On Fri, Feb 23, 2018 at 07:17:48PM +0000, Cody Herzog wrote:
That makes sense, but is unfortunately not an option for me due to strict security requirements. I need to use TLS on the whole path.
Personally, I would work around that requirement, either by using a compliant private backplane/backbone network for internal communication, or running UDP inside encrypted tunnels. That's the most promising avenue in my opinion.
Another option I explored was to have the edge proxies not always use the same TCP connection for sending to the registrar. If I could find a way to load balance across a number of TCP connections, that would probably work for me. Perhaps there is a way the DISPATHCER module can be configured to accomplish this. Maybe the dispatcher configuration can list multiple copies of the same destination, but each having a different send socket address, and then can load balance across those.
It does, but unfortunately that level of fine-grained control isn't reasonably possible.
The only thing I can think of would be to have the registrar close the TCP connection after receiving the registration. I don't know of a way to do that except by changing the lifetime to something like zero after the fact:
https://kamailio.org/docs/modules/5.1.x/modules/tcpops.html#tcpops.f.tcp_set...
That would cause new connections to land at other workers, presumably.
But it's a kludgy solution. UDP is better.
-- Alex