[AusNOG] Remote Work - (SIP/Security/CGNAT)
Chris
lists at shthead.com
Fri Nov 13 11:18:21 EST 2015
On 13/11/2015 8:05 AM, Luke Iggleden wrote:
> I've heard too many horror stories about certain open source SIP
> servers being compromised and bills into the 10's of thousands for
> having relaxed security. Ideally we want to keep these boxes locked
> down as much as possible.
>
> We did look to GeoBlock the rest of the world and only accept known
> prefixes from the ISP's that were being used by the CGNAT boxes, but
> the audio never makes it back to the DSL tail in the remote location
> so a tunnel was the only option.
>
> I'm thinking PLDT will be the only choice we will accept from now on.
> That seems to be a general consensus.
>
> PLDT has a fibre option as well we could insist on, but it narrows the
> scope of workers.
>
FWIW I have a PLDT fibre and Globe fibre service (for business, not home).
PLDT has consistently been a pain to deal with. Over the last few weeks
packet loss has averaged about 15% to Australia during business hours
(starts around 8AM and goes on to about 6PM). I have been waiting for
months for them to get BGP peering setup. Getting PTR records set on
IP's that are assigned to us from them took two meetings and a few weeks
for them to actually apply it. This graph was from just over a week ago
showing the ramp up: http://i.imgur.com/0xZSTS1.png (this test point is
in Singapore).
Globe has been the better of the two, any issues promptly get fixed,
latency is constantly lower to Australia and in general it has been more
reliable. They have also set up everything I have wanted with minimal
fuss, I have not had to email or call the account manager every single
day to get things done.
I have also used PLDT and Globe DSL services at home and Globe has also
been better, I got rid of PLDT and just stuck with Globe in the end. You
can get a static IP allocation for an extra 800PHP or so a month. They
will not assign a normal public IP (dynamic) to a home DSL service
though, it will be CGNAT unless you purchase the static IP.
Maybe its different in Manila but that has been my experience in Cebu.
I have heard good things about Converge ICT but I have not tried them
myself.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151113/fdfcf4ca/attachment.html>
More information about the AusNOG
mailing list