[prev in list] [next in list] [prev in thread] [next in thread]
List: openser-users
Subject: Re: [SR-Users] Source socket/port for in-dialog requests
From: Donat Zenichev <donat.zenichev () gmail ! com>
Date: 2017-11-29 14:56:40
Message-ID: CANLwQCkyL10-Zxd0ZwUTZfMPC_mJE1yvMadWJ8Z-ij2Qd4XrLQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Answer was found.
The problem was in double rewriting of the remote uri.
First, in natdetect route - add_contact_alias() was used:
-Adds ;alias=ip:port parameter to contact URI containing received ip:port
if contact uri ip:port does not match received ip:port.
Second, fix_nated_contact was used for all invite requests (no matter they
are loose routed or not):
-Rewrites Contact HF to contain request's source address:port.
So that made us a problem, when BYE requests contained RURI different from
contact headers of incoming INVITEs from uplink.
Well, conclusion is - be careful not to make such obvious mistakes.
2017-11-19 0:38 GMT+02:00 Donat Zenichev <donat.zenichev@gmail.com>:
> Hi community.
> My apologies for so frequent appealing to you.
>
> I'm trying to solve problem with ending of sessions.
> The problem consists of no 200 OK coming from uplink on our BYE requests.
>
> Topology.
> First leg:
> Webrtc client <-wss-> kamailio <-sip tcp-> asterisk routing server
>
> Second leg:
> Uplink <-sip tcp-> kamailio <-sip tcp-> asterisk routing server
>
> The problem appears only in case when dialog was ended by webrtc client.
> The first leg (dialog) of the call ends nice, without any hints on problem.
> But the second leg (with uplink) has problem with no 200 OK (coming from
> uplink) on BYE request coming from asterisk.
>
> Handshake between asterisk server and uplink establishes properly.
> It looks like:
>
> uplink.domain.com:5060 -> INVITE tcp -> our.kamailio.server:5060 ->
> INVITE tcp -> our.asterisk.server:5060
> .
> uplink.domain.com:5060 <- 100 trying tcp <- our.kamailio.server:5060
> .
> uplink.domain.com:5060 <- 180 ringing tcp <- our.kamailio.server:5060 <-
> 180 ringing tcp <- our.asterisk.server:5060
> .
> uplink.domain.com:5060 <- 200 OK tcp <- our.kamailio.server:5060 <- 200
> OK tcp <- our.asterisk.server:5060
> .
> uplink.domain.com:5060 -> ACK tcp -> our.kamailio.server:5060 -> ACK tcp
> -> our.asterisk.server:5060
> .
> uplink.domain.com <-media stream-> rtpengine <-media stream->
> our.asterisk.server
> .
> Here kamailio starts to use random source port for relaying in-dialog BYE
> uplink.domain.com:5060 <- BYE tcp <- our.kamailio.server:45355 <- BYE tcp
> <- our.asterisk.server:5060
> .
> And here the leg with uplink is expected to end with 200 OK (coming from
> uplink proxy).
> But uplink doesn't answer at all.
>
> We requested a tcpdump from uplink to see how packets are forwared from
> their side. And I saw that that 200 OK tries to be sent within first tcp
> session - to 5060 port of kamailio server.
> But sngrep on our side shows nothing, nothing appears in kamailio log, so
> 200 OK can't reach the 5060 socket because of some transport problem I
> think.
> Top via hf of our BYE request, contains kamailio record =
> uplink.domain.com:5060
>
> My main thought on this count is to suppress using of random source ports
> for in-dialog requests, this behaviour looks irrelevant.
>
> We have turned on mhomed parameter (mhomed=1). And cookbook says:
> "Set the server to try to locate outbound interface on multihomed host.
> This parameter affects the selection of the outgoing socket for forwarding
> requests."
>
> But, there is a big but - we can not turn of this parameter for this
> moment, because routing script made with using of this one.
>
> Kamilio works on AWS EC2 platform. It has following IP address schema:
> private address atouched to container -> public address assinged to this
> private address (so this is standard ip address schema for AWS containers).
