Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
Antonio Gómez Soto wrote: snip Ok, thank you. One final question: I see that it's possible to have multiple auth's in an endpoint. For incoming traffic to be authenticated, how does pjsip know which auth to consider? By looking at the From: address in the SIP header, and matching that up with the auth id? For example if the From: header is 1@10.172.0.2 mailto:1@10.172.0.2, will it find the AOR from the IP address, and the auth from the '1' ? Endpoints (remember, an endpoint is the configuration to use for traffic to/from a specific client) can be determined using a pluggable mechanism. Included are modules which determine the endpoint based on the From header, based on configured IP address matching rules, and finally one that just always uses a specific endpoint (used for anonymous). Once the endpoint is determined the auth to use is pulled from there. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
Antonio Gómez Soto wrote: Hello, Kia ora, I am slightly confused by the difference between chan_sip and pjsip. Especially the new (to me) objects aor and contact. I am having trouble mapping them to the typical SIP configuration settings on a phone. Have you looked on the wiki[1]? There's examples as well as a conversion script and information about the various things. Suppose I have a phone with two line buttons, for two extension numbers. Now, I think that means two 'endpoints' in pjsip right? But what exactly is the difference between aor and contact? So why does aor have a max_contacts value? And where do phone registrations fit in, where are those kept anyway? Cheers, [1] https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
On Sun, Jan 4, 2015 at 3:29 PM, Antonio Gómez Soto antonio.gomez.s...@gmail.com wrote: Hello, I am slightly confused by the difference between chan_sip and pjsip. Especially the new (to me) objects aor and contact. I am having trouble mapping them to the typical SIP configuration settings on a phone. There's some info on the wiki here... https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip Suppose I have a phone with two line buttons, for two extension numbers. Now, I think that means two 'endpoints' in pjsip right? Generally correct, if you set up 1 extension to 1 endpoint. But what exactly is the difference between aor and contact? AORs contain contacts. They can be permanent or dynamic. You'd define permanent contacts for trunks or devices where the peer ip address is knon using the 'contact' parameter. If you don't define any contacts, then dynamic is assumed and the aor/endpoint will accept inbound registrations. You'd use dynamic for most phones. So why does aor have a max_contacts value? If you're accepting registrations, max contacts defines how many peers will be allowed to register. For most scenarios it's 1 but you COULD have 2 devices register to the same endpoint. When a call is sent to that endpoint, the first available contact will be dialed. And where do phone registrations fit in, where are those kept anyway? See above. I hope someone can shed some light for me here. Thanks, Antonio -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
Thanks for responding, On Sun, Jan 4, 2015 at 5:45 PM, George Joseph george.jos...@fairview5.com wrote: On Sun, Jan 4, 2015 at 3:29 PM, Antonio Gómez Soto antonio.gomez.s...@gmail.com wrote: Hello, I am slightly confused by the difference between chan_sip and pjsip. Especially the new (to me) objects aor and contact. I am having trouble mapping them to the typical SIP configuration settings on a phone. There's some info on the wiki here... https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip Suppose I have a phone with two line buttons, for two extension numbers. Now, I think that means two 'endpoints' in pjsip right? Generally correct, if you set up 1 extension to 1 endpoint. But what exactly is the difference between aor and contact? AORs contain contacts. They can be permanent or dynamic. You'd define permanent contacts for trunks or devices where the peer ip address is knon using the 'contact' parameter. If you don't define any contacts, then dynamic is assumed and the aor/endpoint will accept inbound registrations. You'd use dynamic for most phones. So basically, the 'contact' in the AOR is just an ip address (or 'dynamic', in which case it accepts incoming registrations). So what happens if one endpoint has multiple AOR's which are registered from different ip addresses. And you Dial() that endpoint, will PJSIP send invites to all the ip addresses? Is there any practical use for such a setup? Also I notice, an AOR does seem do be directly correlated with an auth record, so why are they separate in the configuration, why not unify the aor and the auth objects? And, while I'm at it, in the realtime tables, the length of ps_endpoints.aors = 200, and the length of ps_endpoints.auths = 40. This suggests there are scenarios where there are aors, without corresponding auth. Can you mix dynamic and static AORs within one endpoint, and would there be a use case for that? Thanks, Antonio. So why does aor have a max_contacts value? If you're accepting registrations, max contacts defines how many peers will be allowed to register. For most scenarios it's 1 but you COULD have 2 devices register to the same endpoint. When a call is sent to that endpoint, the first available contact will be dialed. And where do phone registrations fit in, where are those kept anyway? See above. I hope someone can shed some light for me here. Thanks, Antonio -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
