[OpenSIPS-Users] Load balancer behind NAT

Muhammad Shahzad Shafi shahzad at voip-demos.com
Thu Aug 1 08:18:19 CEST 2013 

OK, if you can predetermine the external IP addresses of FS box then 
you can try this trick,

1. load and configure permissions module.
2. add each FS local IP in address table, with external IP in 
context_info column. Set all such record to have same group 
(address.grp).
3. Then in opensips.cfg, call check_address method, make sure you input 
context_info avp in parameter list, e.g.

if (check_address("1","$si","0","$proto","$avp(context_info)", "")) {
         set_nated_sdp("1", "$avp(context_info)");
         ....
}

See more info on this at,

http://www.opensips.org/html/docs/modules/1.9.x/permissions.html#id293680


With a little trick you can even use this code if FS box external IP is 
dynamic.

Thank you.


On 2013-08-01 07:52, Jose Suero wrote:
> First of all thanks a lot for your reply, both servers have only one
> interface, they're getting internet thru a NAT, each is assign an
> external IP on the NAT.
>
> ext-rtp-ip is set on the profile, in fact if I connect to freeswitch
> directly it works fine, but not from opensips.
>
> I'm trying not to use RTP Proxy because I don't want all the calls to
> have to go thru the opensips server.
>
> I'm using Debian 7 on both servers, NAT is provided by EC2 so I have
> no control over it.
>
> I tried the fix_nated_sdp method on opensips and it works, the only
> problem is that I have to specify the external IP address of the FS
> server like fix_nated_sdp("1","123.123.123.123"), if I don't I get:
>
> ERROR:nathelper:fix_nated_sdp_f: Unable to get bodies from message
>
> This is a problem if I have 2 (or more) FS servers since I don't know
> which address I need to rewrite it to.
>
> any ideas??
>
> thanks again for your help
>
> On 2013-08-01 00:57, Muhammad Shahzad Shafi wrote:
>> I think your opensips would have two interfaces, one for public ip,
>> from where the client request comes in and one on private ip to send
>> call to FS.
>>
>> Now, since call is come to FS from local LAN (private ip of
>> opensips), therefore, it will most likely won't any NAT adjustments
>> for it, resulting in media flow failure. So,
>>
>> 1. Is this assumption correct or your architecture is more complex 
>> then this?
>> 2. How does FS connects to internet, does you have different gateway
>> to internet for FS compare to opensips?
>>
>>
>> If any or both question is yes, then you can either,
>>
>> 1. Try using ext-rtp-ip parameter in sofia profile,
>>
>> http://wiki.freeswitch.org/wiki/Sofia.conf.xml#ext-rtp-ip
>>
>> 2. You can also change rtp ip in sdp on opensips using fix_nated_sdp 
>> method.
>>
>> 3. If your internet gateway is running fairly recent version of 
>> linux
>> kernel >= 3.x then loading sip nat kernel module will also do the
>> trick, (but its not guaranteed to work in all distros, i can only
>> confirm it in ubuntu 12.x+ and debian 7.x+).
>>
>> modprobe -r ip_nat_sip
>> modprobe -r ip_conntrack_sip
>>
>> 4. Install rtpproxy and enable it in opensips in bridged mode.
>>
>>
>> For solution 1 - 3, port forwarding must be enabled on your FS's
>> internet gateway.
>>
>> Thank you.
>>
>>
>> On 2013-08-01 03:49, Jose Suero wrote:
>>> Some aditional info,
>>>
>>> I'm trying not to use RTPProxy for this, so I can have the load on
>>> freeswitch servers as opposed to have all calls (RTP) on the 
>>> opensips
>>> server.
>>>
>>> Any help would really be appreciated, i've searched all day with no 
>>> luck
>>>
>>> thanks in advance
>>>
>>> On 2013-07-31 13:52, Jose Suero wrote:
>>>> Hello all
>>>>
>>>> I'm trying to setup opensips as proxy/loadbalancer for freeswitch,
>>>> following
>>>> http://wiki.freeswitch.org/wiki/Enterprise_deployment_OpenSIPS
>>>>
>>>> right now I'm able to register to opensips which sends the
>>>> registration to freeswitch, and when I dial a number it goes to
>>>> freeswitch and gets dialed, the problem is that the phone tries to
>>>> connect to freeswitch server's internal IP.
>>>>
>>>> If I connect to freeswitch directly everything works fine, 
>>>> freeswitch
>>>> advertises correct NAT address, but not thru opensips
>>>>
>>>> I'm using dispatcher for registration and LoadBalancer with this 
>>>> script
>>>>
>>>>        if (is_method("INVITE")) {
>>>>                 if (!load_balance("1","pstn","1")) {
>>>>                         send_reply("503","Service Unavailable");
>>>>                         exit;
>>>>                 }
>>>>         }
>>>>         else if (is_method("REGISTER")) {
>>>>                 if (!ds_select_dst("1", "0")) {
>>>>                         send_reply("503","Service Unavailable");
>>>>                         exit;
>>>>                 }
>>>>         }
>>>>
>>>>
>>>>
>>>> thanks in advance
>>>>
>>>> Jose Suero
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-- 
Mit freundlichen Grüßen
Muhammad Shahzad
-----------------------------------
CISCO Rich Media Communication Specialist (CRMCS)
CISCO Certified Network Associate (CCNA)
Cell: +49 176 99 83 10 85
MSN: shari_786pk at hotmail.com
Email: shaheryarkh at googlemail.com

More information about the Users mailing list