8 Dec
2003
8 Dec
'03
1:21 p.m.
Hi Jiri,
Yes one RTP-Proxy should be good enough.
However I am trying to do a hop-by-hop IPSec (without IKE) thing. In a small setup, I can
ofcourse do an IPSec between RTP-Proxy 1 and UA2 (that is implementing what you suggested
- just one RTP Proxy on the path). However, in a real world this will not be possible -
since dynamically setting up this IPSec session will be virtually impossible (UA2 does not
know who SER/RTP Proxy 1 is). It is however possible to set up an IPSec (no IKE, symmetric
keys) session between UA2 and SER/RTP Proxy 2 (since that's his service provider).
Also, there can be an agreement between service providers on how to set up IPSec between
them (SER1 and SER2). So what I am trying to do is something like -
[UA1]<----IPSec---->[SER/RTP proxy1]<----IPSec--->[SER/RTY Proxy
2]<---IPSec---->[UA2]
Its very difficult to explain why I am trying to do something like this (maybe someone
having a good knowledge of 3GPP will understand me better) - but please excuse me for the
moment, I need to do this :)
Dhiraj
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org]On
Behalf Of Jiri Kuthan
Sent: 08 December 2003 10:56
To: Bhuyan,D,Dhiraj,XVR3 R; serusers(a)lists.iptel.org
Subject: Re: [Serusers] Two RTP Proxies | Traffic not forwarded
The easiest way you can do is label INVITEs which are rtp-proxied with a special header
(append_hf('P-Nat-foo: bar\r\n')) and don't rtp-proxy an INVITE if such a
header is
already present (is_present_hf("P-Nat-foo")). The rationale is one RTP proxy in
the
path is good enough.
There is lot of other heuristics you could do, but that would be no longer a short
email.
-jiri
At 11:43 AM 12/8/2003, dhiraj.2.bhuyan(a)bt.com wrote:
Hello List,
I have the following settings -
[ UA1 ] <-------> [ SER/RTP Proxy 1] <--------> [ SER/RTP Proxy 2]
<-------> [ UA2 ]
Both SERs are configured to force RTP Proxy whether or not the UA is behind NAT (I know
this is not required, but is necessary for what I am trying to do - basically some IPSec
and 3GPP things). UA1 is registered to SER1 and UA2 is registered to SER2. I tried setting
up a call between UA1 and UA2 - but could not hear anything on either ends. I monitored
the network traffic (SIP and SDP messages appear to be fine - ethereal dump attached) and
found that the RTP Proxy 1 does not forward the traffic to RTP Proxy 2 and vice versa. RTP
traffic from UA1 goes to RTP Proxy 1 and does not go any further. Similary, RTP traffic
from UA2 just hangs at RTP Proxy 2. I am aware of the fact that the RTP proxy waits for
one UDP packet from both UAs before forwarding the RTP traffic only if both the UAs have
SIP URI that belong to the same domain - otherwise they should forward the traffic
immediately. In my test case, the RTP proxies should have forwarded the RTP traffic
without waiting (since UA1 and UA2 belong to two different domain) - and this appears to
be failing. Can anyone throw some light on this? I am attaching my SER config file (both
SERs have exactly the same config file - other than the alias domain part). I am using SER
from the CVS (1st December).
I am attaching the ethereal dump of the SIP messaging (just to confirm that SIP/SDP
exchanges went fine). Note that -
UA1 - 132.146.196.18
UA2 - 132.146.196.49
SER1 - 132.146.196.75 (bump1.alien.bt.co.uk)
SER2 - 132.146.196.49 (eniac.alien.bt.co.uk)
Thanks,
Dhiraj Bhuyan
Network Security Specialist,
BT Exact Business Assurance Solutions
Tel: +44 1473 643932
Mob: +44 7962 012145
Email: dhiraj.2.bhuyan(a)bt.com
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7655
days inactive
7655
days old
0 comments
1 participants
participants (1)
-
dhiraj.2.bhuyan@bt.com