Antonio Gómez Soto wrote: So basically, the 'contact' in the AOR is just an ip address (or 'dynamic', in which case it accepts incoming registrations). A contact is a SIP term, it's a way of getting to something. (IP address+port) So what happens if one endpoint has multiple AOR's which are registered from different ip addresses. And you Dial() that endpoint, will PJSIP send invites to all the ip addresses? If you use the PJSIP_DIAL_CONTACTS dialplan function a dial string will be produced which calls everything. Is there any practical use for such a setup? It depends. If you don't need them to be individually addressable then it can be useful. Also I notice, an AOR does seem do be directly correlated with an auth record, so why are they separate in the configuration, why not unify the aor and the auth objects? They aren't at all. Auth = Authentication. Used to authenticate incoming calls/registrations/other stuff, or used to authenticate outgoing things. They are NOT the same. AOR is a name for reaching something. And, while I'm at it, in the realtime tables, the length of ps_endpoints.aors = 200, and the length of ps_endpoints.auths = 40. This suggests there are scenarios where there are aors, without corresponding auth. Can you mix dynamic and static AORs within one endpoint, and would there be a use case for that? You can mix however you want. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
Joshua, On Sun, Jan 4, 2015 at 6:39 PM, Joshua Colp jc...@digium.com wrote: [..snip..] Also I notice, an AOR does seem do be directly correlated with an auth record, so why are they separate in the configuration, why not unify the aor and the auth objects? They aren't at all. Auth = Authentication. Used to authenticate incoming calls/registrations/other stuff, or used to authenticate outgoing things. They are NOT the same. AOR is a name for reaching something. I did not mean they are the same, I meant that there seems to be a one-to-one relationship. So I am wondering, since the auth does seem useless without an aor, but an aor can exist without an auth, why was the auth object created in the first place, instead of extending the aor object with username/password/etc fields? I think auth's only use would be when all the aor's would register using the exact same credentials, and even then it would only save a small amount. But I bet you're now going to say, those small amounts are going to add up.. Antonio -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
Antonio Gómez Soto wrote: snip I did not mean they are the same, I meant that there seems to be a one-to-one relationship. So I am wondering, since the auth does seem useless without an aor, but an aor can exist without an auth, why was the auth object created in the first place, instead of extending the aor object with username/password/etc fields? Auth is useless on its own but is used by many things - in fact it's not even used directly by an AOR. It's configured on an endpoint to do authentication of inbound traffic from that endpoint. It's also used by outbound registration and outbound publish in response to challenges. While it would be possible to combine them you've now got duplicated stuff across different configuration items, both for configuration and also from an implementation perspective. As it is done right now *all* of the authentication is the same code for everything and there is no duplication. Fix a bug in it and you fix it for everything. I think auth's only use would be when all the aor's would register using the exact same credentials, and even then it would only save a small amount. I don't understand what you mean. But I bet you're now going to say, those small amounts are going to add up.. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Confused by concepts behind pjsip: endpoint, aor, contact
On Sun, Jan 4, 2015 at 8:48 PM, Joshua Colp jc...@digium.com wrote: Antonio Gómez Soto wrote: snip I did not mean they are the same, I meant that there seems to be a one-to-one relationship. So I am wondering, since the auth does seem useless without an aor, but an aor can exist without an auth, why was the auth object created in the first place, instead of extending the aor object with username/password/etc fields? Auth is useless on its own but is used by many things - in fact it's not even used directly by an AOR. It's configured on an endpoint to do authentication of inbound traffic from that endpoint. It's also used by outbound registration and outbound publish in response to challenges. Ok, thank you. One final question: I see that it's possible to have multiple auth's in an endpoint. For incoming traffic to be authenticated, how does pjsip know which auth to consider? By looking at the From: address in the SIP header, and matching that up with the auth id? For example if the From: header is 1@10.172.0.2, will it find the AOR from the IP address, and the auth from the '1' ? Antonio -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
