Hi All,
I'm trying to setup a redundant environment with DNS SRV records, 2 (or more) SIP registration servers, and Asterisk gateways. Basically I've setup both OpenSER clients to t_replicate each other the registration message if its coming from a client, and save it to the database or to memory when its coming from the other OpenSER server.
However, every once in a while, I get message to big, and or duplicate messages (WARNING: warning skipped -- too big, or ERROR: warning_builder: buffer size exceeded, submit_query: Duplicate entry ,db_insert: Error while submitting query...)
While it seems to work in general, I was not sure that this is the "right" way to do it.
I'm attaching my openser.cfg of one of the machines; the other is more or less identical... Thanks
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) listen=172.28.132.20 rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/openser_fifo" alias="mydomain.com"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/lcr.so" loadmodule "/usr/local/lib/openser/modules/xlog.so"
# ----------------- setting module-specific parameters ---------------
modparam("usrloc", "db_mode", 2) modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope nserrw@voip-db.mydomain.com/openser") modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { route(1); };
# Handle Request logic here if (uri==myself) { if (method=="REGISTER") { route(2); exit; } lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); };
if (!load_gws()) { sl_send_reply("500", "Server Internal Error - Cannot load gateways"); exit; }; if (!next_gw()) { sl_send_reply("503", "Service not available, no gateways found"); log (1,"No more gateways"); } else { log (1,"Found a gateway"); } if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }
route[2] { #handle all Registration here.... if (search("^(Contact|m): .*@(voip.mydomain.com)")){ log(1, "ALERT: someone trying to set aor==server address\n"); sl_send_reply("476", "Server address in contacts is not allowed" ); exit; };
# challenge/response #if a registration request is coming from another ser server, it means that's it's already authenticated the user and wrote #an entry in the database, so lets just write it into our memory. if (src_ip==172.28.132.21) { save_memory("location"); log(1, "Registered replicated user from Proxy"); exit; }; # this is a new request, lets check that the user is valid. if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); log(1, "Authentication challenge issued. Waiting for reply.\n"); exit; };
# Authentication successful, add entry to our Contact database log(1, "Authentication challenge reply ok.\n"); if (!save("location")) { sl_reply_error(); log(1, "ALERT: Unable to save URI to location database.\n"); } else { # and replicate the request to the backup server if (!src_ip==172.28.132.21) { log(1, "REPLICATE: Replicating register request\n"); t_replicate("sip:172.28.132.21:5060"); };
}; }
Are both proxies using the same remote database??? modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:openserrw@voip-db.mydomain.com/openser") If this is the case, when a user agent registers again and makes a SRV DNS query, it might get the address of the other server, which tries to add to the database a record which will be understood as a duplicate by the DB because there's already an entry for that user.
The other issues about the Warning and message size has nothing to do with DNS "behaviour". It means that the server tries to add a Warning header, which includes information useful for debugging purpouses, but when openSER checks the size of the message, it realises that the message will become bigger than (MTU-200) and therefore it does not add the header because it will might to fragmentation problems in UDP. You can ignore this problem or disable the adition of this warning header if you are not using it.
Hope it helps.
Samuel.
2006/7/26, Ohad.Levy@infineon.com Ohad.Levy@infineon.com:
Hi All,
I'm trying to setup a redundant environment with DNS SRV records, 2 (or more) SIP registration servers, and Asterisk gateways. Basically I've setup both OpenSER clients to t_replicate each other the registration message if its coming from a client, and save it to the database or to memory when its coming from the other OpenSER server.
However, every once in a while, I get message to big, and or duplicate messages (WARNING: warning skipped -- too big, or ERROR: warning_builder: buffer size exceeded, submit_query: Duplicate entry ,db_insert: Error while submitting query...)
While it seems to work in general, I was not sure that this is the "right" way to do it.
I'm attaching my openser.cfg of one of the machines; the other is more or less identical... Thanks
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) listen=172.28.132.20 rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/openser_fifo" alias="mydomain.com"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/lcr.so" loadmodule "/usr/local/lib/openser/modules/xlog.so"
# ----------------- setting module-specific parameters ---------------
modparam("usrloc", "db_mode", 2) modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope nserrw@voip-db.mydomain.com/openser") modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { route(1); }; # Handle Request logic here if (uri==myself) { if (method=="REGISTER") { route(2); exit; } lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; if (!load_gws()) { sl_send_reply("500", "Server Internal Error -Cannot load gateways"); exit; }; if (!next_gw()) { sl_send_reply("503", "Service not available, no gateways found"); log (1,"No more gateways"); } else { log (1,"Found a gateway"); } if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }
route[2] { #handle all Registration here.... if (search("^(Contact|m): .*@(voip.mydomain.com)")){ log(1, "ALERT: someone trying to set aor==server address\n"); sl_send_reply("476", "Server address in contacts is not allowed" ); exit; };
# challenge/response #if a registration request is coming from another ser server, itmeans that's it's already authenticated the user and wrote #an entry in the database, so lets just write it into our memory. if (src_ip==172.28.132.21) { save_memory("location"); log(1, "Registered replicated user from Proxy"); exit; }; # this is a new request, lets check that the user is valid. if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); log(1, "Authentication challenge issued. Waiting for reply.\n"); exit; };
# Authentication successful, add entry to our Contact database log(1, "Authentication challenge reply ok.\n"); if (!save("location")) { sl_reply_error(); log(1, "ALERT: Unable to save URI tolocation database.\n"); } else { # and replicate the request to the backup server if (!src_ip==172.28.132.21) { log(1, "REPLICATE: Replicating register request\n");
t_replicate("sip:172.28.132.21:5060"); };
};}
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi,
Thanks for your reply!
