Re: [OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface
So just firewall the port as we do with RTPProxy and rtp_sock. Got it :). Thanks Vlad. N. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface
Sorry, please ignore. Replied to the wrong post. On Wed, Aug 7, 2013 at 9:54 AM, mayamatakeshi mayamatake...@gmail.comwrote: Hello Vlad, I tested and confirmed it is OK now. Thanks. Regards, Takeshi On Wed, Aug 7, 2013 at 4:52 AM, Vlad Paiu vladp...@opensips.org wrote: Hello, What are you thinking about more exactly here in terms of security ? The OpenSIPS worker processes that listen for BIN replicated packages do not perform any IP authentication by themselves, so if you leave those UDP ports open from the outside, you are leaving yourself exposed to outside attackers coming in and either deleting some of the existing dialogs ( by sending you some binary packages that destroy an ongoing dialog ) or filling up your shared memory ( by sending you 'new dialog' binary packages ). Currently, it's left to the OpenSIPS administrator to properly configure the firewall so that the binary interface listeners ( the ones specified by bin_listen=127.0.0.1: ) are only open for the other OpenSIPS instance IPs. Best Regards, Vlad Paiu OpenSIPS Developer http://www.opensips-solutions.**com http://www.opensips-solutions.com On 08/01/2013 07:58 PM, Nick Khamis wrote: What needs to be considered in terms of security? Nick. On 7/31/13, Bogdan-Andrei Iancu bog...@opensips.org wrote: Hi Ryan, This has nothing to do with dialog pining or accounting - the new interface allows OpenSIPS to replicate the dialog state to another OpenSIPS instance. If I misunderstood you, please rephrase :) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.**com http://www.opensips-solutions.com On 07/29/2013 08:20 PM, Ryan Bullock wrote: This is pretty exciting! What are the plans for how this will work with features such as dialog pinging and accounting? Regards, Ryan On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu bog...@opensips.org mailto:bog...@opensips.org wrote: In long term we plan to use the BIN interface to replicate even more internal data between multiple OpenSIPS instances, like doing registration replication (instead of doing it from script via SIP). Theoretically it may be used for replicating even transaction state between 2 OpenSIPS instances - imagine having a call ringing on instance A and being accepted on instance B (after a failover) - 0% losses ! Aside realtime data replication, the BIN interface is to be used also for exchanging any other type of information between OpenSIPS instances, like federating multiple instances. The main advantages of the BIN interface over the MI interface : - BIN is binary encoded so much faster (as performance) - BIN interface has both sender and receiver in OpenSIPS (MI has only the receiver) - MI is for external usage, while BIN is internal (opensips2opensips) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.**comhttp://www.opensips-solutions.com On 07/29/2013 06:22 PM, Liviu Chircu wrote: Hello all, OpenSIPS just got better with a /new core interface/ and a /new failover mechanism/! The purpose of the new *Binary Internal Interface *is to offer a fast and efficient communication channel between OpenSIPS instances. OpenSIPS modules can now use this core interface to send/receive packets with specific information. A common usage case for this feature would be data replication between a primary instance and a backup one. This is especially useful in scenarios with OpenSIPS instances which handle large amounts of concurrent calls, so that failover through a database backend is not feasible anymore due to the significant time required in order to load the needed tables. As an example of using the interface, the dialog module now offers the possibility of *replicating dialogs* to another instance. The script writer may now configure a set of proxies which will receive dialog-related events: /creation/, /confirmation/ and /deletion/, all in /realtime/. These messages are compact and they are sent over UDP. The dialog module now also exports several new statistics which show the total sent/received replication packets. Configuring UDP listeners for the new interface is trivial and explained in the OpenSIPS manuals [1]. [1]: http://www.opensips.org/**Documentation/Interface-Binaryhttp://www.opensips.org/Documentation/Interface-Binary Best regards, -- Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.**comhttp://www.opensips-solutions.com __**_ Users mailing list Users@lists.opensips.org
Re: [OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface
