[Users] Best practice for DNS failover using OpenSER?

Klaus Darilion klaus.mailinglists at pernau.at
Tue Jan 16 16:29:19 CET 2007 

Greg Fausak wrote:
> 
> On Jan 16, 2007, at 8:17 AM, Jiri Kuthan wrote:
> 
>> At 14:59 16/01/2007, Greg Fausak wrote:
>>> Jiri,
>>>
>>> Thanks for the pointer!  I think I'll have to give this a look.
>>
>> Hi Greg,
>>
>> with pleasure. Just keep in mind that having robustness in there takes
>> couple of other steps. Particularly IP blacklisting to avoid attempts
>> to send to the DNS-conveyed destinations, which are unavailable and ...
>>
>>> We are having specific problems with the DNS resolver on failover
>>> (when one
>>> DNS resolver is not reachable, the next is queried, and openser is
>>> not acting
>>> predictably when this happens).  It is as if the tm module is not
>>> properly threaded.  Like when one thread gets stuck waiting for
>>> a response from DNS resolver, another thread picks up a retry
>>> SIP message and doesn't know about the retry in process!
>>
>> ... building the ser script in a way that retransmissions are absorbed
>> (kind of having "shock absorber" in place)
> 
> Retransmissions are good (most of the time).  Somehow the ser
> script would need to know that there is another thread tending to
> a DNS lookup.  How does my script know if a message is original,
> or a retransmission anyway?
> 
> It seems to me that the tm module should be reaping the retransmits.

At first the proxy should reply 100 trying to stop retransmissions.

Further, the retransmissions should be absorbed by tm - if not then we 
should analyze it.

regards
klaus



> 
> -g
> 
> 
>>
>> -jiri
>>
>>
>>> We see the bad resolver behavior when 2 resolvers are listed in /etc/ 
>>> resolv.conf, and
>>> we turn off the first one.
>>>
>>> The DNS failover is also interesting.  I think failover applies to A
>>> records
>>> and SRV records (not NAPTR records).
>>>
>>> -g
>>>
>>> On Jan 16, 2007, at 7:12 AM, Jiri Kuthan wrote:
>>>
>>>> indeed, the stuff is not well linked, we are working on it. Here
>>>> you go.
>>>> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/doc/ 
>>>> dns.txt?rev=HEAD&content-type=text/vnd.viewcvs-markup
>>>>
>>>> -jiri
>>>>
>>>> At 02:46 16/01/2007, T.R.  Missner wrote:
>>>>> Greg,
>>>>>
>>>>> This is a ref to SER. Apparently this functionality has been added
>>>>> to the new pre-release version. I did find some talk about it in
>>>>> the release notes.
>>>>> I couldn’t find any specific documentation. Admittedly I don’t
>>>>> understand the layout of SER’s site very well as I haven’t spent
>>>>> much time there.
>>>>>
>>>>> -- TR
>>>>>
>>>>>
>>>>> On 1/15/07 8:33 PM, "Greg Fausak" <lgfausak at gmail.com> wrote:
>>>>>
>>>>> In the text below I quote Kerker 'SER does support DNS failover.'.
>>>>> Is this ser or openser?  Where can I read more about this?
>>>>>
>>>>> -g
>>>>>
>>>>> On Jan 15, 2007, at 10:40 AM, Klaus Darilion wrote:
>>>>>
>>>>>
>>>>> Staffan,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Kerker Staffan wrote:
>>>>>
>>>>>
>>>>> ...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Now, if I disable one of the Gateways, I hang every second call.
>>>>> OpenSER does
>>>>>
>>>>>
>>>>> not
>>>>>
>>>>>
>>>>> try the second A record address if the first doesn't answer. How
>>>>> can I solve
>>>>>
>>>>>
>>>>> this? Shouldn't OpenSER fail over to the second A record listed in
>>>>> the NAPTR
>>>>>
>>>>>
>>>>> => SRV
>>>>>
>>>>>
>>>>> resolving? Or will OpenSER continue to resend all SIP INVITES
>>>>> until timers
>>>>>
>>>>>
>>>>> fire? Would
>>>>>
>>>>>
>>>>> it help if the proxy recieved an ICMP port/destination unreachable
>>>>> from the
>>>>>
>>>>>
>>>>> network? Is
>>>>>
>>>>>
>>>>> there anyway to get around this? In the other direction, from POTS
>>>>> to sip,
>>>>>
>>>>>
>>>>> the PGW2200
>>>>>
>>>>>
>>>>> nicely switches over to the second of my two OpenSER servers if I
>>>>> shut one of
>>>>>
>>>>>
>>>>> them down. These servers have the same DNS entries (but for
>>>>> another SIP domain, NAPTR =>
>>>>>
>>>>>
>>>>> SRV => 2x A record).
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Yes, OpenSER or for that matter every transaction stateful proxy
>>>>> should
>>>>>
>>>>>
>>>>> do RFC 3263 based fail-over. But as you can imagine this is pretty
>>>>>
>>>>>
>>>>> complex to implement and that's why openser does not support it
>>>>> yet, it
>>>>>
>>>>>
>>>>> is listed on the development roadmap. The newest release of SER does
>>>>>
>>>>>
>>>>> support DNS failover.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openser.org
>>>>> <http://openser.org/cgi-bin/mailman/listinfo/users>http:// 
>>>>> openser.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openser.org
>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>> -- 
>>>> Jiri Kuthan            http://iptel.org/~jiri/
>>>
>>> -- 
>>> Jiri Kuthan            http://iptel.org/~jiri/
>>
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users


-- 
Klaus Darilion
nic.at

More information about the Users mailing list