<html><head></head><body><div class="ydp7adece84yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
<div dir="ltr" data-setdir="false">Thank you David.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">What do you think about networking concerns? you mentioned to them but I didn't get your point.</div><div dir="ltr" data-setdir="false">RTP restrictions, port proxy, iptables, fail2ban are top ones.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">PS: No matter which telephony platform (Asterisk/FS/OpenSIPS/Kamailio), these concerns are in general.</div><div dir="ltr" data-setdir="false">PS: We have more challenges with projects like Freepbx.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Regards,</div><div dir="ltr" data-setdir="false">HY<br></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><br></div><div><br></div>
</div><div id="ydpb69ea7dayahoo_quoted_9398985634" class="ydpb69ea7dayahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Saturday, May 2, 2020, 3:48:11 PM GMT+4:30, David Villasmil <david.villasmil.work@gmail.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="ydpb69ea7dayiv2354514616"><div><div><div>Not sure about OpenSIPS specifically, but I would assume it has been implemented in docker just as much as kamailio and freeSWITCH/Asterisk.</div><div><br clear="none"></div><div>This is done all over the world. Docker is not an emulator or a virtual machine host. When you run something on docker, its speed is (almost) exactly the same as running it on the host itself, since there’s no OS overhead, it works by separating processes via Cgroups, no by virtualizing or emulating hardware.</div><div><br clear="none"></div><div>Quote:</div><div><br clear="none"></div><div><span style="font-family:RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif;color:rgb(21,21,21);">The Docker technology uses the </span><a shape="rect" href="https://www.redhat.com/en/topics/linux/what-is-the-linux-kernel" style="text-decoration-line: none; text-decoration-style: solid; text-decoration-color: currentcolor; font-family: RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif; color: rgb(0, 102, 204);" rel="nofollow" target="_blank">Linux kernel</a><span style="font-family:RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif;color:rgb(21,21,21);"> and features of the kernel, like </span><a shape="rect" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/ch01.html" style="text-decoration-line: none; text-decoration-style: solid; text-decoration-color: currentcolor; font-family: RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif; color: rgb(0, 102, 204);" rel="nofollow" target="_blank">Cgroups</a><span style="font-family:RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif;color:rgb(21,21,21);"> and </span><a shape="rect" href="https://lwn.net/Articles/528078/" style="text-decoration-line: none; text-decoration-style: solid; text-decoration-color: currentcolor; font-family: RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif; color: rgb(0, 102, 204);" rel="nofollow" target="_blank">namespaces</a><span style="font-family:RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif;color:rgb(21,21,21);">, to segregate processes so they can run independently. This independence is the intention of containers‐the ability to run multiple processes and apps separately from one another to make better use of your infrastructure while </span><a shape="rect" href="https://www.redhat.com/en/topics/security" style="text-decoration-line: none; text-decoration-style: solid; text-decoration-color: currentcolor; font-family: RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif; color: rgb(0, 102, 204);" rel="nofollow" target="_blank">retaining the security</a><span style="font-family:RedHatText, Overpass, Overpass, Helvetica, Arial, sans-serif;color:rgb(21,21,21);">you would have with separate systems.</span><br clear="none"></div></div><div><br clear="none"></div><div><div>So in simple terms, docker simply separates processes.</div><div><br clear="none"></div><div>There ARE, nonetheless, some problems with dockerizing everything. I have read issues like If the network traffic is way way way too high, you may encounter issues like dropped packets, etc. but this is a problem on the networking side, I.e: the iptables rules. Also the natting related to using docker can be cumbersome, but once you’re over that, it’s home free. </div><div><br clear="none"></div><div>So, as long as you manage your infrastructure well, you shouldn’t have problems.</div><div><br clear="none"></div><div>In terms of troubleshooting a failing container. All logging should be sent to some log server, and you can do your troubleshooting there. Also, don’t kill a failing container so you can access it (via ssh or attach or exec) and troubleshoot it.</div><div><br clear="none"></div><div>The pros of using docker/k8s greatly outweighs the cons, in my opinion.</div><div><br clear="none"></div><div>Hope this help.</div><div><br clear="none"></div><div>David</div><br clear="none"><div class="ydpb69ea7dayiv2354514616gmail_quote"><div class="ydpb69ea7dayiv2354514616gmail_attr" dir="ltr">On Sat, 2 May 2020 at 11:33, H Yavari via Users <<a shape="rect" href="mailto:users@lists.opensips.org" rel="nofollow" target="_blank">users@lists.opensips.org</a>> wrote:<br clear="none"></div><blockquote class="ydpb69ea7dayiv2354514616gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204);"><div><div><div></div>
<div dir="ltr">Thank you Johan,</div><div dir="ltr"><br clear="none"></div><div dir="ltr">When your infrastructure goes to run with k8s or other same platforms, it's hard to make some exceptions.</div><div dir="ltr">Also softwares like opensips that are working just with DB, can run very smoothly. <br clear="none"></div><div dir="ltr"><br clear="none"></div><div dir="ltr">Although I haven't seen any problem yet after moving it to containers, but I am interested in hearing from others and developers team.</div><div dir="ltr"><br clear="none"></div><div dir="ltr"><br clear="none"></div><div dir="ltr">Regards,</div><div dir="ltr">HY<br clear="none"></div><div dir="ltr"><br clear="none"></div><div dir="ltr"><br clear="none"></div><div>--------<br clear="none"></div>
</div></div><div><div id="ydpb69ea7dayiv2354514616m_3211529236503319823ydpa5d46026yahoo_quoted_9395098427">
<div>
<div>
On Saturday, May 2, 2020, 12:51:51 PM GMT+4:30, johan <<a shape="rect" href="mailto:johan@democon.be" rel="nofollow" target="_blank">johan@democon.be</a>> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div id="ydpb69ea7dayiv2354514616m_3211529236503319823ydpa5d46026yiv4517330760"><div>
<p>First of all, I am not aware of a production kubernetes cluster.
