7 Jul
2020
7 Jul
'20
8:39 p.m.
Hi,
I would like to use Kamailio for load balancing incoming carrier traffic. We do currently
IP authentication and call logic in Yate boxes. Ideally I would like to distribute calls
with 30X redirects with the Kamailio dispatcher so that IP authentication and all logic
can stay in the Yate boxes.
However I have doubts that 30X redirects are generally accepted in interconnects. What is
your experience with this?
What is the possible alternative to redirects if one wants to keep IP authentication and
call logic in the boxes behind the Kamailio SIP router? E.g. how can one reliably check
the carrier source IPs behind Kamailio? Custom headers injected by Kamailio?
Of cause I can check source IPs with a database lookup in Kamailio but I try to avoid that
as this makes the setup much more complicated and error prone.
Thank you for your ideas.
Gerry
7 Jul
7 Jul
8:46 p.m.
It is my experience that origination providers do not follow redirects;
it is seen as a policy rather than a technical problem.
Custom header injected by Kamailio is a good way to go for conserving
originating network info (e.g. IP and port).
On 7/7/20 1:39 PM, Gerry | Rigatta.com wrote:
Hi,
I would like to use Kamailio for load balancing incoming carrier traffic. We do currently
IP authentication and call logic in Yate boxes. Ideally I would like to distribute calls
with 30X redirects with the Kamailio dispatcher so that IP authentication and all logic
can stay in the Yate boxes.
However I have doubts that 30X redirects are generally accepted in interconnects. What is
your experience with this?
What is the possible alternative to redirects if one wants to keep IP authentication and
call logic in the boxes behind the Kamailio SIP router? E.g. how can one reliably check
the carrier source IPs behind Kamailio? Custom headers injected by Kamailio?
Of cause I can check source IPs with a database lookup in Kamailio but I try to avoid
that as this makes the setup much more complicated and error prone.
Thank you for your ideas.
Gerry
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
8 Jul
8 Jul
3:41 p.m.
Hi Alex,
thanks for your help.
OK. I have added an additional header showing the originating IP in case traffic comes not
from one of the boxes listed in the dispatcher module. I grab that header field in the
boxes behind Kamailio and authenticate against it. Works well. The only possible danger I
see is that someone gets direct access to the boxes and fakes the IP header.
Any other risks/downsides with this approach?
Gerry
request_route {
# per request initial checks
route(REQINIT);
# add source headers
remove_hf(“Tru-IP");
if (!ds_is_from_list(1,3)) {
# if route is from external then preserve the source IP so we can check it later
append_hf(“Tru-IP: $si\r\n");
}
….
On 7 Jul 2020, at 19:46, Alex Balashov
<abalashov(a)evaristesys.com> wrote:
It is my experience that origination providers do not follow redirects; it is seen as a
policy rather than a technical problem.
Custom header injected by Kamailio is a good way to go for conserving originating network
info (e.g. IP and port).
On 7/7/20 1:39 PM, Gerry | Rigatta.com wrote:
Hi,
I would like to use Kamailio for load balancing incoming carrier traffic. We do currently
IP authentication and call logic in Yate boxes. Ideally I would like to distribute calls
with 30X redirects with the Kamailio dispatcher so that IP authentication and all logic
can stay in the Yate boxes.
However I have doubts that 30X redirects are generally accepted in interconnects. What is
your experience with this?
What is the possible alternative to redirects if one wants to keep IP authentication and
call logic in the boxes behind the Kamailio SIP router? E.g. how can one reliably check
the carrier source IPs behind Kamailio? Custom headers injected by Kamailio?
Of cause I can check source IPs with a database lookup in Kamailio but I try to avoid
that as this makes the setup much more complicated and error prone.
Thank you for your ideas.
Gerry
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
1598
days inactive
1599
days old
2 comments
3 participants
participants (3)
-
Alex Balashov -
Gerry | Rigatta -
Gerry | Rigatta.com