22 Jun
2009
22 Jun
'09
3:37 p.m.
Hi,
We have noticed that the server tries to connect to user's contact IP:port when there
is no existing TCP connection with the client. This can happen when the client-server TLS
connection brakes for some reason (for example flaky Internet). After that when consequent
requests need to be proxied to that user (NOTIFYs, SUBSCRIBEs) we can see in the logs that
the server tries to connect to the user's IP and port because there is not existing
TCP (TLS) connection with it. In our setup though the cients are behind NAT and the
serveer is in the public Internet.
In most such cases the server fails "normally" after 10 seconds and during that
time if the same client tries to REGISTER, the REGISTER packets are processed on the
server by the same process that has been blocked for 10 seconds, after the blocking 10
secs have elapsed. In effect this makes it harder for the clent to re-REGISTER when the
connection has been broken.
There are cases though, when we can see in the server logs that there are no logs for more
than 3 minutes and we can see that two server processes have been trying outgoing
connection to the old client's IP:port for more than 3 minutes and we can see how both
processes report unsuccessfull tcp blocking connect to the client after the logs resume
after more than 3 minutes have elapsed. During such cases the server simply doesn't
respond to client's attempts to REGISTER and is in effect blocked.
We have no clue as to why the server is blocked for more than 3 minutes since the tcp
connect timeout seems to be just 10 seconds.
What we think is best is if we can configure the server to not try outgoing TCP
connections to clients (when TCP conenction doesn't exist)? Is there a configration
setting for that? If there is no configuration for that, what is the best place in code to
make this change in the code? If this is not easy or not recommended, can we set the
server's timeout for outgoing TCP connection to something smaller, for example 1-2
seconds, or even 0 seconds? We feel in our setup it will be better if the server does not
try to connect at all, becasue anyway the connection attempt will fail.
Any information will be appreciated.
Thanks in advance,
Ivan
22 Jun
22 Jun
3:41 p.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
El Lunes, 22 de Junio de 2009, Ivan Genov escribió:
Hi,
Hi Ivan, you have sent this mail to this list (SIP-Ruter devel) and to
OpenSIPs devel maillists.
They are two different projects. Please don't same the same question to both
lists.
--
Iñaki Baz Castillo <ibc(a)aliax.net>
5:13 p.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
On Jun 22, 2009 at 12:37, Ivan Genov <ivangg_q(a)yahoo.com> wrote:
Hi,
[...]
There are cases though, when we can see in the server
logs that there are no logs for more than 3 minutes and we can see that two server
processes have been trying outgoing connection to the old client's IP:port for more
than 3 minutes and we can see how both processes report unsuccessfull tcp blocking connect
to the client after the logs resume after?more than 3 minutes have elapsed. During such
cases?the server simply doesn't respond to client's attempts to REGISTER and is in
effect blocked.
We have no clue as to why the server is blocked for more than 3 minutes since the tcp
connect timeout seems to be just 10 seconds.
What we think is best is if we can?configure the server to not try outgoing TCP
connections to clients (when TCP conenction doesn't exist)? Is there a configration
setting for that? If there is no configuration for that, what is the best place in code to
make this change in the code? If this is not easy or not recommended,?can we set the
server's timeout for outgoing TCP connection to something smaller, for example 1-2
seconds, or even 0 seconds? We feel in our setup?it will be better if?the server does not
try to connect at all, becasue anyway the connection attempt?will fail.
Any information will be appreciated.
It depends on what are you using: pre-sip-router kamailio, pre-sip-router ser
or the latest sip-router code.
If you are using sip-router or a recent ser (e.g 2.1), then the tcp code
does not block (you can make it block if you want though). However this
is not yet true for tls (the tls code is not yet async.).
For the same "versions" (ser 2.1 or sip-router) you can stop outgoing
connects by setting tcp_no_connect to yes. You can do this any time,
even even if sip-router is already started (in this case using
sercmd cfg.set_now_int tcp no_connect 1).
If you are using kamailio then you can wait for the next official
version (based on sip-router) or you could try upgrading to sip-router
now (but note that right now there is only a devel version which might
still have some problems).
However even for current kamailio the connect should never block more then
tcp_connect_timeout (in your case 10s). There is a small bug that could
make this timeout smaller, but never greater.
You could also try making tcp_connect_timeout 0 or 1 and see if you ever
get those 3 min. delays (they might be caused by something else).
Andrei
5:40 p.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
We are using openser-1.3.0-tls. I assume what we can do there is to decrease the tcp
connect timeout or get into the code and short-circuit the server to not try outgoing tcp
connections.
