[SR-Users] Kamailio as SBC

Alex Balashov abalashov at evaristesys.com
Mon Oct 22 16:12:21 CEST 2018


I did not say that my article represents a complete answer to every part
of every one of your questions, at every level of abstraction and
specificity. Just that it might be helpful. :-)

On Mon, Oct 22, 2018 at 04:40:03PM +0300, Ellad Yatsko wrote:

> Dear Alex,
> 
> your article is just "general words". :-) There is a couple of questions:
> 
>   - can my "vision" be completed?
>   - how can it be implemented?
> 
> The major problem as I see is to modify algorithm so Kamailio will not check
> database but will lean on answers of its upstream to generate
> UL. It should not BALANCE, just forward SIP traffic, ANALYZE answers of
> Upstream
> SIP-Server, make decision about attacks and PROXY RTP. It should be more
> clear
> definition what I would like to achieve.
> 
> I could be confused about exact terminology of "Session Border Controller".
> But I'd like to implement FRAUD/BruteForce protection of my Asterisk using
> Kamailio (in the middle) because I heard it highly effective in the point
> of view of heavy loads. Asterisk might not bear a "tons" of SIP requests
> (dialogs).
> 
> 
> 
> Kind regards,
> Ellad
> 
> 
> 22.10.2018 12:07, Alex Balashov пишет:
> > I hate to plug my own articles, but in this case it might help:
> >
> > http://www.evaristesys.com/blog/kamailio-as-an-sbc-five-years-on/
> >
> > --
> > Sent from mobile. Apologies for brevity and errors. 
> >
> > -----Original Message-----
> > From: Ellad Yatsko <eyatsko at ngs.ru>
> > To: sr-users at lists.kamailio.org
> > Sent: Mon, 22 Oct 2018 3:28 AM
> > Subject: [SR-Users] Kamailio as SBC
> >
> > Hello!
> >
> > I'd like to implement the following diagram:
> >
> >  Users  -> Internet -> Kamailio -> Asterisk
> >
> > 1. Kamailio has no own users, it just re-writes headers and re-send
> > REGISTER messages to Asterisk where usres are located.
> >
> > 2. Depending on Astersisk's answers Kamailio either form UL (using
> > original IP from the first, original REGISTER from Users) or translates
> > Asterisk's answer back to Users. If it is error (e.g.
> > forbidden/notfound) Kamailio blocks User's IP (for instance using pike
> > module) and Fail2Ban adds affected IP into IPSet's List to block it by
> > IPTables Permanently.
> >
> > 3. INVITEs are translated to Asterisk as to the only Upstream
> > SIP-Server. And again Errors from Asterisk are processed in the same way
> > as Bad REGISTERs. Pike in conjunction with IPSet/IPTables block affected
> > IPs.
> >
> > 4. Astersisk sees all registrations from Internet user as they are
> > directly behind Kamailio. Kamailio rewirtes headers twice: from Users to
> > Asterisk and from Asterisk to Users - this allows to hide topology from
> > users (they deal ONLY with Kamailio) and block non-static IPs on the
> > Asterisk's side.
> >
> > Is this possible?
> >
> > Kind regards,
> > Ellad Yatsko
> >
> >
> >
> >
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> 
> 
> 
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/



More information about the sr-users mailing list