Hi,
Let me re-phrase my question. In a cluster environment with 1 master (sip1)
and 1 distributed server (sip2), which sits side-by-side on the same
network, I have 1 client with username "[EMAIL PROTECTED]" registering to
sip1 and another client with username "[EMAIL PROTECTED]" to sip2. alice and
bob are behind different firewalls with NAT.
Public IP:1.2.3.4 Public IP:1.2.3.5
+---------+ +---------+
| sip1 | | sip2 |
+---------+ +---------+
^ ^
| |
|REGISTER |REGISTER
| |
+---------+ +---------+
| fw1 | | fw2 |
+---------+ +---------+
^ ^
| |
|REGISTER |REGISTER
| |
[EMAIL PROTECTED] [EMAIL PROTECTED]
Private IP: Private IP:
10.0.0.1 192.168.1.1
Currently, in sipxecs, when alice make a call to bob, an INVITE message is
sent from alice to sip1. Then, sip1 will send an INVITE message directly to
bob instead of sip2 (note that bob is registered to sip2). But, because bob
is registered to sip2 and not sip1, it's not able to receive the INVITE
message from sip1.
Public IP:1.2.3.4 Public IP:1.2.3.5
+---------+ +---------+
| sip1 | ------- | sip2 |
+---------+ \ +---------+
^ \
| \
|2:INVITE \ 3:INVITE
| V (firewall blocked)
+---------+ +---------+
| fw1 | | fw2 |
+---------+ +---------+
^
|
|1:INVITE
|
[EMAIL PROTECTED] [EMAIL PROTECTED]
Private IP: Private IP:
10.0.0.1 192.168.1.1
Is there a way to configure sipxecs such that if sip1 knows that bob is
registered to sip2, it should forward the INVITE to sip2 first and let sip2
send the INVITE to bob?
Public IP:1.2.3.4 Public IP:1.2.3.5
+---------+ 3:INVITE +---------+
| sip1 | -------------->| sip2 |
+---------+ +---------+
^ |
| |
|2:INVITE |4:INVITE
| V
+---------+ +---------+
| fw1 | | fw2 |
+---------+ +---------+
^ |
| |5:INVITE
|1:INVITE |
| V
[EMAIL PROTECTED] [EMAIL PROTECTED]
Private IP: Private IP:
10.0.0.1 192.168.1.1
Since bob is registered to sip2, all SIP messages to bob should be from sip2
in order to avoid any problem with Firewall/NAT, something like what
symmetric response routing does(?).
Regards,
WK
-----Original Message-----
From: Scott Lawrence [mailto:[EMAIL PROTECTED]
Sent: 15 August 2008 19:12
To: [EMAIL PROTECTED]
Cc: [email protected]
Subject: Re: [sipx-users] sipx redundancy firewall/NAT issue
On Fri, 2008-08-15 at 17:23 +0800, Soo Wei Kang wrote:
> Hi,
>
>
>
> I'm using latest sipx build 3.10.2-013143 and I've installed it in 2
> machines for redundancy, namely sip1 and sip2. So, some SIP client
> will login to "sip1" and some will login to "sip2" based on DNS SRV
> query.
>
>
>
> For example, we have a client with username "[EMAIL PROTECTED]"
> registering to sip1 and another client with username "[EMAIL PROTECTED]"
> to sip2. The Domain is "example.com". When alice make a call to bob,
> an INVITE message is sent from alice to sip1. Then, sip1 will send an
> INVITE message directly to bob instead of sip2 (note that bob is
> registered to sip2). This may not be an issue if the client and server
> are on the same network. But, in a firewall/NAT environment, this
> could pose some problem because bob is connected to sip2 and not sip1.
> Any message from sip1 to bob will be rejected.
>
>
>
> Is there a way to configure sipx such that if sip1 knows that bob is
> registered to sip2, it should forward the INVITE to sip2 first and let
> sip2 send the INVITE to bob?
No - putting a NAT between systems in a cluster is not supported.
There's no way to support redundancy when there's a NAT there,
specifically because of the problem you describe.
If what you have is multiple sites with separate NATed networks, then
you should make each its own domain. Each domain will need an SBC to
traverse the NAT, and then you can use dial rules to route calls between
them as a SIP Trunk.
--
Scott Lawrence tel:+1.781.229.0533;ext=162 or sip:[EMAIL PROTECTED]
sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs
CTO, Voice Solutions - Bluesocket Inc. http://www.bluesocket.com/
http://www.pingtel.com/
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