----- Original Message ----
From: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
To: Ivan Genov <ivangg_q(a)yahoo.com>
Cc: sr-dev(a)lists.sip-router.org
Sent: Monday, June 22, 2009 2:13:50 PM
Subject: Re: [sr-dev] Server trying outgoing TCP (TLS) connection, gets blocked
On Jun 22, 2009 at 12:37, Ivan Genov <ivangg_q(a)yahoo.com> wrote:
Hi,
[...]
There are cases though, when we can see in the server
logs that there are no logs for more than 3 minutes and we can see that two server
processes have been trying outgoing connection to the old client's IP:port for more
than 3 minutes and we can see how both processes report unsuccessfull tcp blocking connect
to the client after the logs resume after?more than 3 minutes have elapsed. During such
cases?the server simply doesn't respond to client's attempts to REGISTER and is in
effect blocked.
We have no clue as to why the server is blocked for more than 3 minutes since the tcp
connect timeout seems to be just 10 seconds.
What we think is best is if we can?configure the server to not try outgoing TCP
connections to clients (when TCP conenction doesn't exist)? Is there a configration
setting for that? If there is no configuration for that, what is the best place in code to
make this change in the code? If this is not easy or not recommended,?can we set the
server's timeout for outgoing TCP connection to something smaller, for example 1-2
seconds, or even 0 seconds? We feel in our setup?it will be better if?the server does not
try to connect at all, becasue anyway the connection attempt?will fail.
Any information will be appreciated.
It depends on what are you using: pre-sip-router kamailio, pre-sip-router ser
or the latest sip-router code.
If you are using sip-router or a recent ser (e.g 2.1), then the tcp code
does not block (you can make it block if you want though). However this
is not yet true for tls (the tls code is not yet async.).
For the same "versions" (ser 2.1 or sip-router) you can stop outgoing
connects by setting tcp_no_connect to yes. You can do this any time,
even even if sip-router is already started (in this case using
sercmd cfg.set_now_int tcp no_connect 1).
If you are using kamailio then you can wait for the next official
version (based on sip-router) or you could try upgrading to sip-router
now (but note that right now there is only a devel version which might
still have some problems).
However even for current kamailio the connect should never block more then
tcp_connect_timeout (in your case 10s). There is a small bug that could
make this timeout smaller, but never greater.
You could also try making tcp_connect_timeout 0 or 1 and see if you ever
get those 3 min. delays (they might be caused by something else).
Andrei
23 Jun
23 Jun
3:46 a.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
Ivan Genov schrieb:
We are using openser-1.3.0-tls. I assume what we can
do there is to
decrease the tcp connect timeout
You should configure both: tcp_send_timeout and tcp_connect_timeout.
Because openser first tries to send using the existing connection, after
send_timeout it detects that the TCP connection has gone (e.g. NAT
timeout) and it tries to open a new connection until connect_timeout
triggers.
or get into the code and
short-circuit the server to not try outgoing tcp connections.
I tried it once but it was actually not that easy - there are lots of
places in openser which trigger sending message. Maybe you can backport
the feature from ser.
regards
klaus
----- Original Message ---- From: Andrei Pelinescu-Onciul
<andrei(a)iptel.org> To: Ivan Genov <ivangg_q(a)yahoo.com> Cc:
sr-dev(a)lists.sip-router.org Sent: Monday, June 22, 2009 2:13:50 PM
Subject: Re: [sr-dev] Server trying outgoing TCP (TLS) connection,
gets blocked
On Jun 22, 2009 at 12:37, Ivan Genov <ivangg_q(a)yahoo.com> wrote:
Hi,
[...]
There are cases though, when we can see in the
server logs that
there are no logs for more than 3 minutes and we can see that two
server processes have been trying outgoing connection to the old
client's IP:port for more than 3 minutes and we can see how both
processes report unsuccessfull tcp blocking connect to the client
after the logs resume after?more than 3 minutes have elapsed.
During such cases?the server simply doesn't respond to client's
attempts to REGISTER and is in effect blocked.
We have no clue as to why the server is blocked for more than 3
minutes since the tcp connect timeout seems to be just 10 seconds.
What we think is best is if we can?configure the server to not try
outgoing TCP connections to clients (when TCP conenction doesn't
exist)? Is there a configration setting for that? If there is no
configuration for that, what is the best place in code to make this
change in the code? If this is not easy or not recommended,?can we
set the server's timeout for outgoing TCP connection to something
smaller, for example 1-2 seconds, or even 0 seconds? We feel in our
setup?it will be better if?the server does not try to connect at
all, becasue anyway the connection attempt?will fail.
