Hi Matt. my local_config
$ cat /etc/clearwater/local_config # Local IP configuration local_ip=10.0.0.193 public_ip=52.91.36.255 public_hostname=ec2-52-91-36-255.compute-1.amazonaws.com etcd_cluster=10.0.0.193 # Only keep 50MB of logs max_log_directory_size=52428800 The invite message from clearwater. The red message which is filled with 10.0.0.193 which is a private ip that blocked our sip messages. Jun 27 08:51:10.034 DEBUG PRISM ////1/[] [tcp/0.0.0.0/5060-t-4] #SIP#: (i)[INVITE sip:[email protected] SIP/2.0 Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, CANCEL, BYE, REFER, INFO, MESSAGE, OPTIONS Content-Length: 210 Session-Expires: 600 Via: SIP/2.0/TCP 10.0.0.193:56977;rport;branch=z9hG4bKPjTU5TvfoybTaQ4utxymiSbK9p3DW4PD0j Via: SIP/2.0/TCP 10.0.0.193:52597;rport=52597;received=10.0.0.193;branch=z9hG4bKPjyqVBfQt5EmKbUMI.9U6ROhl7LnvzK4k. Via: SIP/2.0/TCP 10.140.254.65:5062;rport=53134;received=64.104.125.237;branch=z9hG4bK-524287-1---0c22544c8cc97b08 Record-Route: <sip:scscf.ec2-52-91-36-255.compute-1.amazonaws.com:5054;transport=tcp;lr;service=scscf;billing-role=charge-orig> Record-Route: <sip:10.0.0.193:5058;transport=TCP;lr> Record-Route: <sip:A/[email protected]:5060;transport=TCP;lr> CSeq: 1 INVITE Route: <sip:incall-gw1-staging.wdc.tropo.com;lr> Route: <sip:[email protected]:5054;lr;orig;service=scscf> P-Served-User: <sip:[email protected]>;sescase=orig;regstate=reg Contact: <sip:[email protected]:53134;transport=tcp;rinstance=53467a66e45c8aa0> Call-ID: 79049OTM3NTRlMTBkMmFiOTg2ZGNjZjQ3OWI3MjI3ZjE2MzQ Max-Forwards: 67 From: "6505550755" <sip:[email protected]>;tag=91bed763 Content-Type: application/sdp To: <sip:[email protected]> P-Asserted-Identity: <sip:[email protected]> Supported: replaces User-Agent: X-Lite release 4.9.2 stamp 79049 v=0 o=- 1467017469752494 1 IN IP4 10.140.254.65 s=X-Lite release 4.9.2 stamp 79049 c=IN IP4 10.140.254.65 t=0 0 m=audio 60526 RTP/AVP 8 101 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv ] #[N/A][N/A][79049OTM3NTRlMTBkMmFiOTg2ZGNjZjQ3OWI3MjI3ZjE2MzQ][N/A][sip:[email protected](52.91.36.255:56977)][sip:[email protected](198.11.254.107:5060)] From: "Matt Williams (projectclearwater.org)" <[email protected]<mailto:[email protected]>> Date: Monday, June 27, 2016 at 4:14 PM To: leo tang <[email protected]<mailto:[email protected]>> Cc: "Chris Elford (projectclearwater.org)" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: RE: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Leo, Thanks for your response. Clearwater Sprout doesn't currently support using a different URI in the Route (or Record-Route) header when sending to an AS from the URI it uses when sending to other nodes in the network. You mention the Route header containing an IP address. This should normally be filled in from the public_hostname field in /etc/clearwater/local_config. While it is permitted for this to be an IP address, we'd often configure it to be an actual FQDN. If you do that, does that help - you could configure split-horizon DNS so that when nodes within your network resolve the hostname, they get the internal IP address and when your AS resolves the hostname, it gets the public IP address? You asked about multiple network support. Note that this allows you to have your management traffic (e.g. ssh) on a separate network from your signaling traffic (e.g. SIP), so I'm not sure this is useful here. I hope that helps - please let me know if you have any further questions. Thanks, Matt From: Leo Tang (leotang) [mailto:[email protected]] Sent: 27 June 2016 04:14 To: Matt Williams (projectclearwater.org) <[email protected]<mailto:[email protected]>> Cc: Chris Elford (projectclearwater.org) <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: Re: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Hi Matt, Thanks for your professional reply. Your understanding is 100 percent correct. We do send Response messages with the public ip address and it works fine here. The problem is that we have to send Request messages based on the route header which is private ip address. I saw clearwater doc about multiple network support. Is that a solution for my case ? I tried but failed. Thanks. Leo From: "Matt Williams (projectclearwater.org)" <[email protected]<mailto:[email protected]>> Date: Friday, June 24, 2016 at 11:04 PM To: leo tang <[email protected]<mailto:[email protected]>> Cc: "Chris Elford (projectclearwater.org)" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: RE: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Leo, Thanks for your email. Just to check I'm understanding correctly, · Sprout is sending an INVITE to an AS · Sprout sends from its private IP address, but this is NAT-ed to a public address before it reaches the AS · Sprout includes its private IP address in the Via header · when the AS comes to send a response, it tries to send back to the IP address in this Via header, which fails (because it's private and so not routable). Is that right? Following RFC 3621 section 18.2.1, I think the right way for this to work is · when the AS