May be it's worth to think about using FS on a separate server with 2 nic's as SBC. Regards, Nikolay.
_____ From: [email protected] [mailto:[email protected]] On Behalf Of Irena Dolovcak Sent: Wednesday, January 12, 2011 3:41 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] external-address No, I perfectly understand the difference. We talked about that with them (they do not even have a residential or similar service wich would need FENT for connecting SIP user agents) They do not do FENT on SIP trunks they deploy for enterprises (for connecting SIP servers) As I said before: The basic concept of this type of trunking has no NAT whatsoever. The second address from the subnet they give us is meant to go directly to the client SIP server (as the local IP server address) 2011/1/12 Tony Graziano <[email protected]> I think maybe you are confusing remote user nat traversal, which implies remote nat traversal, with trunking and nat traversal, which are 2 different things. Remote users can do NAT traversal with media relay and a properly configured firewall while you do PSTN connectivity with a local unmanaged gateway, without siptrunking role enabled via sipxbridge. 2011/1/12 Irena Dolovčak <[email protected]> They support refer They do not handle remote NAT traversal. We already talked about that with them. The basic concept of this type of trunking has no NAT whatsoever. The second address from the subnet they give us is meant to go directly to the client SIP server (as the local IP server address) 2011/1/12 Tony Graziano <[email protected]> 2011/1/12 Irena Dolovčak <[email protected]> @Michael No, they do not sell any equipment. It is actually a very good SIP trunking method. They provide SIP trunks over MPLS over dedicated fiber connections, there is no internet anywhere in the story. This has the highest possible quality and reliability. This is the preferred method of all the large telecom operators in our region. And it works great with 99% of other SIP software and hardware solutions. To work as envisioned, in the software solutions, SIP server should have a dedicated NIC just for this SIP trunk. This problem we have now is in essence a shortcoming of sipx. SipX should support multiple NIC-s/IP-s, otherwise this brings all kind of limitations in complex (especially multi site) installations. We also implement other software SIP solutions which support multiple NIC-s (3CX, Lync), we have no problem with them and this type of SIP trunking. @Tony The following is the concept of this SIP trunk (from this provider and others telecoms in our region): 1. SIP trunk is delivered over private IP network, over dedicated physical connection 2. The provider gives us the following: - IP address of their SIP server (10.160.4.157) - A limited subnet (10.160.250.92/30) of two IP addresses (10.160.250.93 and 10.160.250.94) 3. The first IP address in the given subnet (10.160.250.93) is their CPE router. The other address (10.160.250.94) is meant to be installed as a local IP address of our SIP server Our current setup is this: - The second address in the given subnet (10.160.250.94) is set on our router as external private IP address - our router has also an internet access and therefore has a separate external public IP address. - The internal address of our router is set to (10.4.62.1) - Sipx has a local address (10.4.62.2). enable NAT traversal and server is behind NAT is enabled. There are also remote works - Beside the main SIP provider we also need to connect a secondary international SIP provider over the internet for LCR (this work fine with sipx bridge) Now to answer Your questions: 1. No, we don't have any routing protocol to the provider, and they do not accept our private IP addresses. 2. If we give sipx the wrong public IP address (10.160.250.94) than we can also establish SIP trunk via unmanaged gateway. But with a problem: Outbound is ok (SIP and RTP) but incoming calls don't work (neither SIP nor RTP, there is a SIP loop) Does the providers equipment support refer? If so, set them up as an unmanaged gateway, and let them handle the nat traversal on their network, because by implicitly placing themselves on a private network local to you it assumes they will do NAT. This means you disable siptrunking role, setup unmanaged gateway to itsp, add the IP subnets of their private network in your intranet subnets, So. Currently we have established both SIP trunks via sipx bridge, but with a wrong public IP address (10.160.250.94). With some creative routing everything works (even remote workers), but everything is fundamentally setuped wrong and there could be yet undetected problems. How do propose we setup this trunk with SipX (without buying an external SBC)? 