[SR-Users] Kamailio behind HAProxy
Joey Golan
joeygo at gmail.com
Sat Nov 14 07:34:39 CET 2020
Hi Henning,
I understand the idea behind this but still don’t understand how to use it.
Any ideas?
On 11 Nov 2020, 15:24 +0200, Henning Westerholt <hw at skalatan.de>, wrote:
> Hello,
>
> bascially this allows Kamailio to understand the HAProxy protocol to be used behind this particular proxy. Some discussion can be found at the list and also at https://github.com/kamailio/kamailio/pull/1765
>
> Cheers,
>
> Henning
>
> --
> Henning Westerholt – https://skalatan.de/blog/
> Kamailio services – https://gilawa.com
>
> From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Joey Golan
> Sent: Wednesday, November 11, 2020 1:47 PM
> To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> Subject: Re: [SR-Users] Kamailio behind HAProxy
>
> Thanks Sergey.
>
> Can anyone please explain how and why to use tcp_accept_haproxy?
> On 11 Nov 2020, 10:39 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
>
> > quote_type
> > Now I not use pike.
> >
> > On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <joeygo at gmail.com> wrote:
> > > quote_type
> > > So on your AWS deployment are you working without ANTIFLOOD(pike)?
> > >
> > > I still don’t understand how and why to use tcp_accept_haproxy.
> > > On 9 Nov 2020, 11:49 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
> > >
> > > > In AWS I now use the network load balancer without enabled HAproxy protocol.
> > > > On EC2 instances used two ENI.
> > > > First for traffic via NLB for Inbound traffic.
> > > > And second ENI for outbound traffic.
> > > >
> > > > This works but, maybe complex to implement.
> > > >
> > > > Now I looking to:
> > > > 1) enable TCP + HAproxy protocol support in Kamailio;
> > > > 2) add UDP + HAproxy protocol feature support;
> > > > 3) add connection support "with" and "without" HAproxy protocol.
> > > >
> > > > But I am not a developer and cannot say when it implemented.
> > > >
> > > > If your usage case, is business requirements and need extended HAproxy implementation in Kamailio, then your company can hire devs from the community.
> > > >
> > > >
> > > > On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <joeygo at gmail.com> wrote:
> > > > > quote_type
> > > > > Maybe I miss understood you.
> > > > > For local installations you mean HAProxy with transparent mode?
> > > > >
> > > > > I have a functioning setup without proxy protocol enabled but without anitflood enabled because all traffic comes from same HAProxy address.
> > > > >
> > > > > I’m not sure I understand the purpose of tcp_accept_haproxy. When and how this parameter should be used?
> > > > >
> > > > > Thanks,
> > > > > Joey.
> > > > > On 9 Nov 2020, 0:27 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
> > > > >
> > > > > > Why you cannot use this in the local installation?
> > > > > >
> > > > > > On AWS I have multiple kamailio servers behind ELB.
> > > > > >
> > > > > > Why you do not use a network load-balancer? NLB also offers HAproxy protocol support (TCP and UDP).
> > > > > >
> > > > > > In AWS installation you can use dedicated Kamailio groups for inbound connections and SIP clients with registration.
> > > > > > And use other Kamailio group for outbound connections like carriers.
> > > > > >
> > > > > > Sergey
> > > > > >
> > > > > > On Sun, Nov 8, 2020 at 9:07 PM Joey Golan <joeygo at gmail.com> wrote:
> > > > > > > quote_type
> > > > > > > It doesn’t make much sense to me.
> > > > > > > On local installations (on-premise) I have 1 HAProxy and multiple kamailio servers.
> > > > > > > On AWS I have multiple kamailio servers behind ELB.
> > > > > > > On 8 Nov 2020, 19:45 +0200, Sergey Safarov <s.safarov at gmail.com>, wrote:
> > > > > > >
> > > > > > > > you can try place haproxy + NAT on your own Linux router.
> > > > > > > > In this case inbound connections with be delivered via HAproxy.
> > > > > > > > Outbound connections will be NAT-ed on the same host, to the same IP.
> > > > > > > >
> > > > > > > > On Sun, Nov 8, 2020 at 6:31 PM Joey Golan <joeygo at gmail.com> wrote:
> > > > > > > > > quote_type
> > > > > > > > > Hello,
> > > > > > > > > I have a kamailio server running behind HAProxy with proxy protocol v2 enabled.
> > > > > > > > > In Kamailio I have set the parameter tcp_accept_haproxy=yes and loaded tcpops module.
> > > > > > > > > UEs are registered using TLS and kamailio sees that the message has received from their real ip address + port and not HAProxy ip + port.
> > > > > > > > > When UE A calls UE B, kamailio is trying to reach UE B using his real ip address and port instead of HAProxy IP address + port.
> > > > > > > > >
> > > > > > > > > I know I can get the tcp ip and port of HAProxy using $tcp(c_si) and $tcp(c_sp) but I can’t make it work.
> > > > > > > > > What is the right way to do this? How should I use these variables properly in order to establish the call successfully?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > > Joey.
> > > > > > > > > _______________________________________________
> > > > > > > > > Kamailio (SER) - Users Mailing List
> > > > > > > > > sr-users at lists.kamailio.org
> > > > > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > > > > > _______________________________________________
> > > > > > > > Kamailio (SER) - Users Mailing List
> > > > > > > > sr-users at lists.kamailio.org
> > > > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > > > > _______________________________________________
> > > > > > > Kamailio (SER) - Users Mailing List
> > > > > > > sr-users at lists.kamailio.org
> > > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > > > _______________________________________________
> > > > > > Kamailio (SER) - Users Mailing List
> > > > > > sr-users at lists.kamailio.org
> > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > > _______________________________________________
> > > > > Kamailio (SER) - Users Mailing List
> > > > > sr-users at lists.kamailio.org
> > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > _______________________________________________
> > > > Kamailio (SER) - Users Mailing List
> > > > sr-users at lists.kamailio.org
> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > _______________________________________________
> > > Kamailio (SER) - Users Mailing List
> > > sr-users at lists.kamailio.org
> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201114/91929647/attachment.htm>
More information about the sr-users
mailing list