[SR-Users] question about NAT being behind of a Load Balancer

Albert Petit albertpetit at gmail.com
Fri Feb 3 11:24:46 CET 2012 

Hi Klaus,

Thanks for your answer!

2012/2/3 Klaus Darilion <klaus.mailinglists at pernau.at>

> The Load-Balancer is the only server which sees the real IP Address of the
> client. Thus, some parts of NAT-Traversal can only be done by the LB.
>

Expecting kind of this answer because also makes sense to me that LB is the
only one who can see from where is it really coming :-)  however then if I
fix rport in LB could I still do  do operations like                     *
 fix_nated_register();                         fix_nated_contact();*  from
S1,S2..SN ? Or that needs to be handled on LB too?


> E.g. the LB must use force_rport() and mangle the contact header of the
> client. Further, if you use light-weight NAT-keep-alive (CR-LF) you have to
> do it from the LB. If you use OPTIONS requests for NAT-keep-alive you
> should be possible to do it from the backend servers.
>
We're using SIP Options..and I would prefer to keep like that. if possible.
I will try to do it from S1,S2,...SN first.

>
> If you use media relays (rtpproxy), either control them from the load
> balancer or from the backend-servers. If you control them from the
> backend-servers you have to instruct rtpproxy to accept RTP from all
> sources (by default it accepts RTP only from the previous SIP hop, which in
> this case would be the LB and not the public IP address of the SIP client).
>

I believe it would be better to keep RTP Proxy on S1,S2..SN SIP Servers;
this way I can have N instances of RTP Proxy instead of a maximum of one
(or two if using active-passive LB)
Isit easy to instruct RTP Proxy to accept media from all sources? I never
did. Where can I find this information?  I tried here
http://www.rtpproxy.org/wiki/RTPproxy/FAQ and here
http://kamailio.org/docs/modules/3.0.x/modules_k/nathelper.html  but no
luck.


> regards
> klaus
>
> PS: You are using the terms UAC and UAS incorrectly. Every SIP node is a
> UAC and UAS - this term only defines if a node receive requests or sends
> requests. I think in your case it is better to just call them "SIP clients"
> and "SIP servers".


Yes you're right, not correct use of the term, sorry for that.

>
>
> On 03.02.2012 10:26, Albert Petit wrote:
>
>> Hi , Sorry for previous email. Hit send too soon .
>>
>> Good morning,
>> On my system i've a structure similar to:
>>  SIP Clients                    SIP Platform
>> [-------------------]        [-----------------------------**----]
>>                                               S1 @IP2
>>                                               S2 @IP3
>>   SIP UACs              SIP LB                    ...
>>  [NATted and            @IP1
>>  non Nattted]
>>                                                SN  @IPN
>>
>>
>> SIP LB is based on Kamailio dispatcher and is responsible of
>> distributing the load between different Servers SIP UAS.
>>
>> S1, S2,... SN Servers have a Kamailio Server too which will forward
>> received balanced traffic to appropiate service (Presence , registrar,...)
>>
>>
>> Considering SIP LB and all SIP UAS have Public IP, how NAT from the UACs
>> could be handled on this scenario?
>>
>> Initially I thought NAT should be handled on SIP LB however I would like
>> the most simple possible load balancer with no need to read user
>> locations . Responsible of location users should be S1,S2,..:SN
>>
>> Then, would  it be possible to handle NAT of the SIP UACs *from the SIP
>> UAS *with NAT Helper module? What i'm afraid is:      If all traffic to
>>
>> S1,S2,..SN comes from SIP LB then nat_helper could think all clients are
>> NATTed because top most via will be SIP LB.
>>
>>
>> What I need, I think, is that NAT Helper decides if there is NAT looking
>> the Via Header added originally by UAC , and not the top most via (which
>> would be SIP LB). Is that possible? If possible how should i configure
>> Nat helper for that?
>>
>>
>> BR
>> Albert
>>
>>
>>
>> ______________________________**_________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>>
>


-- 
Albert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120203/334710a2/attachment-0001.htm>

More information about the sr-users mailing list