[Users] Best practice for DNS failover using OpenSER?

Greg Fausak lgfausak at gmail.com
Tue Jan 16 15:38:00 CET 2007


On Jan 16, 2007, at 8:17 AM, Jiri Kuthan wrote:

> At 14:59 16/01/2007, Greg Fausak wrote:
>> Jiri,
>>
>> Thanks for the pointer!  I think I'll have to give this a look.
>
> Hi Greg,
>
> with pleasure. Just keep in mind that having robustness in there takes
> couple of other steps. Particularly IP blacklisting to avoid attempts
> to send to the DNS-conveyed destinations, which are unavailable  
> and ...
>
>> We are having specific problems with the DNS resolver on failover
>> (when one
>> DNS resolver is not reachable, the next is queried, and openser is
>> not acting
>> predictably when this happens).  It is as if the tm module is not
>> properly threaded.  Like when one thread gets stuck waiting for
>> a response from DNS resolver, another thread picks up a retry
>> SIP message and doesn't know about the retry in process!
>
> ... building the ser script in a way that retransmissions are absorbed
> (kind of having "shock absorber" in place)

Retransmissions are good (most of the time).  Somehow the ser
script would need to know that there is another thread tending to
a DNS lookup.  How does my script know if a message is original,
or a retransmission anyway?

It seems to me that the tm module should be reaping the retransmits.

-g


>
> -jiri
>
>
>> We see the bad resolver behavior when 2 resolvers are listed in / 
>> etc/ resolv.conf, and
>> we turn off the first one.
>>
>> The DNS failover is also interesting.  I think failover applies to A
>> records
>> and SRV records (not NAPTR records).
>>
>> -g
>>
>> On Jan 16, 2007, at 7:12 AM, Jiri Kuthan wrote:
>>
>>> indeed, the stuff is not well linked, we are working on it. Here
>>> you go.
>>> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/doc/  
>>> dns.txt?rev=HEAD&content-type=text/vnd.viewcvs-markup
>>>
>>> -jiri
>>>
>>> At 02:46 16/01/2007, T.R.  Missner wrote:
>>>> Greg,
>>>>
>>>> This is a ref to SER. Apparently this functionality has been added
>>>> to the new pre-release version. I did find some talk about it in
>>>> the release notes.
>>>> I couldn’t find any specific documentation. Admittedly I don’t
>>>> understand the layout of SER’s site very well as I haven’t spent
>>>> much time there.
>>>>
>>>> -- TR
>>>>
>>>>
>>>> On 1/15/07 8:33 PM, "Greg Fausak" <lgfausak at gmail.com> wrote:
>>>>
>>>> In the text below I quote Kerker 'SER does support DNS failover.'.
>>>> Is this ser or openser?  Where can I read more about this?
>>>>
>>>> -g
>>>>
>>>> On Jan 15, 2007, at 10:40 AM, Klaus Darilion wrote:
>>>>
>>>>
>>>> Staffan,
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Kerker Staffan wrote:
>>>>
>>>>
>>>> ...
>>>>
>>>>
>>>>
>>>>
>>>> Now, if I disable one of the Gateways, I hang every second call.
>>>> OpenSER does
>>>>
>>>>
>>>> not
>>>>
>>>>
>>>> try the second A record address if the first doesn't answer. How
>>>> can I solve
>>>>
>>>>
>>>> this? Shouldn't OpenSER fail over to the second A record listed in
>>>> the NAPTR
>>>>
>>>>
>>>> => SRV
>>>>
>>>>
>>>> resolving? Or will OpenSER continue to resend all SIP INVITES
>>>> until timers
>>>>
>>>>
>>>> fire? Would
>>>>
>>>>
>>>> it help if the proxy recieved an ICMP port/destination unreachable
>>>> from the
>>>>
>>>>
>>>> network? Is
>>>>
>>>>
>>>> there anyway to get around this? In the other direction, from POTS
>>>> to sip,
>>>>
>>>>
>>>> the PGW2200
>>>>
>>>>
>>>> nicely switches over to the second of my two OpenSER servers if I
>>>> shut one of
>>>>
>>>>
>>>> them down. These servers have the same DNS entries (but for
>>>> another SIP domain, NAPTR =>
>>>>
>>>>
>>>> SRV => 2x A record).
>>>>
>>>>
>>>>
>>>>
>>>> Yes, OpenSER or for that matter every transaction stateful proxy
>>>> should
>>>>
>>>>
>>>> do RFC 3263 based fail-over. But as you can imagine this is pretty
>>>>
>>>>
>>>> complex to implement and that's why openser does not support it
>>>> yet, it
>>>>
>>>>
>>>> is listed on the development roadmap. The newest release of SER  
>>>> does
>>>>
>>>>
>>>> support DNS failover.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openser.org
>>>> <http://openser.org/cgi-bin/mailman/listinfo/users>http://  
>>>> openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openser.org
>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>> --
>>> Jiri Kuthan            http://iptel.org/~jiri/
>>
>> --
>> Jiri Kuthan            http://iptel.org/~jiri/
>





More information about the Users mailing list