[Users] OpenSER as load balancer for several Asterisk servers

Klaus Darilion klaus.mailinglists at pernau.at
Wed Dec 20 11:51:00 CET 2006


Edoardo Serra wrote:
> At 13.51 19/12/2006, Klaus Darilion wrote:
>> You said that the 200 contains openser's IP in the SDP? Is it put in 
>> there by openser or already by Asterisk?
> 
> Tnx very much for help
> 
> It's put in there by OpenSER.
> 
> I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and 1 
> from openser to client)
> 
> AAA.AAA.AAA.AAA stands for IP of Asterisk
> OOO.OOO.OOO.OOO stands for IP of OpenSER
> CCC.CCC.CCC.CCC stands for IP of client
> 3333333333 is the called number
> 
> 
> No.     Time        Source                Destination           Protocol 
> Info
>     20 12.646925   AAA.AAA.AAA.AAA       OOO.OOO.OOO.OOO       SIP/SDP
> Status: 200 OK, with session description
> 
> Session Initiation Protocol
>    Status-Line: SIP/2.0 200 OK
>    Message Header
>        Via: SIP/2.0/UDP 
> OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO
>        Via: SIP/2.0/UDP 
> CCC.CCC.CCC.CCC:8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 
> 
>        Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
>        From: "test"<sip:test at OOO.OOO.OOO.OOO>;tag=9043ec70
>        To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as30a7528b
>        Call-ID: 
> 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
>        CSeq: 3 INVITE
>        User-Agent: Asterisk
>        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
>        Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>
>        Content-Type: application/sdp
>        Content-Length: 291
>    Message body
>        Session Description Protocol
>            Session Description Protocol Version (v): 0
>            Owner/Creator, Session Id (o): root 20137 20138 IN IP4 
> AAA.AAA.AAA.AAA
>            Session Name (s): session
>            Connection Information (c): IN IP4 AAA.AAA.AAA.AAA
>            Time Description, active time (t): 0 0
>            Media Description, name and address (m): audio 58508 RTP/AVP 
> 98 3 8 0 101
>            Media Attribute (a): rtpmap:98 iLBC/8000
>            Media Attribute (a): rtpmap:3 GSM/8000
>            Media Attribute (a): rtpmap:8 PCMA/8000
>            Media Attribute (a): rtpmap:0 PCMU/8000
>            Media Attribute (a): rtpmap:101 telephone-event/8000
>            Media Attribute (a): fmtp:101 0-16
>            Media Attribute (a): silenceSupp:off - - - -
> 
> No.     Time        Source                Destination           Protocol 
> Info
>     21 12.647437   OOO.OOO.OOO.OOO       CCC.CCC.CCC.CCC       SIP/SDP
> Status: 200 OK, with session description
> 
> Session Initiation Protocol
>    Status-Line: SIP/2.0 200 OK
>    Message Header
>        Via: SIP/2.0/UDP 
> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 

^^^^^^^^^here should be CCC.CCC.CCC.CCC

maybe a search/replace typo?

have you sniffed directly on the SIP proxy server? (Maybe is there a SIP 
ALG somewhere inbetween)

