[Serusers] Question on gateway routing through UA proxy
John Todd
jtodd at loligo.com
Wed Jan 22 07:45:22 CET 2003
At 9:30 PM +0100 1/21/03, Jiri Kuthan wrote:
>At 07:08 PM 1/20/2003, John Todd wrote:
>>Yes, I understand that mapping a single end device works; I had
>>that working in a few seconds, and I understand that process.
>>However, my goal is not to have a single device that is mapped to a
>>single service. I'd like to have ser make intelligent decisions on
>>call routing, using the iconnecthere.com account gateway as one of
>>a number of different destinations for calls to land from any of
>>the six devices in my house. (with "my house" being a demo for a
>>small office environment)
>
>bear with me -- I'm not sure yet I understood. Why do you need a
>b2bua for that?
>You can have six homes at your home, all of them with iconnect credentials
>configured in them, and SER can make routing decision in proxy mode. It can
>tell Argentina destinations go to iconnect, US to vonage, and all extensions
>beginning with 4 are for one of my six home phones. What is missing?
Well, it can redirect appropriately, but it cannot do quite what you
say above. If I use your method below, and configure all my ATA-186
systems with the same username/password as I have at iconnect, then
calls being routed to vonage (or other username/password protected
path) will not work.
Plus, if I configure all my ATA-186 phones with the same
username/password as I have with iconnect, then inbound calls won't
work since every phone will be registering with my local ser process
with the same credentials.
I may not need a B2BUA to perform this duty, but I am used to the
application proxy world (squid) which leads me to think that I'd need
to have some intermediate "funnel" which accepts inbound calls from
anything on my "local" network and redirects to a single destination
on the other side in a blocking (single-call) or non-blocking fashion.
>[...]
>
>>I think there is a minor misunderstanding, which is probably due to
>>my poor explanation.
>>
>>Understood that ser is not a B2BUA. My goal is to re-write the
>>calls to a B2BUA that is statically mapped to the iconnecthere.com
>>service as a "portal" to my account there. (that is, of course, if
>>I even need a B2BUA.)
>>
>>Theoretical outbound call process:
>>
>>Start
>>1) Handset picked up in my house on one of the ATA-186 units.
>>2) User dials 1-650-555-1212
>>3) Call is referred to ser process running on system in my house
>>4) Ser examines call like this:
>> a) Is the call bound for an extension elsewhere in the house?
>> If yes, re-route call to that extension. Break.
>> If no, proceed.
>> a) Is the call bound for a 1-503-xxx-xxxx number?
>> If yes, then send to local 2610 gateway into the 503 area
>>code. Break.
>> If no, proceed.
>> b) Is the call bound for a 1-301-xxx-xxxx or 1-410-xxx-xxxx number?
>> If yes, then send to a Cisco 3640 with PRI interface located
>>in Maryland, local to those area codes. Break.
>> If no, proceed.
>> d) Send call to iconnecthere.com, using my "username" and
>>"password" credentials for the single account I have at their
>>service. Break.
>>End
>
>
>That's doable with ser in proxy mode as long as all the phones
>have iconnect configured credentials in them.
See above; this might work for a single phone, but not for many UAs
trying to "share" the same account at iconnect, or for multiple
possible destinations outbound from ser's perspective that have
username/password requirements that I cannot force to "mirror" my
credentials at iconnect.
> >To use IP terminology, the iconnecthere.com account would be my
>"default route" when no other specific route is known.
>>
>>My problem is part "d", where I am uncertain how to refer a call
>>out to a service that is expecting a UA, with a different username
>>and password than what I have on my local ATA-186. ser has the
>>ability to alter the username and password on a pass-through, but
>>is that what I'm looking for? I can't wrap my head around that
>>concept when working with a system that expects a UA. Do I send
>>the call to a B2BUA after step 5? Is there some way of re-writing
>>the credentials within ser?
>
>Several solutions come into my mind, to be able to deal with
>two accounts -- iconnect and your local one.
>
>The first one I am actually using is I maintain multiple accounts in
>phones -- Cisco 7960 and snom. I think I saw support for two user
>accounts in ATAs but do not have one with me to verify it.
The ATA-186 supports multiple accounts, but each account is tied to
one of the two phone lines on the back of the unit; they cannot be
"swapped" or chosen at will. One account, one line. If someone
knows any differently, I'd appreciate a URL pointer on the
instructions, since I've gone over the Cisco documentation fairly
exhaustively at this point, though I could be missing the obvious.
>Another option is to make your local username/password same as
>that which you have with iconnect.
>
>One could have, as you propose, an identity rewriting element but
>that would take a development effort. It should not be actually
>difficult, but all our folks are currently busy with implementing
>other, more frequently asked features.
