I am interested in opinions and suggestions about load balancing with Kamailio. I work for an ITSP that currently uses Oracle & Broadsoft, and I am working to design and develop an open source solution using Kamailio (Proxy, Registrar, LB) & other Application/Media servers for more flexibility and freedom :) Thank you ALL for the work you have put in on Kamailio!
After much reading and configuration I have a Kamailio 'proxy' setup, with endpoints registered using the Registrar module, and calls being sent/received to/from the PSTN. I am interested in separating the Load Balancers from the Registrars & logic, for security and in order to be able to scale appropriately. I will be using the dispatcher module for both load balancers and proxies using the following architecture:
PublicIP = 5.5.5.5; Private IP = 192.168.1.0/24
USERS (Public Internet) ==> (public: 5.5.5.5) [ Kamailio (LoadBalancer, Firewall, Sanity Checks) ] (core:192.168.1.2) ==> [ Kamailio Registrar, Proxy, PSTN GW ] ==> AppServers or PSTN GW
(we can access our PSTN gateways Via our Core using Private IPs)
Questions: 1) Is it overkill to separate the LB & Proxy/Registrars? 2) Is this a common architecture & anyone configured this architecture successfully?
Thanks in advance for your help!
*Daryn Johnson*
*Senior VoIP Engineer*
Hi Daryn, it may not be an overkill, depending on the constrains you have. For example if the clients can possibly only be instructed to connect to a single public IP address (5.5.5.5 in your example), while you want to be able to scale the Kamailio architecture with multiple instances, then it can be a viable approach. Remember though that the Load Balancer will be your Single Point Of Failure. If the Load Balancer dies, for any reason, the service is not available.
There has been an interesting thread in this mailing list recently, on techniques to provide active/stand-by redundancy to a Kamailio deployment: "High Availability".
Depending on the capabilities of the clients you may consider removing the Load Balancer from the equation and perform DNS-based load balancing across your Proxy/Registrar/PSTN Gw instances. You'd be removing a SPOF, use one fewer machine, and simplify the architecture. This is not always possible to achieve though, because it delegates load balancing and fail over to the clients.
Giacomo
On 30 June 2016 at 17:03, Daryn Johnson djohnson@telnetww.com wrote:
I am interested in opinions and suggestions about load balancing with Kamailio. I work for an ITSP that currently uses Oracle & Broadsoft, and I am working to design and develop an open source solution using Kamailio (Proxy, Registrar, LB) & other Application/Media servers for more flexibility and freedom :) Thank you ALL for the work you have put in on Kamailio!
After much reading and configuration I have a Kamailio 'proxy' setup, with endpoints registered using the Registrar module, and calls being sent/received to/from the PSTN. I am interested in separating the Load Balancers from the Registrars & logic, for security and in order to be able to scale appropriately. I will be using the dispatcher module for both load balancers and proxies using the following architecture:
PublicIP = 5.5.5.5; Private IP = 192.168.1.0/24
USERS (Public Internet) ==> (public: 5.5.5.5) [ Kamailio (LoadBalancer, Firewall, Sanity Checks) ] (core:192.168.1.2) ==> [ Kamailio Registrar, Proxy, PSTN GW ] ==> AppServers or PSTN GW
(we can access our PSTN gateways Via our Core using Private IPs)
Questions:
- Is it overkill to separate the LB & Proxy/Registrars?
- Is this a common architecture & anyone configured this architecture
successfully?
Thanks in advance for your help!
*Daryn Johnson*
*Senior VoIP Engineer*
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Maybe I'm missing something about the core infrastructure of Kamailio that makes this impossible, but why does it seem like nobody wants to run multiple Kamailio load balancers in a cluster? sip.yourcompany.com can have A/SRV records pointing to multiple IP addresses of separate Kamailio instances. As long as the edge proxies are either stateless, or transaction-stateful (i.e. not dialog stateful) this should provide both availability and scalability at the edge.
Is there something that makes this infeasible in Kamailio?
On Thu, Jun 30, 2016 at 11:15 AM Giacomo Vacca giacomo.vacca@gmail.com wrote:
Hi Daryn, it may not be an overkill, depending on the constrains you have. For example if the clients can possibly only be instructed to connect to a single public IP address (5.5.5.5 in your example), while you want to be able to scale the Kamailio architecture with multiple instances, then it can be a viable approach. Remember though that the Load Balancer will be your Single Point Of Failure. If the Load Balancer dies, for any reason, the service is not available.
