[SR-Users] Kamailio behind HAProxy

Joey Golan joeygo at gmail.com
Mon Nov 9 09:20:59 CET 2020


Maybe I miss understood you.
For local installations you mean HAProxy with transparent mode?

I have a functioning setup without proxy protocol enabled but without anitflood enabled because all traffic comes from same HAProxy address.

I’m not sure I understand the purpose of tcp_accept_haproxy. When and how this parameter should be used?

Thanks,
Joey.
On 9 Nov 2020, 0:27 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
> Why you cannot use this in the local installation?
>
> On AWS I have multiple kamailio servers behind ELB.
>
> Why you do not use a network load-balancer? NLB also offers HAproxy protocol support (TCP and UDP).
>
> In AWS installation you can use dedicated Kamailio groups for inbound connections and SIP clients with registration.
> And use other Kamailio group for outbound connections like carriers.
>
> Sergey
>
> > On Sun, Nov 8, 2020 at 9:07 PM Joey Golan <joeygo at gmail.com> wrote:
> > > It doesn’t make much sense to me.
> > > On local installations (on-premise) I have 1 HAProxy and multiple kamailio servers.
> > > On AWS I have multiple kamailio servers behind ELB.
> > > On 8 Nov 2020, 19:45 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
> > > > you can try place haproxy + NAT on your own Linux router.
> > > > In this case inbound connections with be delivered via HAproxy.
> > > > Outbound connections will be NAT-ed on the same host, to the same IP.
> > > >
> > > > > On Sun, Nov 8, 2020 at 6:31 PM Joey Golan <joeygo at gmail.com> wrote:
> > > > > > Hello,
> > > > > > I have a kamailio server running behind HAProxy with proxy protocol v2 enabled.
> > > > > > In Kamailio I have set the parameter tcp_accept_haproxy=yes and loaded tcpops module.
> > > > > > UEs are registered using TLS and kamailio sees that the message has received from their real ip address + port and not HAProxy ip + port.
> > > > > > When UE A calls UE B, kamailio is trying to reach UE B using his real ip address and port instead of HAProxy IP address + port.
> > > > > >
> > > > > > I know I can get the tcp ip and port of HAProxy using $tcp(c_si) and $tcp(c_sp) but I can’t make it work.
> > > > > > What is the right way to do this? How should I use these variables properly in order to establish the call successfully?
> > > > > >
> > > > > > Thanks,
> > > > > > Joey.
> > > > > > _______________________________________________
> > > > > > Kamailio (SER) - Users Mailing List
> > > > > > sr-users at lists.kamailio.org
> > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > _______________________________________________
> > > > Kamailio (SER) - Users Mailing List
> > > > sr-users at lists.kamailio.org
> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > _______________________________________________
> > > Kamailio (SER) - Users Mailing List
> > > sr-users at lists.kamailio.org
> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201109/79825bc7/attachment.htm>


More information about the sr-users mailing list