In one case, it was to take advantage of the SSL offloading from the cloud provided load balancer (among other features, but that was the main one). I never got it fully working though..
See: https://github.com/kamailio/kamailio/issues/2103 and the thread https://lists.kamailio.org/pipermail/sr-users/2019-November/107222.html So it could end up being useful for something like: UA <-> TCP load balancer (that *proxies* the connection but doesn't talk SIP) <-> Kamailio -> destination. I'm also curious to know if/how the rest are using it.. On Wed, Nov 11, 2020 at 9:24 AM Alex Balashov <[email protected]> wrote: > The motive is still a bit of a mystery to me. Yes, it allows Kamailio to > discover the true source IP/port of a message, but given the function > performed by HAProxy for TCP connections, it seems generally useful to > think of HAProxy as the other endpoint of the connection? Moreover, it > makes it that much more complicated to send requests to reach the client > _via_ HAProxy (e.g. following a lookup()), since HAProxy isn't a SIP > proxy and doesn't add a Path hop. > > Am I missing something vital about the nature of HAProxy + Kamailio > deployments? > > -- Alex > > On 11/11/20 8:23 AM, Henning Westerholt wrote: > > Hello, > > > > bascially this allows Kamailio to understand the HAProxy protocol to be > > used behind this particular proxy. Some discussion can be found at the > > list and also at https://github.com/kamailio/kamailio/pull/1765 > > > > Cheers, > > > > Henning > > > > -- > > > > Henning Westerholt – https://skalatan.de/blog/ > > > > Kamailio services – https://gilawa.com <https://gilawa.com/> > > > > *From:* sr-users <[email protected]> *On Behalf Of > > *Joey Golan > > *Sent:* Wednesday, November 11, 2020 1:47 PM > > *To:* Kamailio (SER) - Users Mailing List <[email protected]> > > *Subject:* Re: [SR-Users] Kamailio behind HAProxy > > > > Thanks Sergey. > > > > Can anyone please explain how and why to use tcp_accept_haproxy? > > > > On 11 Nov 2020, 10:39 +0200, Sergey Safarov <[email protected] > > <mailto:[email protected]>>, wrote: > > > > Now I not use pike. > > > > On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <[email protected] > > <mailto:[email protected]>> wrote: > > > > So on your AWS deployment are you working without > ANTIFLOOD(pike)? > > > > I still don’t understand how and why to use tcp_accept_haproxy. > > > > On 9 Nov 2020, 11:49 +0200, Sergey Safarov <[email protected] > > <mailto:[email protected]>>, wrote: > > > > In AWS I now use the network load balancer without enabled > > HAproxy protocol. > > > > On EC2 instances used two ENI. > > > > First for traffic via NLB for Inbound traffic. > > > > And second ENI for outbound traffic. > > > > This works but, maybe complex to implement. > > > > Now I looking to: > > > > 1) enable TCP + HAproxy protocol support in Kamailio; > > > > 2) add UDP + HAproxy protocol feature support; > > > > 3) add connection support "with" and "without" HAproxy > protocol. > > > > But I am not a developer and cannot say when it implemented. > > > > If your usage case, is business requirements and need > > extended HAproxy implementation in Kamailio, then your > > company can hire devs from the community. > > > > On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <[email protected] > > <mailto:[email protected]>> wrote: > > > > Maybe I miss understood you. > > For local installations you mean HAProxy with > > transparent mode? > > > > I have a functioning setup without proxy protocol > > enabled but without anitflood enabled because all > > traffic comes from same HAProxy address. > > > > I’m not sure I understand the purpose of > > tcp_accept_haproxy. When and how this parameter should > > be used? > > > > Thanks, > > Joey. > > > > On 9 Nov 2020, 0:27 +0200, Sergey Safarov > > <[email protected] <mailto:[email protected]>>, > wrote: > > > > Why you cannot use this in the local installation? > > > > On AWS I have multiple kamailio servers behind ELB. > > > > Why you do not use a network load-balancer? NLB also > > offers HAproxy protocol support (TCP and UDP). > > > > In AWS installation you can use dedicated Kamailio > > groups for inbound connections and SIP clients with > > registration. > > > > And use other Kamailio group for outbound > > connections like carriers. > > > > > > Sergey > > > > On Sun, Nov 8, 2020 at 9:07 PM Joey Golan > > <[email protected] <mailto:[email protected]>> wrote: > > > > It doesn’t make much sense to me. > > On local installations (on-premise) I have 1 > > HAProxy and multiple kamailio servers. > > On AWS I have multiple kamailio servers behind > ELB. > > > > On 8 Nov 2020, 19:45 +0200, Sergey Safarov > > <[email protected] > > <mailto:[email protected]>>, wrote: > > > > you can try place haproxy + NAT on your own > > Linux router. > > > > In this case inbound connections with be > > delivered via HAproxy. > > Outbound connections will be NAT-ed on the > > same host, to the same IP. > > > > On Sun, Nov 8, 2020 at 6:31 PM Joey Golan > > <[email protected] <mailto:[email protected]>> > > wrote: > > > > Hello, > > I have a kamailio server running behind > > HAProxy with proxy protocol v2 enabled. > > In Kamailio I have set the parameter > > tcp_accept_haproxy=yes and loaded tcpops > > module. > > UEs are registered using TLS and > > kamailio sees that the message has > > received from their real ip address + > > port and not HAProxy ip + port. > > When UE A calls UE B, kamailio is trying > > to reach UE B using his real ip address > > and port instead of HAProxy IP address + > > port. > > > > I know I can get the tcp ip and port of > > HAProxy using $tcp(c_si) and $tcp(c_sp) > > but I can’t make it work. > > What is the right way to do this? How > > should I use these variables properly in > > order to establish the call successfully? > > > > Thanks, > > Joey. > > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] > > <mailto:[email protected]> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] > > <mailto:[email protected]> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] > > <mailto:[email protected]> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] > > <mailto:[email protected]> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] > > <mailto:[email protected]> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] <mailto: > [email protected]> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] <mailto:[email protected]> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] <mailto:[email protected]> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > -- > Alex Balashov | Principal | Evariste Systems LLC > > Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) > Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
