Hi Satheesh, The initial Register and the Register that contains the authorization information are for different private identities.
There's no authorization information in the first register, so we derive the private identity from the public identity: REGISTER sip:example.com SIP/2.0 Via: SIP/2.0/TCP 60.60.30.50:57834;rport;branch=z9hG4bKPjtnsW.1tOjkuLX2MxzwD2qaGPum435R65 Path: <sip:[email protected]:5058;transport=TCP;lr;ob> Via: SIP/2.0/UDP 20.20.20.146:1024;rport=1024;received=20.20.20.146;branch=z9hG4bK1808901027 From: <sip:[email protected]>;tag=417779919 To: <sip:[email protected]> Call-ID: 889769254 CSeq: 5 REGISTER Contact: <sip:[email protected]:1024;line=332d050a8331206> Max-Forwards: 70 User-Agent: VimphoneAndroid/1.0.8 (eXosip2/3.6.0) Expires: 3600 P-Visited-Network-ID: example.com Session-Expires: 600 Route: <sip:60.60.30.50:5054;transport=TCP;lr;orig> Content-Length: 0 Here the public identity is sip:[email protected], so we say the private identity is [email protected]. Sprout then successfully gets the authentication vector from Homestead and the HSS, and saves it in memcached using the private identity as part of the key. Sprout then sends a 401 back to the client. The client then sends back a register with an authorization header. REGISTER sip:example.com SIP/2.0 Via: SIP/2.0/TCP 60.60.30.50:35908;rport;branch=z9hG4bKPjkc0YC4j41OTFUnLtxpB9jdegvMbaoBfE Path: <sip:[email protected]:5058;transport=TCP;lr;ob> Via: SIP/2.0/UDP 20.20.20.146:1024;rport=1024;received=20.20.20.146;branch=z9hG4bK1539147749 From: <sip:[email protected]>;tag=417779919 To: <sip:[email protected]> Call-ID: 889769254 CSeq: 6 REGISTER Contact: <sip:[email protected]:1024;line=332d050a8331206> Authorization: Digest username="123111123456765", realm="dsTest.net", nonce="4170717c2a8000d6", uri="sip:example.com", response="d35cfc94a279fdcb5a827fad2e7eb99c", algorithm=MD5, cnonce="0a4f113b", opaque="5283bb3e6bcb6a35", qop=auth, nc=00000001,integrity-protected=ip-assoc-pending Max-Forwards: 70 User-Agent: VimphoneAndroid/1.0.8 (eXosip2/3.6.0) Expires: 3600 P-Visited-Network-ID: example.com Session-Expires: 600 Route: <sip:60.60.30.50:5054;transport=TCP;lr;orig> Content-Length: 0 The authorization header includes the digest username, which should be the same as the private identity. In this case, it's not, it's 123111123456765. Sprout then tries to look up the authentication vector using 123111123456765 as the key - but this doesn't work as it was saved using [email protected]. It therefore tries to get the authentication vector from the HSS for 123111123456765. Can you make the two registers consistent? Ellie -----Original Message----- From: Satheesh Marappan (sathkuma) [mailto:[email protected]] Sent: 18 March 2015 13:26 To: Eleanor Merry; [email protected] Cc: Chinna Morampalle (cmorampa); Ashish Maheshwari -X (ashimahe - L & T TECHNOLOGY SERVICES LIMITED at Cisco) Subject: Re: SCSCF sending repetetive MAR to HSS Hi Ellie, I am working on a new IMS setup and got similar issue of multiple MAR towards HSS. Tried debugging with below email suggestions like changing files as suggested and stoping services. Still couldn't resolve it. We are almost using same HSS config which was working in different setup. Can you please look into attached logs with pcap and help us resolve it? Thanks Satheesh -----Original Message----- From: Eleanor Merry <[email protected]> Date: Thursday, 26 February 2015 2:40 am To: "Ashish Maheshwari -X (ashimahe - L & T TECHNOLOGY SERVICES LIMITED at Cisco)" <[email protected]>, "[email protected]" <[email protected]> Cc: "Chinna Morampalle (cmorampa)" <[email protected]>, Satheesh Kumar Marappan <[email protected]>, "Anil Jain -X (anilja - Aricent Technology Holdings Limited at Cisco)" <[email protected]> Subject: RE: SCSCF sending repetetive MAR to HSS >Hi Ashish, > >Can you also send the /etc/memcached_11211.conf file across too? > >This should