Hi Kamailio community,
I am running an IPsec server beside Kamailio, so I am interested to know if there is any method to create a SIP listener on a specific port on the fly. I mean, when I create the IPsec SAs through the IPsec server, I ask Kamailio to create a listener/handler for that port too.This case might be very rare, but it is always good to hear community ideas. Thank you. Regards,Hossein
Hi,
Unfortunately, for a variety of architectural reasons, this is not practical.
— Alex
Thanks Alex.Is there any document or material that tells more about those reasons?
Regards,Hossein
On Tuesday, October 25, 2022 at 01:00:18 PM PDT, Alex Balashov abalashov@evaristesys.com wrote:
Hi,
Unfortunately, for a variety of architectural reasons, this is not practical.
— Alex
Well, no, it just stems from some knowledge of Kamailio’s multiprocess architecture.
Kamailio uses a static pool of preforked SIP worker processes, and this is initialised once upon startup. These child processes are spawned for every listener, and communicate and share data using SysV IPC and shared memory. The shared memory pool is likewise initialised upon startup, as is the small fixed-size area of private memory associated with each other worker process (“package memory”).
While perhaps not strictly impossible to alter, this setup isn’t particularly amenable to the dynamic creation and destruction of listeners, or the additional child processes they beget. The child processes need to be forked on startup, before their heap is laden with runtime baggage. All this is relatively expensive to initialise.
— Alex
Thanks Alex for your elaboration; you are right. This is the reason that the current ims_ipsec module will create a bunch of listeners at startup that looks not efficient.
Regards,Hossein
On Tuesday, October 25, 2022 at 01:28:38 PM PDT, Alex Balashov abalashov@evaristesys.com wrote:
Well, no, it just stems from some knowledge of Kamailio’s multiprocess architecture.
Kamailio uses a static pool of preforked SIP worker processes, and this is initialised once upon startup. These child processes are spawned for every listener, and communicate and share data using SysV IPC and shared memory. The shared memory pool is likewise initialised upon startup, as is the small fixed-size area of private memory associated with each other worker process (“package memory”).
While perhaps not strictly impossible to alter, this setup isn’t particularly amenable to the dynamic creation and destruction of listeners, or the additional child processes they beget. The child processes need to be forked on startup, before their heap is laden with runtime baggage. All this is relatively expensive to initialise.
— Alex
Hi Hossein,
yes, you are right, it is in-efficient. It may be fine for a private network/PoC/Lab/ or anything else small, but it will not really work for a commercial network - for that you need something different.
Thanks, Carsten -- Carsten Bock I CTO & Founder
ng-voice GmbH
Trostbrücke 1 I 20457 Hamburg I Germany T +49 179 2021244 I www.ng-voice.com
Registry Office at Local Court Hamburg, HRB 120189 Managing Directors: Dr. David Bachmann, Carsten Bock
Am Di., 25. Okt. 2022 um 23:03 Uhr schrieb H Yavari <hyavari@rocketmail.com
:
Hi Casrten, Thanks for the comment. I know you provide IMS, have you contributed to Kamailio IPsec, or do you have something in-house solution for this part? (I hope this question will not be off-topic) BRHossein
On Wednesday, October 26, 2022 at 06:37:33 AM PDT, Carsten Bock carsten@ng-voice.com wrote:
Hi Hossein, yes, you are right, it is in-efficient. It may be fine for a private network/PoC/Lab/ or anything else small, but it will not really work for a commercial network - for that you need something different. Thanks,Carsten --Carsten Bock I CTO & Founder
ng-voice GmbH
Trostbrücke 1 I 20457 Hamburg I Germany T +49 179 2021244 I www.ng-voice.com
Registry Office at Local Court Hamburg, HRB 120189 Managing Directors: Dr. David Bachmann, Carsten Bock
Am Di., 25. Okt. 2022 um 23:03 Uhr schrieb H Yavari hyavari@rocketmail.com:
Thanks Alex for your elaboration; you are right. This is the reason that the current ims_ipsec module will create a bunch of listeners at startup that looks not efficient.
Regards,Hossein
On Tuesday, October 25, 2022 at 01:28:38 PM PDT, Alex Balashov abalashov@evaristesys.com wrote:
Well, no, it just stems from some knowledge of Kamailio’s multiprocess architecture.
Kamailio uses a static pool of preforked SIP worker processes, and this is initialised once upon startup. These child processes are spawned for every listener, and communicate and share data using SysV IPC and shared memory. The shared memory pool is likewise initialised upon startup, as is the small fixed-size area of private memory associated with each other worker process (“package memory”).
While perhaps not strictly impossible to alter, this setup isn’t particularly amenable to the dynamic creation and destruction of listeners, or the additional child processes they beget. The child processes need to be forked on startup, before their heap is laden with runtime baggage. All this is relatively expensive to initialise.
— Alex
Hi Hossein,
due to those limitations, we are using a custom, in-house solution for our MNO/MVNO deployments, which we haven't released as open-source (yet).
Thanks, Carsten
-- Carsten Bock I CTO & Founder
ng-voice GmbH
Trostbrücke 1 I 20457 Hamburg I Germany T +49 179 2021244 I www.ng-voice.com
Registry Office at Local Court Hamburg, HRB 120189 Managing Directors: Dr. David Bachmann, Carsten Bock
Am Mi., 26. Okt. 2022 um 18:29 Uhr schrieb H Yavari <hyavari@rocketmail.com
:
Hello. I'm wondering why not having the ability to create a SIP listener on the fly/usage instead of bunch of listeners at startup can be a limitation. I believe each listener can serve multiple ipsec connections, or it is not the case? -- obelousov.tel
On Thu, Oct 27, 2022 at 5:26 PM Carsten Bock carsten@ng-voice.com wrote:
Hello,
noting I don't use the ims modules and I do not know what they are supposed to do, but the initial design for the pool of worker processes was to be able to call module init and child init callbacks before any traffic is handled. Alex provided details on memory initialization as well.
Case by case a module can listen on additional sockets, like ctl does for rpc commands, or lwsc with websocket client connections.
If an ims module need work with new sockets, then the module can implement the mechanism for it, the developer has the whole C language at hand. The implementation tcp layer does it with new tcp connections, having a tcp connections manager.
Obviously, if someone wants to contribute it for the classic sip workers, a PR can be made, it can be merged upon review.
Cheers, Daniel
On 23.11.22 16:03, Oleg Belousov wrote:
-
Alex Balashov -
Carsten Bock -
Daniel-Constantin Mierla -
H Yavari -
Oleg Belousov