[SR-Users] Fwd: INVITE routing issue when using Private IP (RFC1918) network
pslack14
pslack14 at gmail.com
Mon Apr 6 23:22:17 CEST 2015
Hello,
I have a Kamailio IMS instance setup, using different hosts for each IMS
function (P-CSCF,S-CSCF,I-CSCF etc) and am able to register clients
successfully.
However, when Client-A tries to call Client-B (both registered to the same
S-CSCF), the call is failing with the "403 Forbidden - You must register
first with a S-CSCF" error. .
All hosts & clients are running on the same subnet using RFC1918 IP
addresses, there is no NAT involved.
I've seen the same issue on both 4.2 and Master branches.
I have the nathelper 'nat_uac_test' parameter set to 18.
Looking at the debug prints and SIP traces, I can see that the 403 Error is
being generated by the P-CSCF when it receives the INVITE from the S-CSCF
(for forwarding to Client-B).
Digging deeper into the debug logs, it looks like this is a result of a
failed contact match - I've experimented with different values
for "hashing_type", which do change the routing logic but still I see the
403 Error.
Here's 2 excerpts from the debug prints for different values of
hashing_type :
*modparam("ims_usrloc_pcscf", ""hashing_type",hashing_type", 0) :*
2(19636) DEBUG: ims_registrar_pcscf [service_routes.c:183]: getContactP():
> Searching in usrloc for 10.133.202.17:5060 (Proto 1)
2(19636) DEBUG: ims_usrloc_pcscf [udomain.c:618]: get_pcontact_by_src():
> Trying to find contact by src with URI: [sip:*@10.133.202.17:5060]
2(19636) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
> Searching for contact in P-CSCF usrloc [sip:*@10.133.202.17:5060]
2(19636) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash(): Returning
> hash slot: [1670705485]
2(19636) DEBUG: ims_registrar_pcscf [service_routes.c:186]: getContactP():
> No entry in usrloc for 10.133.202.17:5060 (Proto 1) found!
2(19636) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
> Searching for contact in P-CSCF usrloc [sip:john at 10.133.202.61:64019
> ;transport=udp]
2(19636) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash(): Returning
> hash slot: [397265208]
2(19636) DEBUG: ims_registrar_pcscf [service_routes.c:119]:
> checkcontact(): Port 64019 (search 5060), Proto 1 (search 1), reg_state
> registered (search registered)
2(19636) ERROR: *** cfgtrace:request_route=[Orig_Initial]
> c=[/etc/kamailio/kamailio.cfg] l=926 a=26 n=send_reply
*modparam("ims_usrloc_pcscf", ""hashing_type",hashing_type", 2) :*
1(19401) DEBUG: ims_registrar_pcscf [service_routes.c:183]: getContactP():
>> Searching in usrloc for 10.133.202.17:5060 (Proto 1)
>
> 1(19401) DEBUG: ims_usrloc_pcscf [udomain.c:618]: get_pcontact_by_src():
>> Trying to find contact by src with URI: [sip:*@10.133.202.17:5060]
>
> 1(19401) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
>> Searching for contact in P-CSCF usrloc [sip:*@10.133.202.17:5060]
>
> 1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:97]:
>> get_alias_host_from_contact(): no params
>
> 1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:183]: get_aor_hash(): using
>> host for hash [10.133.202.17]
>
> 1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash():
>> Returning hash slot: [-1564914093]
>
> 1(19401) DEBUG: ims_registrar_pcscf [service_routes.c:186]:
>> getContactP(): No entry in usrloc for 10.133.202.17:5060 (Proto 1) found!
>
> 1(19401) DEBUG: ims_usrloc_pcscf [udomain.c:465]: get_pcontact():
>> Searching for contact in P-CSCF usrloc [sip:john at 10.133.202.61:64013
>> ;transport=udp]
>
> 1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:176]: get_aor_hash(): Looks
>> like this contact is natted - contact URI: [10.133.202.61] but came from
>> received_host: [10.133.202.17] so will use received_host for hash
>
> 1(19401) DEBUG: ims_usrloc_pcscf [usrloc.c:187]: get_aor_hash():
>> Returning hash slot: [-1564914093]
>
> 1(19401) ERROR: *** cfgtrace:request_route=[Orig_Initial]
>> c=[/etc/kamailio/kamailio.cfg] l=926 a=26 n=send_reply
>
>
Can anyone offer any hints as to how to resolve this?
I am attaching a SIP call flow - I can supply a complete Kamailio debug
trace if needed.
