Hi all,
Please forgive the slightly long post, but if you have anything to contribute on this topic, please consider giving it a read as I could really use your input. :-)
As I'm sure many others of you running proxy-based service delivery platforms of some description also, I am faced with the problem of trying to account for calls with missing BYEs in a realistic way. There is no shortage of mailing list posts over the years on this topic. Inevitably, in a platform with sufficient call volume, with some NAT'd and/or endpoint diversity and other technical causes, there will be some calls that are never officially terminated from the point of view of a proxy.
The ability of the 'dialog' module to spoof bidirectional BYEs on timeout[1] goes a long way toward addressing this problem theoretically. However, there are practical obstacles to relying on it solely as a solution, mainly because there is not an acceptable timeout value to use as a trade-off. If the timeout period is set to a very low value, users will obviously complain, and in any case, depending on the destination, the worst-case scenario for maximum call billing may still be far too high. If the timeout period is set high--perhaps something like 5-8 hours--then all calls that fail to end in the normal way will be billed some excessively large amount that certainly will not sit well with users either.
If either the core delivery element of the platform or the user agent is tightly controlled by the operator of the proxy from an administrative point of view, it is indeed probably possible to rely on RTP timeouts or SIP Session Timers (SSTs) on one of the endpoints.
That doesn't create a satisfying resolution for those of us dealing with indeterminate call completion scenarios with a great deal of user and vendor diversity, though. For instance, I route to about 15 ITSPs and carriers; I think maybe one of them does 15-minute SSTs, and the rest are certainly not going to turn them on just for me, even if their SBCs/switches/things have the capability. The user endpoints are mostly Asterisk and do RTP timeout, of course, and in most cases I do get the resulting BYE. However, this discussion is about the minute but nontrivial percentage of cases in which I do not get the BYE, whether because of NAT statekeeping problems or network reachability or whatever underlying causes--in truth, I cannot accurately characterise these.
So, it seems to me that from a theoretical point of view, there are basically two directions someone in this position can go from here:
1) Inline B2BUA in the signaling path of all calls;
1a) Make it do SSTs; or 1b) Make it relay media, too, and hang up the call (bidirectional BYE) on RTP receive timeout;
2) Couple the proxy to an RTP relay and provide some mechanism by which the proxy can be made aware, in an asynchronous fashion, that an RTP timeout was detected by the relay.
It seems to me from a brief and informal survey of prior mailing list literature that #1 is the usually recommended option here.
If #1 is pursued, what is the best tool to use in the Kamailio/SIP-Router-oriented ecosystem? My default instinct would say SEMS; I really like SEMS, and use it a lot for various related chores.
The problem is that the pre-built modules and examples for SEMS mostly center on application-level functionality, while low-level documentation of its powerful C++ API is a bit impoverished, so this would take a lot of work.
Needless to say, I am interested in the option that requires the least work but still solves the problem in an elegant way from a technical and--dare I say--aesthetic perspective.
For instance, it seems clear from looking at the SEMS-1.1.1 sources that SSTs are supported in principle in core/plug-in/session_timer. But unless I am missing something, I cannot find anywhere in the sources or examples where it is actually used.
So, I suppose one option is to figure out how to make this stuff work in SEMS, and make it work. But for some reason who is not attune to the universe of its C++ API, it is a rather formidable chore. I think the same would hold true of making it observe bidirectional RTP timeout.
Turning attention to option #2, I have looked at rtpproxy (my preferred default), iptrtpproxy, and mediaproxy modules but have not found any evidence that the control protocols Kamailio/SR uses to engage them support any notion of backward asynchronous feedback in case of RTP timeout.
It would be really nice if one of these stream control protocols was augmented to kick back a packet to Kamailio that can be caught in a special event_route, like event_route[nathelper:rtp-stream-timeout], but that is clearly not the case today.
To be honest, I would not use MediaProxy even if it had this feature, because, well, let's be bluntly honest and acknowledge what the more politically aware presumably already conjecture: in light of AG Projects' zealous OpenSIPS partnership, it's difficult to muster confidence in future compatibility of MediaProxy with Kamailio. The module is there, it works, and I'm sure its maintainers are dedicated to doing whatever it takes to reverse engineer and keep it working, lift patches from OpenSIPS as necessary, etc., but who wants to be on the wrong side of the project ecosystem fence? Not I.