There has been an interesting thread in this mailing list recently, on techniques to provide active/stand-by redundancy to a Kamailio deployment: "High Availability".
Depending on the capabilities of the clients you may consider removing the Load Balancer from the equation and perform DNS-based load balancing across your Proxy/Registrar/PSTN Gw instances. You'd be removing a SPOF, use one fewer machine, and simplify the architecture. This is not always possible to achieve though, because it delegates load balancing and fail over to the clients.
Giacomo
On 30 June 2016 at 17:03, Daryn Johnson djohnson@telnetww.com wrote:
I am interested in opinions and suggestions about load balancing with Kamailio. I work for an ITSP that currently uses Oracle & Broadsoft, and I am working to design and develop an open source solution using Kamailio (Proxy, Registrar, LB) & other Application/Media servers for more flexibility and freedom :) Thank you ALL for the work you have put in on Kamailio!
After much reading and configuration I have a Kamailio 'proxy' setup, with endpoints registered using the Registrar module, and calls being sent/received to/from the PSTN. I am interested in separating the Load Balancers from the Registrars & logic, for security and in order to be able to scale appropriately. I will be using the dispatcher module for both load balancers and proxies using the following architecture:
PublicIP = 5.5.5.5; Private IP = 192.168.1.0/24
USERS (Public Internet) ==> (public: 5.5.5.5) [ Kamailio (LoadBalancer, Firewall, Sanity Checks) ] (core:192.168.1.2) ==> [ Kamailio Registrar, Proxy, PSTN GW ] ==> AppServers or PSTN GW
(we can access our PSTN gateways Via our Core using Private IPs)
Questions:
- Is it overkill to separate the LB & Proxy/Registrars?
- Is this a common architecture & anyone configured this architecture
successfully?
Thanks in advance for your help!
*Daryn Johnson*
*Senior VoIP Engineer*
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Collin,
My apologies for the lack of clarity. We are desiring to use multiple sets of each task (Load Balancer) (Proxy Registrar) (App Servers). My main reason for the post and inquiry is to determine if separating the roles to multiple machine(s) is a common architecture, and if there are any suggestions in doing this. Your response actually points me in the right direction though - using stateless/transaction-stateful Kamailio instances as edge proxies
*Daryn Johnson*
*Senior VoIP Engineer*
248.485.1109
*www.telnetww.com* http://www.telnetww.com 1175 W. Long Lake Rd. | Suite 101 | Troy, MI 48098
On Thu, Jun 30, 2016 at 11:18 AM, Colin Morelli colin.morelli@gmail.com wrote:
Maybe I'm missing something about the core infrastructure of Kamailio that makes this impossible, but why does it seem like nobody wants to run multiple Kamailio load balancers in a cluster? sip.yourcompany.com can have A/SRV records pointing to multiple IP addresses of separate Kamailio instances. As long as the edge proxies are either stateless, or transaction-stateful (i.e. not dialog stateful) this should provide both availability and scalability at the edge.
Is there something that makes this infeasible in Kamailio?
On Thu, Jun 30, 2016 at 11:15 AM Giacomo Vacca giacomo.vacca@gmail.com wrote:
Hi Daryn, it may not be an overkill, depending on the constrains you have. For example if the clients can possibly only be instructed to connect to a single public IP address (5.5.5.5 in your example), while you want to be able to scale the Kamailio architecture with multiple instances, then it can be a viable approach. Remember though that the Load Balancer will be your Single Point Of Failure. If the Load Balancer dies, for any reason, the service is not available.
There has been an interesting thread in this mailing list recently, on techniques to provide active/stand-by redundancy to a Kamailio deployment: "High Availability".
Depending on the capabilities of the clients you may consider removing the Load Balancer from the equation and perform DNS-based load balancing across your Proxy/Registrar/PSTN Gw instances. You'd be removing a SPOF, use one fewer machine, and simplify the architecture. This is not always possible to achieve though, because it delegates load balancing and fail over to the clients.
Giacomo
On 30 June 2016 at 17:03, Daryn Johnson djohnson@telnetww.com wrote:
I am interested in opinions and suggestions about load balancing with Kamailio. I work for an ITSP that currently uses Oracle & Broadsoft, and I am working to design and develop an open source solution using Kamailio (Proxy, Registrar, LB) & other Application/Media servers for more flexibility and freedom :) Thank you ALL for the work you have put in on Kamailio!