Hello, What are you thinking about more exactly here in terms of security ? The OpenSIPS worker processes that listen for BIN replicated packages do not perform any IP authentication by themselves, so if you leave those UDP ports open from the outside, you are leaving yourself exposed to outside attackers coming in and either deleting some of the existing dialogs ( by sending you some binary packages that destroy an ongoing dialog ) or filling up your shared memory ( by sending you 'new dialog' binary packages ). Currently, it's left to the OpenSIPS administrator to properly configure the firewall so that the binary interface listeners ( the ones specified by bin_listen=127.0.0.1: ) are only open for the other OpenSIPS instance IPs. Best Regards, Vlad Paiu OpenSIPS Developer http://www.opensips-solutions.com On 08/01/2013 07:58 PM, Nick Khamis wrote: What needs to be considered in terms of security? Nick. On 7/31/13, Bogdan-Andrei Iancu bog...@opensips.org wrote: Hi Ryan, This has nothing to do with dialog pining or accounting - the new interface allows OpenSIPS to replicate the dialog state to another OpenSIPS instance. If I misunderstood you, please rephrase :) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 07/29/2013 08:20 PM, Ryan Bullock wrote: This is pretty exciting! What are the plans for how this will work with features such as dialog pinging and accounting? Regards, Ryan On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu bog...@opensips.org mailto:bog...@opensips.org wrote: In long term we plan to use the BIN interface to replicate even more internal data between multiple OpenSIPS instances, like doing registration replication (instead of doing it from script via SIP). Theoretically it may be used for replicating even transaction state between 2 OpenSIPS instances - imagine having a call ringing on instance A and being accepted on instance B (after a failover) - 0% losses ! Aside realtime data replication, the BIN interface is to be used also for exchanging any other type of information between OpenSIPS instances, like federating multiple instances. The main advantages of the BIN interface over the MI interface : - BIN is binary encoded so much faster (as performance) - BIN interface has both sender and receiver in OpenSIPS (MI has only the receiver) - MI is for external usage, while BIN is internal (opensips2opensips) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 07/29/2013 06:22 PM, Liviu Chircu wrote: Hello all, OpenSIPS just got better with a /new core interface/ and a /new failover mechanism/! The purpose of the new *Binary Internal Interface *is to offer a fast and efficient communication channel between OpenSIPS instances. OpenSIPS modules can now use this core interface to send/receive packets with specific information. A common usage case for this feature would be data replication between a primary instance and a backup one. This is especially useful in scenarios with OpenSIPS instances which handle large amounts of concurrent calls, so that failover through a database backend is not feasible anymore due to the significant time required in order to load the needed tables. As an example of using the interface, the dialog module now offers the possibility of *replicating dialogs* to another instance. The script writer may now configure a set of proxies which will receive dialog-related events: /creation/, /confirmation/ and /deletion/, all in /realtime/. These messages are compact and they are sent over UDP. The dialog module now also exports several new statistics which show the total sent/received replication packets. Configuring UDP listeners for the new interface is trivial and explained in the OpenSIPS manuals [1]. [1]: http://www.opensips.org/Documentation/Interface-Binary Best regards, -- Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com ___ Users mailing list Users@lists.opensips.org mailto:Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Devel mailing list de...@lists.opensips.org mailto:de...@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel ___ Devel mailing list de...@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface
Hello Vlad, I tested and confirmed it is OK now. Thanks. Regards, Takeshi On Wed, Aug 7, 2013 at 4:52 AM, Vlad Paiu vladp...@opensips.org wrote: Hello, What are you thinking about more exactly here in terms of security ? The OpenSIPS worker processes that listen for BIN replicated packages do not perform any IP authentication by themselves, so if you leave those UDP ports open from the outside, you are leaving yourself exposed to outside attackers coming in and either deleting some of the existing dialogs ( by sending you some binary packages that destroy an ongoing dialog ) or filling up your shared memory ( by sending you 'new dialog' binary packages ). Currently, it's left to the OpenSIPS administrator to properly configure the firewall so that the binary interface listeners ( the ones specified by bin_listen=127.0.0.1: ) are only open for the other OpenSIPS instance IPs. Best Regards, Vlad Paiu OpenSIPS Developer http://www.opensips-solutions.