Download as PDF, PPTX
![!
dispatcher module
• list of balancing nodes from file or database
• monitoring of nodes (activate/inactivate
automatically)
• re-route in case of failure
• various algorithms: hashing, weight distribution, round
robin, call load distribution, priority routing
• reload list of nodes without restart
20
LOAD BALANCER
# Dispatch requests
route[DISPATCH] {
# round robin dispatching on gateways group '1'
if(!ds_select_dst("1", “4")) {
send_reply("404", "No destination");
exit;
}
xdbg("--- SCRIPT: going to <$ru> via <$du>n");
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
# Re-route in case of failure
failure_route[RTF_DISPATCH] {
if (t_is_canceled()) {
exit;
}
# next node - only for 500 or local timeout
if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) {
if(ds_next_dst()) {
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
}
}](https://image.slidesharecdn.com/kamailio-astricon2014-141024232749-conversion-gate02/75/Kamailio-SIP-Servers-Everywhere-20-2048.jpg)
![!
LEAST COST OR DID ROUTING
plenty of options
• lcr module
• carrierroute module
• prefix_route module
• drouting module
• combinations: mtree + dispatcher
21
route[LCR] {
if (!load_gws("1")) {
send_reply("503", "Error loading gateways");
exit;
}
if (!next_gw()) {
send_reply("503", "No available gateways");
exit;
}
t_on_failure(“RTF_LCR");
route(RELAY);
exit;
}
# Re-route in case of failure
failure_route[RTF_LCR] {
if (t_is_canceled()) {
exit;
}
# next node - only for 500 or local timeout
if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) {
if(next_gw()) {
t_on_failure("RTF_LCR");
route(RELAY);
exit;
}
}
}
pstn
provider
pstn
provider
pstn
provider
lcr DID
routing](https://image.slidesharecdn.com/kamailio-astricon2014-141024232749-conversion-gate02/75/Kamailio-SIP-Servers-Everywhere-21-2048.jpg)
![!
block DOS or dictionary attacks
part of default kamailio.cfg
• htable module
• pike module
• detect high volume of traffic from same source and
block it for a specific interval of itme
22
SIP FIREWALL
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", “ipban=>size=8;autoexpire=300;")
…
route[SAFEGUARD] {
# flood detection from same IP and traffic ban for a specific interval
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)n");
exit;
}
if (!pike_check_req()) {
xlog("ALERT: pike blocking $rm from $fu (IP:$si:$sp)n");
$sht(ipban=>$si) = 1;
exit;
}
}
if($ua =~ "friendly-scanner") {
sl_send_reply("200", "OK");
exit;
}
}](https://image.slidesharecdn.com/kamailio-astricon2014-141024232749-conversion-gate02/75/Kamailio-SIP-Servers-Everywhere-22-2048.jpg)
![core and tm module
• set transport in R-URI or outbound proxy address
• force transport via dedicated function
!
23
TRANSPORT LAYER GATEWAY
# Force UDP
route[TOUDP] {
# round robin dispatching on gateways group '1'
record_route();
$du = “sip:nexthop.com:5060;transport=udp”;
force_send_socket(“udp:10.1.1.10:5080”);
route(RELAY);
exit;
}
tls
web socket
udp
udp udp
IPv6
bridging networks
• public to private networks and back
• IPv4 to IPv6 and back
• any transport layer to another one and back](https://image.slidesharecdn.com/kamailio-astricon2014-141024232749-conversion-gate02/75/Kamailio-SIP-Servers-Everywhere-23-2048.jpg)