-----Original Message----- From: samuel [mailto:samu60@gmail.com] Sent: Thursday, July 27, 2006 9:39 AM To: Levy Ohad (IFKL IT OS TI CS) Cc: users@openser.org Subject: Re: [Users] am I doing it right?
Are both proxies using the same remote database???
modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope ns
errw@voip-db.mydomain.com/openser") If this is the case, when a user agent registers again and makes a SRV DNS query, it might get the address of the other server, which tries to add to the database a record which will be understood as a duplicate by the DB because there's already an entry for that user.
Ok this brings up two questions... first is this the "right" way to do it, do you see a better way to implement a single database for registrations? Secondly, doesn't the client knows which server he is registered to and keep on using the server?
The other issues about the Warning and message size has nothing to do with DNS "behaviour". It means that the server tries to add a Warning header, which includes information useful for debugging purpouses, but when openSER checks the size of the message, it realises that the message will become bigger than (MTU-200) and therefore it does not add the header because it will might to fragmentation problems in UDP. You can ignore this problem or disable the adition of this warning header if you are not using it.
Ok, does this apply for the warning_builder: buffer size exceeded message?
Hope it helps.
Yes it does :)
Thanks
Samuel.
2006/7/26, Ohad.Levy@infineon.com Ohad.Levy@infineon.com:
Hi All,
I'm trying to setup a redundant environment with DNS SRV records, 2
(or
more) SIP registration servers, and Asterisk gateways. Basically I've setup both OpenSER clients to t_replicate each other
the
registration message if its coming from a client, and save it to the database or to memory when its coming from the other OpenSER server.
However, every once in a while, I get message to big, and or
duplicate
messages (WARNING: warning skipped -- too big, or ERROR: warning_builder: buffer size exceeded, submit_query: Duplicate entry ,db_insert: Error while submitting query...)
While it seems to work in general, I was not sure that this is the "right" way to do it.
I'm attaching my openser.cfg of one of the machines; the other is
more
or less identical... Thanks
# ----------- global configuration parameters
------------------------
debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) listen=172.28.132.20 rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/openser_fifo" alias="mydomain.com"
# ------------------ module loading
----------------------------------
loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/lcr.so" loadmodule "/usr/local/lib/openser/modules/xlog.so"
# ----------------- setting module-specific parameters
---------------
modparam("usrloc", "db_mode", 2)
modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope
nserrw@voip-db.mydomain.com/openser") modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
-------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { route(1); }; # Handle Request logic here if (uri==myself) { if (method=="REGISTER") { route(2); exit; } lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; if (!load_gws()) { sl_send_reply("500", "Server Internal Error
-
Cannot load gateways"); exit; }; if (!next_gw()) { sl_send_reply("503", "Service not available,
no
gateways found"); log (1,"No more gateways"); } else { log (1,"Found a gateway"); } if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); }
route[1] { # send it out now; use stateful forwarding as it works
reliably
# even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit;}
route[2] { #handle all Registration here.... if (search("^(Contact|m): .*@(voip.mydomain.com)")){ log(1, "ALERT: someone trying to set aor==server address\n"); sl_send_reply("476", "Server address
in
contacts is not allowed" ); exit; };
# challenge/response #if a registration request is coming from another ser
server, it
means that's it's already authenticated the user and wrote #an entry in the database, so lets just write it into our memory. if (src_ip==172.28.132.21) { save_memory("location"); log(1, "Registered replicated user
from
Proxy"); exit; }; # this is a new request, lets check that the user is valid. if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); log(1, "Authentication challenge
issued.
Waiting for reply.\n"); exit; };
# Authentication successful, add entry to our Contact
database
log(1, "Authentication challenge reply
ok.\n");
if (!save("location")) { sl_reply_error(); log(1, "ALERT: Unable to save URI tolocation database.\n"); } else { # and replicate the request to the backup server if (!src_ip==172.28.132.21) { log(1, "REPLICATE: Replicating register request\n");
t_replicate("sip:172.28.132.21:5060"); };
};}
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
inline... 2006/7/27, Ohad.Levy@infineon.com Ohad.Levy@infineon.com:
Hi,
Thanks for your reply!
-----Original Message----- From: samuel [mailto:samu60@gmail.com] Sent: Thursday, July 27, 2006 9:39 AM To: Levy Ohad (IFKL IT OS TI CS) Cc: users@openser.org Subject: Re: [Users] am I doing it right?
