On Fri, Feb 23, 2018 at 07:17:48PM +0000, Cody Herzog wrote:

> That makes sense, but is unfortunately not an option for me due to
> strict security requirements.  I need to use TLS on the whole path.

Personally, I would work around that requirement, either by using a
compliant private backplane/backbone network for internal communication,
or running UDP inside encrypted tunnels. That's the most promising
avenue in my opinion.

> Another option I explored was to have the edge proxies not always use the 
> same TCP connection for sending to the registrar.
> If I could find a way to load balance across a number of TCP
> connections, that would probably work for me.  Perhaps there is a way
> the DISPATHCER module can be configured to accomplish this.  Maybe the
> dispatcher configuration can list multiple copies of the same
> destination, but each having a different send socket address, and then
> can load balance across those.

It does, but unfortunately that level of fine-grained control isn't
reasonably possible. 

The only thing I can think of would be to have the registrar close the
TCP connection after receiving the registration. I don't know of a way
to do that except by changing the lifetime to something like zero after
the fact:

https://kamailio.org/docs/modules/5.1.x/modules/tcpops.html#tcpops.f.tcp_set_connection_lifetime

That would cause new connections to land at other workers, presumably.

But it's a kludgy solution. UDP is better.

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to