[SR-Users] question about NAT being behind of a Load Balancer

Klaus Darilion klaus.mailinglists at pernau.at
Fri Feb 3 11:03:50 CET 2012 

The Load-Balancer is the only server which sees the real IP Address of 
the client. Thus, some parts of NAT-Traversal can only be done by the LB.

E.g. the LB must use force_rport() and mangle the contact header of the 
client. Further, if you use light-weight NAT-keep-alive (CR-LF) you have 
to do it from the LB. If you use OPTIONS requests for NAT-keep-alive you 
should be possible to do it from the backend servers.

If you use media relays (rtpproxy), either control them from the load 
balancer or from the backend-servers. If you control them from the 
backend-servers you have to instruct rtpproxy to accept RTP from all 
sources (by default it accepts RTP only from the previous SIP hop, which 
in this case would be the LB and not the public IP address of the SIP 
client).

regards
klaus

PS: You are using the terms UAC and UAS incorrectly. Every SIP node is a 
UAC and UAS - this term only defines if a node receive requests or sends 
requests. I think in your case it is better to just call them "SIP 
clients" and "SIP servers".

On 03.02.2012 10:26, Albert Petit wrote:
> Hi , Sorry for previous email. Hit send too soon .
>
> Good morning,
> On my system i've a structure similar to:
>   SIP Clients                    SIP Platform
> [-------------------]        [---------------------------------]
>                                                S1 @IP2
>                                                S2 @IP3
>    SIP UACs              SIP LB                    ...
>   [NATted and            @IP1
>   non Nattted]
>                                                 SN  @IPN
>
>
> SIP LB is based on Kamailio dispatcher and is responsible of
> distributing the load between different Servers SIP UAS.
>
> S1, S2,... SN Servers have a Kamailio Server too which will forward
> received balanced traffic to appropiate service (Presence , registrar,...)
>
>
> Considering SIP LB and all SIP UAS have Public IP, how NAT from the UACs
> could be handled on this scenario?
>
> Initially I thought NAT should be handled on SIP LB however I would like
> the most simple possible load balancer with no need to read user
> locations . Responsible of location users should be S1,S2,..:SN
>
> Then, would  it be possible to handle NAT of the SIP UACs *from the SIP
> UAS *with NAT Helper module? What i'm afraid is:      If all traffic to
> S1,S2,..SN comes from SIP LB then nat_helper could think all clients are
> NATTed because top most via will be SIP LB.
>
>
> What I need, I think, is that NAT Helper decides if there is NAT looking
> the Via Header added originally by UAC , and not the top most via (which
> would be SIP LB). Is that possible? If possible how should i configure
> Nat helper for that?
>
>
> BR
> Albert
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list