[SR-Users] Kamailio behind HAProxy

Mon Nov 9 10:47:47 CET 2020

In AWS I now use the network load balancer without enabled HAproxy protocol.
On EC2 instances used two ENI.
First for traffic via NLB for Inbound traffic.
And second ENI for outbound traffic.

This works but, maybe complex to implement.

Now I looking to:
1) enable TCP + HAproxy protocol support in Kamailio;
2) add UDP + HAproxy protocol feature support;
3) add connection support "with" and "without" HAproxy protocol.

But I am not a developer and cannot say when it implemented.

If your usage case, is business requirements and need extended HAproxy
implementation in Kamailio, then your company can hire devs from the
community.

On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <joeygo at gmail.com> wrote:

> Maybe I miss understood you.
> For local installations you mean HAProxy with transparent mode?
>
> I have a functioning setup without proxy protocol enabled but without
> anitflood enabled because all traffic comes from same HAProxy address.
>
> I’m not sure I understand the purpose of tcp_accept_haproxy. When and how
> this parameter should be used?
>
> Thanks,
> Joey.
> On 9 Nov 2020, 0:27 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
>
> Why you cannot use this in the local installation?
>
> On AWS I have multiple kamailio servers behind ELB.
>
> Why you do not use a network load-balancer? NLB also offers HAproxy
> protocol support (TCP and UDP).
>
> In AWS installation you can use dedicated Kamailio groups for inbound
> connections and SIP clients with registration.
> And use other Kamailio group for outbound connections like carriers.
>
> Sergey
>
> On Sun, Nov 8, 2020 at 9:07 PM Joey Golan <joeygo at gmail.com> wrote:
>
>> It doesn’t make much sense to me.
>> On local installations (on-premise) I have 1 HAProxy and multiple
>> kamailio servers.
>> On AWS I have multiple kamailio servers behind ELB.
>> On 8 Nov 2020, 19:45 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
>>
>> you can try place haproxy + NAT on your own Linux router.
>> In this case inbound connections with be delivered via HAproxy.
>> Outbound connections will be NAT-ed on the same host, to the same IP.
>>
>> On Sun, Nov 8, 2020 at 6:31 PM Joey Golan <joeygo at gmail.com> wrote:
>>
>>> Hello,
>>> I have a kamailio server running behind HAProxy with proxy protocol v2
>>> enabled.
>>> In Kamailio I have set the parameter tcp_accept_haproxy=yes and loaded
>>> tcpops module.
>>> UEs are registered using TLS and kamailio sees that the message has
>>> received from their real ip address + port and not HAProxy ip + port.
>>> When UE A calls UE B, kamailio is trying to reach UE B using his real ip
>>> address and port instead of HAProxy IP address + port.
>>>
>>> I know I can get the tcp ip and port of HAProxy using $tcp(c_si) and
>>> $tcp(c_sp) but I can’t make it work.
>>> What is the right way to do this? How should I use these variables
>>> properly in order to establish the call successfully?
>>>
>>> Thanks,
>>> Joey.
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201109/5f2110f8/attachment.htm>