23 Feb
2018
23 Feb
'18
2:17 p.m.
A common design which avoids this is to use TCP at the
client edge and
UDP inside the network core. This is one of the reasons why TCP is not
optimal for use inside the core.
That makes sense, but is unfortunately not an option for me due to strict security
requirements.
I need to use TLS on the whole path.
Another option I explored was to have the edge proxies not always use the same TCP
connection for sending to the registrar.
If I could find a way to load balance across a number of TCP connections, that would
probably work for me.
Perhaps there is a way the DISPATHCER module can be configured to accomplish this.
Maybe the dispatcher configuration can list multiple copies of the same destination, but
each having a different send socket address, and then can load balance across those.
Does that make any sense?
23 Feb
23 Feb
2:25 p.m.
New subject: How are SIP messages divided amongst TCP workers?
On Fri, Feb 23, 2018 at 07:17:48PM +0000, Cody Herzog wrote:
That makes sense, but is unfortunately not an option
for me due to
strict security requirements. I need to use TLS on the whole path.
Personally, I would work around that requirement, either by using a
compliant private backplane/backbone network for internal communication,
or running UDP inside encrypted tunnels. That's the most promising
avenue in my opinion.
Another option I explored was to have the edge proxies
not always use the same TCP connection for sending to the registrar.
If I could find a way to load balance across a number of TCP
connections, that would probably work for me. Perhaps there is a way
the DISPATHCER module can be configured to accomplish this. Maybe the
dispatcher configuration can list multiple copies of the same
destination, but each having a different send socket address, and then
can load balance across those.
It does, but unfortunately that level of fine-grained control isn't
reasonably possible.
The only thing I can think of would be to have the registrar close the
TCP connection after receiving the registration. I don't know of a way
to do that except by changing the lifetime to something like zero after
the fact:
https://kamailio.org/docs/modules/5.1.x/modules/tcpops.html#tcpops.f.tcp_se…
That would cause new connections to land at other workers, presumably.
But it's a kludgy solution. UDP is better.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
5:29 p.m.
New subject: How are SIP messages divided amongst TCP workers?
This issue may be related to the question:
https://github.com/kamailio/kamailio/issues/1107
-- Juha
2550
days inactive
2550
days old
2 comments
3 participants
participants (3)
-
Alex Balashov -
Cody Herzog -
Juha Heinanen