[SR-Users] Fwd: INVITE routing issue when using Private IP (RFC1918) network

pslack14 pslack14 at gmail.com
Mon Apr 6 23:22:17 CEST 2015


Hello,

I have a Kamailio IMS instance setup, using different hosts for each IMS
function (P-CSCF,S-CSCF,I-CSCF etc) and am able to register clients
successfully.

However, when Client-A tries to call Client-B (both registered to the same
S-CSCF), the call is failing with the "403 Forbidden - You must register
first with a S-CSCF" error. .

All hosts & clients are running on the same subnet using RFC1918 IP
addresses, there is no NAT involved.
I've seen the same issue on both 4.2 and Master branches.
I have the nathelper 'nat_uac_test' parameter set to 18.


Looking at the debug prints and SIP traces, I can see that the 403 Error is
being generated by the P-CSCF when it receives the INVITE from the S-CSCF
(for forwarding to Client-B).
Digging deeper into the debug logs, it looks like this is a result of a
failed contact match - I've experimented with different values
for "hashing_type", which do change the routing logic but still I see the
403 Error.

Here's 2 excerpts from the debug prints for different values of
hashing_type :

*modparam("ims_usrloc_pcscf", ""hashing_type",hashing_type", 0) :*

2(19636) DEBUG: ims_registrar_pcscf [service_routes.c:183]: getContactP():
> Searching in usrloc for 10.133.202.17:5060 (Proto 1)

 2(19636) DEBUG: ims_usrloc_pcscf [udomain.c:618]: get_pcontact_by_src():
> Trying to find contact by src with URI: [sip:*@10.133.202.17:5060]

 2(19636) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
> Searching for contact in P-CSCF usrloc [sip:*@10.133.202.17:5060]

 2(19636) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash(): Returning
> hash slot: [1670705485]

 2(19636) DEBUG: ims_registrar_pcscf [service_routes.c:186]: getContactP():
> No entry in usrloc for 10.133.202.17:5060 (Proto 1) found!

 2(19636) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
> Searching for contact in P-CSCF usrloc [sip:john at 10.133.202.61:64019
> ;transport=udp]

 2(19636) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash(): Returning
> hash slot: [397265208]

 2(19636) DEBUG: ims_registrar_pcscf [service_routes.c:119]:
> checkcontact(): Port 64019 (search 5060), Proto 1 (search 1), reg_state
> registered (search registered)

 2(19636) ERROR: *** cfgtrace:request_route=[Orig_Initial]
> c=[/etc/kamailio/kamailio.cfg] l=926 a=26 n=send_reply


*modparam("ims_usrloc_pcscf", ""hashing_type",hashing_type", 2) :*

1(19401) DEBUG: ims_registrar_pcscf [service_routes.c:183]: getContactP():
>> Searching in usrloc for 10.133.202.17:5060 (Proto 1)
>
>  1(19401) DEBUG: ims_usrloc_pcscf [udomain.c:618]: get_pcontact_by_src():
>> Trying to find contact by src with URI: [sip:*@10.133.202.17:5060]
>
>  1(19401) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
>> Searching for contact in P-CSCF usrloc [sip:*@10.133.202.17:5060]
>
>  1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:97]:
>> get_alias_host_from_contact(): no params
>
>  1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:183]: get_aor_hash(): using
>> host for hash [10.133.202.17]
>
>  1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash():
>> Returning hash slot: [-1564914093]
>
>  1(19401) DEBUG: ims_registrar_pcscf [service_routes.c:186]:
>> getContactP(): No entry in usrloc for 10.133.202.17:5060 (Proto 1) found!
>
>  1(19401) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
>> Searching for contact in P-CSCF usrloc [sip:john at 10.133.202.61:64013
>> ;transport=udp]
>
>  1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:176]: get_aor_hash(): Looks
>> like this contact is natted - contact URI: [10.133.202.61] but came from
>> received_host: [10.133.202.17] so will use received_host for hash
>
>  1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash():
>> Returning hash slot: [-1564914093]
>
>  1(19401) ERROR: *** cfgtrace:request_route=[Orig_Initial]
>> c=[/etc/kamailio/kamailio.cfg] l=926 a=26 n=send_reply
>
>

Can anyone offer any hints as to how to resolve this?

I am attaching a SIP call flow - I can supply a complete Kamailio debug
trace if needed.

Thanks

Phill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150406/45dfa299/attachment.html>
-------------- next part --------------
10.133.202.61 : Client-A
10.133.202.15 : P-CSCF
10.133.202.16 : I-CSCF
10.133.202.17 : S-CSCF
10.133.202.144 : Client-B

