 | |
| example:
 | |
| 
 | |
| > myobject => parameter
 | |
| 
 | |
| creates an object called "myobject" with some parameter whose definition
 | |
| would be specific to that object.  Note that the config file parser
 | |
| considers "=>" and "=" to be equivalent and their use is purely to make
 | |
| configuration files more readable and easier to "humanly parse".
 | |
| 
 | |
| The comment character in Asterisk configuration files is the semicolon 
 | |
| ";".  The reason it is not "#" is because the "#" symbol can be used as 
 | |
| parts of extensions and it didn't seem like a good idea to have to escape 
 | |
| it.
 | |
| 
 | |
| IAX CONFIGURATION IN ASTERISK
 | |
| -----------------------------
 | |
| 
 | |
| Like everything else in Asterisk, IAX's configuration lies in 
 | |
| /etc/asterisk -- specifically /etc/asterisk/iax.conf
 | |
| 
 | |
| The IAX configuration file is a collection of sections, each of which
 | |
| (with the exception of the "general" section) represents an entity within 
 | |
| the IAX scope.
 | |
| 
 | |
| ------------
 | |
| 
 | |
| The first section is typically the "general" section.  In this area, 
 | |
| a number of parameters which affect the entire system are configured.  
 | |
| Specifically, the default codecs, port and address, jitter behavior, TOS 
 | |
| bits, and registrations.
 | |
| 
 | |
| The first line of the "general" section is always:
 | |
| 
 | |
| > [general]
 | |
| 
 | |
| Following the first line are a number of other possibilities:
 | |
| 
 | |
| > port = <portnum>
 | |
| 
 | |
| This sets the port that IAX will bind to.  The default IAX port number is 
 | |
| 5036.  It is recommended that this value not be altered in general.
 | |
| 
 | |
| > bindaddr = <ipaddr>
 | |
| 
 | |
| This allows you to bind IAX to a specific local IP address instead of
 | |
| binding to all addresses.  This could be used to enhance security if, for
 | |
| example, you only wanted IAX to be available to users on your LAN.
 | |
| 
 | |
| > bandwidth = [low|medium|high]
 | |
| 
 | |
| The bandwidth selection initializes the codec selection to appropriate
 | |
| values for given bandwidths.  The "high" selection enables all codecs and
 | |
| is recommended only for 10Mbps or higher connections.  The "medium"
 | |
| bandwidth eliminates signed linear, Mu-law and A-law codecs, leaving only
 | |
| the codecs which are 32kbps and smaller (with MP3 as a special case).  It
 | |
| can be used with broadband connections if desired. "low" eliminates ADPCM
 | |
| and MP3 formats, leaving only the G.723.1, GSM, and LPC10.
 | |
| 
 | |
| > allow = [gsm|lpc10|g723.1|adpcm|ulaw|alaw|mp3|slinear|all]
 | |
| > disallow = [gsm|lpc10|g723.1|adpcm|ulaw|alaw|mp3|slinear|all]
 | |
| 
 | |
| The "allow" and "disallow" allow you to fine tune the codec selection 
 | |
| beyond the initial bandwidth selection on a codec-by-codec basis.  
 | |
| 
 | |
| The recommended configuration is to select "low" bandwidth and then 
 | |
| disallow the LPC10 codec just because it doesn't sound very good. 
 | |
| 
 | |
| > jitterbuffer = [yes|no]
 | |
| > dropcount = <dropamount>
 | |
| > maxjitterbuffer = <max>
 | |
| > maxexcessbuffer = <max>
 | |
| 
 | |
| These parameters control the operation of the jitter buffer.  The 
 | |
| jitterbuffer should always be enabled unless you expect all your 
 | |
| connections to be over a LAN.  The drop count is the maximum number of 
 | |
| voice packets to allow to drop (out of 100).  Useful values are 3-10.  The 
 | |
| maxjitterbuffer is the maximum amount of jitter buffer to permit to be 
 | |
| used.  The "maxexcessbuffer" is the maximum amount of excess jitter buffer 
 | |
| that is permitted before the jitter buffer is slowly shrunk to eliminate 
 | |
| latency.
 | |
| 
 | |
| > accountcode = <code>
 | |
| > amaflags = [default|omit|billing|documentation]
 | |
| 
 | |
| These parameters affect call detail record generation.  The first sets the 
 | |
| account code for records received with IAX.  The account code can be 
 | |
| overridden on a per-user basis for incoming calls (see below).  The 
 | |
| amaflags controls how the record is labeled ("omit" causes no record to be 
 | |
| written.  "billing" and "documentation" label the records as billing or 
 | |
| documentation records respectively, and "default" selects the system 
 | |
| default.
 | |
| 
 | |
| > tos = [lowdelay|throughput|reliability|mincost|none]
 | |
| 
 | |
| IAX can optionally set the TOS (Type of Service) bits to specified values 
 | |
| to help improve performance in routing.  The recommended value is 
 | |
| "lowdelay", which many routers (including any Linux routers with 2.4 
 | |
| kernels that have not been altered with ip tables) will give priority to 
 | |
| these packets, improving voice quality.
 | |
| 
 | |
| > register => <name>[:<secret>]@<host>[:port]
 | |
| 
 | |
| Any number of registry entries may be instantiated in the general 
 | |
| section.  Registration allows Asterisk to notify a remote Asterisk server 
 | |
| (with a fixed address) what our current address is.  In order for 
 | |
| registration to work, the remote Asterisk server will need to have a 
 | |
| dynamic peer entry with the same name (and secret if provided).  