After much reading and configuration I have a Kamailio 'proxy' setup, with endpoints registered using the Registrar module, and calls being sent/received to/from the PSTN. I am interested in separating the Load Balancers from the Registrars & logic, for security and in order to be able to scale appropriately. I will be using the dispatcher module for both load balancers and proxies using the following architecture:
PublicIP = 5.5.5.5; Private IP = 192.168.1.0/24
USERS (Public Internet) ==> (public: 5.5.5.5) [ Kamailio (LoadBalancer, Firewall, Sanity Checks) ] (core:192.168.1.2) ==> [ Kamailio Registrar, Proxy, PSTN GW ] ==> AppServers or PSTN GW
(we can access our PSTN gateways Via our Core using Private IPs)
Questions:
- Is it overkill to separate the LB & Proxy/Registrars?
- Is this a common architecture & anyone configured this architecture
successfully?
Thanks in advance for your help!
*Daryn Johnson*
*Senior VoIP Engineer*
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On Thu, Jun 30, 2016 at 03:18:11PM +0000, Colin Morelli wrote:
Maybe I'm missing something about the core infrastructure of Kamailio that makes this impossible, but why does it seem like nobody wants to run multiple Kamailio load balancers in a cluster? sip.yourcompany.com can have A/SRV records pointing to multiple IP addresses of separate Kamailio instances. As long as the edge proxies are either stateless, or transaction-stateful (i.e. not dialog stateful) this should provide both availability and scalability at the edge.
This works perfectly with kamailio (running 3 loadbalancers for the outside world, thish are in a keepalived failover so 6 machines for loadbalancing to 3 backends).
Thank you Giacomo for the info!
We are thinking to use DNS SRV for failover and to use multiple LBs and do some sort of HA on the Load Balancer(s) using keepalived or etcd, etc.... One of my marching orders is to eliminate any single point of failures. Using one set of hosts would definitely simplify my architecture. Are there any security concerns that arise when allowing the LB/Proxy/Registrar/GW to be on the same device and connected to the Public Internet?
*Daryn Johnson*
*Senior VoIP Engineer*
248.485.1109
*www.telnetww.com* http://www.telnetww.com 1175 W. Long Lake Rd. | Suite 101 | Troy, MI 48098
On Thu, Jun 30, 2016 at 11:15 AM, Giacomo Vacca giacomo.vacca@gmail.com wrote:
Hi Daryn, it may not be an overkill, depending on the constrains you have. For example if the clients can possibly only be instructed to connect to a single public IP address (5.5.5.5 in your example), while you want to be able to scale the Kamailio architecture with multiple instances, then it can be a viable approach. Remember though that the Load Balancer will be your Single Point Of Failure. If the Load Balancer dies, for any reason, the service is not available.
There has been an interesting thread in this mailing list recently, on techniques to provide active/stand-by redundancy to a Kamailio deployment: "High Availability".
Depending on the capabilities of the clients you may consider removing the Load Balancer from the equation and perform DNS-based load balancing across your Proxy/Registrar/PSTN Gw instances. You'd be removing a SPOF, use one fewer machine, and simplify the architecture. This is not always possible to achieve though, because it delegates load balancing and fail over to the clients.
Giacomo
On 30 June 2016 at 17:03, Daryn Johnson djohnson@telnetww.com wrote:
I am interested in opinions and suggestions about load balancing with Kamailio. I work for an ITSP that currently uses Oracle & Broadsoft, and I am working to design and develop an open source solution using Kamailio (Proxy, Registrar, LB) & other Application/Media servers for more flexibility and freedom :) Thank you ALL for the work you have put in on Kamailio!
After much reading and configuration I have a Kamailio 'proxy' setup, with endpoints registered using the Registrar module, and calls being sent/received to/from the PSTN. I am interested in separating the Load Balancers from the Registrars & logic, for security and in order to be able to scale appropriately. I will be using the dispatcher module for both load balancers and proxies using the following architecture:
PublicIP = 5.5.5.5; Private IP = 192.168.1.0/24
USERS (Public Internet) ==> (public: 5.5.5.5) [ Kamailio (LoadBalancer, Firewall, Sanity Checks) ] (core:192.168.1.2) ==> [ Kamailio Registrar, Proxy, PSTN GW ] ==> AppServers or PSTN GW
(we can access our PSTN gateways Via our Core using Private IPs)
Questions:
- Is it overkill to separate the LB & Proxy/Registrars?