**com http://www.opensips-solutions.com On 08/01/2013 07:58 PM, Nick Khamis wrote: What needs to be considered in terms of security? Nick. On 7/31/13, Bogdan-Andrei Iancu bog...@opensips.org wrote: Hi Ryan, This has nothing to do with dialog pining or accounting - the new interface allows OpenSIPS to replicate the dialog state to another OpenSIPS instance. If I misunderstood you, please rephrase :) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.**com http://www.opensips-solutions.com On 07/29/2013 08:20 PM, Ryan Bullock wrote: This is pretty exciting! What are the plans for how this will work with features such as dialog pinging and accounting? Regards, Ryan On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu bog...@opensips.org mailto:bog...@opensips.org wrote: In long term we plan to use the BIN interface to replicate even more internal data between multiple OpenSIPS instances, like doing registration replication (instead of doing it from script via SIP). Theoretically it may be used for replicating even transaction state between 2 OpenSIPS instances - imagine having a call ringing on instance A and being accepted on instance B (after a failover) - 0% losses ! Aside realtime data replication, the BIN interface is to be used also for exchanging any other type of information between OpenSIPS instances, like federating multiple instances. The main advantages of the BIN interface over the MI interface : - BIN is binary encoded so much faster (as performance) - BIN interface has both sender and receiver in OpenSIPS (MI has only the receiver) - MI is for external usage, while BIN is internal (opensips2opensips) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.**comhttp://www.opensips-solutions.com On 07/29/2013 06:22 PM, Liviu Chircu wrote: Hello all, OpenSIPS just got better with a /new core interface/ and a /new failover mechanism/! The purpose of the new *Binary Internal Interface *is to offer a fast and efficient communication channel between OpenSIPS instances. OpenSIPS modules can now use this core interface to send/receive packets with specific information. A common usage case for this feature would be data replication between a primary instance and a backup one. This is especially useful in scenarios with OpenSIPS instances which handle large amounts of concurrent calls, so that failover through a database backend is not feasible anymore due to the significant time required in order to load the needed tables. As an example of using the interface, the dialog module now offers the possibility of *replicating dialogs* to another instance. The script writer may now configure a set of proxies which will receive dialog-related events: /creation/, /confirmation/ and /deletion/, all in /realtime/. These messages are compact and they are sent over UDP. The dialog module now also exports several new statistics which show the total sent/received replication packets. Configuring UDP listeners for the new interface is trivial and explained in the OpenSIPS manuals [1]. [1]: http://www.opensips.org/**Documentation/Interface-Binaryhttp://www.opensips.org/Documentation/Interface-Binary Best regards, -- Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.**comhttp://www.opensips-solutions.com __**_ Users mailing list Users@lists.opensips.org mailto:Users@lists.opensips.**orgUsers@lists.opensips.org http://lists.opensips.org/cgi-**bin/mailman/listinfo/usershttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface
Hi Ryan, This has nothing to do with dialog pining or accounting - the new interface allows OpenSIPS to replicate the dialog state to another OpenSIPS instance. If I misunderstood you, please rephrase :) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 07/29/2013 08:20 PM, Ryan Bullock wrote: This is pretty exciting! What are the plans for how this will work with features such as dialog pinging and accounting? Regards, Ryan On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu bog...@opensips.org mailto:bog...