27 Feb
2015
27 Feb
'15
3:33 a.m.
On 27 Feb 2015, at 09:04, Sebastian Damm <damm(a)sipgate.de> wrote:
Hi,
while testing IPv6 with customers, we fell over quite a few cases, where customers
aren't reachable on inbound calls most of the time. And digging into this, we found
the home router firewall as the cause for those problems.
Normally, you would think, all the NAT problems cease when switching to IPv6. But
actually, right now I don't know how to fix that problem.
In IPv4 NAT scenarios, we would flag the customer during the registration, and Kamailio
would send NAT pings (those 4 bytes of UDP junk) every few seconds to keep the firewall in
the NAT router open. And that worked pretty great.
Now we have IPv6. We don't have NAT. But we still have a home router in front of SIP
devices, with a firewall. And this firewall will allow outbound traffic. But after a few
seconds it won't allow incoming connections anymore. And the routers I have seen so
far don't have a configurable firewall where you could allow inbound traffic from our
server.
Unfortunately, only our load balancer is IPv6, our registrar is still IPv4 only. And the
loadbalancer doesn't know anything about registrations and which customer needs an
IPv6 keepalive.
Does anyone have a hint, how to keep the IPv6 registrations alive? Thanks in advance.
AARGH. Now I see. Thank you. (Disregard earlier e-mail).
In all modern standards, like SIP Outbound, the need to send keep-alives has been pushed
to the client. They need to open a network flow and keep it open - UDP or TCP or TCP/TLS.
As we can't trust device developers to stay up to date, we may need IPv6 keepalives.
/O