[OpenSIPS-Users] Binary replication
I have a question regarding binary replication, I was using OpenSIPS 1.7 until now, my backup was passive, because when they were all up at the same time, the usrloc timer from the backup kept on removing users from the database, even though I'm using mode 2, I still rely on the DB for some actions, I recently watched Vlad Paiu video presentation on Binary Interface replication and he says that he advises to leave the backup open too, so I built 2 test servers with OpenSIPS 1.11 and I have a few questions. 1) will this solve the issue of the usrloc timer deleting records? 2) will it also update the backups database if I use mode 2? this way I dont need to replicate the db's, i will have 2 separate db's and have each server update its own db, if it does this will also solve problem 1. 3) I tested the bin replication, when doing a ngrep I see the packet coming in on the backup when a new user registers, but when doing a opensipsctl ul show it only shows the contact line and nothing else and it disappears completely after a few moments and it does not update the db. 4) Does it have a built in security mechanism besides manually doing it with iptables? 5) It seems like this is mainly used with a floating ip, I have servers on the same network using floating ip, I also have servers on different networks using failover dns, how will it affect my redundancy, I assume the backup server wont be able to reach the client before the client does a new DNS lookup and re registers, because the clients NAT wont allow it through, is that correct? and is there a solution for that? thanks in advance S. Rosenberg ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Binary replication
Here is the error, I see it checking the ip address against the listening ip address, and of course it does not match, if I add the other ip address as a listening address opensips wont start. Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_ucontact_update: non-local socket udp:45.45.99.95:5060 Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_ucontact_update: failed to process replication event. dom: 'location', aor: 'solho...@sipsvr5.myserver.com' Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_binary_packet: failed to process a binary packet! On Wed, Feb 18, 2015 at 5:02 PM, Liviu Chircu li...@opensips.org wrote: Hello Schneur, 1) If REGISTER request replication properly works (same messages received on both sides), then the backup should not delete contacts like you are mentioning. 2) Yes, it will. You can disable this behaviour with skip_replicated_db_ops [1] 3) Any specific ERRORs in the logfile? Please open a GitHub ticket for any obvious issues [2] 4) Only integrity checking. But that can be bypassed by a potential attacker. Immediate solutions are the use of private interfaces and/or iptables rules. 5) Yes, replication is only to be used with floating IPs. Regarding the distributed redundant setup, a big discussion was started in 2013, yet did not really come to a final conclusion [3] [1]: http://www.opensips.org/html/docs/modules/2.1.x/usrloc.html#skip_replicated_db_ops [2]: https://github.com/OpenSIPS/opensips/issues [3]: http://opensips.org/pipermail/users/2013-April/025204.html Best regards, Liviu Chircu OpenSIPS Developerhttp://www.opensips-solutions.com On 18.02.2015 12:19, Schneur Rosenberg wrote: I have a question regarding binary replication, I was using OpenSIPS 1.7 until now, my backup was passive, because when they were all up at the same time, the usrloc timer from the backup kept on removing users from the database, even though I'm using mode 2, I still rely on the DB for some actions, I recently watched Vlad Paiu video presentation on Binary Interface replication and he says that he advises to leave the backup open too, so I built 2 test servers with OpenSIPS 1.11 and I have a few questions. 1) will this solve the issue of the usrloc timer deleting records? 2) will it also update the backups database if I use mode 2? this way I dont need to replicate the db's, i will have 2 separate db's and have each server update its own db, if it does this will also solve problem 1. 3) I tested the bin replication, when doing a ngrep I see the packet coming in on the backup when a new user registers, but when doing a opensipsctl ul show it only shows the contact line and nothing else and it disappears completely after a few moments and it does not update the db. 4) Does it have a built in security mechanism besides manually doing it with iptables? 5) It seems like this is mainly used with a floating ip, I have servers on the same network using floating ip, I also have servers on different networks using failover dns, how will it affect my redundancy, I assume the backup server wont be able to reach the client before the client does a new DNS lookup and re registers, because the clients NAT wont allow it through, is that correct? and is there a solution for that? thanks in advance S. Rosenberg ___ Users mailing listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Binary replication
