[SR-Users] Kamailio behind NAT or With Public IP - Which one is highly recommended

Pintu Lohar pintulohargcetts at gmail.com
Wed Feb 27 03:56:45 CET 2019


Hi Henning, Joel,
Thanks for your valuable input.

 One of our setup for production looks like below for around 1 million
users initially :
                                                          / -------------->
Kamailio  (active node, as of now private)   \
 Client -- > LB(public IP- l4 switch)--

---------->Centralized database
                                                          \ -------------->
Kamailio (passive node, as of now private)  /


In the future, we have a plan to add another domain and allow calls between
different domain.

Thanks & Regards
Pintu

On Wed, Feb 27, 2019 at 6:47 AM Joel Serrano <joel at textplus.com> wrote:

> I second that. And to add to Henning's suggestion...
>
> We recently tested that same setup, and we found one "thing": Using
> advertise, you will need a second port (listen transport:ip:port) to talk
> to internal servers that require you to *keep* the private IP. Otherwise
> all outgoing request from that kamailio will have the IP replaced by
> whatever the advertise says and that can mess up your internal routing.
>
> Not an issue, as I said you can configure a second port, but just
> something to know depending on what your setup is gong to look like.
>
> Good luck!
> Joel.
>
> On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <hw at kamailio.org>
> wrote:
>
>> Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:
>> > Which one among the below option is highly recommended for setting up
>> > Kamailio (for production)
>> >   1.  Kamailio behind NAT *or*
>> >    2. Setting up Kamailio using public IP?
>> >
>> >  are there any disadvantages if we setup Kamailio behind NAT and use
>> > advertise option in listen parameters?
>> >
>> > We have tested both the options, and both the options work great for
>> us( a.
>> > Kamailio behind NAT with advertising in listen parameters b.Kamailio
>> setup
>> > with public IP).  So wondering which one is best and highly recommended?
>> >
>> > Some extra info :
>> > 1. We use TLS
>> > 2. Using coturn for media
>>
>> Hello Pintu,
>>
>> generally speaking, if you have the choice between a network setup with
>> NAT
>> and without NAT (everything else equal) - my recommendation would to
>> choose
>> the one without NAT. It will be easier to debug in case of problems on
>> your
>> side or the client side.
>>
>> Best regards,
>>
>> Henning
>>
>> --
>> Henning Westerholt - https://skalatan.de/blog/
>> Kamailio services - https://skalatan.de/services
>> Kamailio security assessment - https://skalatan.de/de/assessment
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190227/229115a4/attachment.html>


More information about the sr-users mailing list