<Important_Part>
Understood. I seem to have a habit of making my "simple" demos
things that require development. Oh well. If you or any of the
other developers see an extension in the future, here are some of my
wish list items:
- ability to re-write a user's (source) credentials as a function call
- ability to call an external program (probably perl) to set those
two variables
</Important_Part>
I'm had initially hoped that the rewriteuserpass routine
(http://www.iptel.org/ser/doc/seruser.html#BUILTINREF) already did
that, but upon looking at the docs it only re-writes parts of the
destination URI. Watch out for naming confusion if you ever write
the modules as I describe above. :-)
This gets me back to having this done via a B2BUA, where one UA is
talking to the remote server as an authenticated user (in my case, to
Deltathree's iconnecthere.com service) and one side of the UA is
talking to ser as a "known" destination.
Let me think out loud here a bit:
-1) B2BUA is started, with one side ("outside") registering with
iconnecthere.com and one side "waiting" for calls ("inside") The
registration process is only a formality; one could launch the B2BUA
from within ser the moment before a session is forwarded to it,
unless you wanted to receive calls.
1) ATA-186 caller picks up phone, dials 16505551212
2) ATA-186 sends call to ser
3) ser determines (via whatever mechanism) that the call is bound for
the iconnecthere.com account gateway
4) ser re-writes the destination (via the rewriteuri/rewriteuserpass
routine(s)?) and directs the call to the "inside" UA of the B2BUA pair
5) the "inside" UA sees the request, and tries to create a connection
to iconnecthere.com with the call details (destination number)
6) the call progress is relayed through the B2BUA back to the ATA-186
7) if the call is successful, the B2BUA can drop out of the loop and
the RTP session can be established between the iconnecthere.com
gateway and the ATA-186 UA
The more I look at this, the more I see a B2BUA as a kludge, and the
proxy should be doing this work. I'm used to squid and related
application proxies, which allow re-writes of the source AND
destination, with the proxy as a middleman (though of course "source"
re-writing is a little more simple with squid than with SIP, due to
architectural reasons.)
***
On a slightly different track but related to my quest: how does SER
(or any proxy) handle the collection of inbound calls from external
agents that are expecting a UA? As an example, let's say I have an
account with iconnecthere.com, vonage.com, and I am a member of
INOCS-DBA (which is a VOIP-only SIP network.) All three of those
services expect me to sign in with a UA, and they all provide me with
a username and password for my UA. None of them are willing or able
to send calls to me as anything other than a registered UA. However,
I don't want three phones on my desk, or three UAs running on my
desktop, or whatever. I want one phone on my desk, and all the
inbound calls from all three providers directed towards my single
phone. That phone is connected to an ATA-186. I run ser in order to
gateway my outbound calls. How do I handle those three inbound
services with ser or some combination of other programs? (PS: this
is not a theoretical example; I have all three services at the
moment, and I am very unhappy with the three ATA-186 devices and
phones on my desk.) This sounds like the ugly job of a B2BUA. Back
to my other question of "are there any B2BUA programs that aren't
Vocal and are Open Source"?
***
> >Yes, I'd seen this in the Cisco documentation, but as I mention in
>the question I'm looking for how to manage NAT addressed UA's where
>the external IP address changes on a very regular basis. The link
>above only seems to discuss how one can configure an ATA-186 to
>"hold" an external address by sending periodic packets through the
>translation; this doesn't touch on how one would get a system to
>work correctly after initial activation without manual intervention.
>
>Is the server with which you are registering on the public side of NAT
>or on yours?
On the public side of the NAT. My goal is to extend my "home" phones
to various offices for demos of ser, which will almost assuredly be
in an NAT environment.
> >The "via" header (and related rport extension) seems like the
>solution to this problem, but does ser do the "right thing" with
>those data? That is discussed a bit lower in the document under the
>heading "Receiver-tagged VIA header ". I could find no reference to
>it in the documentation for ser, and a brief test with NAT addressed
>devices did not display successful results when the appropriate bit
>flag was set in the ATA-186. By examining the source code, I do
>find that some features of the "received=" header are implemented in
>ser, but I am unsure of their exact use and I find no mention in the
>source of "rport" which has been discussed in other threads as a key
>to NAT RTP session mapping.
>
>We currently support "received" and do not support "rport".
>"rport" has been introduced with a Maxim's patch, which will in
>some form make it to the next release.
It also seems that stund (http://www.vovida.org/downloads/stun/)
would help me, but I am in the oft-unloved (but IMHO more secure)
*BSD world, which precludes compiling the Vovida stund package due to
various errors which I am untrained to correct.
To your understanding (if/when Maxim's patch is sync'ed into the
source) will that remove the requirement for a stund translation
server?
I appreciate your time and answers.
JT
More information about the sr-users
mailing list