[OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface

mayamatakeshi mayamatakeshi at gmail.com
Wed Aug 7 08:30:30 CEST 2013


Sorry, please ignore. Replied to the wrong post.


On Wed, Aug 7, 2013 at 9:54 AM, mayamatakeshi <mayamatakeshi at gmail.com>wrote:

> Hello Vlad,
> I tested and confirmed it is OK now.
> Thanks.
>
> Regards,
> Takeshi
>
>
>
> On Wed, Aug 7, 2013 at 4:52 AM, Vlad Paiu <vladpaiu at opensips.org> wrote:
>
>> Hello,
>>
>> What are you thinking about more exactly here in terms of security ?
>>
>> The OpenSIPS worker processes that listen for BIN replicated packages do
>> not perform any IP authentication by themselves, so if you leave those UDP
>> ports open from the outside, you are leaving yourself exposed to outside
>> attackers coming in and either deleting some of the existing dialogs ( by
>> sending you some binary packages that destroy an ongoing dialog ) or
>> filling up your shared memory ( by sending you 'new dialog' binary packages
>> ).
>>
>> Currently, it's left to the OpenSIPS administrator to properly configure
>> the firewall so that the binary interface listeners ( the ones specified by
>> bin_listen=127.0.0.1:9999 ) are only open for the other OpenSIPS
>> instance IPs.
>>
>> Best Regards,
>>
>> Vlad Paiu
>> OpenSIPS Developer
>> http://www.opensips-solutions.**com <http://www.opensips-solutions.com>
>>
>>
>> On 08/01/2013 07:58 PM, Nick Khamis wrote:
>>
>>> What needs to be considered in terms of security?
>>>
>>> Nick.
>>>
>>> On 7/31/13, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
>>>
>>>> Hi Ryan,
>>>>
>>>> This has nothing to do with dialog pining or accounting - the new
>>>> interface allows OpenSIPS to replicate the dialog state to another
>>>> OpenSIPS instance. If I misunderstood you, please rephrase :)
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>> OpenSIPS Founder and Developer
>>>> http://www.opensips-solutions.**com <http://www.opensips-solutions.com>
>>>>
>>>>
>>>> On 07/29/2013 08:20 PM, Ryan Bullock wrote:
>>>>
>>>>> This is pretty exciting!
>>>>>
>>>>> What are the plans for how this will work with features such as dialog
>>>>> pinging and accounting?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Ryan
>>>>>
>>>>>
>>>>> On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu
>>>>> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>>>>
>>>>>      In long term we plan to use the BIN interface to replicate even
>>>>>      more internal data between multiple OpenSIPS instances, like doing
>>>>>      registration replication (instead of doing it from script via
>>>>>      SIP). Theoretically it may be used for replicating even
>>>>>      transaction state between 2 OpenSIPS instances - imagine having a
>>>>>      call ringing on instance A and being accepted on instance B (after
>>>>>      a failover) - 0% losses !
>>>>>
>>>>>      Aside realtime data replication, the BIN interface is to be used
>>>>>      also for exchanging any other type of information between OpenSIPS
>>>>>      instances, like federating multiple instances.
>>>>>
>>>>>      The main advantages of the BIN interface over the MI interface :
>>>>>          - BIN is binary encoded so much faster (as performance)
>>>>>          - BIN interface has both sender and receiver in OpenSIPS (MI
>>>>>      has only the receiver)
>>>>>          - MI is for external usage, while BIN is internal
>>>>>      (opensips2opensips)
>>>>>
>>>>>      Regards,
>>>>>
>>>>>      Bogdan-Andrei Iancu
>>>>>      OpenSIPS Founder and Developer
>>>>>      http://www.opensips-solutions.**com<http://www.opensips-solutions.com>
>>>>>
>>>>>
>>>>>      On 07/29/2013 06:22 PM, Liviu Chircu wrote:
>>>>>
>>>>>>      Hello all,
>>>>>>
>>>>>>      OpenSIPS just got better with a /new core interface/ and a /new
>>>>>>      failover mechanism/!
>>>>>>
>>>>>>      The purpose of the new *Binary Internal Interface *is to offer a
>>>>>>      fast and efficient communication channel between OpenSIPS
>>>>>>      instances. OpenSIPS modules can now use this core interface to
>>>>>>      send/receive packets with specific information. A common usage
>>>>>>      case for this feature would be data replication between a primary
>>>>>>      instance and a backup one.
>>>>>>
>>>>>>      This is especially useful in scenarios with OpenSIPS instances
>>>>>>      which handle large amounts of concurrent calls, so that failover
>>>>>>      through a database backend is not feasible anymore due to the
>>>>>>      significant time required in order to load the needed tables.
>>>>>>
>>>>>>      As an example of using the interface, the dialog module now
>>>>>>      offers the possibility of *replicating dialogs* to another
>>>>>>      instance. The script writer may now configure a set of proxies
>>>>>>      which will receive dialog-related events: /creation/,
>>>>>>      /confirmation/ and /deletion/, all in /realtime/. These messages
>>>>>>      are compact and they are sent over UDP. The dialog module now
>>>>>>      also exports several new statistics which show the total
>>>>>>      sent/received replication packets.
>>>>>>
>>>>>>      Configuring UDP listeners for the new interface is trivial and
>>>>>>      explained in the OpenSIPS manuals [1].
>>>>>>
>>>>>>      [1]: http://www.opensips.org/**Documentation/Interface-Binary<http://www.opensips.org/Documentation/Interface-Binary>
>>>>>>
>>>>>>      Best regards,
>>>>>>      --
>>>>>>      Liviu Chircu
>>>>>>      OpenSIPS Developer
>>>>>>      http://www.opensips-solutions.**com<http://www.opensips-solutions.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>>      ______________________________**_________________
>>>>>>      Users mailing list
>>>>>>      Users at lists.opensips.org <mailto:Users at lists.opensips.**org<Users at lists.opensips.org>
>>>>>> >
>>>>>>      http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>>>>>>
>>>>>      ______________________________**_________________
>>>>>      Devel mailing list
>>>>>      Devel at lists.opensips.org <mailto:Devel at lists.opensips.**org<Devel at lists.opensips.org>
>>>>> >
>>>>>      http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel>
>>>>>
>>>>>
>>>>>
>>>>> ______________________________**_________________
>>>>> Devel mailing list
>>>>> Devel at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel>
>>>>>
>>>> ______________________________**_________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>>>
>>
>>
>> ______________________________**_________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130807/e461ef79/attachment-0001.htm>


More information about the Users mailing list