On Fri, Feb 23, 2018 at 07:17:48PM +0000, Cody Herzog wrote:
> That makes sense, but is unfortunately not an option for me due to
> strict security requirements. I need to use TLS on the whole path.
Personally, I would work around that requirement, either by using a
compliant private backplane/backbone network for internal communication,
or running UDP inside encrypted tunnels. That's the most promising
avenue in my opinion.
> Another option I explored was to have the edge proxies not always use the
> same TCP connection for sending to the registrar.
> If I could find a way to load balance across a number of TCP
> connections, that would probably work for me. Perhaps there is a way
> the DISPATHCER module can be configured to accomplish this. Maybe the
> dispatcher configuration can list multiple copies of the same
> destination, but each having a different send socket address, and then
> can load balance across those.
It does, but unfortunately that level of fine-grained control isn't
The only thing I can think of would be to have the registrar close the
TCP connection after receiving the registration. I don't know of a way
to do that except by changing the lifetime to something like zero after
That would cause new connections to land at other workers, presumably.
But it's a kludgy solution. UDP is better.
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
Kamailio (SER) - Users Mailing List