[Serusers] NAT with multiple SERs

Andreas Granig andreas.granig at inode.info
Tue May 3 10:25:08 CEST 2005


Juha Heinanen wrote:
> in summary: a load balancing solution that at the same time is redundant
> is not possible using the participating sers alone.  some intelligent
> front end help is needed and i'm not convinced yet that even that could
> be done.

What about this (maybe a special case):

I was just thinking about STUN, and AFAIK this relies on a NAT device 
not matching the source IP of a datagram, so the client opens a NAT 
binding to an STUN server to determine an external IP/port pair which is 
filled in the Contact header. The Proxy then can also send SIP requests 
to this external IP/port which is forwarded to the client by the NAT 
device. Is this basically correct?

If so, it theoretically should work with transparent NAT handling on two 
SERs too, if both SERs know the external IP/port of UAC-1.

I also think I know now why it didn't work for me: SER-1 got the request 
from UAC-1 and stored the contact IP and the received IP in the location 
table. SER-2 got the replicated register but stored SER-1's IP as 
received IP:

On SER-1 (2.2.2.2 is the external IP of UAC-1, 3.3.3.3 is the IP of SER-1):

mysql root at ser> select * from location where username='018904449'\G
*************************** 1. row ***************************
      username: 018904449
        domain:
       contact: sip:018904449 at 192.168.34.187:50600
      received: sip:2.2.2.2:50600
       expires: 2005-05-03 10:19:17
             q: -1.00
        callid: 1338383826 at 192.168.34.187
          cseq: 2
last_modified: 20050503101557
     replicate: NULL
         state: NULL
         flags: 1
    user_agent: Linphone-1.0.1/eXosip
1 row in set (0.00 sec)

And on SER-2:
mysql root at ser> select * from location where username='018904449'\G
*************************** 1. row ***************************
      username: 018904449
        domain:
       contact: sip:018904449 at 192.168.34.187:50600
      received: sip:3.3.3.3:46236;transport=TCP
       expires: 2005-05-03 10:19:15
             q: -1.00
        callid: 1338383826 at 192.168.34.187
          cseq: 2
last_modified: 20050503101555
     replicate: NULL
         state: NULL
         flags: 1
    user_agent: Linphone-1.0.1/eXosip
1 row in set (0.00 sec)


My config basically looks like this (NAT-flag is "2"):

   if (method=="REGISTER")
   {
     if(is not from Peer-SER-IP)
     {
       if(!search("^Contact: \*") && client_nat_test("7"))
       {
         setflag(2);
         fix_nated_register();
         force_rport();
         append_hf("Natted: yes\r\n");
       }

       if(!www_authorize("<auth domain>", "subscriber"))
       {
         www_challenge("<auth domain>", "0");
         break;
       }
       if(!check_to())
       {
         sl_send_reply("403", "Use To=id next time");
         break;
       }

       consume_credentials();

       if(!save("location"))
       {
         sl_reply_error();
         break;
       }

       forward_tcp("<Peer-SER-IP>", 5060);
     }
     else
     {
       if(is_present_hf("Natted"))
       {
         setflag(2);
         fix_nated_register();
         force_rport();
       }
       save_noreply("location");
     }
     break;
   }


I'll investigate the problem and report back here. Or do I miss 
something important?

Andy




More information about the sr-users mailing list