Re: [SR-Users] 30X redirect in interconnects - better alternative?
Hi Alex,
thanks for your help.
OK. I have added an additional header showing the originating IP in case
traffic comes not from one of the boxes listed in the dispatcher module. I grab
that header field in the boxes behind Kamailio and authenticate against it.
Works well. The only possible danger I see is that someone gets direct access
to the boxes and fakes the IP header.
Any other risks/downsides with this approach?
Gerry
request_route {
# per request initial checks
route(REQINIT);
# add source headers
remove_hf(“Tru-IP");
if (!ds_is_from_list(1,3)) {
# if route is from external then preserve the source IP so we can check
it later
append_hf(“Tru-IP: $si\r\n");
}
….
> On 7 Jul 2020, at 19:46, Alex Balashov wrote:
>
> It is my experience that origination providers do not follow redirects; it is
> seen as a policy rather than a technical problem.
>
> Custom header injected by Kamailio is a good way to go for conserving
> originating network info (e.g. IP and port).
>
> On 7/7/20 1:39 PM, Gerry | Rigatta.com wrote:
>> Hi,
>> I would like to use Kamailio for load balancing incoming carrier traffic. We
>> do currently IP authentication and call logic in Yate boxes. Ideally I would
>> like to distribute calls with 30X redirects with the Kamailio dispatcher so
>> that IP authentication and all logic can stay in the Yate boxes.
>> However I have doubts that 30X redirects are generally accepted in
>> interconnects. What is your experience with this?
>> What is the possible alternative to redirects if one wants to keep IP
>> authentication and call logic in the boxes behind the Kamailio SIP router?
>> E.g. how can one reliably check the carrier source IPs behind Kamailio?
>> Custom headers injected by Kamailio?
>> Of cause I can check source IPs with a database lookup in Kamailio but I try
>> to avoid that as this makes the setup much more complicated and error prone.
>> Thank you for your ideas.
>> Gerry
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] 30X redirect in interconnects - better alternative?
It is my experience that origination providers do not follow redirects; it is seen as a policy rather than a technical problem. Custom header injected by Kamailio is a good way to go for conserving originating network info (e.g. IP and port). On 7/7/20 1:39 PM, Gerry | Rigatta.com wrote: Hi, I would like to use Kamailio for load balancing incoming carrier traffic. We do currently IP authentication and call logic in Yate boxes. Ideally I would like to distribute calls with 30X redirects with the Kamailio dispatcher so that IP authentication and all logic can stay in the Yate boxes. However I have doubts that 30X redirects are generally accepted in interconnects. What is your experience with this? What is the possible alternative to redirects if one wants to keep IP authentication and call logic in the boxes behind the Kamailio SIP router? E.g. how can one reliably check the carrier source IPs behind Kamailio? Custom headers injected by Kamailio? Of cause I can check source IPs with a database lookup in Kamailio but I try to avoid that as this makes the setup much more complicated and error prone. Thank you for your ideas. Gerry ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] 30X redirect in interconnects - better alternative?
Hi, I would like to use Kamailio for load balancing incoming carrier traffic. We do currently IP authentication and call logic in Yate boxes. Ideally I would like to distribute calls with 30X redirects with the Kamailio dispatcher so that IP authentication and all logic can stay in the Yate boxes. However I have doubts that 30X redirects are generally accepted in interconnects. What is your experience with this? What is the possible alternative to redirects if one wants to keep IP authentication and call logic in the boxes behind the Kamailio SIP router? E.g. how can one reliably check the carrier source IPs behind Kamailio? Custom headers injected by Kamailio? Of cause I can check source IPs with a database lookup in Kamailio but I try to avoid that as this makes the setup much more complicated and error prone. Thank you for your ideas. Gerry ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
