[Users] OpenSER as load balancer for several Asterisk servers
Stefano Capitanio
s.capitanio at caspur.it
Tue Dec 19 17:00:35 CET 2006
Hi,
is it correct that in the second Via Header of the message from Asterisk
to OpenSER there is the address of the Client?
there should be the address of Asterisk no?
maybe this make OpenSER think that the message is coming from a NAT...
i'm not sure, maybe i'm wrong...
try to set:
modparam("nathelper", "rtpproxy_disable", 1)
regards,
Stefano
Edoardo Serra ha scritto:
> At 13.51 19/12/2006, Klaus Darilion wrote:
>> You said that the 200 contains openser's IP in the SDP? Is it put in
>> there by openser or already by Asterisk?
>
> Tnx very much for help
>
> It's put in there by OpenSER.
>
> I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and 1
> from openser to client)
>
> AAA.AAA.AAA.AAA stands for IP of Asterisk
> OOO.OOO.OOO.OOO stands for IP of OpenSER
> CCC.CCC.CCC.CCC stands for IP of client
> 3333333333 is the called number
>
>
> No. Time Source Destination
> Protocol Info
> 20 12.646925 AAA.AAA.AAA.AAA OOO.OOO.OOO.OOO SIP/SDP
> Status: 200 OK, with session description
>
> Session Initiation Protocol
> Status-Line: SIP/2.0 200 OK
> Message Header
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO
> Via: SIP/2.0/UDP
> CCC.CCC.CCC.CCC:8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952
>
> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
> From: "test"<sip:test at OOO.OOO.OOO.OOO>;tag=9043ec70
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as30a7528b
> Call-ID:
> 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
> CSeq: 3 INVITE
> User-Agent: Asterisk
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>
> Content-Type: application/sdp
> Content-Length: 291
> Message body
> Session Description Protocol
> Session Description Protocol Version (v): 0
> Owner/Creator, Session Id (o): root 20137 20138 IN IP4
> AAA.AAA.AAA.AAA
> Session Name (s): session
> Connection Information (c): IN IP4 AAA.AAA.AAA.AAA
> Time Description, active time (t): 0 0
> Media Description, name and address (m): audio 58508
> RTP/AVP 98 3 8 0 101
> Media Attribute (a): rtpmap:98 iLBC/8000
> Media Attribute (a): rtpmap:3 GSM/8000
> Media Attribute (a): rtpmap:8 PCMA/8000
> Media Attribute (a): rtpmap:0 PCMU/8000
> Media Attribute (a): rtpmap:101 telephone-event/8000
> Media Attribute (a): fmtp:101 0-16
> Media Attribute (a): silenceSupp:off - - - -
>
> No. Time Source Destination
> Protocol Info
> 21 12.647437 OOO.OOO.OOO.OOO CCC.CCC.CCC.CCC SIP/SDP
> Status: 200 OK, with session description
>
> Session Initiation Protocol
> Status-Line: SIP/2.0 200 OK
> Message Header
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952
>
> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
> From: "test"<sip:test at OOO.OOO.OOO.OOO>;tag=9043ec70
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as30a7528b
> Call-ID:
> 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
> CSeq: 3 INVITE
> User-Agent: Asterisk
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>
> Content-Type: application/sdp
> Content-Length: 291
> Message body
> Session Description Protocol
> Session Description Protocol Version (v): 0
> Owner/Creator, Session Id (o): root 20137 20138 IN IP4
> OOO.OOO.OOO.OOO
> Session Name (s): session
> Connection Information (c): IN IP4 OOO.OOO.OOO.OOO
> Time Description, active time (t): 0 0
> Media Description, name and address (m): audio 58508
> RTP/AVP 98 3 8 0 101
> Media Attribute (a): rtpmap:98 iLBC/8000
> Media Attribute (a): rtpmap:3 GSM/8000
> Media Attribute (a): rtpmap:8 PCMA/8000
> Media Attribute (a): rtpmap:0 PCMU/8000
> Media Attribute (a): rtpmap:101 telephone-event/8000
> Media Attribute (a): fmtp:101 0-16
> Media Attribute (a): silenceSupp:off - - - -
>
> Tnx very much for help again
>
> Regards
>
> Edoardo
>
>
>> regards
>> klaus
>>
>>
>> regards
>> klaus
>>
>> Edoardo Serra wrote:
>>> Hi guys,
>>> I'm having a problem with an OpenSER acting as registrar server
>>> and load balancer for many Asterisk servers.
