[SR-Users] Re-invite after RTPengine pacemaker switching?
Giovanni Maruzzelli
gmaruzz at gmail.com
Thu Nov 7 14:48:39 CET 2019
Definitely it does not work getting the keys from redis. Also, until not
long ago, trying to failover from REDIS in tls calls was crashing rtpengine.
I believe it can work on DTLS if we start with a "pristine" reinvite, doing
ICE and all things again, like it was a first invite. Something like
storing the first invite at dialog beginning, and using it as a base for
reinvite if failover happens.
This is on my TODO list, so I have no working system, but I would like to
check it, and definitely I'd like to read about others' experiences and
thoughts.
On Thu, Nov 7, 2019 at 2:20 PM Karsten Horsmann <khorsmann at gmail.com> wrote:
> Hi Giovanni,
>
> i have an SRTP and WebRTC DTLS setup with pacemaker/corosync and failover
> works for SRTP (with REINVITES).
> I use rtpengine with redis backend. On DTLS side, i dont got it working
> with REINVITES.
> AFAIK the session keys are not stored like SRTP in SIP Signaling.
>
> So i thought, that calls are lost.
>
> Cheers Karsten
>
> Am Do., 7. Nov. 2019 um 13:59 Uhr schrieb Giovanni Maruzzelli <
> gmaruzz at gmail.com>:
>
>> ( but yes, it works on DTLS, I had not really read you were talking about
>> DTLS. You must reinvite reusing the original SDP peers sent to you)
>>
>>
>>
>> On Thu, Nov 7, 2019 at 1:54 PM Giovanni Maruzzelli <gmaruzz at gmail.com>
>> wrote:
>>
>>> I believe the problem is that there is no more tcp connection.
>>>
>>> Eg, if you generate a reinvite over udp, it works (with due care, you
>>> can have the keys renegotiated as per beginning)
>>>
>>> But... you have no more tcp (tls is tcp) connection to send the reinvite
>>> to
>>>
>>> So, it works on udp, but udp is no secure because it sends the keys in
>>> signaling...
>>>
>>> So, end of story: you cannot failover TLS calls, at least not with these
>>> simple techniques...
>>>
>>> Any other opinions? I am extremely interested!
>>>
>>> -giovanni
>>>
>>>
>>>
>>> On Thu, Nov 7, 2019 at 10:14 AM Karsten Horsmann <khorsmann at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> AFAIK the keys of an DTLS session are not restorable so after failover
>>>> will come with an stale DTLS call.
>>>> Only SRTP can recovered with RE-INVITES if you use some kind session
>>>> storage.
>>>>
>>>>
>>>> Am Di., 30. Okt. 2018 um 12:07 Uhr schrieb Жан Базаров <
>>>> chiefkeeft at gmail.com>:
>>>>
>>>>> I need to send re-invite after pacemaker fails over on new rtpengine
>>>>> server. Because new rtpengine dont participate in DTLS handshake and i hear
>>>>> nothing, but silence. I think, may me its would be work. Do you have any
>>>>> idea on this issue?
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>
>>>>
>>>> --
>>>> Mit freundlichen Grüßen
>>>> *Karsten Horsmann*
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>
>>>
>>> --
>>> Sincerely,
>>>
>>> Giovanni Maruzzelli
>>> OpenTelecom.IT
>>> cell: +39 347 266 56 18
>>>
>>>
>>
>> --
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
> --
> Mit freundlichen Grüßen
> *Karsten Horsmann*
>
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191107/e9614404/attachment.html>
More information about the sr-users
mailing list