<div dir="ltr"><div dir="ltr">Hi Henning, Joel, <br>Thanks for your valuable input.<br><br> One of our setup for production looks like below for around 1 million users initially : <br> / --------------> Kamailio (active node, as of now private) \<br> Client -- > LB(public IP- l4 switch)-- ---------->Centralized database <br> \ --------------> Kamailio (passive node, as of now private) /<br> </div><div dir="ltr"><br>In the future, we have a plan to add another domain and allow calls between different domain. </div><div dir="ltr"> <br>Thanks & Regards </div><div>Pintu </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 27, 2019 at 6:47 AM Joel Serrano <<a href="mailto:joel@textplus.com" target="_blank">joel@textplus.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I second that. And to add to Henning's suggestion...<div><br></div><div>We recently tested that same setup, and we found one "thing": Using advertise, you will need a second port (listen transport:ip:port) to talk to internal servers that require you to *keep* the private IP. Otherwise all outgoing request from that kamailio will have the IP replaced by whatever the advertise says and that can mess up your internal routing.<div><br></div><div>Not an issue, as I said you can configure a second port, but just something to know depending on what your setup is gong to look like.</div><div><br></div><div>Good luck!</div><div>Joel.</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <<a href="mailto:hw@kamailio.org" target="_blank">hw@kamailio.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:<br>> Which one among the below option is highly recommended for setting up<br>> Kamailio (for production)<br>> 1. Kamailio behind NAT *or*<br>> 2. Setting up Kamailio using public IP?<br>> <br>> are there any disadvantages if we setup Kamailio behind NAT and use<br>> advertise option in listen parameters?<br>> <br>> We have tested both the options, and both the options work great for us( a.<br>> Kamailio behind NAT with advertising in listen parameters b.Kamailio setup<br>> with public IP). So wondering which one is best and highly recommended?<br>> <br>> Some extra info :<br>> 1. We use TLS<br>> 2. Using coturn for media<br>
<br>Hello Pintu,<br>
<br>generally speaking, if you have the choice between a network setup with NAT <br>and without NAT (everything else equal) - my recommendation would to choose <br>the one without NAT. It will be easier to debug in case of problems on your <br>side or the client side.<br>
<br>Best regards,<br>
<br>Henning<br>
<br>-- <br>Henning Westerholt - <a href="https://skalatan.de/blog/" rel="noreferrer" target="_blank">https://skalatan.de/blog/</a><br>Kamailio services - <a href="https://skalatan.de/services" rel="noreferrer" target="_blank">https://skalatan.de/services</a><br>Kamailio security assessment - <a href="https://skalatan.de/de/assessment" rel="noreferrer" target="_blank">https://skalatan.de/de/assessment</a><br>
<br>_______________________________________________<br>Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
</blockquote></div></div>