That leaves iptrtpproxy, whose 'switchboard' concept I do not fully comprehend due to lack of experience with it, but which holds a potentially viable, if slightly kludgy/Rube Goldbergian answer. Of the three RTP proxies, it is the only one that provides a ready means of exporting a list of media streams it is currently tracking, together with statistics on how many packets have been received, etc. It is not inconceivable to cook up an external process that will frequently check this 'switchboard', as it were, and incite Kamailio/SR to do dlg_bye() via MI if it appears that the media stream has disappeared from either side; the dialog module helpfully exports the MI command dlg_end_dlg.
Still, this does not seem nearly as parsimonious and reliable a solution as simply building some kind of RTP stream leg timeout notification into the control socket. After all, the control socket is open persistently, right, not on-demand? The various RTP proxies all seem to have some kind of dead peer detection internally in order to have some means of gracefully expiring resources allocated to media streams that have gone away, so it would just be a matter of passing a control frame up the socket to Kamailio/SR and wiring that to a custom event_route or a more static callback in the code.
By the way, I should mention that I am aware of and historically very sympathetic to the perspective that this kind of call control is alien to the nature of a proxy, and an appropriate job for UAs and not proxies at all. However, we all have to make pragmatic concessions to the realities of real-world operation, which I assume is the motivation for dialog timeouts, dlg_bye(), and other perversions from the point of view of a purist. :-)
I welcome your thoughts and suggestions about the easiest and most technically meritorious approach.
Thanks,
-- Alex
[1] Enabled via $dlg_ctx(timeout_bye) = 1
Alex Balashov writes:
alex,
i would prefer a solution that does not involve sip-router dialog module at all. that module tries to accomplish something that is alien to the definition of a sip proxy.
just route your calls via sems as a b2bua and make it send the byes, if media stops flowing. if something is missing in order to allow that to be easily implemented by dsm or ivr plugins, i'm sure stephan and raphael will take care of it.
-- juha
On 04/21/2010 05:43 AM, Juha Heinanen wrote:
In principle, I would prefer such a solution too; however, my argument was that as far as I can tell (and that may not be very far), all presented avenues of solution are equidistantly complex and presently nonexistent.
Alex, Juha-
We're intensely interested in the general case for this problem. For example in our Kamailio + rtpproxy applications, both software only and when we use DSP-based accelerator cards, we have several cases where rttproxy has to asynchronously signal Kamailio (notify in some way). Examples for us include encryption key update requests (e.g. SRTP), detection of non-standard tones, some possible speech recognition situations.
So far there is not a standard mechanism that we've found, so anything you guys decide to do in this area is of interest to us.
-Jeff
On 04/21/2010 05:43 AM, Juha Heinanen wrote:
The other thing to point out here, though, is that while SEMS is undeniably awesome, SEMS is a userspace process. Simply running all media through it does have some scalability implications, and in some cases, network path optimisation consequences as well. If I were to take a SEMS-based approach, I think my favoured technique would be a signaling-only mechanism like SSTs.
Alex Balashov wrote:
or you can also combine SEMS b2bua with libiptrtpproxy to have in-kernel forwarding.
Stefan
On 04/21/2010 06:03 AM, Stefan Sayer wrote:
or you can also combine SEMS b2bua with libiptrtpproxy to have in-kernel forwarding.
I would be curious for your account of what such an approach would look like, from an implementational mechanics perspective.
Alex Balashov wrote:
implementational mechanics?
from the libipt_RTPPROXY.c source it looks to me as if one could query the current switchboard contents from the kernel ipt module, which includes the timeout for the session. seems like, to get timeout the sems b2bua would have to poll that table. then, if the session has timed out or is about to time out, one can terminate the b2bua call (both sides) and thus get the BYE in signaling, and if accounting is done in signaling also get proper accounting.
Was that the question?
Stefan
it may be very tricky to make the b2bua media relay to work reliably. if relaying part crashes, then the byes need to get send and if signaling part crashes, then ...???
-- juha
Juha Heinanen wrote:
...then call processing continues right from the backup server where the state from the dialog is replicated to. we are not completely there yet, but I think b2bua/sst app may be of the simpler ones to implement replication for.
Stefan
I'm definitely favouring the B2BUA+SST approach here.
