[SR-Users] Kamailio as SBC

Ellad Yatsko eyatsko at ngs.ru
Mon Oct 22 16:21:03 CEST 2018


May you help?.. :-)

Kind regards,
Ellad

22.10.2018 17:12, Alex Balashov пишет:
> I did not say that my article represents a complete answer to every part
> of every one of your questions, at every level of abstraction and
> specificity. Just that it might be helpful. :-)
>
> On Mon, Oct 22, 2018 at 04:40:03PM +0300, Ellad Yatsko wrote:
>
>> Dear Alex,
>>
>> your article is just "general words". :-) There is a couple of questions:
>>
>>   - can my "vision" be completed?
>>   - how can it be implemented?
>>
>> The major problem as I see is to modify algorithm so Kamailio will not check
>> database but will lean on answers of its upstream to generate
>> UL. It should not BALANCE, just forward SIP traffic, ANALYZE answers of
>> Upstream
>> SIP-Server, make decision about attacks and PROXY RTP. It should be more
>> clear
>> definition what I would like to achieve.
>>
>> I could be confused about exact terminology of "Session Border Controller".
>> But I'd like to implement FRAUD/BruteForce protection of my Asterisk using
>> Kamailio (in the middle) because I heard it highly effective in the point
>> of view of heavy loads. Asterisk might not bear a "tons" of SIP requests
>> (dialogs).
>>
>>
>>
>> Kind regards,
>> Ellad
>>
>>
>> 22.10.2018 12:07, Alex Balashov пишет:
>>> I hate to plug my own articles, but in this case it might help:
>>>
>>> http://www.evaristesys.com/blog/kamailio-as-an-sbc-five-years-on/
>>>
>>> --
>>> Sent from mobile. Apologies for brevity and errors. 
>>>
>>> -----Original Message-----
>>> From: Ellad Yatsko <eyatsko at ngs.ru>
>>> To: sr-users at lists.kamailio.org
>>> Sent: Mon, 22 Oct 2018 3:28 AM
>>> Subject: [SR-Users] Kamailio as SBC
>>>
>>> Hello!
>>>
>>> I'd like to implement the following diagram:
>>>
>>>  Users  -> Internet -> Kamailio -> Asterisk
>>>
>>> 1. Kamailio has no own users, it just re-writes headers and re-send
>>> REGISTER messages to Asterisk where usres are located.
>>>
>>> 2. Depending on Astersisk's answers Kamailio either form UL (using
>>> original IP from the first, original REGISTER from Users) or translates
>>> Asterisk's answer back to Users. If it is error (e.g.
>>> forbidden/notfound) Kamailio blocks User's IP (for instance using pike
>>> module) and Fail2Ban adds affected IP into IPSet's List to block it by
>>> IPTables Permanently.
>>>
>>> 3. INVITEs are translated to Asterisk as to the only Upstream
>>> SIP-Server. And again Errors from Asterisk are processed in the same way
>>> as Bad REGISTERs. Pike in conjunction with IPSet/IPTables block affected
>>> IPs.
>>>
>>> 4. Astersisk sees all registrations from Internet user as they are
>>> directly behind Kamailio. Kamailio rewirtes headers twice: from Users to
>>> Asterisk and from Asterisk to Users - this allows to hide topology from
>>> users (they deal ONLY with Kamailio) and block non-static IPs on the
>>> Asterisk's side.
>>>
>>> Is this possible?
>>>
>>> Kind regards,
>>> Ellad Yatsko
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users




More information about the sr-users mailing list