<div dir="ltr">In one case, it was to take advantage of the SSL offloading from the cloud provided load balancer (among other features, but that was the main one). I never got it fully working though..<div><br></div><div>See: <a href="https://github.com/kamailio/kamailio/issues/2103" target="_blank">https://github.com/kamailio/kamailio/issues/2103</a> and the thread <a href="https://lists.kamailio.org/pipermail/sr-users/2019-November/107222.html">https://lists.kamailio.org/pipermail/sr-users/2019-November/107222.html</a></div><div><div><br></div><div>So it could end up being useful for something like:</div><div><br></div><div>UA <-> TCP load balancer (that *proxies* the connection but doesn't talk SIP) <-> Kamailio -> destination.</div><div><br></div><div><br></div><div>I'm also curious to know if/how the rest are using it.. </div><div><br></div><div><br></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 11, 2020 at 9:24 AM Alex Balashov <<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The motive is still a bit of a mystery to me. Yes, it allows Kamailio to <br>
discover the true source IP/port of a message, but given the function <br>
performed by HAProxy for TCP connections, it seems generally useful to <br>
think of HAProxy as the other endpoint of the connection? Moreover, it <br>
makes it that much more complicated to send requests to reach the client <br>
_via_ HAProxy (e.g. following a lookup()), since HAProxy isn't a SIP <br>
proxy and doesn't add a Path hop.<br>
<br>
Am I missing something vital about the nature of HAProxy + Kamailio <br>
deployments?<br>
<br>
-- Alex<br>
<br>
On 11/11/20 8:23 AM, Henning Westerholt wrote:<br>
> Hello,<br>
> <br>
> bascially this allows Kamailio to understand the HAProxy protocol to be <br>
> used behind this particular proxy. Some discussion can be found at the <br>
> list and also at <a href="https://github.com/kamailio/kamailio/pull/1765" rel="noreferrer" target="_blank">https://github.com/kamailio/kamailio/pull/1765</a><br>
> <br>
> Cheers,<br>
> <br>
> Henning<br>
> <br>
> -- <br>
> <br>
> Henning Westerholt – <a href="https://skalatan.de/blog/" rel="noreferrer" target="_blank">https://skalatan.de/blog/</a><br>
> <br>
> Kamailio services – <a href="https://gilawa.com" rel="noreferrer" target="_blank">https://gilawa.com</a> <<a href="https://gilawa.com/" rel="noreferrer" target="_blank">https://gilawa.com/</a>><br>
> <br>
> *From:* sr-users <<a href="mailto:sr-users-bounces@lists.kamailio.org" target="_blank">sr-users-bounces@lists.kamailio.org</a>> *On Behalf Of <br>
> *Joey Golan<br>
> *Sent:* Wednesday, November 11, 2020 1:47 PM<br>
> *To:* Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> *Subject:* Re: [SR-Users] Kamailio behind HAProxy<br>
> <br>
> Thanks Sergey.<br>
> <br>
> Can anyone please explain how and why to use tcp_accept_haproxy?<br>
> <br>
> On 11 Nov 2020, 10:39 +0200, Sergey Safarov <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a> <br>
> <mailto:<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>>, wrote:<br>
> <br>
> Now I not use pike.<br>
> <br>
> On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a><br>
> <mailto:<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>>> wrote:<br>
> <br>
> So on your AWS deployment are you working without ANTIFLOOD(pike)?<br>
> <br>
> I still don’t understand how and why to use tcp_accept_haproxy.<br>
> <br>
> On 9 Nov 2020, 11:49 +0200, Sergey Safarov <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a><br>
> <mailto:<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>>, wrote:<br>
> <br>
> In AWS I now use the network load balancer without enabled<br>
> HAproxy protocol.<br>
> <br>
> On EC2 instances used two ENI.<br>
> <br>
> First for traffic via NLB for Inbound traffic.<br>
> <br>
> And second ENI for outbound traffic.<br>
> <br>
> This works but, maybe complex to implement.<br>
> <br>
> Now I looking to:<br>
> <br>
> 1) enable TCP + HAproxy protocol support in Kamailio;<br>