> For this example private address will be: 10.0.0.1
> and public address will be: 100.0.0.1
>
> Configuration - main parameters (all values are changed for an example):
> advertised_address=our.kamailio.server
> advertised_port=5060
>
> alias=our.kamailio.server
> alias=our.kamailio.server:5060
>
> alias=100.0.0.1
> alias=100.0.0.1:5060
>
> alias=10.0.0.1
> alias=10.0.0.1:5060
>
> auto_aliases=no
>
> port=5060
>
> listen=100.0.0.1
> listen=10.0.0.1
>
> listen=tcp:100.0.0.1:5060
> listen=tcp:10.0.0.1:5060
>
> mhomed=1
>
> fork=yes
> fork_delay=5000
> children=6
>
> tcp_connection_lifetime=3604
> tcp_accept_no_cl=yes
> tcp_connect_timeout=5
> tcp_send_timeout=5
> tcp_rd_buf_size=16384
> tcp_keepalive=yes
> tcp_crlf_ping=yes
> tcp_keepcnt=3
> tcp_keepidle=30
> tcp_keepintvl=15
> tcp_max_connections=4096
>
> One of the solutions to this problem was to add following inside the
> relaying route block:
>
> $fs = "tcp:" + "10.0.0.1" + ":5060";
>
> if (!t_relay()) {
> sl_reply_error();
> }
>
>
> But it seems to me it's not a smart solution.
>
>
> --
> --
> BR, Donat Zenichev
> Wnet VoIP team
> Tel Ukraine: +380(44) 5-900-800
> Tel USA: +164(67) 8-174-17
> https://w-net.us/ <http://wnet.ua>
>
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> \
> Virus-free. www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#m_-7967873163798294733_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
--
--
BR, Donat Zenichev
Wnet VoIP team
Tel Ukraine: +380(44) 5-900-800
Tel USA: +164(67) 8-174-17
https://w-net.us/ <http://wnet.ua>
[Attachment #5 (text/html)]
<div dir="ltr">Answer was found.<div><br></div><div>The problem was in double \
rewriting of the remote uri.</div><div><br></div><div>First, in natdetect route - \
add_contact_alias() was used:<br>-Adds ;alias=ip:port parameter to contact URI \
containing received ip:port if contact uri ip:port does not match received \
ip:port.<br></div><div><br></div><div>Second, fix_nated_contact was used for all \
invite requests (no matter they are loose routed or not):</div><div>-Rewrites Contact \
HF to contain request's source address:port.<br></div><div><br></div><div>So that \
made us a problem, when BYE requests contained RURI different from contact headers of \
incoming INVITEs from uplink.</div><div><br></div><div>Well, conclusion is - be \
careful not to make such obvious \
mistakes.</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">2017-11-19 0:38 GMT+02:00 Donat \
Zenichev <span dir="ltr"><<a href="mailto:donat.zenichev@gmail.com" \
target="_blank">donat.zenichev@gmail.com</a>></span>:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi community.<div>My apologies for so frequent \
appealing to you.</div><div><br></div><div>I'm trying to solve problem with \
ending of sessions.</div><div>The problem consists of no 200 OK coming from uplink on \
our BYE requests.</div><div><br></div><div>Topology.</div><div>First \
leg:</div><div>Webrtc client <-wss-> kamailio <-sip tcp-> asterisk \
routing server</div><div><br></div><div>Second leg:</div><div>Uplink <-sip \
tcp-> kamailio <-sip tcp-> asterisk routing \
server</div><div><br></div><div>The problem appears only in case when dialog was \
ended by webrtc client.</div><div>The first leg (dialog) of the call ends nice, \
without any hints on problem.</div><div>But the second leg (with uplink) has problem \
with no 200 OK (coming from uplink) on BYE request coming from \
asterisk.</div><div><br></div><div>Handshake between asterisk server and uplink \
establishes properly.</div><div>It looks like:</div><div><br></div><div><a \
href="http://uplink.domain.com:5060" target="_blank">uplink.domain.com:5060</a> -> \
INVITE tcp -> our.kamailio.server:5060 -> INVITE tcp -> \
our.asterisk.server:5060</div><div>.</div><div><a \
href="http://uplink.domain.com:5060" target="_blank">uplink.domain.com:5060</a> <- \
100 trying tcp <- our.kamailio.server:5060<br></div><div>.</div><div><a \
href="http://uplink.domain.com:5060" target="_blank">uplink.domain.com:5060</a> <- \
180 ringing tcp <- our.kamailio.server:5060 <- 180 ringing tcp <- \
our.asterisk.server:5060</div><div>.</div><div><a \
href="http://uplink.domain.com:5060" target="_blank">uplink.domain.com:5060</a> <- \
200 OK tcp <- our.kamailio.server:5060 <- 200 OK tcp <- \
our.asterisk.server:5060<br></div><div>.</div><div><a \