<br clear="none">
</p>
<p>Using containers has advantages : fast install, easy to move.
The annoying thing is that if it goes wrong, it is not easy to
troubleshoot. Secondly, you add an extra abstraction layer,
abstraction (most of the time) reduces speed and decreases
capacity. <br clear="none">
</p>
<p>In short : it all depends on the size of your system. In ip4 I
don't see the advantage. What could be a nice scalable system, is
to deploy on ip6 with anycast. <br clear="none">
</p>
<p>Just my thoughts ... <br clear="none">
</p>
<div id="ydpb69ea7dayiv2354514616m_3211529236503319823ydpa5d46026yiv4517330760yqt12388"><div>On 2/05/2020 07:49, H Yavari via Users
wrote:<br clear="none">
</div>
<blockquote type="cite">
</blockquote></div></div><div id="ydpb69ea7dayiv2354514616m_3211529236503319823ydpa5d46026yiv4517330760yqt28477"><div><div>
<div>Hi to all,</div>
<div><br clear="none">
</div>
<div dir="ltr">As you know docker and K8s,
are growing quickly. So we dockerized Asterisk and OpenSIPS
also.<br clear="none">
</div>
<div dir="ltr">But I see some community
members are against it. They have some reasons like NAT, RTP
ports and performance.</div>
<div dir="ltr"><br clear="none">
</div>
<div dir="ltr">Do you agree with them ? <br clear="none">
</div>
<div dir="ltr">Is there any successful large
scale OpenSIPS cluster based on K8s ?</div>
<div dir="ltr"><br clear="none">
</div>
<div dir="ltr"><br clear="none">
</div>
<div dir="ltr">Thanks for sharing your
experiences.</div>
<div dir="ltr"><br clear="none">
</div>
<div dir="ltr"><br clear="none">
</div>
<div dir="ltr">Regards,</div>
<div dir="ltr">HY<br clear="none">
</div>
</div>
<br clear="none">
<fieldset></fieldset>
<pre style="font-family:monospace;">_______________________________________________
Users mailing list
<a shape="rect" href="mailto:Users@lists.opensips.org" style="font-family:monospace;" rel="nofollow" target="_blank">Users@lists.opensips.org</a>
<a shape="rect" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" style="font-family:monospace;" rel="nofollow" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</div></div></div><div id="ydpb69ea7dayiv2354514616m_3211529236503319823ydpa5d46026yqt83325">_______________________________________________<br clear="none">Users mailing list<br clear="none"><a shape="rect" href="mailto:Users@lists.opensips.org" rel="nofollow" target="_blank">Users@lists.opensips.org</a><br clear="none"><a shape="rect" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="nofollow" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br clear="none"></div></div>
</div>
</div></div>_______________________________________________<br clear="none">
Users mailing list<br clear="none">
<a shape="rect" href="mailto:Users@lists.opensips.org" rel="nofollow" target="_blank">Users@lists.opensips.org</a><br clear="none">
<a shape="rect" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="nofollow" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><div class="ydpb69ea7dayiv2354514616yqt4627408480" id="ydpb69ea7dayiv2354514616yqtfd17272"><br clear="none">
</div></blockquote></div></div><div class="ydpb69ea7dayiv2354514616yqt4627408480" id="ydpb69ea7dayiv2354514616yqtfd94967">-- <br clear="none"></div><div class="ydpb69ea7dayiv2354514616gmail_signature" dir="ltr"><div dir="ltr"><div class="ydpb69ea7dayiv2354514616yqt4627408480" id="ydpb69ea7dayiv2354514616yqtfd34880"><div>Regards,</div></div><div><br clear="none"></div>David Villasmil<div>email: <a shape="rect" href="mailto:david.villasmil.work@gmail.com" rel="nofollow" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div></div></div></div>
</div>
</div></body></html>