26 Feb
2019
26 Feb
'19
8:09 a.m.
Hi Everyone,
Which one among the below option is highly recommended for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for us( a.
Kamailio behind NAT with advertising in listen parameters b.Kamailio setup
with public IP). So wondering which one is best and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
27 Feb
27 Feb
12:27 a.m.
Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:
Which one among the below option is highly recommended
for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for us( a.
Kamailio behind NAT with advertising in listen parameters b.Kamailio setup
with public IP). So wondering which one is best and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Hello Pintu,
generally speaking, if you have the choice between a network setup with NAT
and without NAT (everything else equal) - my recommendation would to choose
the one without NAT. It will be easier to debug in case of problems on your
side or the client side.
Best regards,
Henning
--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services
Kamailio security assessment - https://skalatan.de/de/assessment
12:47 a.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
I second that. And to add to Henning's suggestion...
We recently tested that same setup, and we found one "thing": Using
advertise, you will need a second port (listen transport:ip:port) to talk
to internal servers that require you to *keep* the private IP. Otherwise
all outgoing request from that kamailio will have the IP replaced by
whatever the advertise says and that can mess up your internal routing.
Not an issue, as I said you can configure a second port, but just something
to know depending on what your setup is gong to look like.
Good luck!
Joel.
On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <hw(a)kamailio.org> wrote:
Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb
Pintu Lohar:
Which one among the below option is highly
recommended for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for us(
a.
Kamailio behind NAT with advertising in listen
parameters b.Kamailio
setup
with public IP). So wondering which one is best
and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Hello Pintu,
generally speaking, if you have the choice between a network setup with
NAT
and without NAT (everything else equal) - my recommendation would to
choose
the one without NAT. It will be easier to debug in case of problems on
your
side or the client side.
Best regards,
Henning
--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services
Kamailio security assessment - https://skalatan.de/de/assessment
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
12:49 a.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
I third that. NAT by definition adds complications and overhead, even if
they are not significant from a modern economic perspective. If you have
the luxury to take NAT out of the equation, you definitely should. But
if you can't, Kamailio copes with this very well and has an ample
feature set to accommodate that type of deployment, given how common it
is nowadays to deploy Kamailio in NAT-only environments such as AWS.
On Tue, Feb 26, 2019 at 01:47:36PM -0800, Joel Serrano wrote:
I second that. And to add to Henning's
suggestion...
We recently tested that same setup, and we found one "thing": Using
advertise, you will need a second port (listen transport:ip:port) to talk
to internal servers that require you to *keep* the private IP. Otherwise
all outgoing request from that kamailio will have the IP replaced by
whatever the advertise says and that can mess up your internal routing.
Not an issue, as I said you can configure a second port, but just something
to know depending on what your setup is gong to look like.
Good luck!
Joel.
On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <hw(a)kamailio.org> wrote:
> Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:
> > Which one among the below option is highly recommended for setting up
> > Kamailio (for production)
> > 1. Kamailio behind NAT *or*
> > 2. Setting up Kamailio using public IP?
> >
> > are there any disadvantages if we setup Kamailio behind NAT and use
> > advertise option in listen parameters?
> >
> > We have tested both the options, and both the options work great for us(
> a.
> > Kamailio behind NAT with advertising in listen parameters b.Kamailio
> setup
> > with public IP). So wondering which one is best and highly recommended?
> >
> > Some extra info :
> > 1. We use TLS
> > 2. Using coturn for media
>
> Hello Pintu,
>
> generally speaking, if you have the choice between a network setup with
> NAT
> and without NAT (everything else equal) - my recommendation would to
> choose
> the one without NAT. It will be easier to debug in case of problems on
> your
> side or the client side.
>
> Best regards,
>
> Henning
>
> --
> Henning Westerholt - https://skalatan.de/blog/
> Kamailio services - https://skalatan.de/services
> Kamailio security assessment - https://skalatan.de/de/assessment
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
28 Feb
28 Feb
4:18 p.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
El mar., 26 de feb. de 2019 a la(s) 17:53, Alex Balashov (
abalashov(a)evaristesys.com) escribió:
I third that. NAT by definition adds complications and
overhead, even if
i agree with! i currently have a confusion: as i pointed here:
https://lists.kamailio.org/pipermail/sr-users/2019-February/104862.html
i have kamailio+rtpproxy/rtpengine and asterisk in realtime mode
but if i not bind the asterisk ports agains the public ip there's its no
sound..
i mean, i want only let rtpproxy/rtpengine (whatever of two no both) only
agains public ip
is nowadays to deploy Kamailio in NAT-only
environments such as AWS.
i cannot find some info about deploy agains AWS flavored OS,
where the public ip are kind of NAT.. and cannot take as real interface ...
some help with that are appreciated!
