[Kamailio-Users] Transparent bridge mode
Jeff Brower
jbrower at signalogic.com
Wed Dec 23 21:58:06 CET 2009
Klaus-
> On 23.12.2009 20:21, Jeff Brower wrote:
>> Daniel-
>>
>>> I haven't used such scenario so far and not a big linux network routing
>>> expert here, so the command you use for bridging do not help me too much.
>>>
>>> When I need to bridge two network then I use rtpproxy in bridging mode,
>>> like the example I pointed in a previous email, and all run fine.
>>
>> Thanks for your reply Daniel. Our concern with using rtpproxy for bridging is that we may end up with less call
>> capacity. We don't want to touch in user space packets that don't need decryption and transcoding -- we want to let
>> them through to the other network using Linux bridging and the 2 NICs.
>
> Why using rtpproxy at all for unencrypted calls? Just let them through
> directly to Asterisk.
Yes, we're doing that now, using Linux bridging (2 NICs).
> IF you do not want RTP directly to Asterisk, but need kernel-based
> forwarding, you could use mediaproxy2 (kernel-based) for RTP and
> rtpproxy for SRTP.
Ok thanks for that suggestion. At call capacity increases, we may move encryption and transcoding to an accelerator
card... rtpproxy is a good UDP/RTP place to interface with the card.
-Jeff
>>> On 12/22/09 10:40 PM, Vikram Ragukumar wrote:
>>>> Daniel,
>>>>
>>>> Please find below a corrected Dataflow diagram.
>>>>
>>>> -----------------
>>>> |SIP Caller's |
>>>> |Encrypted SIP |
>>>> |(Port9090) + |
>>>> |UDP |
>>>> |(Port10000-20000)|
>>>> -----------------
>>>> |
>>>> |Public IP
>>>> ---|-----------------------
>>>> | --|---- ------- | Public IP
>>>> || NIC1 |<------>| NIC2 | | -----------
>>>> || eth0 | bridge | eth1 |->-| Asterisk |
>>>> | --|----- --|--|- | |CentOS v5.4|
>>>> | v port 9090 | | | | Server 2 |
>>>> | --|--------------- | | | -----------
>>>> ||Libnetfilter_queue|| | |
>>>> | -|----|----------- | | |
>>>> | | | | | |
>>>> | | -|-------- | | |
>>>> | | |Decryption| ^ ^ |
>>>> | | -|-------- | | |
>>>> | v v port 5060 | | |
>>>> | | -|------ | | |
>>>> | | |Kamailio|--->- | |
>>>> | | -------- | |
>>>> | | | |
>>>> | |UDPports | |
>>>> | -|-- -------- | |
>>>> ||srtp|->--|rtpproxy|->- |
>>>> | ---- -------- |
>>>> | Server 1,CentOS v5.4 |
>>>> ---------------------------
>>>>
>>>> Thanks and Regards,
>>>> Vikram.
>>>>
>>>> Vikram Ragukumar wrote:
>>>>> Daniel,
>>>>>
>>>>> Thanks once again for your reply. I present below a more detailed
>>>>> system description. The first ASCII sketch depicts the setup we have
>>>>> in our lab here and the second ASCII sketch depicts the dataflow we
>>>>> are working towards.
>>>>>
>>>>> System setup:
>>>>> -------------
>>>>>
>>>>> ------------
>>>>> | Internet |
>>>>> ------------
>>>>> |
>>>>> |
>>>>> ------|------------------------
>>>>> | | CentOS v5.4 |
>>>>> | ---|---- -------- |
>>>>> | | NIC1 |<------>| NIC2 | |<- Server 1
>>>>> | | eth0 | bridge | eth1 | |
>>>>> | -------- ----|--- |
>>>>> | Rtpproxy,Kamailio | |
>>>>> -------------------------|-----
>>>>> |
>>>>> |<- Cross over cable
>>>>> |
>>>>> -----------
>>>>> |CentOS v5.4|
>>>>> | Asterisk |<- Server 2
>>>>> -----------
>>>>>
>>>>> Dataflow:
>>>>> ---------
>>>>>
>>>>> ------------------
>>>>> |SIP Caller's |
>>>>> |Encrypted SIP |
>>>>> |(Port9090) + |
>>>>> |UDP |
>>>>> |(Port10000-20000)|
>>>>> -----------------
>>>>> |
>>>>> |Public IP
>>>>> ---|-----------------------
>>>>> | --|---- ------- | Public IP
>>>>> || NIC1 |<------>| NIC2 | | -----------
>>>>> || eth0 | bridge | eth1 |->-| Asterisk |
>>>>> | --|----- --|--|- | |CentOS v5.4|
>>>>> | v port 9090 | | | | Server 2 |
>>>>> | --|--------------- | | | -----------
>>>>> ||Libnetfilter_queue|| | |
>>>>> | --|--------------- | | |
>>>>> | v | | |
>>>>> | --|------- | | |
>>>>> ||Decryption| ^ ^ |
>>>>> | -|------|-- | | |
>>>>> | | v port 5060| | |
>>>>> | | ---|---- | | |
>>>>> | | |Kamailio|--->- | |
>>>>> | v -------- | |
>>>>> | | | |
>>>>> | |UDPports | |
>>>>> | -|-- -------- | |
>>>>> ||srtp|->--|rtpproxy|->- |
>>>>> | ---- -------- |
>>>>> | Server 1,CentOS v5.4 |
>>>>> ---------------------------
>>>>>
>>>>> Questions:
>>>>> ----------
>>>>> 1) Is it common practice to implement "Decryption" and "srtp" as
>>>>> shown in the dataflow diagram? If not, what is a more appropriate
>>>>> place to implement them ?