I really, really don't want to proxy media unless I have to; it makes the bandwidth bill much higher, it lengthens many users' network path to reach the carriers, and for no benefit whatsoever except in the case of far-end NAT traversal, which applies to a minority of users. If anything, the aggregate effect on QoS in my case is probably worse if I relay RTP than if I don't.
The B2BUA+SST approach seems clean, efficient, and at least from a theoretical point of view, rather reliable.
Alex Balashov wrote:
The B2BUA+SST approach seems clean, efficient, and at least from a theoretical point of view, rather reliable.
clean? I am not so sure any more, trying to hack something together to see where this gets. Is there a clean and simple method to do re-invite from the b2bua, which catches all the possibilities (changed session etc)?
e.g., one possibility, reinvite with last SDP from the other side
A b2b B |---INVITE / SDPa-->| | | |---INVITE / SDPa-->| | | | | |<-- OK/SDPb--------| | |--- ACK ---------->| |<-- OK/SDPb--------| | |--- ACK ---------->| | | | | ... sst timer expires ... | | | |<--INVITE / SDPb---| | | | | |--- OK/SDPc------->| | now what? ignore that, or do
| |---INVITE / SDPc-->| | |<-- OK/SDPd--------| one more round of ping-pong?
| | |
or, other possibility, empty reinvite: A b2b B |---INVITE / SDPa-->| | | |---INVITE / SDPa-->| | | | | |<-- OK/SDPb--------| | |--- ACK ---------->| |<-- OK/SDPb--------| | |--- ACK ---------->| | | | | ... sst timer expires ... | | | |<--INVITE | | | | | |--- OK/SDPc------->| | now what? ignore that, or do
| |---INVITE / SDPc-->| | |<-- OK/SDPd--------| one more ping-pong?
| | |
Maybe I just got confused and there is a simple solution?
Stefan
Yes, it is complex if the B2BUA does not have a media relay ( in which case providing the SDP (at least the port information) itself).
Am 22.04.2010 16:01, schrieb Stefan Sayer:
This is the proper approach.
one more ping-pong?
No.
|<----ACK/SDPd------|----ACK----------->|
No more ping-pongs needed.
regards klaus
Hi,
in r1821 you can find my first shot at this scenario, a b2bua which enables SST on both sides, and does the SDP ping pong as below.
I am sure that there are many cases which are not handled properly, for example, if we have started one INVITE ping-pong from the B2B, then we should not accept re-INVITE from the ends, but refuse them with 491; atm I think the re-INVITE would just get relayed and two INVITE transactions would be running simultaneously.
Another issue is what to do when re-INVITE fails, I think that this is not handled properly at the moment (it is just ignored, but should probably tear down both calls - that's the thing for, I guess).
A third todo is to pass the headers through. Possibly, this should be implemented with a header filter or the like.
Regards Stefan
Klaus Darilion wrote:
On 04/22/2010 10:01 AM, Stefan Sayer wrote: ]
From my understanding of SSTs, this is the correct approach (last known SDP). This has the advantage of not breaking the changes of real re-INVITEs that actually happened.
On 23.04.10 09:51, Alex Balashov wrote:
Sending an empty INVITE has the appeal of working with either side (no matter with which you begin). With the other, you might have to remember which side initiated the last INVITE or UPDATE transaction, and send the last positive SDP answer to this side as a re-INVITE. Or am I missing something?
However, it might happen that the one of the ends does not support receiving empty INVITEs... (less probable today).
Cheers Raphael.
On 04/23/2010 05:18 AM, Raphael Coeffic wrote:
I thought about empty INVITEs first, but my--admittedly naive--reading of the specs suggests that many endpoints would take the absence of an SDP offer/answer in a sequential request or reply within the same session to mean that the media elements of the session have been rescinded.
If I'm wrong, that would certainly make all this a lot easier.
On 23.04.10 11:58, Alex Balashov wrote:
RFC 3261 says on the topic (section 14.1): "Of course, a UAC MAY send a re-INVITE with no session description, in which case the first reliable non-failure response to the re-INVITE will contain the offer (in this specification, that is a 2xx response)."
If I'm wrong, that would certainly make all this a lot easier.