On Tue, Feb 26, 2019 at 01:47:36PM -0800, Joel Serrano wrote:
I second that. And to add to Henning's
suggestion...
We recently tested that same setup, and we found one "thing": Using
advertise, you will need a second port (listen transport:ip:port) to talk
to internal servers that require you to *keep* the private IP. Otherwise
all outgoing request from that kamailio will have the IP replaced by
whatever the advertise says and that can mess up your internal routing.
Not an issue, as I said you can configure a second port, but just
something
to know depending on what your setup is gong to
look like.
Good luck!
Joel.
On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <hw(a)kamailio.org>
wrote:
> Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:
> > Which one among the below option is highly recommended for setting up
> > Kamailio (for production)
> > 1. Kamailio behind NAT *or*
> > 2. Setting up Kamailio using public IP?
> >
> > are there any disadvantages if we setup Kamailio behind NAT and use
> > advertise option in listen parameters?
> >
> > We have tested both the options, and both the options work great for
us(
> a.
> > Kamailio behind NAT with advertising in listen parameters b.Kamailio
> setup
> > with public IP). So wondering which one is best and highly
recommended?
> >
> > Some extra info :
> > 1. We use TLS
> > 2. Using coturn for media
>
> Hello Pintu,
>
> generally speaking, if you have the choice between a network setup with
> NAT
> and without NAT (everything else equal) - my recommendation would to
> choose
> the one without NAT. It will be easier to debug in case of problems on
> your
> side or the client side.
>
> Best regards,
>
> Henning
>
> --
> Henning Westerholt - https://skalatan.de/blog/
> Kamailio services - https://skalatan.de/services
> Kamailio security assessment - https://skalatan.de/de/assessment
>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> _______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
27 Feb
27 Feb
5:56 a.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hi Henning, Joel,
Thanks for your valuable input.
One of our setup for production looks like below for around 1 million
users initially :
/ -------------->
Kamailio (active node, as of now private) \
Client -- > LB(public IP- l4 switch)--
---------->Centralized database
\ -------------->
Kamailio (passive node, as of now private) /
In the future, we have a plan to add another domain and allow calls between
different domain.
Thanks & Regards
Pintu
On Wed, Feb 27, 2019 at 6:47 AM Joel Serrano <joel(a)textplus.com> wrote:
I second that. And to add to Henning's
suggestion...
We recently tested that same setup, and we found one "thing": Using
advertise, you will need a second port (listen transport:ip:port) to talk
to internal servers that require you to *keep* the private IP. Otherwise
all outgoing request from that kamailio will have the IP replaced by
whatever the advertise says and that can mess up your internal routing.
Not an issue, as I said you can configure a second port, but just
something to know depending on what your setup is gong to look like.
Good luck!
Joel.
On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <hw(a)kamailio.org>
wrote:
Am Dienstag, 26. Februar 2019, 06:09:08 CET
schrieb Pintu Lohar:
Which one among the below option is highly
recommended for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for
us( a.
Kamailio behind NAT with advertising in listen
parameters b.Kamailio
setup
with public IP). So wondering which one is best
and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Hello Pintu,
generally speaking, if you have the choice between a network setup with
NAT
and without NAT (everything else equal) - my recommendation would to
choose
the one without NAT. It will be easier to debug in case of problems on
your
side or the client side.
Best regards,
Henning
--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services
Kamailio security assessment - https://skalatan.de/de/assessment
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
9:10 a.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hello,
My suggestion is that stay away from NAT if you dont have to. various sip
client/Firewalls make out troubles for registration and invites, even if Kamailio can
handle it. If you have a high load TLS connection / subscriber , I think you should use
load balancer and NAT options.
