From: "François Delawarde" <fdelawarde@wirelessmundi.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] SIP, NAT, and load balancing problems
Date: Wed, 13 Dec 2006 10:33:30 +0000 [thread overview]
Message-ID: <457FD6FA.7090709@wirelessmundi.com> (raw)
In-Reply-To: <457EC047.7090404@wirelessmundi.com>
Andrew McGill wrote:
> On Tuesday Dec 12, 2006 around 3:44pm, François Delawarde wrote,
>
>> Hello all,
>>
>> I have a linux machine with a SIP server (Asterisk) and 2 WAN
>> interfaces (NATed) configured to do load balancing. I experienced
>> problems with the SIP/RTP protocols and load balancing, because when
>> initiating a call to an external SIP Host, a new RTP flow starts from
>> the server to the Host, that sometimes uses another default route
>> (due to the nexthop configuration). As i have two different public
>> IPs, the external host gets confused while receiving flows from
>> different IPs, and doesn't work (or sometimes we only have one-way
>> communication).
>
> There is a similar problem with openvpn which the --multihome patch in
> 2.1_rc* solves (SOL_IP / IP_PKTINFO option on the socket). Unless the
> application (asterisk in your case) chooses to bind a UDP socket to a
> particular IP address, the routing subsystem will assign the IP
> address. Since UDP is connectionless, there is no reason to use the
> same IP address as the incoming 'connection'. (ip_conntrack doesn't
> count.)
I cannot bind Asterisk to a particular IP address, as I need to use it
for both LAN and WAN, but if the routing subsystem assigns the IP, does
it take into account netfilter MARK and special rules, or do you know a
way to "force" this routing subsystem into assigning an IP address?
I'm trying to understand when and how this IP address is chosen, and see
if I can act at that level (doing NAT and ROUTE things doesn't seem to
work a lot, and it's probably too "late" to work the problem.
>
> *You* may be able to solve the problem with some creative use of the
> CONNMARK target (I didn't succeed). The best solution, in the absence
> of a kernel hack to treat UDP as a connection-oriented protocol, is to
> fix asterisk (IMHO, IANAKH).
>
> &:-)
I was thinking of trying that along with the netfilter SIP helper, but I
don't even understand how helpers work yet. If you have an idea of how i
could use those things, it would also be worth trying.
Thank you very much,
François.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2006-12-13 10:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-12 14:44 [LARTC] SIP, NAT, and load balancing problems François Delawarde
2006-12-12 19:54 ` Andrew McGill
2006-12-13 6:40 ` Grant Taylor
2006-12-13 10:12 ` François Delawarde
2006-12-13 10:33 ` François Delawarde [this message]
2006-12-13 15:30 ` Taylor, Grant
2006-12-13 20:48 ` Grant Taylor
2006-12-13 21:57 ` Grant Taylor
2006-12-13 22:44 ` Grant Taylor
2006-12-13 22:57 ` Patrick McHardy
2006-12-14 11:44 ` François Delawarde
2006-12-14 11:59 ` François Delawarde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=457FD6FA.7090709@wirelessmundi.com \
--to=fdelawarde@wirelessmundi.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.