[Users] OpenSER as load balancer for several Asterisk servers
Edoardo Serra
osdevel at webrainstorm.it
Tue Dec 19 17:40:12 CET 2006
Hello
tnx for the attention
At 17.00 19/12/2006, Stefano Capitanio wrote:
>Hi,
>
>is it correct that in the second Via Header of the message from
>Asterisk to OpenSER there is the address of the Client?
>there should be the address of Asterisk no?
I guess it is correct for outbound calls (from client to openser -> asterisk)
I captured some packets on a working setup and I see the same via
headers: one with OpenSER address and one with Client address
>maybe this make OpenSER think that the message is coming from a NAT...
>i'm not sure, maybe i'm wrong...
>try to set:
>
>modparam("nathelper", "rtpproxy_disable", 1)
I also think it's a NAT-related issue but that modparam doesn't solve
the problem :(
Tnx again for help
Regards
Edoardo
>regards,
>Stefano
>
>
>Edoardo Serra ha scritto:
>>At 13.51 19/12/2006, Klaus Darilion wrote:
>>>You said that the 200 contains openser's IP in the SDP? Is it put
>>>in there by openser or already by Asterisk?
>>
>>Tnx very much for help
>>
>>It's put in there by OpenSER.
>>
>>I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and
>>1 from openser to client)
>>
>>AAA.AAA.AAA.AAA stands for IP of Asterisk
>>OOO.OOO.OOO.OOO stands for IP of OpenSER
>>CCC.CCC.CCC.CCC stands for IP of client
>>3333333333 is the called number
>>
>>
>>No. Time Source Destination
>>Protocol Info
>> 20 12.646925 AAA.AAA.AAA.AAA OOO.OOO.OOO.OOO SIP/SDP
>>Status: 200 OK, with session description
>>
>>Session Initiation Protocol
>> Status-Line: SIP/2.0 200 OK
>> Message Header
>> Via: SIP/2.0/UDP
>> OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO
>> Via: SIP/2.0/UDP
>> CCC.CCC.CCC.CCC:8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952
>>
>> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
>> From: "test"<sip:test at OOO.OOO.OOO.OOO>;tag=9043ec70
>> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as30a7528b
>> Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
>> CSeq: 3 INVITE
>> User-Agent: Asterisk
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
>> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>
>> Content-Type: application/sdp
>> Content-Length: 291
>> Message body
>> Session Description Protocol
>> Session Description Protocol Version (v): 0
>> Owner/Creator, Session Id (o): root 20137 20138 IN IP4
>> AAA.AAA.AAA.AAA
>> Session Name (s): session
>> Connection Information (c): IN IP4 AAA.AAA.AAA.AAA
>> Time Description, active time (t): 0 0
>> Media Description, name and address (m): audio 58508
>> RTP/AVP 98 3 8 0 101
>> Media Attribute (a): rtpmap:98 iLBC/8000
>> Media Attribute (a): rtpmap:3 GSM/8000
>> Media Attribute (a): rtpmap:8 PCMA/8000
>> Media Attribute (a): rtpmap:0 PCMU/8000
>> Media Attribute (a): rtpmap:101 telephone-event/8000
>> Media Attribute (a): fmtp:101 0-16
>> Media Attribute (a): silenceSupp:off - - - -
>>
>>No. Time Source Destination
>>Protocol Info
>> 21 12.647437 OOO.OOO.OOO.OOO CCC.CCC.CCC.CCC SIP/SDP
>>Status: 200 OK, with session description
>>
>>Session Initiation Protocol
>> Status-Line: SIP/2.0 200 OK
>> Message Header
>> Via: SIP/2.0/UDP
>> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952
>>
>> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
>> From: "test"<sip:test at OOO.OOO.OOO.OOO>;tag=9043ec70
>> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as30a7528b
>> Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
>> CSeq: 3 INVITE
>> User-Agent: Asterisk
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
>> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>
>> Content-Type: application/sdp
>> Content-Length: 291
>> Message body
>> Session Description Protocol
>> Session Description Protocol Version (v): 0
>> Owner/Creator, Session Id (o): root 20137 20138 IN IP4
>> OOO.OOO.OOO.OOO
>> Session Name (s): session
>> Connection Information (c): IN IP4 OOO.OOO.OOO.OOO
>> Time Description, active time (t): 0 0
>> Media Description, name and address (m): audio 58508
>> RTP/AVP 98 3 8 0 101
>> Media Attribute (a): rtpmap:98 iLBC/8000
>> Media Attribute (a): rtpmap:3 GSM/8000
>> Media Attribute (a): rtpmap:8 PCMA/8000
>> Media Attribute (a): rtpmap:0 PCMU/8000
>> Media Attribute (a): rtpmap:101 telephone-event/8000
>> Media Attribute (a): fmtp:101 0-16
>> Media Attribute (a): silenceSupp:off - - - -
>>
>>Tnx very much for help again
>>
>>Regards
>>
>>Edoardo
>>
>>
>>>regards
>>>klaus
>>>
>>>
>>>regards
>>>klaus
>>>
>>>Edoardo Serra wrote:
>>>>Hi guys,
>>>> I'm having a problem with an OpenSER acting as registrar
>>>> server and load balancer for many Asterisk servers.
