Hello,
What are you thinking about more exactly here in terms of security ?
The OpenSIPS worker processes that listen for BIN replicated packages do
not perform any IP authentication by themselves, so if you leave those
UDP ports open from the outside, you are leaving yourself exposed to
outside attackers coming in and either deleting some of the existing
dialogs ( by sending you some binary packages that destroy an ongoing
dialog ) or filling up your shared memory ( by sending you 'new dialog'
binary packages ).
Currently, it's left to the OpenSIPS administrator to properly configure
the firewall so that the binary interface listeners ( the ones specified
by bin_listen=127.0.0.1:9999 ) are only open for the other OpenSIPS
instance IPs.
Best Regards,
Vlad Paiu
OpenSIPS Developer
http://www.opensips-solutions.com
On 08/01/2013 07:58 PM, Nick Khamis wrote:
What needs to be considered in terms of security?
Nick.
On 7/31/13, Bogdan-Andrei Iancu <bog...@opensips.org> wrote:
Hi Ryan,
This has nothing to do with dialog pining or accounting - the new
interface allows OpenSIPS to replicate the dialog state to another
OpenSIPS instance. If I misunderstood you, please rephrase :)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 07/29/2013 08:20 PM, Ryan Bullock wrote:
This is pretty exciting!
What are the plans for how this will work with features such as dialog
pinging and accounting?
Regards,
Ryan
On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu
<bog...@opensips.org <mailto:bog...@opensips.org>> wrote:
In long term we plan to use the BIN interface to replicate even
more internal data between multiple OpenSIPS instances, like doing
registration replication (instead of doing it from script via
SIP). Theoretically it may be used for replicating even
transaction state between 2 OpenSIPS instances - imagine having a
call ringing on instance A and being accepted on instance B (after
a failover) - 0% losses !
Aside realtime data replication, the BIN interface is to be used
also for exchanging any other type of information between OpenSIPS
instances, like federating multiple instances.
The main advantages of the BIN interface over the MI interface :
- BIN is binary encoded so much faster (as performance)
- BIN interface has both sender and receiver in OpenSIPS (MI
has only the receiver)
- MI is for external usage, while BIN is internal
(opensips2opensips)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 07/29/2013 06:22 PM, Liviu Chircu wrote:
Hello all,
OpenSIPS just got better with a /new core interface/ and a /new
failover mechanism/!
The purpose of the new *Binary Internal Interface *is to offer a
fast and efficient communication channel between OpenSIPS
instances. OpenSIPS modules can now use this core interface to
send/receive packets with specific information. A common usage
case for this feature would be data replication between a primary
instance and a backup one.
This is especially useful in scenarios with OpenSIPS instances
which handle large amounts of concurrent calls, so that failover
through a database backend is not feasible anymore due to the
significant time required in order to load the needed tables.
As an example of using the interface, the dialog module now
offers the possibility of *replicating dialogs* to another
instance. The script writer may now configure a set of proxies
which will receive dialog-related events: /creation/,
/confirmation/ and /deletion/, all in /realtime/. These messages
are compact and they are sent over UDP. The dialog module now
also exports several new statistics which show the total
sent/received replication packets.
Configuring UDP listeners for the new interface is trivial and
explained in the OpenSIPS manuals [1].
[1]: http://www.opensips.org/Documentation/Interface-Binary
Best regards,
--
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Devel mailing list
de...@lists.opensips.org <mailto:de...@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Devel mailing list
de...@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