href="http://uplink.domain.com:5060" target="_blank">uplink.domain.com:5060</a> -> \
ACK tcp -> our.kamailio.server:5060 -> ACK tcp -> \
our.asterisk.server:5060<br></div><div>.</div><div><a href="http://uplink.domain.com" \
target="_blank">uplink.domain.com</a> <-media stream-> rtpengine <-media \
stream-> our.asterisk.server<br></div><div>.</div><div>Here kamailio starts to use \
random source port for relaying in-dialog BYE</div><div><a \
href="http://uplink.domain.com:5060" target="_blank">uplink.domain.com:5060</a> <- \
BYE tcp <- our.kamailio.server:45355 <- BYE tcp <- \
our.asterisk.server:5060<br></div><div>.</div><div>And here the leg with uplink is \
expected to end with 200 OK (coming from uplink proxy).</div><div>But uplink \
doesn't answer at all.</div><div><br></div><div>We requested a tcpdump from \
uplink to see how packets are forwared from their side. And I saw that that 200 OK \
tries to be sent within first tcp session - to 5060 port of kamailio \
server.</div><div>But sngrep on our side shows nothing, nothing appears in kamailio \
log, so 200 OK can't reach the 5060 socket because of some transport problem I \
think.</div><div>Top via hf of our BYE request, contains kamailio record = <a \
href="http://uplink.domain.com:5060" \
target="_blank">uplink.domain.com:5060</a></div><div><br></div><div>My main thought \
on this count is to suppress using of random source ports for in-dialog requests, \
this behaviour looks irrelevant.</div><div><br></div><div>We have turned on mhomed \
parameter (mhomed=1). And cookbook says:</div><div>"<span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">Set the server to \
try to locate outbound interface on multihomed host. This parameter affects the \
selection of the outgoing socket for forwarding \
requests."</span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">But, there is a big \
but - we can not turn of this parameter for this moment, because routing script made \
with using of this one.</span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">Kamilio works on AWS \
EC2 platform. It has following IP address schema:</span></div><div><font \
color="#000000" face="sans-serif"><span style="font-size:12.7px">private address \
atouched to container -> public address assinged to this private address (so this \
is standard ip address schema for AWS containers).</span></font></div><div><font \
color="#000000" face="sans-serif"><span style="font-size:12.7px">For this example \
private address will be: 10.0.0.1<br>and public address will be: \
100.0.0.1</span></font></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">Configuration - main \
parameters (all values are changed for an example):</span></div><div><div><font \
color="#000000" face="sans-serif"><span \
style="font-size:12.7px">advertised_address=our.<wbr>kamailio.server</span></font></div><div><font \
color="#000000" face="sans-serif"><span \
style="font-size:12.7px">advertised_port=5060</span></font></div><div><font \
color="#000000" face="sans-serif"><span \
style="font-size:12.7px"><br></span></font></div><div><font color="#000000" \
face="sans-serif"><span style="font-size:12.7px">alias=</span></font><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">our.kamailio.server</span></div><div><font \
color="#000000" face="sans-serif"><span \
style="font-size:12.7px">alias=</span></font><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">our.kamailio.server:5060</span><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">alias=100.0.0.1</span></div><div \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
style="font-size:12.7px">alias=<a href="http://100.0.0.1:5060" \
target="_blank">100.0.0.1:5060</a></span><br></div></div><div \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
style="font-size:12.7px"><br></span></div><div \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
style="font-size:12.7px">alias=10.0.0.1</span><span \
style="font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">alias=<a \
href="http://10.0.0.1:5060" target="_blank">10.0.0.1:5060</a></span><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">auto_aliases=no</span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><div><span \
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">port=5060</span></div \