>>>>In a few words: "users are registering on openser and, when they
>>>>want to make a call, OpenSER proxies the request to an Asterisk
>>>>server with the dispatcher module"
>>>>Here is the intended data flow (SIP goes through OpenSER and
>>>>media goes directly to Asterisk)
>>>>User <-- SIP --> OpenSER <-- SIP --> Asterisk
>>>>User <-- RTP --> Asterisk
>>>>Both, OpenSER and Asterisks have public IPs
>>>>I already have a working setup of that and everything seems
>>>>working correctly.
>>>>I'm trying to replicate that setup on another site, same
>>>>configurations of the boxes, same versions of OpenSER and
>>>>Asterisk, etc... but I'm having monodirectional Audio.
>>>>Having a look with tethereal I see that OpenSER, when the
>>>>communication is answered, sends a SIP packet (200 OK) to the
>>>>user indicating itself as media endpoint instead of the Asterisks.
>>>> From that moment I see RTP packets flowing from the client to OpenSER
>>>>This seems really strange to me because I just copied the same
>>>>configurations file from a working setup to the new installation.
>>>>Tnx in advance for help.
>>>>Regards
>>>>P.S.: Here is my openser.cfg
>>>>## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>>>>## simple quick-start config script
>>>>#
>>>># ----------- global configuration parameters ------------------------
>>>>#debug=3 # debug level (cmd line: -dddddddddd)
>>>>fork=yes
>>>>#log_stderror=no # (cmd line: -E)
>>>>check_via=no # (cmd. line: -v)
>>>>dns=no # (cmd. line: -r)
>>>>rev_dns=no # (cmd. line: -R)
>>>>#children=4
>>>>#port=5060
>>>>fifo="/tmp/ser_fifo"
>>>>#uid=nobody
>>>>#gid=nobody
>>>># ------------------ module loading ----------------------------------
>>>>loadmodule "/usr/lib/openser/modules/sl.so"
>>>>loadmodule "/usr/lib/openser/modules/tm.so"
>>>>loadmodule "/usr/lib/openser/modules/rr.so"
>>>>loadmodule "/usr/lib/openser/modules/maxfwd.so"
>>>>loadmodule "/usr/lib/openser/modules/usrloc.so"
>>>>loadmodule "/usr/lib/openser/modules/registrar.so"
>>>>loadmodule "/usr/lib/openser/modules/nathelper.so"
>>>>loadmodule "/usr/lib/openser/modules/textops.so"
>>>>loadmodule "/usr/lib/openser/modules/exec.so"
>>>>loadmodule "/usr/lib/openser/modules/uri.so"
>>>>loadmodule "/usr/lib/openser/modules/uri_db.so"
>>>>loadmodule "/usr/lib/openser/modules/dispatcher.so"
>>>># Uncomment this if you want digest authentication
>>>># mysql.so must be loaded !
