Re: [SR-Users] Kamailio behind HAProxy

Hello, bascially this allows Kamailio to understand the HAProxy protocol to be used behind this particular proxy. Some discussion can be found at the list and also at https://github.com/kamailio/kamailio/pull/1765 Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Joey Golan Sent: Wednesday, November 11, 2020 1:47 PM To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: Re: [SR-Users] Kamailio behind HAProxy Thanks Sergey. Can anyone please explain how and why to use tcp_accept_haproxy? On 11 Nov 2020, 10:39 +0200, Sergey Safarov <s.safarov(a)gmail.com>om>, wrote: > quote_type > Now I not use pike. > > On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <joeygo(a)gmail.com> wrote: > > quote_type > > So on your AWS deployment are you working without ANTIFLOOD(pike)? > > > > I still don’t  understand how and why to use tcp_accept_haproxy. > > On 9 Nov 2020, 11:49 +0200, Sergey Safarov <s.safarov(a)gmail.com>om>, wrote: > > > > > In AWS I now use the network load balancer without enabled HAproxy protocol. > > > On EC2 instances used two ENI. > > > First for traffic via NLB for Inbound traffic. > > > And second ENI for outbound traffic. > > > > > > This works but, maybe complex to implement. > > > > > > Now I looking to: > > > 1) enable TCP + HAproxy protocol support in Kamailio; > > > 2) add UDP + HAproxy protocol feature support; > > > 3) add connection support "with" and "without" HAproxy protocol. > > > > > > But I am not a developer and cannot say when it implemented. > > > > > > If your usage case, is business requirements and need extended HAproxy implementation in Kamailio, then your company can hire devs from the community. > > > > > > > > > On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <joeygo(a)gmail.com> wrote: > > > > quote_type > > > > Maybe I miss understood you. > > > > For local installations you mean HAProxy with transparent mode? > > > > > > > > I have a functioning setup without proxy protocol enabled but without anitflood enabled because all traffic comes from same HAProxy address. > > > > > > > > I’m not sure I understand the purpose of tcp_accept_haproxy. When and how this parameter should be used? > > > > > > > > Thanks, > > > > Joey. > > > > On 9 Nov 2020, 0:27 +0200, Sergey Safarov <s.safarov(a)gmail.com>om>, wrote: > > > > > > > > > Why you cannot use this in the local installation? > > > > > > > > > > On AWS I have multiple kamailio servers behind ELB. > > > > > > > > > > Why you do not use a network load-balancer? NLB also offers HAproxy protocol support (TCP and UDP). > > > > > > > > > > In AWS installation you can use dedicated Kamailio groups for inbound connections and SIP clients with registration. > > > > > And use other Kamailio group for outbound connections like carriers. > > > > > > > > > > Sergey > > > > > > > > > > On Sun, Nov 8, 2020 at 9:07 PM Joey Golan <joeygo(a)gmail.com> wrote: > > > > > > quote_type > > > > > > It doesn’t make much sense to me. > > > > > > On local installations (on-premise) I have 1 HAProxy and multiple kamailio servers. > > > > > > On AWS I have multiple kamailio servers behind ELB. > > > > > > On 8 Nov 2020, 19:45 +0200, Sergey Safarov <s.safarov(a)gmail.com>om>, wrote: > > > > > > > > > > > > > you can try place haproxy + NAT on your own Linux router. > > > > > > > In this case inbound connections with be delivered via HAproxy. > > > > > > > Outbound connections will be NAT-ed on the same host, to the same IP. > > > > > > > > > > > > > > On Sun, Nov 8, 2020 at 6:31 PM Joey Golan <joeygo(a)gmail.com> wrote: > > > > > > > > quote_type > > > > > > > > Hello, > > > > > > > > I have a kamailio server running behind HAProxy with proxy protocol v2 enabled. > > > > > > > > In Kamailio I have set the parameter tcp_accept_haproxy=yes and loaded tcpops module. > > > > > > > > UEs are registered using TLS and kamailio sees that the message has received from their real ip address + port and not HAProxy ip + port. > > > > > > > > When UE A calls UE B, kamailio is trying to reach UE B using his real ip address and port instead of HAProxy IP address + port. > > > > > > > > > > > > > > > > I know I can get the tcp ip and port of HAProxy using $tcp(c_si) and $tcp(c_sp) but I can’t make it work. > > > > > > > > What is the right way to do this? How should I use these variables properly in order to establish the call successfully? > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Joey. > > > > > > > > _______________________________________________ > > > > > > > > Kamailio (SER) - Users Mailing List > > > > > > > > sr-users(a)lists.kamailio.org > > > > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > > > > _______________________________________________ > > > > > > > Kamailio (SER) - Users Mailing List > > > > > > > sr-users(a)lists.kamailio.org > > > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > > > _______________________________________________ > > > > > > Kamailio (SER) - Users Mailing List > > > > > > sr-users(a)lists.kamailio.org > > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > > _______________________________________________ > > > > > Kamailio (SER) - Users Mailing List > > > > > sr-users(a)lists.kamailio.org > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > > > Kamailio (SER) - Users Mailing List > > > > sr-users(a)lists.kamailio.org > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > _______________________________________________ > > > Kamailio (SER) - Users Mailing List > > > sr-users(a)lists.kamailio.org > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > sr-users(a)lists.kamailio.org > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users(a)lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users