For example;
1 - Load balancer like F5 that balancing your connection active-active Kamailios
UAC ----> F5 ------> Kamailio -1 (advertises public IP)
|
-------> Kamailio -2 (advertises public IP)
2- Use kamailio as MultiHomed that convert transport layer to tcp/udp
UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) -------> Kamailio-1(TCP/UDP)
|
---------> Kamailio-2(TCP/UDP)
Good luck
Yasin CANER
________________________________
From: sr-users <sr-users-bounces(a)lists.kamailio.org> on behalf of Pintu Lohar
<pintulohargcetts(a)gmail.com>
Sent: Tuesday, February 26, 2019 8:09 AM
To: sr-users(a)lists.kamailio.org
Subject: [SR-Users] Kamailio behind NAT or With Public IP - Which one is highly
recommended
Hi Everyone,
Which one among the below option is highly recommended for setting up Kamailio (for
production)
1. Kamailio behind NAT or
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use advertise option in
listen parameters?
We have tested both the options, and both the options work great for us( a. Kamailio
behind NAT with advertising in listen parameters b.Kamailio setup with public IP). So
wondering which one is best and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
12:27 p.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hi Yasin,
Thanks indeed for your valuable input for the
active-active cluster(Option-1) & Option-2
We definitely would like to try setting up an active-active cluster for the
next phase if not in current phase.
But In order to use Kamailio in the active-active cluster, I think we
need to forward or replicate registration to both the active-active server?
in order to proxy the invite packet through the server where the UA is
registered?
We use the following use cases :
1. We use FCM and APNS push to wake up the app.
2. Multi forking / Late forking cases are also involved.
3. Using Kamailio as a stateful proxy.
Thanks & Regards
Pintu
On Wed, Feb 27, 2019 at 3:10 PM YASIN CANER <caner_yaso(a)hotmail.com> wrote:
Hello,
My suggestion is that stay away from NAT if you dont have to. various sip
client/Firewalls make out troubles for registration and invites, even if
Kamailio can handle it. If you have a high load TLS connection /
subscriber , I think you should use load balancer and NAT options.
For example;
1 - Load balancer like F5 that balancing your connection active-active
Kamailios
UAC ----> F5 ------> Kamailio -1 (advertises public IP)
|
-------> Kamailio -2 (advertises public IP)
2- Use kamailio as MultiHomed that convert transport layer to tcp/udp
UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) -------> Kamailio-1(TCP/UDP)
|
---------> Kamailio-2(TCP/UDP)
Good luck
Yasin CANER
------------------------------
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> on behalf of Pintu
Lohar <pintulohargcetts(a)gmail.com>
*Sent:* Tuesday, February 26, 2019 8:09 AM
*To:* sr-users(a)lists.kamailio.org
*Subject:* [SR-Users] Kamailio behind NAT or With Public IP - Which one
is highly recommended
Hi Everyone,
Which one among the below option is highly recommended for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for us(
a. Kamailio behind NAT with advertising in listen parameters b.Kamailio
setup with public IP). So wondering which one is best and highly
recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
1:16 p.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hello Pintu
1 million TLS user? Have u ever test with tester on Kamailio ?Because I remembered in
sr-mails that an user tested on 1000 client on TLS transport , it consumes so much CPU etc
. I guess 1 milliyonTLSUser make big impact your system for all registration/call.
I tested option-2 for relaying registers about 1-2 years ago for proof of concept. It
works fine.
you can replicate user location data by Dmq_usrloc module and can use path header then
build a triangle topology to bridge calls.
Or
You can build a Location Information service to find which kamailio has UAC data .
Best Regards.
Yasin CANER
________________________________
From: Pintu Lohar <pintulohargcetts(a)gmail.com>
Sent: Wednesday, February 27, 2019 12:27 PM
To: YASIN CANER
Cc: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio behind NAT or With Public IP - Which one is highly
recommended
Hi Yasin,
Thanks indeed for your valuable input for the active-active cluster(Option-1) &
Option-2
We definitely would like to try setting up an active-active cluster for the next phase if
not in current phase.
But In order to use Kamailio in the active-active cluster, I think we need to forward or
replicate registration to both the active-active server?
in order to proxy the invite packet through the server where the UA is registered?
We use the following use cases :
1. We use FCM and APNS push to wake up the app.
2. Multi forking / Late forking cases are also involved.
3. Using Kamailio as a stateful proxy.
Thanks & Regards
Pintu
On Wed, Feb 27, 2019 at 3:10 PM YASIN CANER
<caner_yaso@hotmail.com<mailto:caner_yaso@hotmail.com>> wrote:
Hello,
My suggestion is that stay away from NAT if you dont have to. various sip
client/Firewalls make out troubles for registration and invites, even if Kamailio can
handle it. If you have a high load TLS connection / subscriber , I think you should use
load balancer and NAT options.