include the following: > ># Specify which IP address to listen on. The default is to listen on >all IP addresses # This parameter is one of the only security measures >that memcached has, so make sure # it's listening on a firewalled >interface. >-l <local IP address> > >Can you check that the IP address has been filled in, and is set to the >correct IP address for the box? > >Thanks, > >Ellie > >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of >Eleanor Merry >Sent: 25 February 2015 21:04 >To: Ashish Maheshwari -X (ashimahe - L & T TECHNOLOGY SERVICES LIMITED >at Cisco); [email protected] >Cc: Chinna Morampalle (cmorampa); Satheesh Marappan (sathkuma); Anil >Jain -X (anilja - Aricent Technology Holdings Limited at Cisco) >Subject: Re: [Clearwater] SCSCF sending repetetive MAR to HSS > >Hi Ashish, > >Can you send across your memcached cluster setting file (in >/etc/clearwater/cluster_settings) and the most recent sprout log? To >get this, can you restart sprout (use 'sudo service sprout stop'), >attempt a register, and then send just the most recent >/var/log/sprout/sprout_* file. > >Also, can you confirm that the memcached service is running ('sudo >service memcached status'), and remonitor it with monit ('sudo monit >monitor memcached'). > >Restund is our STUN/TURN server, and it's used by Bono; poll_restund is >a script that monit uses to check that the restund process is correctly >responding to requests. Is this still failing in monit? Can you send >over the /var/log/monit.log file? > >Thanks, > >Ellie > >From: Ashish Maheshwari -X (ashimahe - L & T TECHNOLOGY SERVICES >LIMITED at Cisco) [mailto:[email protected]] >Sent: 25 February 2015 13:25 >To: Eleanor Merry; [email protected] >Cc: Chinna Morampalle (cmorampa); Satheesh Marappan (sathkuma); Anil >Jain -X (anilja - Aricent Technology Holdings Limited at Cisco) >Subject: FW: SCSCF sending repetetive MAR to HSS > >Hi Ellie, > >I completely re -installed the latest version of CW IMS OVF and did >the integration with external HSS but after that when I check the >status of all the services I found : > >Program 'poll_memcached' > status Status failed > monitoring status Monitored > last started Wed, 25 Feb 2015 05:19:21 > last exit value 1 > data collected Wed, 25 Feb 2015 05:19:21 > >Process 'memcached' > status Not monitored > monitoring status Not monitored > data collected Wed, 25 Feb 2015 03:44:07 > > >Program 'poll_restund' > status Status failed > monitoring status Monitored > last started Wed, 25 Feb 2015 05:45:28 > last exit value 1 > data collected Wed, 25 Feb 2015 05:45:28 > >What is this poll_restund process and how we can make it running.... > >To trouble shoot this memcached issue I took help from your online help : > > >Memcached logs to /var/log/memcached.log. It logs very little by >default, but it is possible to make it more verbose by editing >/etc/memcached_11211.conf, uncommenting the -vvline, and running sudo >monit restart memcached. > >In attached memcached logs in I can see : >failed to listen on TCP port 11211: Invalid argument >getaddrinfo(): Temporary failure in name resolution > >I also restart sprout service to capture the logs to see when sprout >initially communicates to memcached but didn't get too much information >from it. > >I used the attached config file and also attaching pcap capture ,syslog >, config file and memcached logs not able to attached sprout logs as >huge in size but I am seeing the same error as you mentioned in the below mail. >20-02-2015 04:07:13.921 UTC Debug memcachedstore.cpp:649: memcached_add >command for av\\[email protected]\46fa0be12dbafeef failed on >replica 0, rc = 47 (SERVER HAS FAILED AND IS DISABLED UNTIL TIMED >RETRY), expiry = 40 >(140124113689584) SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY, >host: 10.105.244.117:11211 -> libmemcached/connect.cc:633 >20-02-2015 04:07:13.921 UTC Error memcachedstore.cpp:708: Failed