More Related Content
Similar to Kamailio - SIP Servers Everywhere
![1 VoIP Overview[1]](https://cdn.slidesharecdn.com/ss_thumbnails/1voipoverview1-12499217322207-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
Kamailio - SIP Servers Everywhere
- 1. kam ailio sipservers everywhere Daniel-Constantin Mierla @miconda www.asipto.com www.kamailio.org AstriCon 2014 - Las Vegas, USA
- 2. WHOIS KAMAILIO 2 Let's Speak SIP = E Kama'ilio SIP Sep 2001 2002 Jun 2005 Jul 2008 Aug 2008 Nov 2008 Sep 2011 SIP Express Router (SER) OpenSER Kamailio Other Forks... Oct 2009 Jan 2010 Same application: Kamailio - SER v3.0.0 Integration Completed v1.5.0 First Line Of Code Open Source ! GPL FhG Fokus Institute rename Awarded Best Open Source Networking Software 2009 By InfoWorld Oct 2014 ………. v4.2.0 10 Years Jun 2012 ITSPA UK Award v3.3.0 Mar 2013 v4.0.0 Dec 2013 Kamailio v4.1.0
- 3. credits to @voicegal- theivrvoice.com 3
- 4. ! SIP signallingrouting • fast • reliable • flexible 4 GROUND ZERO In other words • not initiating calls • not answering calls • no audio-video processing
- 5. DON’T PANIC ! 5 Real Time Communications multimedia notifications telephony video conferences file transfer desktop sharing gaming instant messaging presence alerts monitoring mobility
- 6. INTER-NET-WORKING ! 6 Real Time Communications multimedia notifications telephony video conferences file transfer desktop sharing gaming instant messaging presence alerts monitoring mobility Internet of Humans Internet of (Every)Things
- 7. THE INVISIBLE SIGNALLING ! 7 Real Time Communications you get on the net telephony video conferences file transfer desktop sharing gaming • Registrations • Authentication challenges • NAT keepalives • Servers monitoring • Gateway hunting • Re-routing • Session updates
- 8. ! 8 THEIMPACT OF SIGNALLING typical day for a person morning at home work not at home evening at home going out with friends is work duty
- 9. ! 9 THEIMPACT OF SIGNALLING typical home phone activity morning 3-5 calls work 0-2 calls evening 3-5 calls no football game last evening
- 10. 10 SIP CALLSIGNALLING INVITE 100 180 183 INVITE INVITE ACK BYE 200 OK 200 OK 200 OK 200 OK INVITE 407
- 11. 11 SIP REGISTRATIONSIGNALLING REGISTER REGISTER OPTIONS 401 200 OK 200 OK OPTIONS 200 OK REGISTER NAT keepalive ! every 20 sec every 3600 sec
- 12. THE IMPACT OFSIGNALLING ! 12 a day on the wire user actions device actions 12 msg x 10 (calls) 4 msg x 24 (regs) 6 msg x 60 x 24 (ka) 120 8736 8856
- 13. 13 SIP SIGNALLING taking over facebook subscriber base msgs/day 1 000 x 9 000 = 9 000 000 … 1 000 000 x 9 000 = 9 000 000 000
- 14. 14 SIP SIGNALLING taking over facebook subscriber base estimated bandwidth / day 1000 phones: 9 000 000 x 1kB = ~ 9GB … 1000000 phones: 9 000 000 000 x 1kB = ~9TB
- 15.
- 16. 16 SIP SIGNALLING your friendly scanners extra traffic 100 requests/seconds => 200 messages/second 200 x 60 x 60 x 24 = 17 280 000 msgs/day 17GB/day
- 17. 17 SIGNALLING REMARKS can be a significant source of processing (both network and application layer) ! can be a lot even with small subscriber base (your online friends don’t let you rest) ! numbers estimated for very basic usage model (imagine instant messaging, presence, mwi, blf, …)
- 18.