For example;
1 - Load balancer like F5 that balancing your connection active-active Kamailios
UAC ----> F5 ------> Kamailio -1 (advertises public IP)
|
-------> Kamailio -2 (advertises public IP)
2- Use kamailio as MultiHomed that convert transport layer to tcp/udp
UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) -------> Kamailio-1(TCP/UDP)
|
---------> Kamailio-2(TCP/UDP)
Good luck
Yasin CANER
________________________________
From: sr-users
<sr-users-bounces@lists.kamailio.org<mailto:sr-users-bounces@lists.kamailio.org>>
on behalf of Pintu Lohar
<pintulohargcetts@gmail.com<mailto:pintulohargcetts@gmail.com>>
Sent: Tuesday, February 26, 2019 8:09 AM
To: sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
Subject: [SR-Users] Kamailio behind NAT or With Public IP - Which one is highly
recommended
Hi Everyone,
Which one among the below option is highly recommended for setting up Kamailio (for
production)
1. Kamailio behind NAT or
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use advertise option in
listen parameters?
We have tested both the options, and both the options work great for us( a. Kamailio
behind NAT with advertising in listen parameters b.Kamailio setup with public IP). So
wondering which one is best and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
1:30 p.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hi Yasin,
Not yet tested, My bad - it's 0.1 million with TLS but yes we are yet to
test ), We need to distribute the users to different Kamailio cluster
through API server. However, Would like to try Option 2 as well and test
with it.
Regards
Pintu Lohar
On Wed, Feb 27, 2019 at 7:16 PM YASIN CANER <caner_yaso(a)hotmail.com> wrote:
Hello Pintu
1 million TLS user? Have u ever test with tester on Kamailio ?Because I
remembered in sr-mails that an user tested on 1000 client on TLS transport
, it consumes so much CPU etc . I guess 1 milliyonTLSUser make big impact
your system for all registration/call.
I tested option-2 for relaying registers about 1-2 years ago for proof of
concept. It works fine.
you can replicate user location data by Dmq_usrloc module and can use path
header then build a triangle topology to bridge calls.
Or
You can build a Location Information service to find which kamailio has
UAC data .
Best Regards.
Yasin CANER
------------------------------
*From:* Pintu Lohar <pintulohargcetts(a)gmail.com>
*Sent:* Wednesday, February 27, 2019 12:27 PM
*To:* YASIN CANER
*Cc:* Kamailio (SER) - Users Mailing List
*Subject:* Re: [SR-Users] Kamailio behind NAT or With Public IP - Which
one is highly recommended
Hi Yasin,
Thanks indeed for your valuable input for the
active-active cluster(Option-1) & Option-2
We definitely would like to try setting up an active-active cluster for
the next phase if not in current phase.
But In order to use Kamailio in the active-active cluster, I think we
need to forward or replicate registration to both the active-active server?
in order to proxy the invite packet through the server where the UA is
registered?
We use the following use cases :
1. We use FCM and APNS push to wake up the app.
2. Multi forking / Late forking cases are also involved.
3. Using Kamailio as a stateful proxy.
Thanks & Regards
Pintu
On Wed, Feb 27, 2019 at 3:10 PM YASIN CANER <caner_yaso(a)hotmail.com>
wrote:
Hello,
My suggestion is that stay away from NAT if you dont have to. various sip
client/Firewalls make out troubles for registration and invites, even if
Kamailio can handle it. If you have a high load TLS connection /
subscriber , I think you should use load balancer and NAT options.
For example;
1 - Load balancer like F5 that balancing your connection active-active
Kamailios
UAC ----> F5 ------> Kamailio -1 (advertises public IP)
|
-------> Kamailio -2 (advertises public IP)
2- Use kamailio as MultiHomed that convert transport layer to tcp/udp
UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) -------> Kamailio-1(TCP/UDP)
|
---------> Kamailio-2(TCP/UDP)
Good luck
Yasin CANER
------------------------------
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> on behalf of Pintu
Lohar <pintulohargcetts(a)gmail.com>
*Sent:* Tuesday, February 26, 2019 8:09 AM
*To:* sr-users(a)lists.kamailio.org
*Subject:* [SR-Users] Kamailio behind NAT or With Public IP - Which one
is highly recommended
Hi Everyone,
Which one among the below option is highly recommended for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for us(
a. Kamailio behind NAT with advertising in listen parameters b.Kamailio
setup with public IP). So wondering which one is best and highly
recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
1:36 p.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hello,
there were companies that pushed hundred thousands of active tls
connections to same kamailio and it went fine. You will have to do some
tuning to kamailio params as well as to the operating system limits, but
if you have powerful hardware, having such number of active tls
connections should be fine.
