Hi guys,
I'd like to propose another possibility for a highly-available and
scalable system design based on SER:
The problems I've encountered for scalable systems are:
- Distribution of the user location and alias location among the nodes
(user location is based on registrations, alias location comes from
web interfaces and is used for call forwarding).
- Reloading up to date location tables after breakdown and recovery of a
node
So I'm just thinking loud about the following provisioning system:
- Write a client which fulfills the this demands:
- Receive one or more locations from SER via a SER module or from a
web application and distribute them to other
known clients. Take care of retransmissions if a client isn't
reachable or reports a temporary failure.
- Receive one or more locations from other clients and write
them into the SER FIFO. If writing into the FIFO fails, try to
write directly into the database (location-table, alias-table etc.).
Report a temporary failure if this also fails.
Maybe a centralized server should be used which receives the locations
from the clients and distributes them to other clients, so that the
nodes just know about the server and nothing about other nodes. This
would make integration of new nodes easy.
On the other hand, it's another single point of failure, so a
decentralized solution should be considered. But that would mean that
you've to inform every node about the existence of a new node.
The protocol used between the nodes should be simple and fast. So I
think SOAP drops out here. Maybe XMLRPC or ICE
(http://www.zeroc.com/ice.html) could be used.
One might think now why not just use replication on SIP layer, but
t_replicate only supports one peer and you've no possibility to get
locations on a node while it's down. Replication of other location
tables like the alias-table is also not possible.
I'd be willing to release these parts as GPL for creating an open
framework for carrier-grade SER integration, so any feedback,
improvements or flames are highly welcome.
Cheers,
Andy
Hi,
I was wondering how I can route my SER users to other
SIP servers, without need of authentication to other
server.
I mean this:
My User -> Auth -> My SER
My SER -> Auth -> Other SIP Server
My User --------make call--------> My SER
--------route call-------> Other SIP Server
Thank you.
Kaveh
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
Hi Joao,
No I was not able to solve the issue.
It seems (this is my guess tough) that the Portaone RTP proxy assumes that it has one public IP adress, so the valid configuration to use it is Public Nt-Private Nt. I was not able to make it work in other configurations (neiher I got feedback from Portaone to do so).
Nevertheless the code is available, so it could be modified...as long as you have the time and will to do so. I did not ;).
Best regards,
josé
-----Original Message-----
From: Joao Pereira [mailto:joao.pereira@fccn.pt]
Sent: 19. oktober 2005 20:17
To: Jose Soler; serusers(a)lists.iptel.org
Subject: Re: [Serusers] RTP proxy between two subnetworks with private @s
Hello, did you made it to put the clients of networks A and B to call
each other?
I want to do the same, and tried a lot of SER/RTPproxy configurations,
including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg
and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks),
but the RTP doesnt pass...
If you found the solution, please tell me.
Thanks
Joao Pereia
www.fccn.pt
Jose Soler wrote:
> Hi,
>
> I am trying to figure out how to solve the follwoing problem. I have
> two subnetworks, A and B, with different private ip adressing schemes
> (IP@A <mailto:IP@A>) and (IP@B <mailto:IP@B>).
>
> SER is installed in a computer with network interfaces towards both
> subnetworks.
> SER's SIP signalling proxying operation works properly within the
> subnetworks and when trying to set up a communication between users in
> A and B. But in that last case, obviously there is no media at all
> circulating among the subnetworks.
>
> Portaone's RTP proxy has been installed and configured in the computer
> with interfaces towards both subnetworks where SER is installed.
>
> I am trying to configure SER so that, based on the nathelper module,
> when communication between both subnetworks occurs, the RTP proxy is
> involved and the communication (also media and not only signalling) is
> possible. BUT I am making something wrong, becouse it does not work ...
>
> Can anyone give me a hand /hint?
> Thanks a lot in advance / in any case.
>
> My SER config file is the following:
>
>
> #
>
> # ----------- global configuration parameters ------------------------
>
> /* Uncomment these lines to enter debugging mode
>
> debug=7
>
> fork=no
>
> log_stderror=yes
>
> */
>
> check_via=no # (cmd. line: -v)
>
> dns=no # (cmd. line: -r)
>
> rev_dns=no # (cmd. line: -R)
>
> fifo="/tmp/ser_fifo"
>
> fifo_mode=0662
>
> alias=wirelessip.x.x.x
>
> alias=sip..x.x.x
>
> alias=x.x.x
>
> log_stderror=no
>
> debug=3
>
> children=3
>
> mhomed=1
>
> # ------------------ module loading ----------------------------------
>
> # Uncomment this if you want to use SQL database
>
> loadmodule "/lib/ser/modules/mysql.so"
>
> loadmodule "/lib/ser/modules/sl.so"
>
> loadmodule "/lib/ser/modules/tm.so"
>
> loadmodule "/lib/ser/modules/rr.so"
>
> loadmodule "/lib/ser/modules/maxfwd.so"
>
> loadmodule "/lib/ser/modules/usrloc.so"
>
> loadmodule "/lib/ser/modules/textops.so"
>
> loadmodule "/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
>
> # mysql.so must be loaded !
