Description

When relaying an INVITE from a Kamailio proxy to an interconnect we are using DNS SRV records for load-balancing and failover. The proxy is listening on both a private interface and a public interface with an rfc1918 (ie. 10.0.0.14) and a public IP address (ie. 185.0.0.34) respectively.

The first branch (before DNS SRV failover) is working as expected. The message will be relayed from the received socket (185.0.0.34) to the interconnect. When this branch results in a timeout, the proxy will try to do DNS SRV failover. This new branch and any subsequent branches will no longer use the initial received socket as source. In our case we see that the private address (10.0.0.14) is now being used as source address.

Troubleshooting

Reproduction

DNS SRV:

_sip._udp.transit.net. SRV 10 10 5060 transit1.net.
_sip._udp.transit.net. SRV 20 10 5060 transit2.net.
transit1.net. A 185.10.20.30
transit2.net. A 185.10.20.31

Kamailio:

$du = "sip:transit.net;transport=udp";
xinfo("Relaying [$rm] request: [$ru] with Call-ID [$ci]");
t_set_fr(0, 1000);
if (not t_relay()) {
	sl_reply_error();
}

Network flow:

12:30:00 INVITE udp:10.0.0.18:5060 => udp:185.0.0.34:5060 (internal request to proxy)
12:30:00 INVITE udp:185.0.0.34:5060 => udp:185.10.20.30:5060 (relaying from proxy to interconnect)
                    ^^^^^^^^^^

(request times out after 1 second, proxy will do a failover to the next endpoint)

12:30:01 INVITE udp:10.0.0.14:5060 => udp:185.10.20.31:5060 (relaying to next interconnect address)
                    ^^^^^^^^^

Log Messages

Attempt to see where it goes wrong:

onsend_route {
	xinfo("[$RAut] [$Rut] [$sas]\n");
	xinfo("$snd(buf)\n");
}
INFO: [sip:185.0.0.34:5060;transport=udp] [sip:185.0.0.34:5060;transport=udp] [udp:10.0.0.18:5060]
INFO: INVITE sip:+1234567890@transit.net;user=phone SIP/2.0#015#012Record-Route: <sip:185.0.0.34;lr;ftag=tDr7m6erX1N3D>#015#012Via: SIP/2.0/UDP 10.0.0.14;branch=z9hG4bKafe7.7fb590e263fa44677514193a6a1156ce.1#015#012Via: SIP/2.0/UDP 10.0.0.18;received=10.0.0.18;rport=5060;branch=z9hG4bK6t59a17N60FcB ...

So the Record-Route seems to be correct, but the top most Via header shows the private IP address. The message is being sent from the private IP address as well and never reaches the second address from the interconnect.

Possible Solutions

A workaround to add $fs = "udp:185.0.0.34:5060" in the onsend_route seems to be effective.

Additional Information

version: kamailio 5.2.3 (x86_64/linux) 
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled with gcc 7.4.0
Ubuntu 18.04 LTS
Linux proxy4 4.15.0-64-generic #73-Ubuntu SMP Thu Sep 12 13:16:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.