Klaus- > On 23.12.2009 20:21, Jeff Brower wrote: >> Daniel- >> >>> I haven't used such scenario so far and not a big linux network routing >>> expert here, so the command you use for bridging do not help me too much. >>> >>> When I need to bridge two network then I use rtpproxy in bridging mode, >>> like the example I pointed in a previous email, and all run fine. >> >> Thanks for your reply Daniel. Our concern with using rtpproxy for bridging >> is that we may end up with less call >> capacity. We don't want to touch in user space packets that don't need >> decryption and transcoding -- we want to let >> them through to the other network using Linux bridging and the 2 NICs. > > Why using rtpproxy at all for unencrypted calls? Just let them through > directly to Asterisk.
Yes, we're doing that now, using Linux bridging (2 NICs). > IF you do not want RTP directly to Asterisk, but need kernel-based > forwarding, you could use mediaproxy2 (kernel-based) for RTP and > rtpproxy for SRTP. Ok thanks for that suggestion. At call capacity increases, we may move encryption and transcoding to an accelerator card... rtpproxy is a good UDP/RTP place to interface with the card. -Jeff >>> On 12/22/09 10:40 PM, Vikram Ragukumar wrote: >>>> Daniel, >>>> >>>> Please find below a corrected Dataflow diagram. >>>> >>>> ----------------- >>>> |SIP Caller's | >>>> |Encrypted SIP | >>>> |(Port9090) + | >>>> |UDP | >>>> |(Port10000-20000)| >>>> ----------------- >>>> | >>>> |Public IP >>>> ---|----------------------- >>>> | --|---- ------- | Public IP >>>> || NIC1 |<------>| NIC2 | | ----------- >>>> || eth0 | bridge | eth1 |->-| Asterisk | >>>> | --|----- --|--|- | |CentOS v5.4| >>>> | v port 9090 | | | | Server 2 | >>>> | --|--------------- | | | ----------- >>>> ||Libnetfilter_queue|| | | >>>> | -|----|----------- | | | >>>> | | | | | | >>>> | | -|-------- | | | >>>> | | |Decryption| ^ ^ | >>>> | | -|-------- | | | >>>> | v v port 5060 | | | >>>> | | -|------ | | | >>>> | | |Kamailio|--->- | | >>>> | | -------- | | >>>> | | | | >>>> | |UDPports | | >>>> | -|-- -------- | | >>>> ||srtp|->--|rtpproxy|->- | >>>> | ---- -------- | >>>> | Server 1,CentOS v5.4 | >>>> --------------------------- >>>> >>>> Thanks and Regards, >>>> Vikram. >>>> >>>> Vikram Ragukumar wrote: >>>>> Daniel, >>>>> >>>>> Thanks once again for your reply. I present below a more detailed >>>>> system description. The first ASCII sketch depicts the setup we have >>>>> in our lab here and the second ASCII sketch depicts the dataflow we >>>>> are working towards. >>>>> >>>>> System setup: >>>>> ------------- >>>>> >>>>> ------------ >>>>> | Internet | >>>>> ------------ >>>>> | >>>>> | >>>>> ------|------------------------ >>>>> | | CentOS v5.4 | >>>>> | ---|---- -------- | >>>>> | | NIC1 |<------>| NIC2 | |<- Server 1 >>>>> | | eth0 | bridge | eth1 | | >>>>> | -------- ----|--- | >>>>> | Rtpproxy,Kamailio | | >>>>> -------------------------|----- >>>>> | >>>>> |<- Cross over cable >>>>> | >>>>> ----------- >>>>> |CentOS v5.4| >>>>> | Asterisk |<- Server 2 >>>>> ----------- >>>>> >>>>> Dataflow: >>>>> --------- >>>>> >>>>> ------------------ >>>>> |SIP Caller's | >>>>> |Encrypted SIP | >>>>> |(Port9090) + | >>>>> |UDP | >>>>> |(Port10000-20000)| >>>>> ----------------- >>>>> | >>>>> |Public IP >>>>> ---|----------------------- >>>>> | --|---- ------- | Public IP >>>>> || NIC1 |<------>| NIC2 | | ----------- >>>>> || eth0 | bridge | eth1 |->-| Asterisk | >>>>> | --|----- --|--|- | |CentOS v5.4| >>>>> | v port 9090 | | | | Server 2 | >>>>> | --|--------------- | | | ----------- >>>>> ||Libnetfilter_queue|| | | >>>>> | --|--------------- | | | >>>>> | v | | | >>>>> | --|------- | | | >>>>> ||Decryption| ^ ^ | >>>>> | -|------|-- | | | >>>>> | | v port 5060| | | >>>>> | | ---|---- | | | >>>>> | | |Kamailio|--->- | | >>>>> | v -------- | | >>>>> | | | | >>>>> | |UDPports | | >>>>> | -|-- -------- | | >>>>> ||srtp|->--|rtpproxy|->- | >>>>> | ---- -------- | >>>>> | Server 1,CentOS v5.4 | >>>>> --------------------------- >>>>> >>>>> Questions: >>>>> ---------- >>>>> 1) Is it common practice to implement "Decryption" and "srtp" as >>>>> shown in the dataflow diagram? If not, what is a more appropriate >>>>> place to implement them ? >>>>> 2) Once deployed, will such as system be capable of handling several >>>>> hundreds or thousands of calls ? >>>>> >>>>> Wish you all a Merry Christmas and a Happy New Year. >>>>> >>>>> Thanks and Regards, >>>>> Vikram. >>>>> >>>>> PS : Here is the script used to setup the bridge between eth0 and eth1 >>>>> >>>>> brctl addbr br0 >>>>> brctl stp br0 on >>>>> brctl addif br0 eth0 >>>>> brctl addif br0 eth1 >>>>> ifdown eth0 1>/dev/null 2>&1 >>>>> ifdown eth1 1>/dev/null 2>&1 >>>>> ifconfig eth0 0.0.0.0 up >>>>> ifconfig eth1 0.0.0.0 up >>>>> ifconfig br0 64.221.148.221 netmask 255.255.255.224 up >>>>> route add default gw 64.221.148.220 >>>>> for file in br0 eth0 eth1 >>>>> do >>>>> echo "1"> /proc/sys/net/ipv4/conf/${file}/proxy_arp >>>>> echo "1"> /proc/sys/net/ipv4/conf/${file}/forwarding >>>>> done; >>>>> echo "1"> /proc/sys/net/ipv4/ip_forward >>>>> >>>>> >>>>> Daniel-Constantin Mierla wrote: >>>>>> >>>>>> >>>>>> On 12/18/09 10:08 PM, Vikram Ragukumar wrote: >>>>>>> Daniel, >>>>>>> >>>>>>> Thank you for your reply. Let me briefly explain what i am trying >>>>>>> to achieve over here. >>>>>>> >>>>>>> _____ eth0 _____ eth1 ______ >>>>>>> |_____|------|_____|--------|______| Internet >>>>>>> Server1 Server2 >>>>>>> 2 NIC's 1 NIC >>>>>>> (Public IP) >>>>>>> >>>>>>> I show above a sketch of the desired setup. >>>>>>> >>>>>>> Server1 - Runs Kamailio and rtpproxy. It has 2 NIC's installed. >>>>>>> Server2 - Runs Asterisk. It must be assigned a Public IP. >>>>>>> >>>>>>> I need to use rtpproxy to intercept data being sent to Server 2, >>>>>>> process them and let them continue along their original path. Are >>>>>>> there any references you can point me to, that show how to use >>>>>>> rtpproxy to achieve this bridging? Does the connection between eth1 >>>>>>> of Server1 and eth0 of Server2 have to made using a crossover cable ? >>>>>> >>>>>> probably your diagram is not displayed properly by the email client, >>>>>> since I do not really get what you wanted to draw. >>>>>> >>>>>> However, in the kamailio server, if you have two network interfaces, >>>>>> run kamailio to listen on both and rtpproxy in bridging mode between >>>>>> them. Then rtpproxy will get packets coming on eth0 and send onver >>>>>> eth1 and viceversa. I gave you the path in the source three where >>>>>> you find an example to start with (in my previous email). >>>>>> >>>>>> Cheers, >>>>>> Daniel >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> Daniel-Constantin Mierla wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> On 12/18/09 12:38 AM, Vikram Ragukumar wrote: >>>>>>>>> Hello All, >>>>>>>>> >>>>>>>>> I am trying to setup a test scenario, where i have Kamailio and >>>>>>>>> rtpproxy running on one CentOS box (Server1) and i have Asterisk >>>>>>>>> running on another CentOS box (Server2). Server1 has 2 NIC's eth0 >>>>>>>>> and eth1 that are both assigned Public IP's. There is a >>>>>>>>> transparent bridge br0 connecting eth0 and eth1 which also has >>>>>>>>> its own Public IP. Finally eth0 on Server2 also has a Public IP. >>>>>>>>> >>>>>>>>> Server2 must be assigned a Public IP. >>>>>>>>> >>>>>>>>> My goal is to modify rtpproxy so that i can intercept packets >>>>>>>>> traveling to Server2, process them and let them resume along >>>>>>>>> their original path. >>>>>>>>> I would like to know if there is another way of setting this up >>>>>>>>> so that i dont use as many Public IP's ? >>>>>>>>> Do any of you see a problem with this setup, things that may not >>>>>>>>> work eventually, or any other concerns ? >>>>>>>>> >>>>>>>> rtpproxy can do bridging of two interfaces -- see the example cfg: >>>>>>>> >>>>>>>> modules/nathelper/examples/alg.cfg >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Daniel _______________________________________________ Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users