><div><br></div><div>listen=100.0.0.1</div><div>listen=10.0.0.1</div><div><br></div><div><font \
> color="#000000" face="sans-serif"><span \
> style="font-size:12.7px">listen=tcp:</span></font><span \
> style="font-size:12.7px;color:rgb(0,0,0);font-family:sans-serif"><a \
> href="http://100.0.0.1:5060" \
> target="_blank">100.0.0.1:5060</a></span></div><div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px">listen=<font \
> color="#000000" face="sans-serif" style="font-size:small"><span \
> style="font-size:12.7px">tcp:</span></font><span style="font-size:12.7px"><a \
> href="http://10.0.0.1:5060" \
> target="_blank">10.0.0.1:5060</a></span></div></div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
> style="font-size:12.7px"><br></span></div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
> style="font-size:12.7px">mhomed=1</span></div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
> style="font-size:12.7px"><br></span></div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
> style="font-size:12.7px">fork=yes</span></div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
> style="font-size:12.7px">fork_delay=5000</span></div><div \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><span \
> style="font-size:12.7px">children=6</span></div><div><span \
> style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.7px"><br></span></div><d \
> iv><div>tcp_connection_lifetime=3604</div><div>tcp_accept_no_cl=yes</div><div>tcp_co \
> nnect_timeout=5</div><div>tcp_send_timeout=5</div><div>tcp_rd_buf_size=16384</div><d \
> iv>tcp_keepalive=yes</div><div>tcp_crlf_ping=yes</div><div>tcp_keepcnt=3</div><div>t \
> cp_keepidle=30</div><div>tcp_keepintvl=15</div><div>tcp_max_connections=4096</div></div><div><br></div><div>One \
> of the solutions to this problem was to add following inside the relaying route \
> block:</div><div><pre style="font-family:courier,"courier \
> new",monospace;font-size:14px;white-space:pre-wrap;word-wrap:break-word;margin:0em;color:rgb(0,0,0)">$fs \
> = "tcp:" + "10.0.0.1" + ":5060";</pre><pre \
> style="word-wrap:break-word;margin:0em"><font color="#000000" face="courier, \
> courier new, monospace"><span style="font-size:14px;white-space:pre-wrap">if \
> (!t_relay()) {
sl_reply_error();
}</span></font><span style="color:rgb(0,0,0);font-family:courier,"courier \
new",monospace;font-size:14px;white-space:pre-wrap"> \
</span></pre></div><div><br></div><div>But it seems to me it's not a smart \
solution.</div><span class="HOEnZb"><font \
color="#888888"><div><br></div><div><div><br></div>-- <br><div \
class="m_-7967873163798294733gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><font style="background-color:rgb(255,255,255)" color="#0b5394">-- <br>BR, \
Donat Zenichev <br>Wnet VoIP team<br>Tel Ukraine: +380(44) 5-900-800
<br>Tel USA: +164(67) 8-174-17<br><a href="http://wnet.ua" \
target="_blank">https://w-net.us/</a></font></div></div></div></div> \
</div></font></span></div><span class="HOEnZb"><font color="#888888"><div \
id="m_-7967873163798294733DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table \
style="border-top:1px solid #d3d4de"> <tbody><tr>
<td style="width:55px;padding-top:13px"><a \
href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" \
target="_blank"><img \
src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" \
alt="" width="46" height="29" style="width:46px;height:29px"></a></td> <td \
style="width:470px;padding-top:12px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free. \
<a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" \
style="color:#4453ea" target="_blank">www.avg.com</a> </td>
</tr>
</tbody></table><a href="#m_-7967873163798294733_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" \
width="1" height="1"></a></div> </font></span></blockquote></div><br><br \
clear="all"><div><br></div>-- <br><div class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font \
style="background-color:rgb(255,255,255)" color="#0b5394">-- <br>BR, Donat Zenichev \
<br>Wnet VoIP team<br>Tel Ukraine: +380(44) 5-900-800 <br>Tel USA: +164(67) \
8-174-17<br><a href="http://wnet.ua" \
target="_blank">https://w-net.us/</a></font></div></div></div></div> </div>
[Attachment #6 (text/plain)]
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic