[SR-Users] 30X redirect in interconnects - better alternative?

Gerry | Rigatta gjacobsen at rigatta.com
Wed Jul 8 14:41:43 CEST 2020 

Hi Alex,

thanks for your help.

OK. I have added an additional header showing the originating IP in case traffic comes not from one of the boxes listed in the dispatcher module. I grab that header field in the boxes behind Kamailio and authenticate against it. Works well. The only possible danger I see is that someone gets direct access to the boxes and fakes the IP header. 

Any other risks/downsides with this approach? 

Gerry

request_route {

  # per request initial checks
  route(REQINIT);

  # add source headers
  remove_hf(“Tru-IP");
  if (!ds_is_from_list(1,3)) {
      # if route is from external then preserve the source IP so we can check it later
      append_hf(“Tru-IP: $si\r\n");
  }

….





> On 7 Jul 2020, at 19:46, Alex Balashov <abalashov at evaristesys.com> wrote:
> 
> It is my experience that origination providers do not follow redirects; it is seen as a policy rather than a technical problem.
> 
> Custom header injected by Kamailio is a good way to go for conserving originating network info (e.g. IP and port).
> 
> On 7/7/20 1:39 PM, Gerry | Rigatta.com wrote:
>> Hi,
>> I would like to use Kamailio for load balancing incoming carrier traffic. We do currently IP authentication and call logic in Yate boxes. Ideally I would like to distribute calls with 30X redirects with the Kamailio dispatcher so that IP authentication and all logic can stay in the Yate boxes.
>> However I have doubts that 30X redirects are generally accepted in interconnects. What is your experience with this?
>> What is the possible alternative to redirects if one wants to keep IP authentication and call logic in the boxes behind the Kamailio SIP router? E.g. how can one reliably check the carrier source IPs behind Kamailio? Custom headers injected by Kamailio?
>> Of cause I can check source IPs with a database lookup in Kamailio but I try to avoid that as this makes the setup much more complicated and error prone.
>> Thank you for your ideas.
>> Gerry
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Alex Balashov | Principal | Evariste Systems LLC
> 
> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
> 
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list