Hi Jiri, Yes one RTP-Proxy should be good enough. However I am trying to do a hop-by-hop IPSec (without IKE) thing. In a small setup, I can ofcourse do an IPSec between RTP-Proxy 1 and UA2 (that is implementing what you suggested - just one RTP Proxy on the path). However, in a real world this will not be possible - since dynamically setting up this IPSec session will be virtually impossible (UA2 does not know who SER/RTP Proxy 1 is). It is however possible to set up an IPSec (no IKE, symmetric keys) session between UA2 and SER/RTP Proxy 2 (since that's his service provider). Also, there can be an agreement between service providers on how to set up IPSec between them (SER1 and SER2). So what I am trying to do is something like -
[UA1]<----IPSec---->[SER/RTP proxy1]<----IPSec--->[SER/RTY Proxy 2]<---IPSec---->[UA2]
Its very difficult to explain why I am trying to do something like this (maybe someone having a good knowledge of 3GPP will understand me better) - but please excuse me for the moment, I need to do this :)
Dhiraj
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org]On Behalf Of Jiri Kuthan Sent: 08 December 2003 10:56 To: Bhuyan,D,Dhiraj,XVR3 R; serusers@lists.iptel.org Subject: Re: [Serusers] Two RTP Proxies | Traffic not forwarded
The easiest way you can do is label INVITEs which are rtp-proxied with a special header (append_hf('P-Nat-foo: bar\r\n')) and don't rtp-proxy an INVITE if such a header is already present (is_present_hf("P-Nat-foo")). The rationale is one RTP proxy in the path is good enough.
There is lot of other heuristics you could do, but that would be no longer a short email.
-jiri
At 11:43 AM 12/8/2003, dhiraj.2.bhuyan@bt.com wrote:
Hello List,
I have the following settings -
[ UA1 ] <-------> [ SER/RTP Proxy 1] <--------> [ SER/RTP Proxy 2] <-------> [ UA2 ]
Both SERs are configured to force RTP Proxy whether or not the UA is behind NAT (I know this is not required, but is necessary for what I am trying to do - basically some IPSec and 3GPP things). UA1 is registered to SER1 and UA2 is registered to SER2. I tried setting up a call between UA1 and UA2 - but could not hear anything on either ends. I monitored the network traffic (SIP and SDP messages appear to be fine - ethereal dump attached) and found that the RTP Proxy 1 does not forward the traffic to RTP Proxy 2 and vice versa. RTP traffic from UA1 goes to RTP Proxy 1 and does not go any further. Similary, RTP traffic from UA2 just hangs at RTP Proxy 2. I am aware of the fact that the RTP proxy waits for one UDP packet from both UAs before forwarding the RTP traffic only if both the UAs have SIP URI that belong to the same domain - otherwise they should forward the traffic immediately. In my test case, the RTP proxies should have forwarded the RTP traffic without waiting (since UA1 and UA2 belong to two different domain) - and this appears to be failing. Can anyone throw some light on this? I am attaching my SER config file (both SERs have exactly the same config file - other than the alias domain part). I am using SER from the CVS (1st December).
I am attaching the ethereal dump of the SIP messaging (just to confirm that SIP/SDP exchanges went fine). Note that - UA1 - 132.146.196.18 UA2 - 132.146.196.49 SER1 - 132.146.196.75 (bump1.alien.bt.co.uk) SER2 - 132.146.196.49 (eniac.alien.bt.co.uk)
Thanks,
Dhiraj Bhuyan Network Security Specialist, BT Exact Business Assurance Solutions
Tel: +44 1473 643932 Mob: +44 7962 012145 Email: dhiraj.2.bhuyan@bt.com
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
dhiraj.2.bhuyan@bt.com