[SR-Users] SIP and conntrackd experience?

Grant Bagdasarian gb at cm.nl
Wed Sep 30 15:07:12 CEST 2015


Yes, I understand.
Let me explain it like this and forget about VPN:

A phone call is set up from A to C through B.

A connects to B which in turn connects the call to C.
All traffic is sent using UDP over the public internet.
B has a firewall on both ends, so between A and B and B and C.
A is connected to C in say 10 seconds and they're exchanging RTP.
Now, the firewalls at B are turned off, or crash or whatever, mid call.

Would this cause the session to be disconnected? The media is obviously gone, but will the session remain active?
I'm looking for a way to restore almost instantly in case of any failure, be it firewall related.

My idea was to configure conntrackd on the firewalls which are setup in HA mode and where a crash of the primary would result in a failover to the backup with full connection restore.

-----Original Message-----
From: sr-users [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of Daniel Tryba
Sent: Wednesday, September 30, 2015 10:56 AM
To: sr-users at lists.sip-router.org
Subject: Re: [SR-Users] SIP and conntrackd experience?

On Wednesday 30 September 2015 07:19:08 Grant Bagdasarian wrote:
> Does anyone have experience with SIP and conntrackd?
> Our media and signaling is separated.
> Does this work for VPN connections where SIP is sent over the VPN but 
> the media over public internet?

I don't see the relation with conntrackd and your setup, unless you are using some sip inspection to open the (local) rtp ports for specific source/destinations. Which is a very bad idea IMHO, my experience is that any of such ALG just cause more problems.

But if you use rtpengine and advertise the public ips in SDP the UAs will contact them, the engine will learn the correct ipadress. It is up to routing at the client to seperate the traffic correctly. 

IIRC rtpproxy works the same.

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users at lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



More information about the sr-users mailing list