>
> loadmodule "/lib/ser/modules/auth.so"
>
> loadmodule "/lib/ser/modules/auth_db.so"
>
> # For NAT support / media proxying
>
> loadmodule "/lib/ser/modules/nathelper.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
> #modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
>
> # for persistent storage and comment the previous line
>
> modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
>
> # Uncomment if you are using auth module
>
> modparam("auth_db", "calculate_ha1", yes)
>
> # If you set "calculate_ha1" parameter to yes (which true in this
> config),
>
> # uncomment also the following parameter)
>
> modparam("auth_db", "password_column", "password")
>
> # -- rr params --
>
> # add value to ;lr param to make some broken UAs happy
>
> modparam("rr", "enable_full_lr", 1)
>
> # For NAT
>
> # We will use flag 6 to mark NATed contacts
>
> modparam("registrar", "nat_flag", 6)
>
> # Enable NAT pinging
>
> modparam("nathelper", "natping_interval", 60)
>
> # Ping only contacts that are known to be
>
> # behind NAT
>
> modparam("nathelper", "ping_nated_only", 1)
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
>
> # max_forwards==0, or excessively long requests
>
> if (!mf_process_maxfwd_header("10")) {
>
> sl_send_reply("483","Too Many Hops");
>
> break;
>
> };
>
> if ( msg:len > max_len ) {
>
> sl_send_reply("513", "Message too big");
>
> break;
>
> };
>
> # special handling for NATed clients; first, nat test is
>
> # executed: it looks for via!=received and RFC1918 addresses
>
> # in Contact (may fail if line-folding used); also,
>
> # the received test should, if complete, should check all
>
> # vias for presence of received
>
> if (nat_uac_test("3")) {
>
> # allow RR-ed requests, as these may indicate that
>
> # a NAT-enabled proxy takes care of it; unless it is
>
> # a REGISTER
>
> if (method == "REGISTER" || ! search("^Record-Route:")) {
>
> log("LOG: Someone trying to register from private IP, rewriting\n");
>
> # This will work only for user agents that support symmetric
>
> # communication. We tested quite many of them and majority is
>
> # smart smart enough to be symmetric. In some phones, like
>
> # it takes a configuration option. With Cisco 7960, it is
>
> # called NAT_Enable=Yes, with kphone it is called
>
> # "symmetric media" and "symmetric signaling". (The latter
>
> # not part of public released yet.)
>
> fix_nated_contact(); # Rewrite contact with source IP of signalling
>
> if (method == "INVITE") {
>
> fix_nated_sdp("1"); # Add direction=active to SDP
>
> };
>
> force_rport(); # Add rport parameter to topmost Via
>
> setflag(6); # Mark as NATed
>
> };
>
> };
>
> # we record-route all messages -- to make sure that
>
> # subsequent messages will go through our proxy; that's
>
> # particularly good if upstream and downstream entities
>
> # use different transport protocol
>
> record_route();
>
> # loose-route processing
>
> if (loose_route()) {
>
> t_relay();
>
> break;
>
> };
>
> lookup("aliases");
>
> # if the request is for other domain use UsrLoc
>
> # (in case, it does not work, use the following command
>
> # with proper names and addresses in it)
>
> if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication
>
> if (!www_authorize("com.dtu.dk", "subscriber")) {
>
> www_challenge("com.dtu.dk", "0");
>
> break;
>
> };
>
> save("location");
>
> break;
>
> };
>
> # native SIP destinations are handled using our USRLOC DB
>
> if (!lookup("location")) {
>
> sl_send_reply("404", "Not Found");
>
> break;
>
> };
>
> };
>
> # forward to current uri now; use stateful forwarding; that
>
> # works reliably even if we forward from TCP to UDP
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> };
>
> }
>
> #
>
> # Forcing media relay if necessary
>
> #
>
> route[1] {
>
> #if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
>
> # sl_send_reply("479", "We don't forward to private IP addresses");
>
> # break;
>
> #};
>
> #if (isflagset(6)) {
>
> force_rtp_proxy(); # I force everything through the proxy
>
> t_on_reply("1");
>
> append_hf("P-Behind-NAT: Yes\r\n");
>
> #};
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> break;
>
> };
>
> }
>
> onreply_route[1] {
>
> if (status =~ "(183)|2[0-9][0-9]") {
>
> fix_nated_contact();
>
> force_rtp_proxy();
>
> };
>
> }
>
>
>
>
>
>
>
>
>-----------------------------------------------------------------------
>-
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
>
I am relatively new to SER. My SIP service provider requires me to
present the ANI in the "From" field in my INVITE message header in E.164
format. I am currently sending this information as follows:
From: "2125551212" <sip:2125551212@xxx.xxx.xxx.xxx>
They want it in E.164 format as follows:
From: "+12125551212" <sip:+12125551212@xxx.xxx.xxx.xxx>
I see function only to modify the SIP URI but not the other header or
SDP fields.