>>>>loadmodule "/usr/lib/openser/modules/mysql.so"
>>>>loadmodule "/usr/lib/openser/modules/auth.so"
>>>>loadmodule "/usr/lib/openser/modules/auth_db.so"
>>>>modparam("usrloc", "db_mode", 2)
>>>>modparam("usrloc", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser")
>>>>modparam("usrloc", "timer_interval", 120)
>>>>modparam("auth_db", "calculate_ha1", 0)
>>>>modparam("auth_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/voip")
>>>>modparam("uri_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser")
>>>>modparam("rr", "enable_full_lr", 1)
>>>>modparam("registrar", "nat_flag", 6)
>>>>modparam("registrar", "max_expires", 3600)
>>>>modparam("registrar", "min_expires", 60)
>>>>modparam("registrar", "append_branches", 0)
>>>>modparam("registrar", "desc_time_order", 1)
>>>>modparam("nathelper", "natping_interval", 20) # Ping interval 20 s
>>>>modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
>>>>modparam("dispatcher", "force_dst", 1)
>>>># ------------------------- request routing logic -------------------
>>>># main routing logic
>>>>route{
>>>># initial sanity checks -- messages with
>>>># max_forwards==0, or excessively long requests
>>>>if (!mf_process_maxfwd_header("10")) {
>>>>sl_send_reply("483","Too Many Hops");
>>>>exit;
>>>>};
>>>>if ( msg:len > max_len ) {
>>>>sl_send_reply("513", "Message too big");
>>>>exit;
>>>>};
>>>>if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || (method=="NOTIFY") ) {
>>>>sl_send_reply("405", "Method Not Allowed");
>>>>exit;
>>>>}
>>>>if (!method=="REGISTER") {
>>>>record_route();
>>>>};
>>>>if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { #
>>>>IP of Asterisks
>>>>if (!lookup("location")) {
>>>>sl_send_reply("404", "Not Found");
>>>>exit;
>>>>};
>>>># forward to current uri now; use stateful forwarding; that
>>>># works reliably even if we forward from TCP to UDP
>>>>if (!t_relay()) {
>>>>sl_reply_error();
>>>>};
>>>>exit;
>>>>};
>>>>if (nat_uac_test("3")) {
>>>>if ((method=="REGISTER") || (method=="INVITE") || (method=="OPTIONS")) {
>>>>fix_nated_contact();
>>>>force_rport();
>>>>setflag(6); # Mark as NATed
>>>>}
>>>>}
>>>># if the request is for other domain use UsrLoc
>>>># (in case, it does not work, use the following command
>>>># with proper names and addresses in it)
>>>>if (method=="REGISTER") {
>>>>if (!proxy_authorize("domain", "openser_view")) {
>>>>proxy_challenge("domain", "0");
>>>>exit;
>>>>}
>>>>if (!check_to()) {
>>>>sl_send_reply("403", "Digest username and URI username do NOT
>>>>match! Stay away!");
>>>>exit;
>>>>}
>>>>save("location");
>>>>exit;
>>>>};
>>>>
>>>>if (method=="INVITE") {
>>>>if (!proxy_authorize("domain", "openser_view")) {
>>>>proxy_challenge("domain", "0");
>>>>exit;
>>>>}
>>>>if (!check_from()) {
>>>>sl_send_reply("403", "Digest username and URI username do NOT
>>>>match! Stay away!");
>>>>exit;
>>>>}
>>>>}
>>>># loose-route processing
>>>>if (loose_route()) {
>>>># mark routing logic in request
>>>>append_hf("P-hint: rr-enforced\r\n");
>>>>route(1);
>>>>exit;
>>>>};
>>>>if (!uri==myself) {
>>>># mark routing logic in request
>>>>append_hf("P-hint: outbound\r\n");
>>>>route(1);
>>>>exit;
>>>>};
>>>>append_hf("P-hint: usrloc applied\r\n");
>>>>route(1);
>>>>}
>>>>route[1]
>>>>{
>>>># ! Nathelper
>>>>if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
>>>>!search("^Route:")){
>>>>sl_send_reply("479", "We don't forward to private IP addresses");
>>>>exit;
>>>>};
>>>># NAT processing of replies; apply to all transactions (for example,
>>>># re-INVITEs from public to private UA are hard to identify as
>>>># NATed at the moment of request processing); look at replies
>>>>t_on_reply("1");
>>>># send it out now; use stateful forwarding as it works reliably
>>>># even for UDP2TCP
>>>>if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { #
>>>>IP of Asterisks
>>>>ds_select_dst("2", "0");
>>>>}
>>>>if (!t_relay()) {
>>>>sl_reply_error();
>>>>};
>>>>}
>>>># ! Nathelper
>>>>onreply_route[1] {
>>>># NATed transaction ?
>>>>if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>>>>fix_nated_contact();
>>>># otherwise, is it a transaction behind a NAT and we did not
>>>># know at time of request processing ? (RFC1918 contacts)
>>>>} else if (nat_uac_test("1")) {
>>>>fix_nated_contact();
>>>>};
>>>>}
>>>>
>>>>_______________________________________________
>>>>Users mailing list
>>>>Users at openser.org
>>>>http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>--
>>>Klaus Darilion
>>>nic.at
>>
>>
>>_______________________________________________
>>Users mailing list
>>Users at openser.org
>>http://openser.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list