|Time     | 10.133.202.61                         | 10.133.202.16                         | 10.133.202.144                        |
|         |                   | 10.133.202.15     |                   | 10.133.202.17     |                   
|0.000000 |         Request: REGISTER si          |                   |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |
|0.499099 |         Request: REGISTER si          |                   |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |
|1.499053 |         Request: REGISTER si          |                   |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |
|2.470232 |                   |         Request: REGISTER si          |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |                   |(5060)   ------------------>  (5060)   |                   |                   |
|2.488597 |                   |         Status: 401 Unauthor          |                   |                   |SIP: Status: 401 Unauthorized - Challenging the UE | 
|         |                   |(5060)   <------------------  (5060)   |                   |                   |
|2.489073 |         Status: 401 Unauthor          |                   |                   |                   |SIP: Status: 401 Unauthorized - Challenging the UE | 
|         |(64016)  <------------------  (5060)   |                   |                   |                   |
|2.490496 |         Request: REGISTER si          |                   |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |
|2.493079 |                   |         Request: REGISTER si          |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |                   |(5060)   ------------------>  (5060)   |                   |                   |
|2.515153 |                   |         Status: 200 OK  (1 b          |                   |                   |SIP: Status: 200 OK  (1 binding) | 
|         |                   |(5060)   <------------------  (5060)   |                   |                   |
|2.533086 |         Status: 200 OK  (1 b          |                   |                   |                   |SIP: Status: 200 OK  (1 binding) | 
|         |(64016)  <------------------  (5060)   |                   |                   |                   |
|2.557427 |                   |         Request: NOTIFY sip:john at 10.133.202.61:6          |                   |SIP/XML: Request: NOTIFY sip:john at 10.133.202.61:64016;transport=udp | 
|         |                   |(5060)   <--------------------------------------  (5060)   |                   |
|2.563402 |         Request: NOTIFY sip:          |                   |                   |                   |SIP/XML: Request: NOTIFY sip:john at 10.133.202.61:64016;transport=udp | 
|         |(64016)  <------------------  (5060)   |                   |                   |                   |
|2.564360 |         Status: 200 OK |              |                   |                   |                   |SIP: Status: 200 OK | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |
|2.564803 |                   |         Status: 200 OK |              |                   |                   |SIP: Status: 200 OK | 
|         |                   |(5060)   -------------------------------------->  (5060)   |                   |
|6.059836 |                   |         Request: REGISTER sip:iot-ims.test  (1 binding) | |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |                   |(5060)   <----------------------------------------------------------  (51403)  |
|6.077557 |                   |         Request: REGISTER si          |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |                   |(5060)   ------------------>  (5060)   |                   |                   |
|6.095801 |                   |         Status: 401 Unauthor          |                   |                   |SIP: Status: 401 Unauthorized - Challenging the UE | 
|         |                   |(5060)   <------------------  (5060)   |                   |                   |
|6.096185 |                   |         Status: 401 Unauthorized - Challenging the UE |   |                   |SIP: Status: 401 Unauthorized - Challenging the UE | 
|         |                   |(5060)   ---------------------------------------------------------->  (51403)  |
|6.098128 |                   |         Request: REGISTER sip:iot-ims.test  (1 binding) | |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |                   |(5060)   <----------------------------------------------------------  (51403)  |
|6.098996 |                   |         Request: REGISTER si          |                   |                   |SIP: Request: REGISTER sip:iot-ims.test  (1 binding) | 
|         |                   |(5060)   ------------------>  (5060)   |                   |                   |
|6.112092 |                   |         Status: 200 OK  (1 b          |                   |                   |SIP: Status: 200 OK  (1 binding) | 
|         |                   |(5060)   <------------------  (5060)   |                   |                   |
|6.125297 |                   |         Status: 200 OK  (1 binding) | |                   |                   |SIP: Status: 200 OK  (1 binding) | 
|         |                   |(5060)   ---------------------------------------------------------->  (51403)  |
|6.138797 |                   |         Request: NOTIFY sip:bob at 10.133.202.144:5          |                   |SIP/XML: Request: NOTIFY sip:bob at 10.133.202.144:51403;transport=udp | 
|         |                   |(5060)   <--------------------------------------  (5060)   |                   |
|6.159662 |                   |         Request: NOTIFY sip:bob at 10.133.202.144:51403;transport=udp |          |SIP/XML: Request: NOTIFY sip:bob at 10.133.202.144:51403;transport=udp | 
|         |                   |(5060)   ---------------------------------------------------------->  (51403)  |
|6.160369 |                   |         Status: 200 OK |              |                   |                   |SIP: Status: 200 OK | 
|         |                   |(5060)   <----------------------------------------------------------  (51403)  |
|6.164099 |                   |         Status: 200 OK |              |                   |                   |SIP: Status: 200 OK | 
|         |                   |(5060)   -------------------------------------->  (5060)   |                   |
|12.849642|         Request: INVITE sip:          |                   |                   |                   |SIP/SDP: Request: INVITE sip:bob at iot-ims.test | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |
|12.856950|                   |         Request: INVITE sip:bob at iot-ims.test |            |                   |SIP/SDP: Request: INVITE sip:bob at iot-ims.test | 
|         |                   |(5060)   -------------------------------------->  (5060)   |                   |
|12.865536|                   |         Request: INVITE sip:bob at 10.133.202.144:5          |                   |SIP: Request: INVITE sip:bob at 10.133.202.144:51403;transport=udp | 
|         |                   |(5060)   <--------------------------------------  (5060)   |                   |
|12.868726|                   |         Status: 403 Forbidden - You must registe          |                   |SIP: Status: 403 Forbidden - You must register first with a S-CSCF | 
|         |                   |(5060)   -------------------------------------->  (5060)   |                   |
|12.869848|                   |         Request: ACK sip:bob at 10.133.202.144:5140          |                   |SIP: Request: ACK sip:bob at 10.133.202.144:51403;transport=udp | 
|         |                   |(5060)   <--------------------------------------  (5060)   |                   |
|12.871151|                   |         Status: 403 Forbidden - You must registe          |                   |SIP: Status: 403 Forbidden - You must register first with a S-CSCF | 
|         |                   |(5060)   <--------------------------------------  (5060)   |                   |
|12.871450|                   |         Request: ACK sip:bob at iot-ims.test |               |                   |SIP: Request: ACK sip:bob at iot-ims.test | 
|         |                   |(5060)   -------------------------------------->  (5060)   |                   |
|12.872833|         Status: 403 Forbidde          |                   |                   |                   |SIP: Status: 403 Forbidden - You must register first with a S-CSCF | 
|         |(64016)  <------------------  (5060)   |                   |                   |                   |
|12.873617|         Request: ACK sip:bob          |                   |                   |                   |SIP: Request: ACK sip:bob at iot-ims.test | 
|         |(64016)  ------------------>  (5060)   |                   |                   |                   |


More information about the sr-users mailing list