 | |
| 
 | |
| The name is a required field, and is the remote peer name that we wish to 
 | |
| identify ourselves as.  A secret may be provided as well.  The secret is 
 | |
| generally a shared password between the local server and the remote 
 | |
| server.  However, if the secret is in square brackets ([]'s) then it is 
 | |
| interpreted as the name of a key to use.  In that case, the local Asterisk 
 | |
| server must have the *private* key (/var/lib/asterisk/keys/<name>.key) and 
 | |
| the remote server will have to have the corresponding public key.
 | |
| 
 | |
| The "host" is a required field and is the hostname or IP address of the 
 | |
| remote Asterisk server.  The port specification is optional and is by 
 | |
| default 5036 if not specified.
 | |
| 
 | |
| -------------
 | |
| 
 | |
| The following sections, after "general" define either users, peers or
 | |
| friends.  A "user" is someone who connects to us.  A "peer" is someone
 | |
| that we connect to.  A "friend" is simply shorthand for creating a "user" 
 | |
| and "peer" with identical parameters (i.e. someone who can contact us and 
 | |
| who we contact). 
 | |
| 
 | |
| > [identifier]
 | |
| 
 | |
| The section begins with the identifier in square brackets.  The identifier 
 | |
| should be an alphanumeric string.
 | |
| 
 | |
| > type = [user|peer|friend]
 | |
| 
 | |
| This line tells Asterisk how to interpret this entity.  Users are things 
 | |
| that connect to us, while peers are people we connect to, and a friend is 
 | |
| shorthand for creating a user and a peer with identical information
 | |
| 
 | |
| ----------------
 | |
| User fields:
 | |
| 
 | |
| > context = <context>
 | |
| 
 | |
| One or more context lines may be specified in a user, thus giving the user 
 | |
| access to place calls in the given contexts.  Contexts are used by 
 | |
| Asterisk to divide dialing plans into logical units each with the ability 
 | |
| to have numbers interpreted differently, have their own security model, 
 | |
| auxiliary switch handling, and include other contexts.  Most users are 
 | |
| given access to the default context.  Trusted users could be given access 
 | |
| to the local context for example.
 | |
| 
 | |
| > permit = <ipaddr>/<netmask>
 | |
| > deny = <ipaddr>/<netmask>
 | |
| 
 | |
| Permit and deny rules may be applied to users, allowing them to connect 
 | |
| from certain IP addresses and not others.  The permit and deny rules are 
 | |
| interpreted in sequence and all are evaluated on a given IP address, with 
 | |
| the final result being the decision.  For example:
 | |
| 
 | |
| > permit = 0.0.0.0/0.0.0.0
 | |
| > deny = 192.168.0.0/255.255.255.0
 | |
| 
 | |
| would deny anyone in 192.168.0.0 with a netmask of 24 bits (class C), 
 | |
| whereas:
 | |
| 
 | |
| > deny = 192.168.0.0/255.255.255.0
 | |
| > permit = 0.0.0.0/0.0.0.0
 | |
| 
 | |
| would not deny anyone since the final rule would permit anyone, thus 
 | |
| overriding the denial.  
 | |
| 
 | |
| If no permit/deny rules are listed, it is assumed that someone may connect 
 | |
| from anywhere.
 | |
| 
 | |
| > callerid = <callerid>
 | |
| 
 | |
| You may override the Caller*ID information passed by a user to you (if 
 | |
| they choose to send it) in order that it always be accurate from the 
 | |
| perspective of your server.
 | |
| 
 | |
| > auth = [md5|plaintext|rsa]
 | |
| 
 | |
| You may select which authentication methods are permitted to be used by 
 | |
| the user to authenticate to us.  Multiple methods may be specified, 
 | |
| separated by commas.  If md5 or plaintext authentication is selected, a 
 | |
| secret must be provided.  If RSA authentication is specified, then one or 
 | |
| more key names must be specified with "inkeys"
 | |
| 
 | |
| If no secret is specified and no authentication method is specified, then 
 | |
| no authentication will be required.
 | |
| 
 | |
| > secret = <secret>
 | |
| 
 | |
| The "secret" line specifies the shared secret for md5 and plaintext 
 | |
| authentication methods.  It is never suggested to use plaintext except in 
 | |
| some cases for debugging.
 | |
| 
 | |
| > inkeys = key1[:key2...]
 | |
| 
 | |
| The "inkeys" line specifies which keys we can use to authenticate the 
 | |
| remote peer.  If the peer's challenge passes with any of the given keys, 
 | |
| then we accept its authentication.  The key files live in 
 | |
| /var/lib/asterisk/keys/<name>.pub and are *public keys*.  Public keys are 
 | |
| not typically DES3 encrypted and thus do not usually need initialization.
 | |
| 
 | |
| ---------------
 | |
| Peer configuration
 | |
| 
 | |
| > allow = [gsm|lpc10|g723.1|adpcm|ulaw|alaw|mp3|slinear|all]
 | |
| > disallow = [gsm|lpc10|g723.1|adpcm|ulaw|alaw|mp3|slinear|all]
 | |
| 
 | |
| The "allow" and "disallow" may be used to enable or disable specific codec 
 | |
| support on a per-peer basis.  
 | |
| 
 | |
| > host = [<ipaddr>|dynamic]
 | |
| 
 | |
| The host line specifies the hostname or IP address of the remote host, or 
 | |
| may be the word "dynamic" signifying that the host will register with us 
 | |
| (see register => in the general section above).
 | |
| 
 | |
| > defaultip = <ipaddr>
 | |
| 
 | |
| If the host uses dynamic registration, Asterisk may still be given a 
 | |
| default IP address to use when dynamic registration has not been performed 
 | |
| or has timed out.
 | |
| 
 | |
| 
 |