Christian,
In our case IP gets blacklisted for about 4 minutes as described on
http://openser.org/pipermail/users/2007-January/008848.html (.. The
rules from this list have a life time of 4 minutes - you can change it
at compile time, from blacklists.h )
The behaviour is consistent during that time. We get a 473 immediately
and all the time. To test I simply entered a wrong ip for our first
gateway returned by the lcr. Openser timed out and failed over to the
next gateway for the first call.
I checked the blacklist at that time and the gateway with wrong IP was
on the list.
Redialing got a 473 consistently at that time. Problem is that at that
point ALL calls to that gateway start failing.
We also have another scenario where a particular gateway is used as a
default for all outbound calls. Calls sent to this gateway are routed
to our legacy PBX which routes them according to its own LCR. In this
scenario if a 503 is returned for one particular type of call, OpenSER
blacklists the gateway even though the gateway is available to route all
other calls. Double trouble :)
-----Original Message-----
From: Christian Schlatter [mailto:cs@unc.edu]
Sent: Monday, July 23, 2007 10:34 AM
To: users(a)openser.org
Cc: Zahid Mehmood
Subject: Re: [OpenSER-Users] Re: [Users] 473 Filtered destination?
We recently had some issues with dns blacklisting and 473 as well, we
had to disable blacklisting on our production proxies. Unfortunately I
wasn't able to reproduce the problem so far.
It *seems* that sometimes the blacklist gets activated mistakenly for
targets that are alive. E.g. we weren't able to call our gateways
anymore (always got back 473 immediately from the proxy) even though
these gateways always have been up.
Do you always get back 473 or does this only happen occasionally?
Christian
Zahid Mehmood wrote:
James,
thanks for your reply.
I tried capturing the 473 in failure route but it doesn't look like it
makes it that far.
t_on_failure("4");
t_on_reply("4");
if (!next_gw()) {
sl_send_reply("503", "Service not available - No gateways");
xlog("L_ERR","$ci: 503 Service not available - No gateways
rU=<$rU>, ruri=<$ru>\n");
return;
};
if (!t_relay()) {
xlog..... msg1
sl_reply_error ();
} else {
xlog msg 2
}
and I don't see either one of the messages from if (!t_relay())
logged.
There is an xlog right at the top of failure route
which is not logged
either.
This is what I see in openser log when using dubug=9
Jul 23 09:35:06 mousse openser[5276]: DBG:check_against_rule_list:
using list dns Jul 23 09:35:06 mousse openser[5276]:
DBG:check_against_rule_list:
matched list dns
Jul 23 09:35:06 mousse openser[5276]: DEBUG:tm:t_forward_nonack:
blocked by blacklists Jul 23 09:35:06 mousse openser[5276]:
ERROR:tm:t_relay_to:
t_forward_nonack returned error
Jul 23 09:35:06 mousse openser[5276]: parse_headers:
flags=ffffffffffffffff Jul 23 09:35:06 mousse openser[5276]:
check_via_address(192.168.12.174,
192.168. 12.174, 0) (
Jul 23 09:35:06 mousse openser[5276]: DBG: trans=0xb604f518, callback
type 128, id 0 entered Jul 23 09:35:06 mousse openser[5276]: ACC: call
missed:
timestamp=1185197706;method=INVITE;from_tag=F2953709-6DD8ACE4;to_tag=;
call_id=2af22500-d6298d67-9e8a6d1a(a)192.168.12.174;code=473;reason=Requ
est
Failure
Thanks again for your help.