Re: [Users] OpenSER as load balancer for several Asterisk servers

[Stefano Capitanio]

Hi,

is it correct that in the second Via Header of the message from Asterisk 
to OpenSER there is the address of the Client?
there should be the address of Asterisk no?
maybe this make OpenSER think that the message is coming from a NAT...
i'm not sure, maybe i'm wrong...
try to set:
modparam("nathelper", "rtpproxy_disable", 1)


regards,
Stefano


Edoardo Serra ha scritto:
At 13.51 19/12/2006, Klaus Darilion wrote:
You said that the 200 contains openser's IP in the SDP? Is it put in 
there by openser or already by Asterisk?

Tnx very much for help

It's put in there by OpenSER.

I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and 1 
from openser to client)

AAA.AAA.AAA.AAA stands for IP of Asterisk
OOO.OOO.OOO.OOO stands for IP of OpenSER
CCC.CCC.CCC.CCC stands for IP of client
3333333333 is the called number


No.     Time        Source                Destination           
Protocol Info
    20 12.646925   AAA.AAA.AAA.AAA       OOO.OOO.OOO.OOO       SIP/SDP
Status: 200 OK, with session description

Session Initiation Protocol
   Status-Line: SIP/2.0 200 OK
   Message Header
       Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO
       Via: SIP/2.0/UDP 
CCC.CCC.CCC.CCC:8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 

       Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
       From: "test"<sip:[EMAIL PROTECTED]>;tag=9043ec70
       To: "3333333333"<sip:[EMAIL PROTECTED]>;tag=as30a7528b
       Call-ID: 
98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
       CSeq: 3 INVITE
       User-Agent: Asterisk
       Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
       Contact: <sip:[EMAIL PROTECTED]:5060>
       Content-Type: application/sdp
       Content-Length: 291
   Message body
       Session Description Protocol
           Session Description Protocol Version (v): 0
           Owner/Creator, Session Id (o): root 20137 20138 IN IP4 
AAA.AAA.AAA.AAA
           Session Name (s): session
           Connection Information (c): IN IP4 AAA.AAA.AAA.AAA
           Time Description, active time (t): 0 0
           Media Description, name and address (m): audio 58508 
RTP/AVP 98 3 8 0 101
           Media Attribute (a): rtpmap:98 iLBC/8000
           Media Attribute (a): rtpmap:3 GSM/8000
           Media Attribute (a): rtpmap:8 PCMA/8000
           Media Attribute (a): rtpmap:0 PCMU/8000
           Media Attribute (a): rtpmap:101 telephone-event/8000
           Media Attribute (a): fmtp:101 0-16
           Media Attribute (a): silenceSupp:off - - - -

No.     Time        Source                Destination           
Protocol Info
    21 12.647437   OOO.OOO.OOO.OOO       CCC.CCC.CCC.CCC       SIP/SDP
Status: 200 OK, with session description

Session Initiation Protocol
   Status-Line: SIP/2.0 200 OK
   Message Header
       Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 

       Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
       From: "test"<sip:[EMAIL PROTECTED]>;tag=9043ec70
       To: "3333333333"<sip:[EMAIL PROTECTED]>;tag=as30a7528b
       Call-ID: 
98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
       CSeq: 3 INVITE
       User-Agent: Asterisk
       Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
       Contact: <sip:[EMAIL PROTECTED]:5060>
       Content-Type: application/sdp
       Content-Length: 291
   Message body
       Session Description Protocol
           Session Description Protocol Version (v): 0
           Owner/Creator, Session Id (o): root 20137 20138 IN IP4 
OOO.OOO.OOO.OOO
           Session Name (s): session
           Connection Information (c): IN IP4 OOO.OOO.OOO.OOO
           Time Description, active time (t): 0 0
           Media Description, name and address (m): audio 58508 
RTP/AVP 98 3 8 0 101
           Media Attribute (a): rtpmap:98 iLBC/8000
           Media Attribute (a): rtpmap:3 GSM/8000
           Media Attribute (a): rtpmap:8 PCMA/8000
           Media Attribute (a): rtpmap:0 PCMU/8000
           Media Attribute (a): rtpmap:101 telephone-event/8000
           Media Attribute (a): fmtp:101 0-16
           Media Attribute (a): silenceSupp:off - - - -