Cheers,
Daniel
On 27.02.19 11:30, Pintu Lohar wrote:
Hi Yasin,
Not yet tested, My bad - it's 0.1 million with TLS but yes we are yet
to test ), We need to distribute the users to different Kamailio
cluster through API server. However, Would like to try Option 2 as
well and test with it.
Regards
Pintu Lohar
On Wed, Feb 27, 2019 at 7:16 PM YASIN CANER <caner_yaso(a)hotmail.com
<mailto:caner_yaso@hotmail.com>> wrote:
Hello Pintu
1 million TLS user? Have u ever test with tester on Kamailio
?Because I remembered in sr-mails that an user tested on 1000
client on TLS transport , it consumes so much CPU etc . I guess 1
milliyonTLSUser make big impact your system for all registration/call.
I tested option-2 for relaying registers about 1-2 years ago for
proof of concept. It works fine.
you can replicate user location data by Dmq_usrloc module and can
use path header then build a triangle topology to bridge calls.
Or
You can build a Location Information service to find which
kamailio has UAC data .
Best Regards.
Yasin CANER
------------------------------------------------------------------------
*From:* Pintu Lohar <pintulohargcetts(a)gmail.com
<mailto:pintulohargcetts@gmail.com>>
*Sent:* Wednesday, February 27, 2019 12:27 PM
*To:* YASIN CANER
*Cc:* Kamailio (SER) - Users Mailing List
*Subject:* Re: [SR-Users] Kamailio behind NAT or With Public IP -
Which one is highly recommended
Hi Yasin,
Thanks indeed for your valuable input for the
active-active cluster(Option-1) & Option-2
We definitely would like to try setting up an
active-active cluster for the next phase if not in current phase.
But In order to use Kamailio in the active-active cluster, I
think we need to forward or replicate registration to both the
active-active server?
in order to proxy the invite packet through the server where the
UA is registered?
We use the following use cases :
1. We use FCM and APNS push to wake up the app.
2. Multi forking / Late forking cases are also involved.
3. Using Kamailio as a stateful proxy.
Thanks & Regards
Pintu
On Wed, Feb 27, 2019 at 3:10 PM YASIN CANER
<caner_yaso(a)hotmail.com <mailto:caner_yaso@hotmail.com>> wrote:
Hello,
My suggestion is that stay away from NAT if you dont have to.
various sip client/Firewalls make out troubles for
registration and invites, even if Kamailio can handle it. If
you have a high load TLS connection / subscriber , I think you
should use load balancer and NAT options.
For example;
1 - Load balancer like F5 that balancing your connection
active-active Kamailios
UAC ----> F5 ------> Kamailio -1 (advertises public IP)
|
-------> Kamailio -2 (advertises public IP)
2- Use kamailio as MultiHomed that convert transport layer to
tcp/udp
UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) ------->
Kamailio-1(TCP/UDP)
|
---------> Kamailio-2(TCP/UDP)
Good luck
Yasin CANER
------------------------------------------------------------------------
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org
<mailto:sr-users-bounces@lists.kamailio.org>> on behalf of
Pintu Lohar <pintulohargcetts(a)gmail.com
<mailto:pintulohargcetts@gmail.com>>
*Sent:* Tuesday, February 26, 2019 8:09 AM
*To:* sr-users(a)lists.kamailio.org
<mailto:sr-users@lists.kamailio.org>
*Subject:* [SR-Users] Kamailio behind NAT or With Public IP -
Which one is highly recommended
Hi Everyone,
Which one among the below option is highly recommended for
setting up Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT
and use advertise option in listen parameters?
We have tested both the options, and both the options work
great for us( a. Kamailio behind NAT with advertising in
listen parameters b.Kamailio setup with public IP). So
wondering which one is best and highly recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com
Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC,
USA -- www.asipto.com
1:53 p.m.
New subject: Kamailio behind NAT or With Public IP - Which one is highly recommended
Hi Daniel,
Thanks for you reply , Yes we indeed do use powerful hardware configuration
server ,and we would tune to (centos) OS limits. There are many good blogs
available on kamailio for high throughput and performance, we refer the
same . One of them is
https://github.com/kamailio/kamailio/blob/master/doc/tutorials/tcp_tunning.…
Thanks again.
