[OpenSIPS-Users] Dispatcher Module Question
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Sep 12 12:07:25 CEST 2008
Hello Helmut,
Please see the inline comments.
Regards,
Bogdan
Helmut Kuper wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
>
> I'm loocking for a HA solution for 2 node opensips proxy setup. I found
> opensips' dispatcher module, but I'm not sure if it is able to handle
> serverral pairs of SIP-proxies e.g. 1 Dispatcher pair in front of n
> sip-proxy pairs (where n > 1).
>
> I think it can, but I would like to get an ok from you :)
>
[bogdan]
yes, you can, but as you already figured out, you have to pay a lot of
attention to NATed clients - when dealing with a NATed client, you have
to communicate with it all the time from the same IP and port (to be
sure that the traffic goes through the NAT). So, in your case, all the
traffic will have to go via the dispatched machine.
>
> Further, if it can do the job, I expect a problem with firwall in front
> of the Dispatcher Pair in case of no recordroute in the Dispatcher as
> follows
>
[bogdan]
based on the above conclusion (that SIP traffic must go via
dispatcher), you need to implement a mechanism to ensure this. The
simplest is RR (but you have the extra hdr); also you can try to
implement a static routing logic between proxy and dispatcher (D sends
all traffic received from outside to P; P sends all outgoing traffic to D).
> A SIP-Request comes in through FW to Dispatcher (Dispatcher is the
> SIP-Proxy from UserAgent's point of view). Dispatcher routes it to
> SIP-Proxy-Node0. SIP-Proxy-Node0 sends replies back to UserAgent passes
> by the Dispatcher (because of no recordroute).
>
[bogdan]
This is not correct - the replies are routed back exactly on the same
path as the request - this is SIP :). So, you do not have to worry about
the replies.
But what you are saying is true when comes to sequential requests - like
BYE - BYE must follow the same path (based on RR) as INVITE in order to
go through FW/NAT.
> So from FW's point of view an IP-packet was sent to destination address
> A (here Dispatcher), but IP-Address B (here SIP-Proxy-Node0) sends an
> answere.
>
> Do I understand the dispatcher functionality right? Has anyone a similar
> setup and some experiences with it in terms of whether it is knocking
> out firewalls or not? Or do I have to enable recordroute in Dispatcher?
>
[bogdan]
For the beginning I strongly suggest using RR on dispatcher machine -
later, when you understand the routing logic better, you can use a
static logic to route through the dispatcher (it is a bit more difficult
to integrate, but it is more efficient).
> For UserAgents view I think they prefer to communicate with only one
> IP-Address (due to security reasons) instead of communicating with a
> growing number of different SIP-Proxy-Nodes resp. IP-Networks.
>
[bogdan]
That is true.
> regards
> Helmut
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkjFNroACgkQ4tZeNddg3dyrggCePdrwqNK5yMjgsrVFX7+9RgWm
> ib0An0WHYX/RsXyWaq3xSxLG3UAaF64F
> =Wvxh
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
More information about the Users
mailing list