to >write data for av\\[email protected]\46fa0be12dbafeef to 1 >replicas >20-02-2015 04:07:13.921 UTC Error avstore.cpp:73: Failed to write >Authentication Vector for private_id >[email protected]<mailto:[email protected]> > >As memcached service is not working I am still facing repetitive MAR >from SCSF to HSS. > >Can you please help me to resolve this issue on priority as we totally >blocked. > >Thanks in advance. > >Thanks & Regards, >Ashish Maheshwari > >From: Eleanor Merry [mailto:[email protected]] >Sent: 20 February 2015 19:11 >To: Ashish Maheshwari -X (ashimahe - L & T TECHNOLOGY SERVICES LIMITED >at Cisco); >[email protected]<mailto:[email protected] >lea >rwater.org> >Cc: Chinna Morampalle (cmorampa); Satheesh Marappan (sathkuma) >Subject: RE: SCSCF sending repetetive MAR to HSS > >Hi Ashish, > >It looks like there's a problem with memcached - from the Sprout logs: > >20-02-2015 04:07:13.921 UTC Debug memcachedstore.cpp:649: memcached_add >command for av\\[email protected]\46fa0be12dbafeef failed on >replica 0, rc = 47 (SERVER HAS FAILED AND IS DISABLED UNTIL TIMED >RETRY), expiry = 40 >(140124113689584) SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY, >host: 10.105.244.117:11211 -> libmemcached/connect.cc:633 >20-02-2015 04:07:13.921 UTC Error memcachedstore.cpp:708: Failed to >write data for av\\[email protected]\46fa0be12dbafeef to 1 >replicas >20-02-2015 04:07:13.921 UTC Error avstore.cpp:73: Failed to write >Authentication Vector for private_id >[email protected]<mailto:[email protected]> > >Are there any memcached logs in /var/log/memcached.log or in >/var/log/syslog? Also, can you check if there are any reported errors >about memcached when Sprout initially attempts to connect to memcached >- you'll need to restart Sprout ('sudo service sprout stop' - it'll be >restarted by monit). > >The memcached error is causing the repetitive MARs because when the >S-CSCF receives the REGISTER for the P-CSCF, it first checks its >authorization store for the subscriber. On the initial REGISTER this is >empty, so the S-CSCF makes a MAR to the HSS. It then writes the >returned auth information into the store (this step is failing in your >test), and returns a 401 to the P-CSCF. Then when the S-CSCF receives >the REGISTER with authorization, it checks this against its stored information. >However in your case, Sprout looks up the subscriber in the auth store, >doesn't find anything (as the write before failed), so makes a MAR to >the HSS. > >We should probably return a better code to the P-CSCF if the write >fails (a 500 rather than a 401) - I'll look into this. In the meantime, >can you check the memcached process? > >Ellie > >From: Ashish Maheshwari -X (ashimahe - L & T TECHNOLOGY SERVICES >LIMITED at Cisco) [mailto:[email protected]] >Sent: 20 February 2015 11:45 >To: Eleanor Merry; >[email protected]<mailto:[email protected] >lea >rwater.org> >Cc: Chinna Morampalle (cmorampa); Satheesh Marappan (sathkuma) >Subject: SCSCF sending repetetive MAR to HSS > >Hi Ellie, > >I am facing the issue that SCSCF sending repetitive MAR request to HSS >instead of SAR even though first MAA diameter success. > >I am describing the detailed call flow: > >UE----SIP Register -------PCSCF(Bono) >PCSCF-----sip reg frwrd------SCSCF(sprout) >SCSCF-------MAR------------HSS HSS-------MAA------------SCSCF >SCSCF--------401 unaut------PCSCF >PCSCF----------401 unaut----UE >UE----SIP Register -------PCSCF(Bono) >PCSCF-----sip reg frwrd------SCSCF(sprout) >SCSCF-------MAR------------HSS (instead of SAR) > >I am attaching pcap,monit status, config,bono and sprout logs file. > >Regards, >Ashish > > > > > > > > > > > > > > >Thanks & Regards, >Ashish Maheshwari > > >_______________________________________________ >Clearwater mailing list >[email protected] >http://lists.projectclearwater.org/listinfo/clearwater _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater
