[SR-Users] Kamailio behind HAProxy
Joel Serrano
joel at textplus.com
Thu Nov 12 03:18:21 CET 2020
In one case, it was to take advantage of the SSL offloading from the cloud
provided load balancer (among other features, but that was the main one). I
never got it fully working though..
See: https://github.com/kamailio/kamailio/issues/2103 and the thread
https://lists.kamailio.org/pipermail/sr-users/2019-November/107222.html
So it could end up being useful for something like:
UA <-> TCP load balancer (that *proxies* the connection but doesn't talk
SIP) <-> Kamailio -> destination.
I'm also curious to know if/how the rest are using it..
On Wed, Nov 11, 2020 at 9:24 AM Alex Balashov <abalashov at evaristesys.com>
wrote:
> The motive is still a bit of a mystery to me. Yes, it allows Kamailio to
> discover the true source IP/port of a message, but given the function
> performed by HAProxy for TCP connections, it seems generally useful to
> think of HAProxy as the other endpoint of the connection? Moreover, it
> makes it that much more complicated to send requests to reach the client
> _via_ HAProxy (e.g. following a lookup()), since HAProxy isn't a SIP
> proxy and doesn't add a Path hop.
>
> Am I missing something vital about the nature of HAProxy + Kamailio
> deployments?
>
> -- Alex
>
> On 11/11/20 8:23 AM, Henning Westerholt wrote:
> > Hello,
> >
> > bascially this allows Kamailio to understand the HAProxy protocol to be
> > used behind this particular proxy. Some discussion can be found at the
> > list and also at https://github.com/kamailio/kamailio/pull/1765
> >
> > Cheers,
> >
> > Henning
> >
> > --
> >
> > Henning Westerholt – https://skalatan.de/blog/
> >
> > Kamailio services – https://gilawa.com <https://gilawa.com/>
> >
> > *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of
> > *Joey Golan
> > *Sent:* Wednesday, November 11, 2020 1:47 PM
> > *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> > *Subject:* Re: [SR-Users] Kamailio behind HAProxy
> >
> > Thanks Sergey.
> >
> > Can anyone please explain how and why to use tcp_accept_haproxy?
> >
> > On 11 Nov 2020, 10:39 +0200, Sergey Safarov <s.safarov at gmail.com
> > <mailto:s.safarov at gmail.com>>, wrote:
> >
> > Now I not use pike.
> >
> > On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <joeygo at gmail.com
> > <mailto:joeygo at gmail.com>> wrote:
> >
> > So on your AWS deployment are you working without
> ANTIFLOOD(pike)?
> >
> > I still don’t understand how and why to use tcp_accept_haproxy.
> >
> > On 9 Nov 2020, 11:49 +0200, Sergey Safarov <s.safarov at gmail.com
> > <mailto:s.safarov at gmail.com>>, wrote:
> >
> > In AWS I now use the network load balancer without enabled
> > HAproxy protocol.
> >
> > On EC2 instances used two ENI.
> >
> > First for traffic via NLB for Inbound traffic.
> >
> > And second ENI for outbound traffic.
> >
> > This works but, maybe complex to implement.
> >
> > Now I looking to:
> >
> > 1) enable TCP + HAproxy protocol support in Kamailio;
> >
> > 2) add UDP + HAproxy protocol feature support;
> >
> > 3) add connection support "with" and "without" HAproxy
> protocol.
> >
> > But I am not a developer and cannot say when it implemented.
> >
> > If your usage case, is business requirements and need
> > extended HAproxy implementation in Kamailio, then your
> > company can hire devs from the community.
> >
> > On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <joeygo at gmail.com
> > <mailto:joeygo at gmail.com>> wrote:
> >
> > Maybe I miss understood you.
> > For local installations you mean HAProxy with
> > transparent mode?
> >
> > I have a functioning setup without proxy protocol
> > enabled but without anitflood enabled because all
> > traffic comes from same HAProxy address.
> >
> > I’m not sure I understand the purpose of
> > tcp_accept_haproxy. When and how this parameter should
> > be used?
> >
> > Thanks,
> > Joey.
> >
> > On 9 Nov 2020, 0:27 +0200, Sergey Safarov
> > <s.safarov at gmail.com <mailto:s.safarov at gmail.com>>,
> wrote:
> >
> > Why you cannot use this in the local installation?
> >
> > On AWS I have multiple kamailio servers behind ELB.
> >
> > Why you do not use a network load-balancer? NLB also
> > offers HAproxy protocol support (TCP and UDP).
> >
> > In AWS installation you can use dedicated Kamailio
> > groups for inbound connections and SIP clients with
> > registration.
> >
> > And use other Kamailio group for outbound
> > connections like carriers.
> >
> >
> > Sergey
> >
> > On Sun, Nov 8, 2020 at 9:07 PM Joey Golan
> > <joeygo at gmail.com <mailto:joeygo at gmail.com>> wrote:
> >
> > It doesn’t make much sense to me.
> > On local installations (on-premise) I have 1
> > HAProxy and multiple kamailio servers.
> > On AWS I have multiple kamailio servers behind
> ELB.
> >
> > On 8 Nov 2020, 19:45 +0200, Sergey Safarov
> > <s.safarov at gmail.com
> > <mailto:s.safarov at gmail.com>>, wrote:
> >
> > you can try place haproxy + NAT on your own
> > Linux router.
> >
> > In this case inbound connections with be
> > delivered via HAproxy.
> > Outbound connections will be NAT-ed on the
> > same host, to the same IP.
> >
> > On Sun, Nov 8, 2020 at 6:31 PM Joey Golan
> > <joeygo at gmail.com <mailto:joeygo at gmail.com>>
> > wrote:
> >
> > Hello,
> > I have a kamailio server running behind
> > HAProxy with proxy protocol v2 enabled.
> > In Kamailio I have set the parameter
> > tcp_accept_haproxy=yes and loaded tcpops
> > module.
> > UEs are registered using TLS and
> > kamailio sees that the message has
> > received from their real ip address +
> > port and not HAProxy ip + port.
> > When UE A calls UE B, kamailio is trying
> > to reach UE B using his real ip address
> > and port instead of HAProxy IP address +
> > port.
> >
> > I know I can get the tcp ip and port of
> > HAProxy using $tcp(c_si) and $tcp(c_sp)
> > but I can’t make it work.
> > What is the right way to do this? How
> > should I use these variables properly in
> > order to establish the call successfully?
> >
> > Thanks,
> > Joey.
> >
> >
> _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > <mailto:sr-users at lists.kamailio.org>
> >
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> >
> _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > <mailto:sr-users at lists.kamailio.org>
> >
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > <mailto:sr-users at lists.kamailio.org>
> >
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > <mailto:sr-users at lists.kamailio.org>
> >
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > <mailto:sr-users at lists.kamailio.org>
> >
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org <mailto:
> sr-users at lists.kamailio.org>
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201111/e1029d8d/attachment.htm>
More information about the sr-users
mailing list