Could someone help me with a code snippet that I can use in ser.cfg to
do this conversion?
Regards,
SCM
on my machine,
ser 0.9.3 crashes as soon as a UA sends REGISTER message
on doing gdb ser corefile i get the following when calling 'bt'
(gdb) bt
#0 qm_malloc (qm=0x8107e00, size=760) at mem/q_malloc.c:290
#1 0x0806ce0e in receive_msg (
buf=0x80d6560 "REGISTER sip:194.255.1.199:5060 SIP/2.0\r\nFrom:
<sip:88515356@194.255.1.199>;tag=ccd4c5cb-13c4-2838-9d1b45-6d9e\r\nTo:
<sip:88515356@194.255.1.199>\r\nCall-ID:
ccd4c5cb-13c4-2838-9d1b45-7a20\r\nCSeq: 1 REGIS"...,
len=437, rcv_info=0xbfed0fe0) at receive.c:92
#2 0x0808421c in udp_rcv_loop () at udp_server.c:458
#3 0x0805ceaf in main_loop () at main.c:1032
#4 0x0805e50b in main (argc=2, argv=0xbfed11a4) at main.c:1568
(gdb) print h
$9 = 0
please help,
note that a similar setup on another machine works just fine.
tulika
Yes, On serweb acount tab message store.
I've seen the voicemail plugin code,
and this doesn't write on mysql silo table.
How I do put voicemail on serweb?
Regards
Alejandro.
El sáb, 23-07-2005 a las 11:46 +0200, harry gaillac escribió:
> Hello,
>
> You mean forward to voicemail on account tab ?
>
> harry
> --- Alejandro Mellado <amellado(a)uct.cl> a écrit :
>
> > Hi
> >
> >
> > I'm trying to activate the voicemail in serweb.
> > I've working msilo with IM successfully.
> >
> > Somebody Can help me?
> >
> >
> > Regards
> > Saluda Atte.
> > Alejandro Mellado <amellado(a)uct.cl>.
> > Escuela de Informática
> > Universidad Católica de Temuco
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers(a)lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
>
>
>
>
>
>
>
> ___________________________________________________________________________
> Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
> Téléchargez cette version sur http://fr.messenger.yahoo.com
Saluda Atte.
Alejandro Mellado <amellado(a)uct.cl>.
Escuela de Informática
Universidad Católica de Temuco
Hernan,
OSP uses Public key based authentication and encrytion schemes, which are stronger than Radius's shared secrets. If you use OSP for authentication and authorization, you need not use Radius. OSP, just like Radius, has a client stack, which is implemented in the SER, and has a Server, which provides centralized call routing, accounting, and security. At the time of startup, the OSP server and the client, the SER in this case, exchange their public keys. The public and private keys can then be used to encode/decode messages as desired.
A typical call setup procedure looks like this
1. The source SER goes to the osp server to get the SIP URI corresopnding to the destination. The message is encoded using the source SER's private key.
2. The osp server decodes the message using source SERs public key and after successful decoding (authentication) returns the route back to the source. Along with the route, it also sends back a digitally signed (using the OSP Servers private key) token.
3. The Source uses the route returned by the OSP Srver to send an INVITE. The INVITE message contains the token issued by the OSP Server
4. The destination decodes/validates the token using the OSP Servers public key. Upon successful validation (authorization) it accepts the call.
This saves you the effort of mantaining cumbersome access lists for authentication. I can provide you with more documentatin on OSP and how to
use SER with OSP if you wish
Thanks,
Vikrant
-------------------------------------------------------------------------------------------------------------
Fogive my ignorance for I have never heard of OSP before ;) You mentioned Radius in your message. How does Radius authentication work in OSP? I am having a tough time getting mine to work.
hernan
vmathur(a)transnexus.com wrote:
Dear All,
I have recently implemented OSP w/ SER. OSP is an ETSI defined protocol, which I am using for ceneralised routing, and security of my inter-domain calls. The problem, however, is that the build process is a little lengthy. I want to contribute my implementation to this group so that anyone who is struggling with SER routing configurations or Radius authentication issues may benefit from it. I was, thus, wondering if we can have a binary file of the OSP enabled SER, that can be distributed with the source code. Does anyone have an opinion on this?
Also, for anyone who wants to check-out this implementation, I can provide more details.
Thanks,
Vikrant
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Does anyone know if there is a way to authenticate SER to MS Active
Directory? I'd like to use an existing user database instead of
having to manage users myself, and most of our users are in Active
Directory.
Has anyone tried this?
What are most SER users using for authentication? Is anyone here
tying into any kind of existing organization user database?
Hi to everybody!
Im currently trying to setup an outbound proxy using ser. Im still a
newbie with this ser and im not yet that good with the scripting.
Could anyone tell me how to configure ser for outbound proxy only
using rtpproxy? There are samples files in the Getting started manual
but im having troubles eliminating the authentication/mysql part in
script since im not yet familiar which modules depends on which. A
striped down version of the nat-rtpproxy.cfg file would be really
appreciated. Thanks in advance.
_jeff