Thanks
Phill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150406/45dfa299/attachment.html>
-------------- next part --------------
10.133.202.61 : Client-A
10.133.202.15 : P-CSCF
10.133.202.16 : I-CSCF
10.133.202.17 : S-CSCF
10.133.202.144 : Client-B
|Time | 10.133.202.61 | 10.133.202.16 | 10.133.202.144 |
| | | 10.133.202.15 | | 10.133.202.17 |
|0.000000 | Request: REGISTER si | | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| |(64016) ------------------> (5060) | | | |
|0.499099 | Request: REGISTER si | | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| |(64016) ------------------> (5060) | | | |
|1.499053 | Request: REGISTER si | | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| |(64016) ------------------> (5060) | | | |
|2.470232 | | Request: REGISTER si | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| | |(5060) ------------------> (5060) | | |
|2.488597 | | Status: 401 Unauthor | | |SIP: Status: 401 Unauthorized - Challenging the UE |
| | |(5060) <------------------ (5060) | | |
|2.489073 | Status: 401 Unauthor | | | |SIP: Status: 401 Unauthorized - Challenging the UE |
| |(64016) <------------------ (5060) | | | |
|2.490496 | Request: REGISTER si | | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| |(64016) ------------------> (5060) | | | |
|2.493079 | | Request: REGISTER si | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| | |(5060) ------------------> (5060) | | |
|2.515153 | | Status: 200 OK (1 b | | |SIP: Status: 200 OK (1 binding) |
| | |(5060) <------------------ (5060) | | |
|2.533086 | Status: 200 OK (1 b | | | |SIP: Status: 200 OK (1 binding) |
| |(64016) <------------------ (5060) | | | |
|2.557427 | | Request: NOTIFY sip:john at 10.133.202.61:6 | |SIP/XML: Request: NOTIFY sip:john at 10.133.202.61:64016;transport=udp |
| | |(5060) <-------------------------------------- (5060) | |
|2.563402 | Request: NOTIFY sip: | | | |SIP/XML: Request: NOTIFY sip:john at 10.133.202.61:64016;transport=udp |
| |(64016) <------------------ (5060) | | | |
|2.564360 | Status: 200 OK | | | | |SIP: Status: 200 OK |
| |(64016) ------------------> (5060) | | | |
|2.564803 | | Status: 200 OK | | | |SIP: Status: 200 OK |
| | |(5060) --------------------------------------> (5060) | |
|6.059836 | | Request: REGISTER sip:iot-ims.test (1 binding) | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| | |(5060) <---------------------------------------------------------- (51403) |
|6.077557 | | Request: REGISTER si | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| | |(5060) ------------------> (5060) | | |
|6.095801 | | Status: 401 Unauthor | | |SIP: Status: 401 Unauthorized - Challenging the UE |
| | |(5060) <------------------ (5060) | | |
|6.096185 | | Status: 401 Unauthorized - Challenging the UE | | |SIP: Status: 401 Unauthorized - Challenging the UE |
| | |(5060) ----------------------------------------------------------> (51403) |
|6.098128 | | Request: REGISTER sip:iot-ims.test (1 binding) | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| | |(5060) <---------------------------------------------------------- (51403) |
|6.098996 | | Request: REGISTER si | | |SIP: Request: REGISTER sip:iot-ims.test (1 binding) |
| | |(5060) ------------------> (5060) | | |
|6.112092 | | Status: 200 OK (1 b | | |SIP: Status: 200 OK (1 binding) |
| | |(5060) <------------------ (5060) | | |
|6.125297 | | Status: 200 OK (1 binding) | | | |SIP: Status: 200 OK (1 binding) |
| | |(5060) ----------------------------------------------------------> (51403) |
|6.138797 | | Request: NOTIFY sip:bob at 10.133.202.144:5 | |SIP/XML: Request: NOTIFY sip:bob at 10.133.202.144:51403;transport=udp |
| | |(5060) <-------------------------------------- (5060) | |
|6.159662 | | Request: NOTIFY sip:bob at 10.133.202.144:51403;transport=udp | |SIP/XML: Request: NOTIFY sip:bob at 10.133.202.144:51403;transport=udp |
| | |(5060) ----------------------------------------------------------> (51403) |
|6.160369 | | Status: 200 OK | | | |SIP: Status: 200 OK |
| | |(5060) <---------------------------------------------------------- (51403) |
|6.164099 | | Status: 200 OK | | | |SIP: Status: 200 OK |
| | |(5060) --------------------------------------> (5060) | |
|12.849642| Request: INVITE sip: | | | |SIP/SDP: Request: INVITE sip:bob at iot-ims.test |
| |(64016) ------------------> (5060) | | | |
|12.856950| | Request: INVITE sip:bob at iot-ims.test | | |SIP/SDP: Request: INVITE sip:bob at iot-ims.test |
| | |(5060) --------------------------------------> (5060) | |
|12.865536| | Request: INVITE sip:bob at 10.133.202.144:5 | |SIP: Request: INVITE sip:bob at 10.133.202.144:51403;transport=udp |
| | |(5060) <-------------------------------------- (5060) | |
|12.868726| | Status: 403 Forbidden - You must registe | |SIP: Status: 403 Forbidden - You must register first with a S-CSCF |
| | |(5060) --------------------------------------> (5060) | |
|12.869848| | Request: ACK sip:bob at 10.133.202.144:5140 | |SIP: Request: ACK sip:bob at 10.133.202.144:51403;transport=udp |
| | |(5060) <-------------------------------------- (5060) | |
|12.871151| | Status: 403 Forbidden - You must registe | |SIP: Status: 403 Forbidden - You must register first with a S-CSCF |
| | |(5060) <-------------------------------------- (5060) | |
|12.871450| | Request: ACK sip:bob at iot-ims.test | | |SIP: Request: ACK sip:bob at iot-ims.test |
| | |(5060) --------------------------------------> (5060) | |
|12.872833| Status: 403 Forbidde | | | |SIP: Status: 403 Forbidden - You must register first with a S-CSCF |
| |(64016) <------------------ (5060) | | | |
|12.873617| Request: ACK sip:bob | | | |SIP: Request: ACK sip:bob at iot-ims.test |
| |(64016) ------------------> (5060) | | | |
More information about the sr-users
mailing list