You should be able to solve that problem with: echo 1 /proc/sys/net/ipv4/ip_nonlocal_bind Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com On 18.02.2015 19:20, Schneur Rosenberg wrote: Here is the error, I see it checking the ip address against the listening ip address, and of course it does not match, if I add the other ip address as a listening address opensips wont start. Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_ucontact_update: non-local socket udp:45.45.99.95:5060 http://45.45.99.95:5060 Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_ucontact_update: failed to process replication event. dom: 'location', aor: 'solho...@sipsvr5.myserver.com mailto:solho...@sipsvr5.myserver.com' Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_binary_packet: failed to process a binary packet! On Wed, Feb 18, 2015 at 5:02 PM, Liviu Chircu li...@opensips.org mailto:li...@opensips.org wrote: Hello Schneur, 1) If REGISTER request replication properly works (same messages received on both sides), then the backup should not delete contacts like you are mentioning. 2) Yes, it will. You can disable this behaviour with skip_replicated_db_ops [1] 3) Any specific ERRORs in the logfile? Please open a GitHub ticket for any obvious issues [2] 4) Only integrity checking. But that can be bypassed by a potential attacker. Immediate solutions are the use of private interfaces and/or iptables rules. 5) Yes, replication is only to be used with floating IPs. Regarding the distributed redundant setup, a big discussion was started in 2013, yet did not really come to a final conclusion [3] [1]: http://www.opensips.org/html/docs/modules/2.1.x/usrloc.html#skip_replicated_db_ops [2]: https://github.com/OpenSIPS/opensips/issues [3]: http://opensips.org/pipermail/users/2013-April/025204.html Best regards, Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com On 18.02.2015 12:19, Schneur Rosenberg wrote: I have a question regarding binary replication, I was using OpenSIPS 1.7 until now, my backup was passive, because when they were all up at the same time, the usrloc timer from the backup kept on removing users from the database, even though I'm using mode 2, I still rely on the DB for some actions, I recently watched Vlad Paiu video presentation on Binary Interface replication and he says that he advises to leave the backup open too, so I built 2 test servers with OpenSIPS 1.11 and I have a few questions. 1) will this solve the issue of the usrloc timer deleting records? 2) will it also update the backups database if I use mode 2? this way I dont need to replicate the db's, i will have 2 separate db's and have each server update its own db, if it does this will also solve problem 1. 3) I tested the bin replication, when doing a ngrep I see the packet coming in on the backup when a new user registers, but when doing a opensipsctl ul show it only shows the contact line and nothing else and it disappears completely after a few moments and it does not update the db. 4) Does it have a built in security mechanism besides manually doing it with iptables? 5) It seems like this is mainly used with a floating ip, I have servers on the same network using floating ip, I also have servers on different networks using failover dns, how will it affect my redundancy, I assume the backup server wont be able to reach the client before the client does a new DNS lookup and re registers, because the clients NAT wont allow it through, is that correct? and is there a solution for that? thanks in advance S. Rosenberg ___ Users mailing list Users@lists.opensips.org mailto:Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org mailto:Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Binary replication
THANKS, this solved the problem, I think this should be placed in the documentation. On Wed, Feb 18, 2015 at 8:11 PM, Liviu Chircu li...@opensips.org wrote: You should be able to solve that problem with: echo 1 /proc/sys/net/ipv4/ip_nonlocal_bind Liviu Chircu OpenSIPS Developerhttp://www.opensips-solutions.com On 18.02.2015 19:20, Schneur Rosenberg wrote: Here is the error, I see it checking the ip address against the listening ip address, and of course it does not match, if I add the other ip address as a listening address opensips wont start. Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_ucontact_update: non-local socket udp: 45.45.99.95:5060 Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_ucontact_update: failed to process replication event. dom: 'location', aor: 'solho...@sipsvr5.myserver.com' Feb 18 17:17:10 sipsvr6 /sbin/opensips[26864]: ERROR:usrloc:receive_binary_packet: failed to process a binary packet! On Wed, Feb 18, 2015 at 5:02 PM, Liviu Chircu li...@opensips.org wrote: Hello Schneur, 1) If REGISTER request replication properly works (same messages received on both sides), then the backup should not delete contacts like you are mentioning. 2) Yes, it will. You can disable this behaviour with skip_replicated_db_ops [1] 3) Any specific ERRORs in the logfile? Please open a GitHub ticket for any obvious issues [2] 4) Only integrity checking. But that can be bypassed by a potential attacker. Immediate solutions are the use of private interfaces and/or iptables rules. 5) Yes, replication is only to be used with floating IPs. Regarding the distributed redundant setup, a big discussion was started in 2013, yet did not really come to a final conclusion [3] [1]: http://www.opensips.org/html/docs/modules/2.1.x/usrloc.html#skip_replicated_db_ops [2]: https://github.com/OpenSIPS/opensips/issues [3]: http://opensips.org/pipermail/users/2013-April/025204.html Best regards, Liviu Chircu OpenSIPS Developerhttp://www.opensips-solutions.com On 18.02.2015 12:19, Schneur Rosenberg wrote: I have a question regarding binary replication, I was using OpenSIPS 1.7 until now, my backup was passive, because when they were all up at the same time, the usrloc timer from the backup kept on removing users from the database, even though I'm using mode 2, I still rely on the DB for some actions, I recently watched Vlad Paiu video presentation on Binary Interface replication and he says that he advises to leave the backup open too, so I built 2 test servers with OpenSIPS 1.11 and I have a few questions. 1) will this solve the issue of the usrloc timer deleting records? 2) will it also update the backups database if I use mode 2? this way I dont need to replicate the db's, i will have 2 separate db's and have each server update its own db, if it does this will also solve problem 1. 3) I tested the bin replication, when doing a ngrep I see the packet coming in on the backup when a new user registers, but when doing a opensipsctl ul show it only shows the contact line and nothing else and it disappears completely after a few moments and it does not update the db. 4) Does it have a built in security mechanism besides manually doing it with iptables? 5) It seems like this is mainly used with a floating ip, I have servers on the same network using floating ip, I also have servers on different networks using failover dns, how will it affect my redundancy, I assume the backup server wont be able to reach the client before the client does a new DNS lookup and re registers, because the clients NAT wont allow it through, is that correct? and is there a solution for that? thanks in advance S. Rosenberg ___ Users mailing listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Binary replication
Hello Schneur, 1) If REGISTER request replication properly works (same messages received on both sides), then the backup should not delete contacts like you are mentioning. 2) Yes, it will. You can disable this behaviour with skip_replicated_db_ops [1] 3) Any specific ERRORs in the logfile? Please open a GitHub ticket for any obvious issues [2] 4) Only integrity checking. But that can be bypassed by a potential attacker. Immediate solutions are the use of private interfaces and/or iptables rules. 5) Yes, replication is only to be used with floating IPs. Regarding the distributed redundant setup, a big discussion was started in 2013, yet did not really come to a final conclusion [3] [1]: http://www.opensips.org/html/docs/modules/2.1.x/usrloc.html#skip_replicated_db_ops [2]: https://github.com/OpenSIPS/opensips/issues [3]: http://opensips.org/pipermail/users/2013-April/025204.html Best regards, Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com On 18.02.2015 12:19, Schneur Rosenberg wrote: I have a question regarding binary replication, I was using OpenSIPS 1.7 until now, my backup was passive, because when they were all up at the same time, the usrloc timer from the backup kept on removing users from the database, even though I'm using mode 2, I still rely on the DB for some actions, I recently watched Vlad Paiu video presentation on Binary Interface replication and he says that he advises to leave the backup open too, so I built 2 test servers with OpenSIPS 1.11 and I have a few questions. 1) will this solve the issue of the usrloc timer deleting records? 2) will it also update the backups database if I use mode 2? this way I dont need to replicate the db's, i will have 2 separate db's and have each server update its own db, if it does this will also solve problem 1. 3) I tested the bin replication, when doing a ngrep I see the packet coming in on the backup when a new user registers, but when doing a opensipsctl ul show it only shows the contact line and nothing else and it disappears completely after a few moments and it does not update the db. 4) Does it have a built in security mechanism besides manually doing it with iptables? 5) It seems like this is mainly used with a floating ip, I have servers on the same network using floating ip, I also have servers on different networks using failover dns, how will it affect my redundancy, I assume the backup server wont be able to reach the client before the client does a new DNS lookup and re registers, because the clients NAT wont allow it through, is that correct? and is there a solution for that? thanks in advance S. Rosenberg ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users