- Is this a common architecture & anyone configured this architecture
successfully?
Thanks in advance for your help!
*Daryn Johnson*
*Senior VoIP Engineer*
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On Thu, Jun 30, 2016 at 05:15:19PM +0200, Giacomo Vacca wrote:
Remember though that the Load Balancer will be your Single Point Of Failure. If the Load Balancer dies, for any reason, the service is not available.
...
Depending on the capabilities of the clients you may consider removing the Load Balancer from the equation and perform DNS-based load balancing across your Proxy/Registrar/PSTN Gw instances. You'd be removing a SPOF, use one fewer machine, and simplify the architecture. This is not always possible to achieve though, because it delegates load balancing and fail over to the clients.
Clients are to stupid to do this, you have to target the lowest common denominator which only connect to a single ip. The loadbalancer is one of the most simple possible config of kamailio possible (dispatcher and path).
So if you worry (rightly so) about a single point of failure in the loadbalancer setup, make that one redundant by using a failover mechanisme (heartbeat/keepalive/whatever). And having multiple instances of this setup to use DNS based loadbalancing or simple primary/secondary endpoints for the clients to connect to make any kind of failover mechanisme for any type of client possible. The resources needed for a loadbalancer are the least of all machines needed.
Daryn,
That response was more general, not necessarily directed at you!
DNS-based load balancing has always been problematic for clients. They tend to not properly balance across SRV records, or failover to secondary A records.
However, I think the best solution would be something like what Daniel mentioned - to have multiple (maybe 2-4 but the number really depends on your availability and scalability requirements) Kamailio instances at the edge, each with a corresponding standby ready to take over that IP in a failover scenario.
Combine that setup with rotating the A and SRV records in your DNS server (most DNS servers support automatically rotating the records in a response), and you should be able to support all kinds of clients.
Best, Colin
On Thu, Jun 30, 2016 at 11:49 AM Daniel Tryba d.tryba@pocos.nl wrote:
On Thu, Jun 30, 2016 at 05:15:19PM +0200, Giacomo Vacca wrote:
Remember though that the Load Balancer will be your Single Point Of Failure. If the Load Balancer dies, for any reason, the service is not available.
...
Depending on the capabilities of the clients you may consider removing
the
Load Balancer from the equation and perform DNS-based load balancing
across
your Proxy/Registrar/PSTN Gw instances. You'd be removing a SPOF, use one fewer machine, and simplify the architecture. This is not always possible to achieve though, because it delegates load balancing and fail over to
the
clients.
Clients are to stupid to do this, you have to target the lowest common denominator which only connect to a single ip. The loadbalancer is one of the most simple possible config of kamailio possible (dispatcher and path).
So if you worry (rightly so) about a single point of failure in the loadbalancer setup, make that one redundant by using a failover mechanisme (heartbeat/keepalive/whatever). And having multiple instances of this setup to use DNS based loadbalancing or simple primary/secondary endpoints for the clients to connect to make any kind of failover mechanisme for any type of client possible. The resources needed for a loadbalancer are the least of all machines needed.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On Thu, Jun 30, 2016 at 03:56:00PM +0000, Colin Morelli wrote:
However, I think the best solution would be something like what Daniel mentioned - to have multiple (maybe 2-4 but the number really depends on your availability and scalability requirements) Kamailio instances at the edge, each with a corresponding standby ready to take over that IP in a failover scenario.
Added benifit is the ability to upgrade/update the standby machine and simply failover to verify/test with a simple rollback mechanism.
Combine that setup with rotating the A and SRV records in your DNS server (most DNS servers support automatically rotating the records in a response), and you should be able to support all kinds of clients.
Roundrobin DNS A, SRV and NAPTR for sip.example.com. With records for sip0/sip1.example.com and as last the bare ip addresses. And you can make any redundant setup that any client supports.
The trick (IMHO) is to use the Path modules in the loadbalancer/proxy and registrar server. Add the Path headers (with received paramaters) on the loadbalancer/proxy and make sure the registrar module uses these headers. Use dispatcher with callid hasing to loadbalance to the backends. For the same secret for authentication over de backends (modparam("auth", "secret", "sharedsecret")).
-
Colin Morelli -
Daniel Tryba -
Daryn Johnson -
Giacomo Vacca