>>>>> 2) Once deployed, will such as system be capable of handling several
>>>>> hundreds or thousands of calls ?
>>>>>
>>>>> Wish you all a Merry Christmas and a Happy New Year.
>>>>>
>>>>> Thanks and Regards,
>>>>> Vikram.
>>>>>
>>>>> PS : Here is the script used to setup the bridge between eth0 and eth1
>>>>>
>>>>> brctl addbr br0
>>>>> brctl stp br0 on
>>>>> brctl addif br0 eth0
>>>>> brctl addif br0 eth1
>>>>> ifdown eth0 1>/dev/null 2>&1
>>>>> ifdown eth1 1>/dev/null 2>&1
>>>>> ifconfig eth0 0.0.0.0 up
>>>>> ifconfig eth1 0.0.0.0 up
>>>>> ifconfig br0 64.221.148.221 netmask 255.255.255.224 up
>>>>> route add default gw 64.221.148.220
>>>>> for file in br0 eth0 eth1
>>>>> do
>>>>> echo "1"> /proc/sys/net/ipv4/conf/${file}/proxy_arp
>>>>> echo "1"> /proc/sys/net/ipv4/conf/${file}/forwarding
>>>>> done;
>>>>> echo "1"> /proc/sys/net/ipv4/ip_forward
>>>>>
>>>>>
>>>>> Daniel-Constantin Mierla wrote:
>>>>>>
>>>>>>
>>>>>> On 12/18/09 10:08 PM, Vikram Ragukumar wrote:
>>>>>>> Daniel,
>>>>>>>
>>>>>>> Thank you for your reply. Let me briefly explain what i am trying
>>>>>>> to achieve over here.
>>>>>>>
>>>>>>> _____ eth0 _____ eth1 ______
>>>>>>> |_____|------|_____|--------|______| Internet
>>>>>>> Server1 Server2
>>>>>>> 2 NIC's 1 NIC
>>>>>>> (Public IP)
>>>>>>>
>>>>>>> I show above a sketch of the desired setup.
>>>>>>>
>>>>>>> Server1 - Runs Kamailio and rtpproxy. It has 2 NIC's installed.
>>>>>>> Server2 - Runs Asterisk. It must be assigned a Public IP.
>>>>>>>
>>>>>>> I need to use rtpproxy to intercept data being sent to Server 2,
>>>>>>> process them and let them continue along their original path. Are
>>>>>>> there any references you can point me to, that show how to use
>>>>>>> rtpproxy to achieve this bridging? Does the connection between eth1
>>>>>>> of Server1 and eth0 of Server2 have to made using a crossover cable ?
>>>>>>
>>>>>> probably your diagram is not displayed properly by the email client,
>>>>>> since I do not really get what you wanted to draw.
>>>>>>
>>>>>> However, in the kamailio server, if you have two network interfaces,
>>>>>> run kamailio to listen on both and rtpproxy in bridging mode between
>>>>>> them. Then rtpproxy will get packets coming on eth0 and send onver
>>>>>> eth1 and viceversa. I gave you the path in the source three where
>>>>>> you find an example to start with (in my previous email).
>>>>>>
>>>>>> Cheers,
>>>>>> Daniel
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Daniel-Constantin Mierla wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> On 12/18/09 12:38 AM, Vikram Ragukumar wrote:
>>>>>>>>> Hello All,
>>>>>>>>>
>>>>>>>>> I am trying to setup a test scenario, where i have Kamailio and
>>>>>>>>> rtpproxy running on one CentOS box (Server1) and i have Asterisk
>>>>>>>>> running on another CentOS box (Server2). Server1 has 2 NIC's eth0
>>>>>>>>> and eth1 that are both assigned Public IP's. There is a
>>>>>>>>> transparent bridge br0 connecting eth0 and eth1 which also has
>>>>>>>>> its own Public IP. Finally eth0 on Server2 also has a Public IP.
>>>>>>>>>
>>>>>>>>> Server2 must be assigned a Public IP.
>>>>>>>>>
>>>>>>>>> My goal is to modify rtpproxy so that i can intercept packets
>>>>>>>>> traveling to Server2, process them and let them resume along
>>>>>>>>> their original path.
>>>>>>>>> I would like to know if there is another way of setting this up
>>>>>>>>> so that i dont use as many Public IP's ?
>>>>>>>>> Do any of you see a problem with this setup, things that may not
>>>>>>>>> work eventually, or any other concerns ?
>>>>>>>>>
>>>>>>>> rtpproxy can do bridging of two interfaces -- see the example cfg:
>>>>>>>>
>>>>>>>> modules/nathelper/examples/alg.cfg
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Daniel
More information about the sr-users
mailing list