[OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface

mayamatakeshi mayamatakeshi at gmail.com
Wed Aug 7 02:54:22 CEST 2013


Hello Vlad,
I tested and confirmed it is OK now.
Thanks.

Regards,
Takeshi


On Wed, Aug 7, 2013 at 4:52 AM, Vlad Paiu <vladpaiu at opensips.org> wrote:

> Hello,
>
> What are you thinking about more exactly here in terms of security ?
>
> The OpenSIPS worker processes that listen for BIN replicated packages do
> not perform any IP authentication by themselves, so if you leave those UDP
> ports open from the outside, you are leaving yourself exposed to outside
> attackers coming in and either deleting some of the existing dialogs ( by
> sending you some binary packages that destroy an ongoing dialog ) or
> filling up your shared memory ( by sending you 'new dialog' binary packages
> ).
>
> Currently, it's left to the OpenSIPS administrator to properly configure
> the firewall so that the binary interface listeners ( the ones specified by
> bin_listen=127.0.0.1:9999 ) are only open for the other OpenSIPS instance
> IPs.
>
> Best Regards,
>
> Vlad Paiu
> OpenSIPS Developer
> http://www.opensips-solutions.**com <http://www.opensips-solutions.com>
>
>
> On 08/01/2013 07:58 PM, Nick Khamis wrote:
>
>> What needs to be considered in terms of security?
>>
>> Nick.
>>
>> On 7/31/13, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
>>
>>> Hi Ryan,
>>>
>>> This has nothing to do with dialog pining or accounting - the new
>>> interface allows OpenSIPS to replicate the dialog state to another
>>> OpenSIPS instance. If I misunderstood you, please rephrase :)
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.**com <http://www.opensips-solutions.com>
>>>
>>>
>>> On 07/29/2013 08:20 PM, Ryan Bullock wrote:
>>>
>>>> This is pretty exciting!
>>>>
>>>> What are the plans for how this will work with features such as dialog
>>>> pinging and accounting?
>>>>
>>>> Regards,
>>>>
>>>> Ryan
>>>>
>>>>
>>>> On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu
>>>> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>>>
>>>>      In long term we plan to use the BIN interface to replicate even
>>>>      more internal data between multiple OpenSIPS instances, like doing
>>>>      registration replication (instead of doing it from script via
>>>>      SIP). Theoretically it may be used for replicating even
>>>>      transaction state between 2 OpenSIPS instances - imagine having a
>>>>      call ringing on instance A and being accepted on instance B (after
>>>>      a failover) - 0% losses !
>>>>
>>>>      Aside realtime data replication, the BIN interface is to be used
>>>>      also for exchanging any other type of information between OpenSIPS
>>>>      instances, like federating multiple instances.
>>>>
>>>>      The main advantages of the BIN interface over the MI interface :
>>>>          - BIN is binary encoded so much faster (as performance)
>>>>          - BIN interface has both sender and receiver in OpenSIPS (MI
>>>>      has only the receiver)
>>>>          - MI is for external usage, while BIN is internal
>>>>      (opensips2opensips)
>>>>
>>>>      Regards,
>>>>
>>>>      Bogdan-Andrei Iancu
>>>>      OpenSIPS Founder and Developer
>>>>      http://www.opensips-solutions.**com<http://www.opensips-solutions.com>
>>>>
>>>>
>>>>      On 07/29/2013 06:22 PM, Liviu Chircu wrote:
>>>>
>>>>>      Hello all,
>>>>>
>>>>>      OpenSIPS just got better with a /new core interface/ and a /new
>>>>>      failover mechanism/!
>>>>>
>>>>>      The purpose of the new *Binary Internal Interface *is to offer a
>>>>>      fast and efficient communication channel between OpenSIPS
>>>>>      instances. OpenSIPS modules can now use this core interface to
>>>>>      send/receive packets with specific information. A common usage
>>>>>      case for this feature would be data replication between a primary
>>>>>      instance and a backup one.
>>>>>
>>>>>      This is especially useful in scenarios with OpenSIPS instances
>>>>>      which handle large amounts of concurrent calls, so that failover
>>>>>      through a database backend is not feasible anymore due to the
>>>>>      significant time required in order to load the needed tables.
>>>>>
>>>>>      As an example of using the interface, the dialog module now
>>>>>      offers the possibility of *replicating dialogs* to another
>>>>>      instance. The script writer may now configure a set of proxies
>>>>>      which will receive dialog-related events: /creation/,
>>>>>      /confirmation/ and /deletion/, all in /realtime/. These messages
>>>>>      are compact and they are sent over UDP. The dialog module now
>>>>>      also exports several new statistics which show the total
>>>>>      sent/received replication packets.
>>>>>
>>>>>      Configuring UDP listeners for the new interface is trivial and
>>>>>      explained in the OpenSIPS manuals [1].
>>>>>
>>>>>      [1]: http://www.opensips.org/**Documentation/Interface-Binary<http://www.opensips.org/Documentation/Interface-Binary>
>>>>>
>>>>>      Best regards,
>>>>>      --
>>>>>      Liviu Chircu
>>>>>      OpenSIPS Developer
>>>>>      http://www.opensips-solutions.**com<http://www.opensips-solutions.com>
>>>>>
>>>>>
>>>>>
>>>>>      ______________________________**_________________
>>>>>      Users mailing list
>>>>>      Users at lists.opensips.org <mailto:Users at lists.opensips.**org<Users at lists.opensips.org>
>>>>> >
>>>>>      http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>>>>>
>>>>      ______________________________**_________________
>>>>      Devel mailing list
>>>>      Devel at lists.opensips.org <mailto:Devel at lists.opensips.**org<Devel at lists.opensips.org>
>>>> >
>>>>      http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel>
>>>>
>>>>
>>>>
>>>> ______________________________**_________________
>>>> Devel mailing list
>>>> Devel at lists.opensips.org
>>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel>
>>>>
>>> ______________________________**_________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>>
>
>
> ______________________________**_________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130807/c6ba40f7/attachment.htm>


More information about the Users mailing list