The motive is still a bit of a mystery to me. Yes, it allows Kamailio to
discover the true source IP/port of a message, but given the function
performed by HAProxy for TCP connections, it seems generally useful to
think of HAProxy as the other endpoint of the connection? Moreover, it
makes it that much more complicated to send requests to reach the client
_via_ HAProxy (e.g. following a lookup()), since HAProxy isn't a SIP
proxy and doesn't add a Path hop.
Am I missing something vital about the nature of HAProxy + Kamailio
deployments?
-- Alex
On 11/11/20 8:23 AM, Henning Westerholt wrote:
Hello,
bascially this allows Kamailio to understand the HAProxy protocol to be
used behind this particular proxy. Some discussion can be found at the
list and also at https://github.com/kamailio/kamailio/pull/1765
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com <https://gilawa.com/>
*From:* sr-users <[email protected]> *On Behalf Of
*Joey Golan
*Sent:* Wednesday, November 11, 2020 1:47 PM
*To:* Kamailio (SER) - Users Mailing List <[email protected]>
*Subject:* Re: [SR-Users] Kamailio behind HAProxy
Thanks Sergey.
Can anyone please explain how and why to use tcp_accept_haproxy?
On 11 Nov 2020, 10:39 +0200, Sergey Safarov <[email protected]
<mailto:[email protected]>>, wrote:
Now I not use pike.
On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <[email protected]
<mailto:[email protected]>> wrote:
So on your AWS deployment are you working without ANTIFLOOD(pike)?
I still don’t understand how and why to use tcp_accept_haproxy.
On 9 Nov 2020, 11:49 +0200, Sergey Safarov <[email protected]
<mailto:[email protected]>>, wrote:
In AWS I now use the network load balancer without enabled
HAproxy protocol.
On EC2 instances used two ENI.
First for traffic via NLB for Inbound traffic.
And second ENI for outbound traffic.
This works but, maybe complex to implement.
Now I looking to:
1) enable TCP + HAproxy protocol support in Kamailio;
2) add UDP + HAproxy protocol feature support;
3) add connection support "with" and "without" HAproxy protocol.
But I am not a developer and cannot say when it implemented.
If your usage case, is business requirements and need
extended HAproxy implementation in Kamailio, then your
company can hire devs from the community.
On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <[email protected]
<mailto:[email protected]>> wrote:
Maybe I miss understood you.
For local installations you mean HAProxy with
transparent mode?
I have a functioning setup without proxy protocol
enabled but without anitflood enabled because all
traffic comes from same HAProxy address.
I’m not sure I understand the purpose of
tcp_accept_haproxy. When and how this parameter should
be used?
Thanks,
Joey.
On 9 Nov 2020, 0:27 +0200, Sergey Safarov
<[email protected] <mailto:[email protected]>>, wrote:
Why you cannot use this in the local installation?
On AWS I have multiple kamailio servers behind ELB.
Why you do not use a network load-balancer? NLB also
offers HAproxy protocol support (TCP and UDP).
In AWS installation you can use dedicated Kamailio
groups for inbound connections and SIP clients with
registration.
And use other Kamailio group for outbound
connections like carriers.
Sergey
On Sun, Nov 8, 2020 at 9:07 PM Joey Golan
<[email protected] <mailto:[email protected]>> wrote:
It doesn’t make much sense to me.
On local installations (on-premise) I have 1
HAProxy and multiple kamailio servers.
On AWS I have multiple kamailio servers behind ELB.
On 8 Nov 2020, 19:45 +0200, Sergey Safarov
<[email protected]
<mailto:[email protected]>>, wrote:
you can try place haproxy + NAT on your own
Linux router.
In this case inbound connections with be
delivered via HAproxy.
Outbound connections will be NAT-ed on the
same host, to the same IP.
On Sun, Nov 8, 2020 at 6:31 PM Joey Golan
<[email protected] <mailto:[email protected]>>
wrote:
Hello,
I have a kamailio server running behind
HAProxy with proxy protocol v2 enabled.
In Kamailio I have set the parameter
tcp_accept_haproxy=yes and loaded tcpops
module.
UEs are registered using TLS and
kamailio sees that the message has
received from their real ip address +
port and not HAProxy ip + port.
When UE A calls UE B, kamailio is trying
to reach UE B using his real ip address
and port instead of HAProxy IP address +
port.
I know I can get the tcp ip and port of
HAProxy using $tcp(c_si) and $tcp(c_sp)
but I can’t make it work.
What is the right way to do this? How
should I use these variables properly in
order to establish the call successfully?
Thanks,
Joey.
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
<mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
<mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
<mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
<mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
<mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected] <mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected] <mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected] <mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