@opensips.org wrote: In long term we plan to use the BIN interface to replicate even more internal data between multiple OpenSIPS instances, like doing registration replication (instead of doing it from script via SIP). Theoretically it may be used for replicating even transaction state between 2 OpenSIPS instances - imagine having a call ringing on instance A and being accepted on instance B (after a failover) - 0% losses ! Aside realtime data replication, the BIN interface is to be used also for exchanging any other type of information between OpenSIPS instances, like federating multiple instances. The main advantages of the BIN interface over the MI interface : - BIN is binary encoded so much faster (as performance) - BIN interface has both sender and receiver in OpenSIPS (MI has only the receiver) - MI is for external usage, while BIN is internal (opensips2opensips) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 07/29/2013 06:22 PM, Liviu Chircu wrote: Hello all, OpenSIPS just got better with a /new core interface/ and a /new failover mechanism/! The purpose of the new *Binary Internal Interface *is to offer a fast and efficient communication channel between OpenSIPS instances. OpenSIPS modules can now use this core interface to send/receive packets with specific information. A common usage case for this feature would be data replication between a primary instance and a backup one. This is especially useful in scenarios with OpenSIPS instances which handle large amounts of concurrent calls, so that failover through a database backend is not feasible anymore due to the significant time required in order to load the needed tables. As an example of using the interface, the dialog module now offers the possibility of *replicating dialogs* to another instance. The script writer may now configure a set of proxies which will receive dialog-related events: /creation/, /confirmation/ and /deletion/, all in /realtime/. These messages are compact and they are sent over UDP. The dialog module now also exports several new statistics which show the total sent/received replication packets. Configuring UDP listeners for the new interface is trivial and explained in the OpenSIPS manuals [1]. [1]: http://www.opensips.org/Documentation/Interface-Binary Best regards, -- Liviu Chircu OpenSIPS Developer http://www.opensips-solutions.com ___ Users mailing list Users@lists.opensips.org mailto:Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Devel mailing list de...@lists.opensips.org mailto:de...@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel ___ Devel mailing list de...@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [OpenSIPS-Devel] [NEW] Dialog replication using a new core interface
This is pretty exciting! What are the plans for how this will work with features such as dialog pinging and accounting? Regards, Ryan On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu bog...@opensips.orgwrote: ** In long term we plan to use the BIN interface to replicate even more internal data between multiple OpenSIPS instances, like doing registration replication (instead of doing it from script via SIP). Theoretically it may be used for replicating even transaction state between 2 OpenSIPS instances - imagine having a call ringing on instance A and being accepted on instance B (after a failover) - 0% losses ! Aside realtime data replication, the BIN interface is to be used also for exchanging any other type of information between OpenSIPS instances, like federating multiple instances. The main advantages of the BIN interface over the MI interface : - BIN is binary encoded so much faster (as performance) - BIN interface has both sender and receiver in OpenSIPS (MI has only the receiver) - MI is for external usage, while BIN is internal (opensips2opensips) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developerhttp://www.opensips-solutions.com On 07/29/2013 06:22 PM, Liviu Chircu wrote: Hello all, OpenSIPS just got better with a *new core interface* and a *new failover mechanism*! The purpose of the new *Binary Internal Interface *is to offer a fast and efficient communication channel between OpenSIPS instances. OpenSIPS modules can now use this core interface to send/receive packets with specific information. A common usage case for this feature would be data replication between a primary instance and a backup one. This is especially useful in scenarios with OpenSIPS instances which handle large amounts of concurrent calls, so that failover through a database backend is not feasible anymore due to the significant time required in order to load the needed tables. As an example of using the interface, the dialog module now offers the possibility of *replicating dialogs* to another instance. The script writer may now configure a set of proxies which will receive dialog-related events: *creation*, *confirmation* and *deletion*, all in *realtime*. These messages are compact and they are sent over UDP. The dialog module now also exports several new statistics which show the total sent/received replication packets. Configuring UDP listeners for the new interface is trivial and explained in the OpenSIPS manuals [1]. [1]: http://www.opensips.org/Documentation/Interface-Binary Best regards, -- Liviu Chircu OpenSIPS Developerhttp://www.opensips-solutions.com ___ Users mailing listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Devel mailing list de...@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users