receives the INVITE, for it to add a "received" parameter to the Via header containing the IP address that it saw the request coming from · when the AS wants to reply to the INVITE, for it to use this IP address in preference to the original IP address in the Via header. To borrow an example from RFC 3261 (emphasis mine): Consider a request received by the server transport which looks like, in part: INVITE sip:[email protected]<mailto:[email protected]> SIP/2.0 Via: SIP/2.0/UDP bobspc.biloxi.com:5060 The request is received with a source IP address of 192.0.2.4. Before passing the request up, the transport adds a "received" parameter, so that the request would look like, in part: INVITE sip:[email protected]<mailto:[email protected]> SIP/2.0 Via: SIP/2.0/UDP bobspc.biloxi.com:5060;received=192.0.2.4 Do you agree? And do you know why your AS is not behaving in this way? I don't believe there's currently any option to change the IP address included in the Via header used by Sprout (without also changing the IP address that Sprout binds to), although it would probably be possible to add. I hope that helps - please let me know if you have any further questions. Thanks, Matt From: Clearwater [mailto:[email protected]] On Behalf Of Leo Tang (leotang) Sent: 22 June 2016 10:08 To: Chris Elford (projectclearwater.org) <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: Re: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Hi Chris, Yes. The private ip address 10.0.0.* is listed in the Via header in the INVITE. Sure. I will sign up the mail list Leo. From: "Chris Elford (projectclearwater.org)" <[email protected]<mailto:[email protected]>> Date: Wednesday, June 22, 2016 at 4:31 PM To: leo tang <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: RE: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Hi Leo, You say that “clearwater sends the invite message with its private ip address 10.0.0.*.” Do you mean that the private IP address is listed in the Via header in the INVITE, or that the IP packet was received from the private IP address? If you aren’t sure, you should be able to find out by taking a packet capture on your server e.g. using tcpdump. Can I suggest that you sign up to the Project Clearwater mailing list? That way, your messages won’t need to be approved by a moderator, and you can see other similar problems that others are having. Chris From: Leo Tang (leotang) [mailto:[email protected]] Sent: 20 June 2016 11:09 To: Chris Elford (projectclearwater.org) <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: Re: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address And Yes. That’s the trouble routing back to sprout. From: leo tang <[email protected]<mailto:[email protected]>> Date: Monday, June 20, 2016 at 4:31 PM To: "Chris Elford (projectclearwater.org)" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Hi Chris, Thanks so much for your reply. The sip message flow is something like this: sip_client -> bono -> sprout -> my server and then go back. I installed clearwater on aws so it has a private ip 10.0.0.* and a public ip 64.*.*.* When the sip invite message comes in my server, I check with your sip messages and found clearwater sends the invite message with its private ip address 10.0.0.*. According to sip protocal, I have to reply the sip messages with your private ip address. But clearwater refuses my reply. I tried to send message to sprout with clearwater’s public ip 64.*.*.*. And I found sprout can receive the messages. So my question is that is there a way for clearwater to send the sip messages with its public ipaddress ? I found some docs to describe how to configure clearwater multiple networks. But it Is very complex as I has only a network interface on my aws clearwater. From: "Chris Elford (projectclearwater.org)" <[email protected]<mailto:[email protected]>> Date: Monday, June 20, 2016 at 4:18 PM To: leo tang <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: RE: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Hi Leo, There may be a way to solve your problem, but it would be helpful to know a little bit more about what you are trying to do. Are you seeing the wrong value appear in one of the SIP headers coming from Sprout? If so, what symptoms is this causing in your network? Are you seeing packets come from an unexpected location at the TCP/IP level, and having trouble routing back to your Sprout node? In that case, can you explain the cloud infrastructure that you are using, as our options are limited by what the cloud will allow. Yours, Chris From: Clearwater [mailto:[email protected]] On Behalf Of Leo Tang (leotang) Sent: 16 June 2016 10:35 To: [email protected]<mailto:[email protected]> Subject: [Project Clearwater] How to let clearwater sends sip messages to its app server with its public ip address Hi There. Is there a simple way to let sprout sends sip messages to its app server with its public ip address? Thanks.
_______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/mailman/listinfo/clearwater_lists.projectclearwater.org
