Hello,

My suggestion is that stay away from NAT if you dont have to. various  sip client/Firewalls make out troubles for registration and invites,  even if Kamailio can handle it.  If you have a high load TLS connection / subscriber , I think you should use load balancer and NAT options.

For example;

1 - Load balancer like F5  that balancing your connection active-active Kamailios 

UAC ----> F5 ------> Kamailio -1 (advertises public IP)

                   |

                    ------->  Kamailio -2 (advertises public IP)

2- Use kamailio as MultiHomed that convert transport layer to tcp/udp

UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) ------->  Kamailio-1(TCP/UDP)

                                                                                  |

                                                                                   ---------> Kamailio-2(TCP/UDP)

Good luck

Yasin CANER

---

From: sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Pintu Lohar <pintulohargcetts@gmail.com>
Sent: Tuesday, February 26, 2019 8:09 AM
To: sr-users@lists.kamailio.org
Subject: [SR-Users] Kamailio behind NAT or With Public IP - Which one is highly recommended

 

Hi Everyone, 

Which one among the below option is highly recommended for setting up Kamailio (for production)
  1.  Kamailio behind NAT or 
   2. Setting up Kamailio using public IP?

 are there any disadvantages if we setup Kamailio behind NAT and use advertise option in listen parameters?

We have tested both the options, and both the options work great for us( a. Kamailio behind NAT with advertising in listen parameters b.Kamailio setup with public IP).  So wondering which one is best and highly recommended? 

Some extra info :
1. We use TLS

2. Using coturn for media 

 
Thanks

Pintu