- 19. TWO BASIC ARCHITECTURES ! 19 main signalling server edge signalling server
- 20. ! dispatcher module • list of balancing nodes from file or database • monitoring of nodes (activate/inactivate automatically) • re-route in case of failure • various algorithms: hashing, weight distribution, round robin, call load distribution, priority routing • reload list of nodes without restart 20 LOAD BALANCER # Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1", “4")) { send_reply("404", "No destination"); exit; } xdbg("--- SCRIPT: going to <$ru> via <$du>n"); t_on_failure("RTF_DISPATCH"); route(RELAY); exit; } # Re-route in case of failure failure_route[RTF_DISPATCH] { if (t_is_canceled()) { exit; } # next node - only for 500 or local timeout if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) { if(ds_next_dst()) { t_on_failure("RTF_DISPATCH"); route(RELAY); exit; } } }
- 21. ! LEAST COSTOR DID ROUTING plenty of options • lcr module • carrierroute module • prefix_route module • drouting module • combinations: mtree + dispatcher 21 route[LCR] { if (!load_gws("1")) { send_reply("503", "Error loading gateways"); exit; } if (!next_gw()) { send_reply("503", "No available gateways"); exit; } t_on_failure(“RTF_LCR"); route(RELAY); exit; } # Re-route in case of failure failure_route[RTF_LCR] { if (t_is_canceled()) { exit; } # next node - only for 500 or local timeout if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) { if(next_gw()) { t_on_failure("RTF_LCR"); route(RELAY); exit; } } } pstn provider pstn provider pstn provider lcr DID routing
- 22. ! block DOSor dictionary attacks part of default kamailio.cfg • htable module • pike module • detect high volume of traffic from same source and block it for a specific interval of itme 22 SIP FIREWALL # ip ban htable with autoexpire after 5 minutes modparam("htable", "htable", “ipban=>size=8;autoexpire=300;") … route[SAFEGUARD] { # flood detection from same IP and traffic ban for a specific interval # be sure you exclude checking trusted peers, such as pstn gateways # - local host excluded (e.g., loop to self) if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { # ip is already blocked xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)n"); exit; } if (!pike_check_req()) { xlog("ALERT: pike blocking $rm from $fu (IP:$si:$sp)n"); $sht(ipban=>$si) = 1; exit; } } if($ua =~ "friendly-scanner") { sl_send_reply("200", "OK"); exit; } }
- 23. core and tmmodule • set transport in R-URI or outbound proxy address • force transport via dedicated function ! 23 TRANSPORT LAYER GATEWAY # Force UDP route[TOUDP] { # round robin dispatching on gateways group '1' record_route(); $du = “sip:nexthop.com:5060;transport=udp”; force_send_socket(“udp:10.1.1.10:5080”); route(RELAY); exit; } tls web socket udp udp udp IPv6 bridging networks • public to private networks and back • IPv4 to IPv6 and back • any transport layer to another one and back
- 24. ! edge proxy • authentication • nat traversal • parallel forking • serial forking • call forwarding • call blocking • white/black listing • DNS handling 24 OFFLOAD SIGNALLING PROCESSING
- 25. 25 DESIGNED FORSCALABILITY forking replication
- 26. TICTACTOE TURNRIGHT PUBLISH ! plenty at signalling layer • instant messaging • presence • gaming • notifications 26 EXTRA FEATURES additional functions • embedded XCAP server • embedded MSRP relay • IMS extensibility • define your new request types • flexibility in handling unknown requests, headers, etc. INVITE NOTIFY MESSAGE
- 27.
- 28. SUITABLE FOR 28 lot of subscribers ! lot of traffic (good or bad) ! innovation ! personal usage
- 29. 29 FEATURES IPv4 IPv6 (since 2002!) UDP/TCP/TLS/SCTP SCTP multi-homing multi-streaming, statistics UDP Raw Sockets DNS NAPTR & SRV Plug-in Module Interface (about 200) ! Scripting Config Language ! Embedded Interpreters Lua, Perl Mono (C# and the rest) Python, Java Load Balancing Least Cost Routing DID - Prefix Routing Aliases Ring Groups Speed Dial ENUM Routing Presence Services Instant Messaging Embedded XCAP Sever Embedded HTTP Client & Server Embedded MSRP Relay Asynchronous Processing TCP - TLS SIP Request Processing Config Route Block Execution Suspend-Resume Transactions NoSQL Backends Memcached Redis Cassandra MongoDB SQL Backends MySQL PostgreSQL SQLite UNIXODBC ORACLE Text Files WebSocket (WebRTC) ! IMS OMA Control API ! XMLRPC JSONRPC Event API Focus ! Stability High Performances Strong Security Innovation
- 30. 30 2014 HIGHLIGHTS db_mongodb evapi ndb_mongodb nosip core tm dispatcher uac rtpengine dialog enhancements tsilo kazoo jsonrpc-s debugger (per module debug) (log pv assignment) usrloc - dmq - ims uuid V4.2.0 released on Oct 16, 2014 http://www.kamailio.org/wiki/features/new-in-4.2.x
- 31.
- 32. OUT OF THEBOX • sip:provider CE • Elastix 3.0 • Kazoo • Plivo 32 open source options
- 33.
- 34. Thank You! ! Questions? Daniel-Constantin Mierla @miconda www.asipto.com www.kamailio.org 34