Warm Regards
Pintu
On Wed, Feb 27, 2019, 7:36 PM Daniel-Constantin Mierla <miconda(a)gmail.com>
wrote:
Hello,
there were companies that pushed hundred thousands of active tls
connections to same kamailio and it went fine. You will have to do some
tuning to kamailio params as well as to the operating system limits, but if
you have powerful hardware, having such number of active tls connections
should be fine.
Cheers,
Daniel
On 27.02.19 11:30, Pintu Lohar wrote:
Hi Yasin,
Not yet tested, My bad - it's 0.1 million with TLS but yes we are yet to
test ), We need to distribute the users to different Kamailio cluster
through API server. However, Would like to try Option 2 as well and test
with it.
Regards
Pintu Lohar
On Wed, Feb 27, 2019 at 7:16 PM YASIN CANER <caner_yaso(a)hotmail.com>
wrote:
Hello Pintu
1 million TLS user? Have u ever test with tester on Kamailio ?Because I
remembered in sr-mails that an user tested on 1000 client on TLS transport
, it consumes so much CPU etc . I guess 1 milliyonTLSUser make big impact
your system for all registration/call.
I tested option-2 for relaying registers about 1-2 years ago for proof of
concept. It works fine.
you can replicate user location data by Dmq_usrloc module and can use
path header then build a triangle topology to bridge calls.
Or
You can build a Location Information service to find which kamailio has
UAC data .
Best Regards.
Yasin CANER
------------------------------
*From:* Pintu Lohar <pintulohargcetts(a)gmail.com>
*Sent:* Wednesday, February 27, 2019 12:27 PM
*To:* YASIN CANER
*Cc:* Kamailio (SER) - Users Mailing List
*Subject:* Re: [SR-Users] Kamailio behind NAT or With Public IP - Which
one is highly recommended
Hi Yasin,
Thanks indeed for your valuable input for the
active-active cluster(Option-1) & Option-2
We definitely would like to try setting up an active-active cluster for
the next phase if not in current phase.
But In order to use Kamailio in the active-active cluster, I think we
need to forward or replicate registration to both the active-active server?
in order to proxy the invite packet through the server where the UA is
registered?
We use the following use cases :
1. We use FCM and APNS push to wake up the app.
2. Multi forking / Late forking cases are also involved.
3. Using Kamailio as a stateful proxy.
Thanks & Regards
Pintu
On Wed, Feb 27, 2019 at 3:10 PM YASIN CANER <caner_yaso(a)hotmail.com>
wrote:
Hello,
My suggestion is that stay away from NAT if you dont have to. various
sip client/Firewalls make out troubles for registration and invites, even
if Kamailio can handle it. If you have a high load TLS connection /
subscriber , I think you should use load balancer and NAT options.
For example;
1 - Load balancer like F5 that balancing your connection active-active
Kamailios
UAC ----> F5 ------> Kamailio -1 (advertises public IP)
|
-------> Kamailio -2 (advertises public IP)
2- Use kamailio as MultiHomed that convert transport layer to tcp/udp
UAC ---------> Kamailio(TLS-PUBLIC IP-mhomed) ------->
Kamailio-1(TCP/UDP)
|
---------> Kamailio-2(TCP/UDP)
Good luck
Yasin CANER
------------------------------
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> on behalf of
Pintu Lohar <pintulohargcetts(a)gmail.com>
*Sent:* Tuesday, February 26, 2019 8:09 AM
*To:* sr-users(a)lists.kamailio.org
*Subject:* [SR-Users] Kamailio behind NAT or With Public IP - Which one
is highly recommended
Hi Everyone,
Which one among the below option is highly recommended for setting up
Kamailio (for production)
1. Kamailio behind NAT *or*
2. Setting up Kamailio using public IP?
are there any disadvantages if we setup Kamailio behind NAT and use
advertise option in listen parameters?
We have tested both the options, and both the options work great for us(
a. Kamailio behind NAT with advertising in listen parameters b.Kamailio
setup with public IP). So wondering which one is best and highly
recommended?
Some extra info :
1. We use TLS
2. Using coturn for media
Thanks
Pintu
_______________________________________________
Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com
Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC,
USA -- www.asipto.com
2098
days inactive
2100
days old
11 comments
7 participants
participants (7)
-
Alex Balashov -
Daniel-Constantin Mierla -
Henning Westerholt -
Joel Serrano -
PICCORO McKAY Lenz -
Pintu Lohar -
YASIN CANER