> <br>
> 2) add UDP + HAproxy protocol feature support;<br>
> <br>
> 3) add connection support "with" and "without" HAproxy protocol.<br>
> <br>
> But I am not a developer and cannot say when it implemented.<br>
> <br>
> If your usage case, is business requirements and need<br>
> extended HAproxy implementation in Kamailio, then your<br>
> company can hire devs from the community.<br>
> <br>
> On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a><br>
> <mailto:<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>>> wrote:<br>
> <br>
> Maybe I miss understood you.<br>
> For local installations you mean HAProxy with<br>
> transparent mode?<br>
> <br>
> I have a functioning setup without proxy protocol<br>
> enabled but without anitflood enabled because all<br>
> traffic comes from same HAProxy address.<br>
> <br>
> I’m not sure I understand the purpose of<br>
> tcp_accept_haproxy. When and how this parameter should<br>
> be used?<br>
> <br>
> Thanks,<br>
> Joey.<br>
> <br>
> On 9 Nov 2020, 0:27 +0200, Sergey Safarov<br>
> <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a> <mailto:<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>>, wrote:<br>
> <br>
> Why you cannot use this in the local installation?<br>
> <br>
> On AWS I have multiple kamailio servers behind ELB.<br>
> <br>
> Why you do not use a network load-balancer? NLB also<br>
> offers HAproxy protocol support (TCP and UDP).<br>
> <br>
> In AWS installation you can use dedicated Kamailio<br>
> groups for inbound connections and SIP clients with<br>
> registration.<br>
> <br>
> And use other Kamailio group for outbound<br>
> connections like carriers.<br>
> <br>
> <br>
> Sergey<br>
> <br>
> On Sun, Nov 8, 2020 at 9:07 PM Joey Golan<br>
> <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a> <mailto:<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>>> wrote:<br>
> <br>
> It doesn’t make much sense to me.<br>
> On local installations (on-premise) I have 1<br>
> HAProxy and multiple kamailio servers.<br>
> On AWS I have multiple kamailio servers behind ELB.<br>
> <br>
> On 8 Nov 2020, 19:45 +0200, Sergey Safarov<br>
> <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a><br>
> <mailto:<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>>>, wrote:<br>
> <br>
> you can try place haproxy + NAT on your own<br>
> Linux router.<br>
> <br>
> In this case inbound connections with be<br>
> delivered via HAproxy.<br>
> Outbound connections will be NAT-ed on the<br>
> same host, to the same IP.<br>
> <br>
> On Sun, Nov 8, 2020 at 6:31 PM Joey Golan<br>
> <<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a> <mailto:<a href="mailto:joeygo@gmail.com" target="_blank">joeygo@gmail.com</a>>><br>
> wrote:<br>
> <br>
> Hello,<br>
> I have a kamailio server running behind<br>
> HAProxy with proxy protocol v2 enabled.<br>
> In Kamailio I have set the parameter<br>
> tcp_accept_haproxy=yes and loaded tcpops<br>
> module.<br>
> UEs are registered using TLS and<br>
> kamailio sees that the message has<br>
> received from their real ip address +<br>
> port and not HAProxy ip + port.<br>
> When UE A calls UE B, kamailio is trying<br>
> to reach UE B using his real ip address<br>
> and port instead of HAProxy IP address +<br>
> port.<br>
> <br>
> I know I can get the tcp ip and port of<br>
> HAProxy using $tcp(c_si) and $tcp(c_sp)<br>
> but I can’t make it work.<br>
> What is the right way to do this? How<br>
> should I use these variables properly in<br>
> order to establish the call successfully?<br>
> <br>
> Thanks,<br>
> Joey.<br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a> <mailto:<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
> <br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> <br>
<br>
-- <br>
Alex Balashov | Principal | Evariste Systems LLC<br>
<br>
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)<br>
Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
<br>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>