Any information will be appreciated.
It depends on what are you using: pre-sip-router kamailio,
pre-sip-router ser or the latest sip-router code.
If you are using sip-router or a recent ser (e.g 2.1), then the tcp
code does not block (you can make it block if you want though).
However this is not yet true for tls (the tls code is not yet
async.). For the same "versions" (ser 2.1 or sip-router) you can stop
outgoing connects by setting tcp_no_connect to yes. You can do this
any time, even even if sip-router is already started (in this case
using sercmd cfg.set_now_int tcp no_connect 1).
If you are using kamailio then you can wait for the next official
version (based on sip-router) or you could try upgrading to
sip-router now (but note that right now there is only a devel version
which might still have some problems). However even for current
kamailio the connect should never block more then tcp_connect_timeout
(in your case 10s). There is a small bug that could make this timeout
smaller, but never greater. You could also try making
tcp_connect_timeout 0 or 1 and see if you ever get those 3 min.
delays (they might be caused by something else).
Andrei
_______________________________________________ sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
3:51 a.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
Hi Andrei!
Andrei Pelinescu-Onciul schrieb:
For the same "versions" (ser 2.1 or
sip-router) you can stop outgoing
connects by setting tcp_no_connect to yes. You can do this any time,
even even if sip-router is already started (in this case using
sercmd cfg.set_now_int tcp no_connect 1).
Cool. I did not knew this feature.
But it would be great if this feature can be activated/deactivated per
message. For example I want sr to open new TCP connections to trsuted
nodes (gateways, SIP proxies, peering partners) but not to user agents.
Thus, it would be great if triggering of this feature can be done with a
function call or a flag.
regards
klaus
24 Jun
24 Jun
11:55 a.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
On Jun 23, 2009 at 09:51, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Hi Andrei!
Andrei Pelinescu-Onciul schrieb:
This is not so easy because it would involve changing the whole send
part of the transport api (right now the raw transport api does not know
anything about sip messages or extra flags).
I plan to do it along with full INADDR_ANY support (which would require lots
of small changes), but at some later undefined point in time. Async tls
would come before that.
Andrei
For the same "versions" (ser 2.1 or
sip-router) you can stop outgoing
connects by setting tcp_no_connect to yes. You can do this any time,
even even if sip-router is already started (in this case using
sercmd cfg.set_now_int tcp no_connect 1).
Cool. I did not knew this feature.
But it would be great if this feature can be activated/deactivated per
message. For example I want sr to open new TCP connections to trsuted
nodes (gateways, SIP proxies, peering partners) but not to user agents.
Thus, it would be great if triggering of this feature can be done with a
function call or a flag. 
23 Jun
23 Jun
8:46 a.m.
Hi Andrei,
On Jun 22, 2009 at 12:37, Ivan Genov
<ivangg_q(a)yahoo.com> wrote:
It depends on what are you using: pre-sip-router kamailio, pre-sip-router
ser
or the latest sip-router code.
If you are using sip-router or a recent ser (e.g 2.1), then the tcp code
does not block (you can make it block if you want though). However this
is not yet true for tls (the tls code is not yet async.).
For the same "versions" (ser 2.1 or sip-router) you can stop outgoing
connects by setting tcp_no_connect to yes. You can do this any time,
even even if sip-router is already started (in this case using
sercmd cfg.set_now_int tcp no_connect 1).
this is a system wide config option, right?
Is or would it be possible to have this option on a transaction/user base?
I'm thinking since quite some time that it would be ideal to decide as
result from the NAT detection if it is worth trying to re-establish a TCP
connection from the proxy to the UA or not.
Thanks
Nils
9 a.m.
New subject: Server trying outgoing TCP (TLS) connection, gets blocked
2009/6/23 Nils Ohlmeier <nils(a)iptel.org>rg>:
this is a system wide config option, right?
Is or would it be possible to have this option on a transaction/user base?
I'm thinking since quite some time that it would be ideal to decide as
result from the NAT detection if it is worth trying to re-establish a TCP
connection from the proxy to the UA or not.
Good point. Trying to reconnect a TCP connexion with a TCP natted
client is useless.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
5637
days inactive
5639
days old
8 comments
5 participants
participants (5)
-
Andrei Pelinescu-Onciul -
Ivan Genov -
Iñaki Baz Castillo -
Klaus Darilion -
Nils Ohlmeier