[Users] Best practice for DNS failover using OpenSER?
Jiri Kuthan
jiri at iptel.org
Tue Jan 16 15:17:48 CET 2007
At 14:59 16/01/2007, Greg Fausak wrote:
>Jiri,
>
>Thanks for the pointer! I think I'll have to give this a look.
Hi Greg,
with pleasure. Just keep in mind that having robustness in there takes
couple of other steps. Particularly IP blacklisting to avoid attempts
to send to the DNS-conveyed destinations, which are unavailable and ...
>We are having specific problems with the DNS resolver on failover
>(when one
>DNS resolver is not reachable, the next is queried, and openser is
>not acting
>predictably when this happens). It is as if the tm module is not
>properly threaded. Like when one thread gets stuck waiting for
>a response from DNS resolver, another thread picks up a retry
>SIP message and doesn't know about the retry in process!
... building the ser script in a way that retransmissions are absorbed
(kind of having "shock absorber" in place)
-jiri
>We see the bad resolver behavior when 2 resolvers are listed in /etc/ resolv.conf, and
>we turn off the first one.
>
>The DNS failover is also interesting. I think failover applies to A
>records
>and SRV records (not NAPTR records).
>
>-g
>
>On Jan 16, 2007, at 7:12 AM, Jiri Kuthan wrote:
>
>>indeed, the stuff is not well linked, we are working on it. Here
>>you go.
>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/doc/ dns.txt?rev=HEAD&content-type=text/vnd.viewcvs-markup
>>
>>-jiri
>>
>>At 02:46 16/01/2007, T.R. Missner wrote:
>>>Greg,
>>>
>>>This is a ref to SER. Apparently this functionality has been added
>>>to the new pre-release version. I did find some talk about it in
>>>the release notes.
>>>I couldn’t find any specific documentation. Admittedly I don’t
>>>understand the layout of SER’s site very well as I haven’t spent
>>>much time there.
>>>
>>>-- TR
>>>
>>>
>>>On 1/15/07 8:33 PM, "Greg Fausak" <lgfausak at gmail.com> wrote:
>>>
>>>In the text below I quote Kerker 'SER does support DNS failover.'.
>>>Is this ser or openser? Where can I read more about this?
>>>
>>>-g
>>>
>>>On Jan 15, 2007, at 10:40 AM, Klaus Darilion wrote:
>>>
>>>
>>>Staffan,
>>>
>>>
>>>
>>>
>>>
>>>Kerker Staffan wrote:
>>>
>>>
>>>...
>>>
>>>
>>>
>>>
>>>Now, if I disable one of the Gateways, I hang every second call.
>>>OpenSER does
>>>
>>>
>>>not
>>>
>>>
>>>try the second A record address if the first doesn't answer. How
>>>can I solve
>>>
>>>
>>>this? Shouldn't OpenSER fail over to the second A record listed in
>>>the NAPTR
>>>
>>>
>>>=> SRV
>>>
>>>
>>>resolving? Or will OpenSER continue to resend all SIP INVITES
>>>until timers
>>>
>>>
>>>fire? Would
>>>
>>>
>>>it help if the proxy recieved an ICMP port/destination unreachable
>>>from the
>>>
>>>
>>>network? Is
>>>
>>>
>>>there anyway to get around this? In the other direction, from POTS
>>>to sip,
>>>
>>>
>>>the PGW2200
>>>
>>>
>>>nicely switches over to the second of my two OpenSER servers if I
>>>shut one of
>>>
>>>
>>>them down. These servers have the same DNS entries (but for
>>>another SIP domain, NAPTR =>
>>>
>>>
>>>SRV => 2x A record).
>>>
>>>
>>>
>>>
>>>Yes, OpenSER or for that matter every transaction stateful proxy
>>>should
>>>
>>>
>>>do RFC 3263 based fail-over. But as you can imagine this is pretty
>>>
>>>
>>>complex to implement and that's why openser does not support it
>>>yet, it
>>>
>>>
>>>is listed on the development roadmap. The newest release of SER does
>>>
>>>
>>>support DNS failover.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>Users mailing list
>>>Users at openser.org
>>><http://openser.org/cgi-bin/mailman/listinfo/users>http:// openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>_______________________________________________
>>>Users mailing list
>>>Users at openser.org
>>>http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>--
>>Jiri Kuthan http://iptel.org/~jiri/
>
>--
>Jiri Kuthan http://iptel.org/~jiri/
More information about the sr-users
mailing list