regards
klaus

> 
>        Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
>        From: "test"<sip:test at OOO.OOO.OOO.OOO>;tag=9043ec70
>        To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as30a7528b
>        Call-ID: 
> 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
>        CSeq: 3 INVITE
>        User-Agent: Asterisk
>        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
>        Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>
>        Content-Type: application/sdp
>        Content-Length: 291
>    Message body
>        Session Description Protocol
>            Session Description Protocol Version (v): 0
>            Owner/Creator, Session Id (o): root 20137 20138 IN IP4 
> OOO.OOO.OOO.OOO
>            Session Name (s): session
>            Connection Information (c): IN IP4 OOO.OOO.OOO.OOO
>            Time Description, active time (t): 0 0
>            Media Description, name and address (m): audio 58508 RTP/AVP 
> 98 3 8 0 101
>            Media Attribute (a): rtpmap:98 iLBC/8000
>            Media Attribute (a): rtpmap:3 GSM/8000
>            Media Attribute (a): rtpmap:8 PCMA/8000
>            Media Attribute (a): rtpmap:0 PCMU/8000
>            Media Attribute (a): rtpmap:101 telephone-event/8000
>            Media Attribute (a): fmtp:101 0-16
>            Media Attribute (a): silenceSupp:off - - - -
> 
> Tnx very much for help again
> 
> Regards
> 
> Edoardo
> 
> 
>> regards
>> klaus
>>
>>
>> regards
>> klaus
>>
>> Edoardo Serra wrote:
>>> Hi guys,
>>>     I'm having a problem with an OpenSER acting as registrar server 
>>> and load balancer for many Asterisk servers.
>>> In a few words: "users are registering on openser and, when they want 
>>> to make a call, OpenSER proxies the request to an Asterisk server 
>>> with the dispatcher module"
>>> Here is the intended data flow (SIP goes through OpenSER and media 
>>> goes directly to Asterisk)
>>> User <-- SIP --> OpenSER <-- SIP --> Asterisk
>>> User <-- RTP --> Asterisk
>>> Both, OpenSER and Asterisks have public IPs
>>> I already have a working setup of that and everything seems working 
>>> correctly.
>>> I'm trying to replicate that setup on another site, same 
>>> configurations of the boxes, same versions of OpenSER and Asterisk, 
>>> etc... but I'm having monodirectional Audio.
>>> Having a look with tethereal I see that OpenSER, when the 
>>> communication is answered, sends a SIP packet (200 OK) to the user 
>>> indicating itself as media endpoint instead of the Asterisks.
>>>  From that moment I see RTP packets flowing from the client to OpenSER
>>> This seems really strange to me because I just copied the same 
>>> configurations file from a working setup to the new installation.
>>> Tnx in advance for help.
>>> Regards
>>> P.S.: Here is my openser.cfg
>>> ## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>>> ## simple quick-start config script
>>> #
>>> # ----------- global configuration parameters ------------------------
>>> #debug=3 # debug level (cmd line: -dddddddddd)
>>> fork=yes
>>> #log_stderror=no # (cmd line: -E)
>>> check_via=no # (cmd. line: -v)
>>> dns=no # (cmd. line: -r)
>>> rev_dns=no # (cmd. line: -R)
>>> #children=4
>>> #port=5060
>>> fifo="/tmp/ser_fifo"
>>> #uid=nobody
>>> #gid=nobody
>>> # ------------------ module loading ----------------------------------
>>> loadmodule "/usr/lib/openser/modules/sl.so"
>>> loadmodule "/usr/lib/openser/modules/tm.so"
>>> loadmodule "/usr/lib/openser/modules/rr.so"
>>> loadmodule "/usr/lib/openser/modules/maxfwd.so"
>>> loadmodule "/usr/lib/openser/modules/usrloc.so"
>>> loadmodule "/usr/lib/openser/modules/registrar.so"
>>> loadmodule "/usr/lib/openser/modules/nathelper.so"
>>> loadmodule "/usr/lib/openser/modules/textops.so"
>>> loadmodule "/usr/lib/openser/modules/exec.so"
>>> loadmodule "/usr/lib/openser/modules/uri.so"
>>> loadmodule "/usr/lib/openser/modules/uri_db.so"
>>> loadmodule "/usr/lib/openser/modules/dispatcher.so"
>>> # Uncomment this if you want digest authentication
>>> # mysql.so must be loaded !
>>> loadmodule "/usr/lib/openser/modules/mysql.so"
>>> loadmodule "/usr/lib/openser/modules/auth.so"
>>> loadmodule "/usr/lib/openser/modules/auth_db.so"
>>> modparam("usrloc", "db_mode", 2)