So I guess you MAY be wrong ;-)
Another question is: what would be the expire value you would like to use for SST? This could dramatically change the requirements in terms of load. Where you thinking about 15 minutes? (sending a re-INVITE approx. every 7 minutes?) Or do you need a precise billing (maybe minute based?) ?
Cheers, Raphael.
On 04/23/2010 06:14 AM, Raphael Coeffic wrote:
I would like it to be configurable, personally. My own intent was to use it every 1-5 minutes, but even 15 minutes would be sufficient from a practical perspective.
Right now I have calls that are getting billed for 8 hours but were in reality 5 minutes and timed out a long time ago.
On 23.04.10 12:50, Alex Balashov wrote:
The session timer is already fully configurable. It was just about planning the proper hardware ;-)
Right now I have calls that are getting billed for 8 hours but were in reality 5 minutes and timed out a long time ago.
Ok, so even the standard 60 minutes "expire" would be an improvement ;-)
-Raphael.
On 04/23/2010 07:42 AM, Raphael Coeffic wrote:
Ok, so even the standard 60 minutes "expire" would be an improvement ;-)
Oh yes.
Alex-
I apologize in advance for getting in the middle of this and possibly suggesting something simplistic that either won't work or isn't what you guys need.
But... is it being considered to add functionality to rtpproxy so it can send something asynchronously to Kamailio which either sends BYEs or does something to cause the endpoints to do so? Currently, as far as I know, rtpproxy only responds to commands from nathelper; i.e. every command is initiated by nathelper who expects a response.
I ask for two reasons:
-rtpproxy is the natural place to detect RTP time-outs
-rtpproxy eventually has to support other async notifications (such as SRTP key requests, see my previous e-mail)
-Jeff
On 04/23/2010 08:10 AM, Jeff Brower wrote:
I agree that this would be a technically viable solution.
For my particular scenario, it is economically and practically undesirable due to the strong disincentives to proxy media.
Hi,
Alex Balashov wrote:
[...]
you are right; with SEMS this needs some work. I wouldn't say it is a lot, as you have all the basic functionality already there, at least for 1.a.
have a look at core/plug-in/echo.
Session timer is implemented as SessionEventHandler (hooks that get called for every request received/sent), which you need to add to the session e.g. when you create it. In your case you would need to add it to both legs of the B2BUA call; e.g. if you start from auth_b2b you'd have to add it in both AuthB2BFactory::onInvite and AuthB2BDialog::createCalleeSession.
What I'm not sure is whether the configuration of session timer values works the way it should (configureModule), possibly you'd need to hack this a little.
As for 1.b, SEMS does not yet have an RTP relay mode (only transcode). If you are really interested in it, I think we can work on that; again, the basic components are there, it needs just adding some things here and there.
Regards Stefan
Stefan Sayer writes:
i'm currently using mediaproxy and there the relay component that relays the media is separate from the dispatcher component that talks with sip router mediaproxy module and the relays.
perhaps it would be possible in the same way detach rtp component from sems b2bua signaling component. perhaps it even would be possible to take the relay component as is from mediaproxy rather than invent the wheel.
-- juha
Juha Heinanen wrote:
perhaps it would be possible in the same way detach rtp component from sems b2bua signaling component. perhaps it even would be possible to
but, is that desirable? isn't it better if one has only one process to start/configure/watch?
also, I think that implementing the mediaproxy relay part control in SEMS is more work than impelementing RTP packet forward (actually, in RTP receiver, it only needs to check whether relay is turned on for that session, construct an RTP packet from the buffer, and send the packet there).
Stefan
Stefan Sayer writes:
may it does not matter how load balancing/resilience is achieved, i.e., by sip router selecting a combined b2bua+relay or a b2bua selecting a relay.
fine with me as long as relaying is done in kernel space (libnetfilter-conntrack) close to wire speed.
-- juha
Stefan Sayer writes:
stefan,
there are the commands that media relay supports:
{'update': set(['call_id', 'from_tag', 'from_uri', 'to_uri', 'cseq', 'user_agent', 'type']), 'remove': set(['call_id', 'from_tag']), 'summary': set(), 'sessions': set()}
which does not look very complicated. update returns media relay address/port info for this session.
-- juha
-
Alex Balashov -
Jeff Brower -
jh@tutpro.com -
Klaus Darilion -
Raphael Coeffic -
Stefan Sayer