[Serusers] Commercial loadbalancer, NATed clients and src port problems
George Perantinos
gper at forthnet.gr
Mon Oct 24 13:41:38 CEST 2005
Hello list.
My setup consists of two SER servers behind an F5 Big-IP for load balancing.
The servers are "pooled" behind a virtual server (i.e. they present a common
IP address to the rest of the world) created at the Big-IP and I'm using
call-id persistence.
My ser.cfgs are slightly modified mediaproxy examples from onsip.org.
Each SER replicates to the other REGISTER messages, so that both servers are
the same.
So far so good.
Suppose that NATed UAC1 is registered at SER1 (SER1 is sending the 4 byte udp
packet every 60sec in order to keep its NAT binding open) and UAC2 sends him
an INVITE:
1) If the INVITE gets served by SER1 everything is OK.
2) If the INVITE gets served by SER2 then:
a) SER2 sends the message from port 5060,
b) but the packet arrives at UAC1 with source port 5061 (or 5062 or
whatever).
This means that for some reason the Big-IP changes the source port it receives
from SER2 to something other and, of course, the packet does not pass UAC1's
NAT binding.
So, the conclusion is that a UAC is only reachable through the SER that keeps
it's NAT binding open. In order to solve this problem (and until SER can
support path headers) I employed the method and the patch discussed at
http://lists.iptel.org/pipermail/serdev/2005-September/005814.html (thanx for
the patch Evan).
I have to admit that this system was my first experience with a Big-IP, so I'm
wondering:
Am I doing something wrong at the Big-IP?
Or is this Big-IP behavior (altering source ports received from internal
servers) typical to every (even commercial) load balancer?
Has anyone ever had success with any load balancer, multiple SERs and NATed
clients, especially F5s?
Regards,
George
More information about the sr-users
mailing list