>>> modparam("usrloc", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser")
>>> modparam("usrloc", "timer_interval", 120)
>>> modparam("auth_db", "calculate_ha1", 0)
>>> modparam("auth_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/voip")
>>> modparam("uri_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser")
>>> modparam("rr", "enable_full_lr", 1)
>>> modparam("registrar", "nat_flag", 6)
>>> modparam("registrar", "max_expires", 3600)
>>> modparam("registrar", "min_expires", 60)
>>> modparam("registrar", "append_branches", 0)
>>> modparam("registrar", "desc_time_order", 1)
>>> modparam("nathelper", "natping_interval", 20) # Ping interval 20 s
>>> modparam("nathelper", "ping_nated_only", 1) # Ping only clients 
>>> behind NAT
>>> modparam("dispatcher", "force_dst", 1)
>>> # ------------------------- request routing logic -------------------
>>> # main routing logic
>>> route{
>>> # initial sanity checks -- messages with
>>> # max_forwards==0, or excessively long requests
>>> if (!mf_process_maxfwd_header("10")) {
>>> sl_send_reply("483","Too Many Hops");
>>> exit;
>>> };
>>> if ( msg:len > max_len ) {
>>> sl_send_reply("513", "Message too big");
>>> exit;
>>> };
>>> if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || 
>>> (method=="NOTIFY") ) {
>>> sl_send_reply("405", "Method Not Allowed");
>>> exit;
>>> }
>>> if (!method=="REGISTER") {
>>> record_route();
>>> };
>>> if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { # IP of 
>>> Asterisks
>>> if (!lookup("location")) {
>>> sl_send_reply("404", "Not Found");
>>> exit;
>>> };
>>> # forward to current uri now; use stateful forwarding; that
>>> # works reliably even if we forward from TCP to UDP
>>> if (!t_relay()) {
>>> sl_reply_error();
>>> };
>>> exit;
>>> };
>>> if (nat_uac_test("3")) {
>>> if ((method=="REGISTER") || (method=="INVITE") || (method=="OPTIONS")) {
>>> fix_nated_contact();
>>> force_rport();
>>> setflag(6); # Mark as NATed
>>> }
>>> }
>>> # if the request is for other domain use UsrLoc
>>> # (in case, it does not work, use the following command
>>> # with proper names and addresses in it)
>>> if (method=="REGISTER") {
>>> if (!proxy_authorize("domain", "openser_view")) {
>>> proxy_challenge("domain", "0");
>>> exit;
>>> }
>>> if (!check_to()) {
>>> sl_send_reply("403", "Digest username and URI username do NOT match! 
>>> Stay away!");
>>> exit;
>>> }
>>> save("location");
>>> exit;
>>> };
>>>
>>> if (method=="INVITE") {
>>> if (!proxy_authorize("domain", "openser_view")) {
>>> proxy_challenge("domain", "0");
>>> exit;
>>> }
>>> if (!check_from()) {
>>> sl_send_reply("403", "Digest username and URI username do NOT match! 
>>> Stay away!");
>>> exit;
>>> }
>>> }
>>> # loose-route processing
>>> if (loose_route()) {
>>> # mark routing logic in request
>>> append_hf("P-hint: rr-enforced\r\n");
>>> route(1);
>>> exit;
>>> };
>>> if (!uri==myself) {
>>> # mark routing logic in request
>>> append_hf("P-hint: outbound\r\n");
>>> route(1);
>>> exit;
>>> };
>>> append_hf("P-hint: usrloc applied\r\n");
>>> route(1);
>>> }
>>> route[1]
>>> {
>>> # ! Nathelper
>>> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && 
>>> !search("^Route:")){
>>> sl_send_reply("479", "We don't forward to private IP addresses");
>>> exit;
>>> };
>>> # NAT processing of replies; apply to all transactions (for example,
>>> # re-INVITEs from public to private UA are hard to identify as
>>> # NATed at the moment of request processing); look at replies
>>> t_on_reply("1");
>>> # send it out now; use stateful forwarding as it works reliably
>>> # even for UDP2TCP
>>> if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { # IP of 
>>> Asterisks
>>> ds_select_dst("2", "0");
>>> }
>>> if (!t_relay()) {
>>> sl_reply_error();
>>> };
>>> }
>>> # ! Nathelper
>>> onreply_route[1] {
>>> # NATed transaction ?
>>> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>>> fix_nated_contact();
>>> # otherwise, is it a transaction behind a NAT and we did not
>>> # know at time of request processing ? (RFC1918 contacts)
>>> } else if (nat_uac_test("1")) {
>>> fix_nated_contact();
>>> };
>>> }
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>> -- 
>> Klaus Darilion
>> nic.at
>>
> 


-- 
Klaus Darilion
nic.at





More information about the sr-users mailing list