2011/1/9 Tony Graziano <[email protected]> I don't think this is possible within sipxbridge. It sounds like they are sitting on a non-routed network that you have local access to, in which case this is plain routing and could be connected to with an unmanaged gateway (since it does not use authentication). Can you route to the network the ITSP gateway is on from sipx without nat? If so, did you add it as a intranet subnet? Have you tried it as an unmanaged gateway? If the provider supports REFER, it should be as simple as adding an unmanaged gateway, which means sipxbridge role can be deselected altogether. This means you can still run remote users through media relay, if it is needed to support them. What you are asking for is two different IP's for sipx (one for users and one for trunking) to the outside world. You can only do this with an independent SBC that can manipulate the headers to pass on the IP's the ITSP wants. sipXbridge was not designed for this type of deployment in its current form. Hope this makes sense. 2011/1/9 Irena Dolovčak <[email protected]> I am referring to the <global-address> and <external address> from <bridge-configuration> located in the sipx bridge configuration file (sipxbridge.xml) Without getting too deep into the reasons and problems; I need to have two different public IP addresses in this particular sipx deployment. One standard public IP for sipx in general and a different one just for one of the sipx bridges. The reason for this is that the main voice provider for this customer is deploying SIP trunks over physical private network without authentication and they demand that the sipx has a private IP address in a particular given subnet and the invites from field must contain this address in order for SIP trunk to work. The only way I can get this SIP trunk to work is if I setup this private IP address instead of the sipx public IP address. But this messes up a bunch of other things (which I can get around with complicated routing, but I would rather not..) So I plan to change the public IP address just for one of the sipx bridges (there are two sipx bridges with multiple SIP trunks from multiple providers). I intend to do this manually through changing the sipxbridge.xml configuration file. For this reason I ask what is the <global-address> for and what is the <external address> for in the sipx bridge configuration file? 2011/1/8 Tony Graziano <[email protected]> I don't follow the terminology you are using. Public address is used in two places. Once by sipxbridge and once by media relay (for remote users). When used by sipxbridge it is used for setting up calls to the ITSP so the ITSP knows it is coming from the "internet facing address" of sipx. This means the ITSP is contacting (usually, your firrewall) the system directly to send packets and is not handling nat traversal for you. When used by media relay, it is so media relay knows when destination pacckets arrive at it for invites TO sipx or REGISTER on port 5060, that they originated via that IP address, which helps the system construct your registration and calls. Please explain in better detail what you mean by external-address and global-address? where are you picking up those terms so your question can be answered. sipxbridge only has one address, the public facing one, since it only really communicates publicly, everything else it does is inside sipx... 2011/1/8 Irena Dolovčak <[email protected]> oh yes, my bad.. I just wanted to know what is the difference between external-address and global-address in sipxbridge..? On Sat, Jan 8, 2011 at 1:53 PM, Tony Graziano <[email protected]> wrote: sipxbridge is not used for remote workers. sipxbridge is for trunking media relay is for remote workers On Sat, Jan 8, 2011 at 7:49 AM, Irena Dolovčak <[email protected]> wrote: Tony thanks for your reply.. And the global-address is used for remote workers, right? On Sat, Jan 8, 2011 at 1:40 PM, Tony Graziano <[email protected]> wrote: Public address? It is the contact ip the itsp uses to connect to sipxbridge. This is the most common configuration becase a lot of itsp's do not handle nat traversal on sip trunks for you. On Sat, Jan 8, 2011 at 7:24 AM, Irena Dolovčak <[email protected]> wrote: Hi to all! I have just one quick question.. In the configuration of sipxbridge what is the "external-address" used for? Thanks -- Irena Dolovčak _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Irena Dolovčak _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net> Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Irena Dolovčak _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net> Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Irena Dolovčak _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net> Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Irena Dolovčak _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net> Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Irena Dolovčak _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net> Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Irena Dolovčak
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