Tnx very much for help again

Regards

Edoardo


regards
klaus


regards
klaus

Edoardo Serra wrote:
Hi guys,
    I'm having a problem with an OpenSER acting as registrar server 
and load balancer for many Asterisk servers.
In a few words: "users are registering on openser and, when they 
want to make a call, OpenSER proxies the request to an Asterisk 
server with the dispatcher module"
Here is the intended data flow (SIP goes through OpenSER and media 
goes directly to Asterisk)
User <-- SIP --> OpenSER <-- SIP --> Asterisk
User <-- RTP --> Asterisk
Both, OpenSER and Asterisks have public IPs
I already have a working setup of that and everything seems working 
correctly.
I'm trying to replicate that setup on another site, same 
configurations of the boxes, same versions of OpenSER and Asterisk, 
etc... but I'm having monodirectional Audio.
Having a look with tethereal I see that OpenSER, when the 
communication is answered, sends a SIP packet (200 OK) to the user 
indicating itself as media endpoint instead of the Asterisks.
 From that moment I see RTP packets flowing from the client to OpenSER
This seems really strange to me because I just copied the same 
configurations file from a working setup to the new installation.
Tnx in advance for help.
Regards
P.S.: Here is my openser.cfg
## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
## simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
#log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#children=4
#port=5060
fifo="/tmp/ser_fifo"
#uid=nobody
#gid=nobody
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/openser/modules/sl.so"
loadmodule "/usr/lib/openser/modules/tm.so"
loadmodule "/usr/lib/openser/modules/rr.so"
loadmodule "/usr/lib/openser/modules/maxfwd.so"
loadmodule "/usr/lib/openser/modules/usrloc.so"
loadmodule "/usr/lib/openser/modules/registrar.so"
loadmodule "/usr/lib/openser/modules/nathelper.so"
loadmodule "/usr/lib/openser/modules/textops.so"
loadmodule "/usr/lib/openser/modules/exec.so"
loadmodule "/usr/lib/openser/modules/uri.so"
loadmodule "/usr/lib/openser/modules/uri_db.so"
loadmodule "/usr/lib/openser/modules/dispatcher.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/auth.so"
loadmodule "/usr/lib/openser/modules/auth_db.so"
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url", "mysql://xxx:[EMAIL PROTECTED]/openser")
modparam("usrloc", "timer_interval", 120)
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "db_url", "mysql://xxx:[EMAIL PROTECTED]/voip")
modparam("uri_db", "db_url", "mysql://xxx:[EMAIL PROTECTED]/openser")
modparam("rr", "enable_full_lr", 1)
modparam("registrar", "nat_flag", 6)
modparam("registrar", "max_expires", 3600)
modparam("registrar", "min_expires", 60)
modparam("registrar", "append_branches", 0)
modparam("registrar", "desc_time_order", 1)
modparam("nathelper", "natping_interval", 20) # Ping interval 20 s
modparam("nathelper", "ping_nated_only", 1) # Ping only clients 
behind NAT
modparam("dispatcher", "force_dst", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
exit;
};
if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || 
(method=="NOTIFY") ) {
sl_send_reply("405", "Method Not Allowed");
exit;
}
if (!method=="REGISTER") {
record_route();
};
if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { # IP 
of Asterisks
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
exit;
};
if (nat_uac_test("3")) {
if ((method=="REGISTER") || (method=="INVITE") || 
(method=="OPTIONS")) {
fix_nated_contact();
force_rport();
setflag(6); # Mark as NATed
}
}
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (method=="REGISTER") {
if (!proxy_authorize("domain", "openser_view")) {
proxy_challenge("domain", "0");
exit;
}
if (!check_to()) {
sl_send_reply("403", "Digest username and URI username do NOT match! 
Stay away!");
exit;
}
save("location");
exit;
};

if (method=="INVITE") {
if (!proxy_authorize("domain", "openser_view")) {
proxy_challenge("domain", "0");
exit;
}
if (!check_from()) {
sl_send_reply("403", "Digest username and URI username do NOT match! 
Stay away!");
exit;
}
}
# loose-route processing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
exit;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
exit;
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# ! Nathelper
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && 
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP addresses");
exit;
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { # IP 
of Asterisks
ds_select_dst("2", "0");
}
if (!t_relay()) {
sl_reply_error();
};
}
# ! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}

_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users


--
Klaus Darilion
nic.at



_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users