>>> In a few words: "users are registering on openser and, when they
>>> want to make a call, OpenSER proxies the request to an Asterisk
>>> server with the dispatcher module"
>>> Here is the intended data flow (SIP goes through OpenSER and media
>>> goes directly to Asterisk)
>>> User <-- SIP --> OpenSER <-- SIP --> Asterisk
>>> User <-- RTP --> Asterisk
>>> Both, OpenSER and Asterisks have public IPs
>>> I already have a working setup of that and everything seems working
>>> correctly.
>>> I'm trying to replicate that setup on another site, same
>>> configurations of the boxes, same versions of OpenSER and Asterisk,
>>> etc... but I'm having monodirectional Audio.
>>> Having a look with tethereal I see that OpenSER, when the
>>> communication is answered, sends a SIP packet (200 OK) to the user
>>> indicating itself as media endpoint instead of the Asterisks.
>>> From that moment I see RTP packets flowing from the client to OpenSER
>>> This seems really strange to me because I just copied the same
>>> configurations file from a working setup to the new installation.
>>> Tnx in advance for help.
>>> Regards
>>> P.S.: Here is my openser.cfg
>>> ## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>>> ## simple quick-start config script
>>> #
>>> # ----------- global configuration parameters ------------------------
>>> #debug=3 # debug level (cmd line: -dddddddddd)
>>> fork=yes
>>> #log_stderror=no # (cmd line: -E)
>>> check_via=no # (cmd. line: -v)
>>> dns=no # (cmd. line: -r)
>>> rev_dns=no # (cmd. line: -R)
>>> #children=4
>>> #port=5060
>>> fifo="/tmp/ser_fifo"
>>> #uid=nobody
>>> #gid=nobody
>>> # ------------------ module loading ----------------------------------
>>> loadmodule "/usr/lib/openser/modules/sl.so"
>>> loadmodule "/usr/lib/openser/modules/tm.so"
>>> loadmodule "/usr/lib/openser/modules/rr.so"
>>> loadmodule "/usr/lib/openser/modules/maxfwd.so"
>>> loadmodule "/usr/lib/openser/modules/usrloc.so"
>>> loadmodule "/usr/lib/openser/modules/registrar.so"
>>> loadmodule "/usr/lib/openser/modules/nathelper.so"
>>> loadmodule "/usr/lib/openser/modules/textops.so"
>>> loadmodule "/usr/lib/openser/modules/exec.so"
>>> loadmodule "/usr/lib/openser/modules/uri.so"
>>> loadmodule "/usr/lib/openser/modules/uri_db.so"
>>> loadmodule "/usr/lib/openser/modules/dispatcher.so"
>>> # Uncomment this if you want digest authentication
>>> # mysql.so must be loaded !
