[sr-dev] Server trying outgoing TCP (TLS) connection, gets blocked

Klaus Darilion klaus.mailinglists at pernau.at
Tue Jun 23 09:46:15 CEST 2009 


Ivan Genov schrieb:
> We are using openser-1.3.0-tls. I assume what we can do there is to
> decrease the tcp connect timeout 

You should configure both: tcp_send_timeout and tcp_connect_timeout. 
Because openser first tries to send using the existing connection, after 
send_timeout it detects that the TCP connection has gone (e.g. NAT 
timeout) and it tries to open a new connection until connect_timeout 
triggers.

> or get into the code and
> short-circuit the server to not try outgoing tcp connections.

I tried it once but it was actually not that easy - there are lots of 
places in openser which trigger sending message. Maybe you can backport 
the feature from ser.

regards
klaus

> 
> ----- Original Message ---- From: Andrei Pelinescu-Onciul
> <andrei at iptel.org> To: Ivan Genov <ivangg_q at yahoo.com> Cc:
> sr-dev at lists.sip-router.org Sent: Monday, June 22, 2009 2:13:50 PM 
> Subject: Re: [sr-dev] Server trying outgoing TCP (TLS) connection,
> gets blocked
> 
> On Jun 22, 2009 at 12:37, Ivan Genov <ivangg_q at yahoo.com> wrote:
>> Hi,
>> 
> [...]
> 
>> There are cases though, when we can see in the server logs that
>> there are no logs for more than 3 minutes and we can see that two
>> server processes have been trying outgoing connection to the old
>> client's IP:port for more than 3 minutes and we can see how both
>> processes report unsuccessfull tcp blocking connect to the client
>> after the logs resume after?more than 3 minutes have elapsed.
>> During such cases?the server simply doesn't respond to client's
>> attempts to REGISTER and is in effect blocked.
>> 
>> We have no clue as to why the server is blocked for more than 3
>> minutes since the tcp connect timeout seems to be just 10 seconds.
>> 
>> What we think is best is if we can?configure the server to not try
>> outgoing TCP connections to clients (when TCP conenction doesn't
>> exist)? Is there a configration setting for that? If there is no
>> configuration for that, what is the best place in code to make this
>> change in the code? If this is not easy or not recommended,?can we
>> set the server's timeout for outgoing TCP connection to something
>> smaller, for example 1-2 seconds, or even 0 seconds? We feel in our
>> setup?it will be better if?the server does not try to connect at
>> all, becasue anyway the connection attempt?will fail.
>> 
>> 
>> Any information will be appreciated.
> 
> It depends on what are you using: pre-sip-router kamailio,
> pre-sip-router ser or the latest sip-router code.
> 
> If you are using sip-router or a recent ser (e.g 2.1), then the tcp
> code does not block (you can make it block if you want though).
> However this is not yet true for tls (the tls code is not yet
> async.). For the same "versions" (ser 2.1 or sip-router) you can stop
> outgoing connects by setting tcp_no_connect to yes. You can do this
> any time, even even if sip-router is already started (in this case
> using sercmd cfg.set_now_int tcp no_connect 1).
> 
> If you are using kamailio then you can wait for the next official 
> version (based on sip-router) or you could try upgrading to
> sip-router now (but note that right now there is only a devel version
> which might still have some problems). However even for current
> kamailio the connect should never block more then tcp_connect_timeout
> (in your case 10s). There is a small bug that could make this timeout
> smaller, but never greater. You could also try making
> tcp_connect_timeout 0 or 1 and see if you ever get those 3 min.
> delays (they might be caused by something else).
> 
> 
> Andrei
> 
> 
> 
> 
> 
> _______________________________________________ sr-dev mailing list 
> sr-dev at lists.sip-router.org 
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

More information about the sr-dev mailing list