Are both proxies using the same remote database???
modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope ns
errw@voip-db.mydomain.com/openser") If this is the case, when a user agent registers again and makes a SRV DNS query, it might get the address of the other server, which tries to add to the database a record which will be understood as a duplicate by the DB because there's already an entry for that user.
Ok this brings up two questions... first is this the "right" way to do it, do you see a better way to implement a single database for registrations? Secondly, doesn't the client knows which server he is registered to and keep on using the server?
I recommend you to dig into the historic archives of the mailing list for redundancy and fail over scenarios...it's a really complex topic which I don't know enough to write it here.
The other issues about the Warning and message size has nothing to do with DNS "behaviour". It means that the server tries to add a Warning header, which includes information useful for debugging purpouses, but when openSER checks the size of the message, it realises that the message will become bigger than (MTU-200) and therefore it does not add the header because it will might to fragmentation problems in UDP. You can ignore this problem or disable the adition of this warning header if you are not using it.
Ok, does this apply for the warning_builder: buffer size exceeded message?
Yes
Hope it helps.
Yes it does :)
Thanks
Samuel.
2006/7/26, Ohad.Levy@infineon.com Ohad.Levy@infineon.com:
Hi All,
I'm trying to setup a redundant environment with DNS SRV records, 2
(or
more) SIP registration servers, and Asterisk gateways. Basically I've setup both OpenSER clients to t_replicate each other
the
registration message if its coming from a client, and save it to the database or to memory when its coming from the other OpenSER server.
However, every once in a while, I get message to big, and or
duplicate
messages (WARNING: warning skipped -- too big, or ERROR: warning_builder: buffer size exceeded, submit_query: Duplicate entry ,db_insert: Error while submitting query...)
While it seems to work in general, I was not sure that this is the "right" way to do it.
I'm attaching my openser.cfg of one of the machines; the other is
more
or less identical... Thanks
# ----------- global configuration parameters
debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) listen=172.28.132.20 rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/openser_fifo" alias="mydomain.com"
# ------------------ module loading
loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/lcr.so" loadmodule "/usr/local/lib/openser/modules/xlog.so"
# ----------------- setting module-specific parameters
modparam("usrloc", "db_mode", 2)
modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope
nserrw@voip-db.mydomain.com/openser") modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { route(1); }; # Handle Request logic here if (uri==myself) { if (method=="REGISTER") { route(2); exit; } lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; if (!load_gws()) { sl_send_reply("500", "Server Internal Error
Cannot load gateways"); exit; }; if (!next_gw()) { sl_send_reply("503", "Service not available,
no
gateways found"); log (1,"No more gateways"); } else { log (1,"Found a gateway"); } if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); }
route[1] { # send it out now; use stateful forwarding as it works
reliably
# even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit;}
route[2] { #handle all Registration here.... if (search("^(Contact|m): .*@(voip.mydomain.com)")){ log(1, "ALERT: someone trying to set aor==server address\n"); sl_send_reply("476", "Server address
in
contacts is not allowed" ); exit; };
# challenge/response #if a registration request is coming from another serserver, it
means that's it's already authenticated the user and wrote #an entry in the database, so lets just write it into our memory. if (src_ip==172.28.132.21) { save_memory("location"); log(1, "Registered replicated user
from
Proxy"); exit; }; # this is a new request, lets check that the user is valid. if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); log(1, "Authentication challenge
issued.
Waiting for reply.\n"); exit; };
# Authentication successful, add entry to our Contactdatabase
log(1, "Authentication challenge replyok.\n");
if (!save("location")) { sl_reply_error(); log(1, "ALERT: Unable to save URI tolocation database.\n"); } else { # and replicate the request to the backup server if (!src_ip==172.28.132.21) { log(1, "REPLICATE: Replicating register request\n");
t_replicate("sip:172.28.132.21:5060"); };
};}
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi,
I still have some questions about this point - if it's ok to reactive this topic....
Are both proxies using the same remote database???
modparam("usrloc|lcr|auth_db|avpops|group","db_url","mysql://openser:ope
ns
errw@voip-db.mydomain.com/openser") If this is the case, when a user agent registers again and makes a
SRV
DNS query, it might get the address of the other server, which
tries
to add to the database a record which will be understood as a duplicate by the DB because there's already an entry for that
user.
But why would the second proxy rewrite it to the db - the record already exists in its memory?!
Is it a bad thing if you get this duplicate error message? Do you see any reason to not to have one location table between the servers?
I recommend you to dig into the historic archives of the mailing list for redundancy and fail over scenarios...it's a really complex topic which I don't know enough to write it here.
I did so, but I can't find any conclusion - its obvious that in SER (not OpenSER) the option to save to only memory is not available and that you have to have different location database for each ser, but I would like to avoid having multiple location tables - is that wrong?
Thanks, Ohad
-
Ohad.Levy@infineon.com -
samuel