>>> loadmodule "/usr/lib/openser/modules/mysql.so"
>>> loadmodule "/usr/lib/openser/modules/auth.so"
>>> loadmodule "/usr/lib/openser/modules/auth_db.so"
>>> modparam("usrloc", "db_mode", 2)
>>> modparam("usrloc", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser")
>>> modparam("usrloc", "timer_interval", 120)
>>> modparam("auth_db", "calculate_ha1", 0)
>>> modparam("auth_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/voip")
>>> modparam("uri_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser")
>>> modparam("rr", "enable_full_lr", 1)
>>> modparam("registrar", "nat_flag", 6)
>>> modparam("registrar", "max_expires", 3600)
>>> modparam("registrar", "min_expires", 60)
>>> modparam("registrar", "append_branches", 0)
>>> modparam("registrar", "desc_time_order", 1)
>>> modparam("nathelper", "natping_interval", 20) # Ping interval 20 s
>>> modparam("nathelper", "ping_nated_only", 1) # Ping only clients
>>> behind NAT
>>> modparam("dispatcher", "force_dst", 1)
>>> # ------------------------- request routing logic -------------------
>>> # main routing logic
>>> route{
>>> # initial sanity checks -- messages with
>>> # max_forwards==0, or excessively long requests
>>> if (!mf_process_maxfwd_header("10")) {
>>> sl_send_reply("483","Too Many Hops");
>>> exit;
>>> };
>>> if ( msg:len > max_len ) {
>>> sl_send_reply("513", "Message too big");
>>> exit;
>>> };
>>> if ( (method=="OPTIONS") || (method=="SUBSCRIBE") ||
>>> (method=="NOTIFY") ) {
>>> sl_send_reply("405", "Method Not Allowed");
>>> exit;
>>> }
>>> if (!method=="REGISTER") {
>>> record_route();
>>> };
>>> if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { # IP
>>> of Asterisks
>>> if (!lookup("location")) {
>>> sl_send_reply("404", "Not Found");
>>> exit;
>>> };
>>> # forward to current uri now; use stateful forwarding; that
>>> # works reliably even if we forward from TCP to UDP
>>> if (!t_relay()) {
>>> sl_reply_error();
>>> };
>>> exit;
>>> };
>>> if (nat_uac_test("3")) {
>>> if ((method=="REGISTER") || (method=="INVITE") ||
>>> (method=="OPTIONS")) {
>>> fix_nated_contact();
>>> force_rport();
>>> setflag(6); # Mark as NATed
>>> }
>>> }
>>> # if the request is for other domain use UsrLoc
>>> # (in case, it does not work, use the following command
>>> # with proper names and addresses in it)
>>> if (method=="REGISTER") {
>>> if (!proxy_authorize("domain", "openser_view")) {
>>> proxy_challenge("domain", "0");
>>> exit;
>>> }
>>> if (!check_to()) {
>>> sl_send_reply("403", "Digest username and URI username do NOT match!
>>> Stay away!");
>>> exit;
>>> }
>>> save("location");
>>> exit;
>>> };
>>>
>>> if (method=="INVITE") {
>>> if (!proxy_authorize("domain", "openser_view")) {
>>> proxy_challenge("domain", "0");
>>> exit;
>>> }
>>> if (!check_from()) {
>>> sl_send_reply("403", "Digest username and URI username do NOT match!
>>> Stay away!");
>>> exit;
>>> }
>>> }
>>> # loose-route processing
>>> if (loose_route()) {
>>> # mark routing logic in request
>>> append_hf("P-hint: rr-enforced\r\n");
>>> route(1);
>>> exit;
>>> };
>>> if (!uri==myself) {
>>> # mark routing logic in request
>>> append_hf("P-hint: outbound\r\n");
>>> route(1);
>>> exit;
>>> };
>>> append_hf("P-hint: usrloc applied\r\n");
>>> route(1);
>>> }
>>> route[1]
>>> {
>>> # ! Nathelper
>>> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
>>> !search("^Route:")){
>>> sl_send_reply("479", "We don't forward to private IP addresses");
>>> exit;
>>> };
>>> # NAT processing of replies; apply to all transactions (for example,
>>> # re-INVITEs from public to private UA are hard to identify as
>>> # NATed at the moment of request processing); look at replies
>>> t_on_reply("1");
>>> # send it out now; use stateful forwarding as it works reliably
>>> # even for UDP2TCP
>>> if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { # IP
>>> of Asterisks
>>> ds_select_dst("2", "0");
>>> }
>>> if (!t_relay()) {
>>> sl_reply_error();
>>> };
>>> }
>>> # ! Nathelper
>>> onreply_route[1] {
>>> # NATed transaction ?
>>> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>>> fix_nated_contact();
>>> # otherwise, is it a transaction behind a NAT and we did not
>>> # know at time of request processing ? (RFC1918 contacts)
>>> } else if (nat_uac_test("1")) {
>>> fix_nated_contact();
>>> };
>>> }
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>> --
>> Klaus Darilion
>> nic.at
>>
>
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
More information about the sr-users
mailing list