Re: ENUM Support for GNUGK

Simon Horne <s.horne@xxxxxxxx> · Sat, 04 Nov 2006 11:34:33 +0800

Response inline.

----- Original Message ----- 

From: "Dimitris Daskopoulos"
<dimitris@xxxxxxxxxxx>

To: "GNU Gatekeeper Users"
<openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>

Sent: Saturday, November 04, 2006 5:13 AM

Subject: Re:  ENUM Support for GNUGK

> 

> Simon,

> thank you for your elaborate explanation of the possibilities!

> Indeed SRV support opens up a whole new are for routing
solutions.

> 

> I have a few questions on your example:

> 

> Simon Horne wrote:

> > 

> > Dimitris

> > 

> > I initially contributed the ENUM routing policy to GnuGK and I
use it 

> > regularly with
www.e164.org

> > 

> >
<http://www.e164.org/>ENUM
is only ever designed to resolve the 

> > signalling address.  It cannot be used to resolve the RAS
address for 

> > placing LRQ's.

> > GnuGk does not use port 1720 by default so all ENUM records
must point 

> > to signalling port 1721.

> > 

> > So this is the behaviour in GnuGk v2.2.4

> > [RoutingPolicy]

> > default=enum,dns

> > 

> > ENUM

> > 1 900 123 4567 --->
user@xxxxxxxxxxxxx:1721

> > 

> > DNS

> > gk.mysite.com: ---> 65.234.x.x:1721

> > 

> > ACF tells EP to call 65.234.x.x:1721.

> > 

> Perfectly understandable.

> > 

> > Question:

> > =========================================

> > Is there a way to do both, i.e. first check if the user is
locally

> > registered on an ENUM resolved gatekeeper

> > and allow the gatekeeper to forward it to the gateway, if the
user is

> > not locally registered.

> > To do this we need to make GnuGk take the ENUM reply and

> > resolve it (LRQ) through a gatekeeper service, before
attempting the call.

> > =========================================

> > 

> > What you need to do is use the SRV policy prior to DNS. SRV
policy is 

> > currently available in the CVS version of GnuGk.

> > DNS SRV is covered by H.323 Annex O, these are special DNS
addresses 

> > which indicate the H.323 signal and RAS addresses of a
particular domain.

> > 

> > So

> > for gk.mysite.com  the DNS records would look like
this.

> > DNS    65.234.x.x

> > Signal Port  (_h323cs_.udp) gk.mysite.com:1721

> > RAS Port  (_h323ls_.udp)  
gk.mysite.com:1719

> > 

> > Following the logic

> > ENUM

> > 1 900 123 4567 --->
user@xxxxxxxxxxxxx  
(note must use 1720 as signal 

> > port of GK)

> > 

> > SRV* 

> > *preform SRV query on gk.mysite.com 

> > 

> > success:

> > Resolve _h323ls_.udp record to gk.mysite.com:1719, 

> 

> Does the SRV method always return the ras address?

> Is the signaling one returned in other cases?

It depends on whether a signalling address SRV record exists. If one does
then it is used over the RAS address. There is a preference
order.

> 

> > preform LRQ for user 

> > at gk.mysite.com:1719, LCF returns  210.93.x.x:1720 as the
signalling 

> > address of user.

> > 

> ... if the user is locally registered, and if not, LCF may return
the 

> address of a gateway. Sounds like exactly what I asked for.

> 

> > DNS

> > no SRV Record so resolve gk.mysite.com to 65.234.x.x

> > 

> > ACF tells EP to call gateway directly at 210.93.x.x:1720 

> 

> You mean 210.93.y.y:1720 as gateway (as opposed to 210.93.x.x:1720
which 

> was the endpoint signaling address further up).

No. Same function can be used for gateway or endpoint, I just have
incorrectly used the word gateway instead of endpoint.

> 

>  > If no DNS SRV

> > record available then route to gatekeeper at
123.234.x.x:1720

> > 

> I don't understand this last sentence.

> Unless it was meant to replace the previous one and not to
complement 

> it. Both statements assume "no DNS SRV record".

No the first one refers to endpoint registered locally at 210.93.x.x:1720
and the second, using DNS (no SRV) to resolve the gatekeeper address and
route the signalling through the call signal address of the gatekeeper at
123.234.x.x:1720.  Sorry for the confusion

> 

> > So to fully answer you question

> > 

> > [RoutingPolicy]

> > default=enum,srv,dns

> > (with the CVS version of GnuGk compiled with DNS support in
pwlib)

> > 

> Is there a reason for the DNS method to always follow the ENUM
method?

> If the ENUM lookup always returns explicit addresses,

> e.g.
12345678@xxxxxxxxxx:1720

> do we need to append the DNS method?

> I tried to get this to work without dns, but with no
success.

I think you might of highlighted an issue in the routing. In theory no it
does not require DNS however as it is the form user@address it may need
to use the DNS routing policy to resolve. This might need to be
addressed.

> 

> Semantically, the DNS method is a little different than all the
other 

> routing methods. Once other methods are matched, address resolution

> stops. But the DNS method is applied even after a previously
successful 

> routing step. So it has to follow any other method that may return

> non-explicit addresses for the call to proceed. Correct?

Yes.

Additional note: There is a major security risk in using ENUM and LRQ's
(SRV records) to resolve an endpoint/gateway address, as the gatekeeper
may need to receive a LRQ from a gatekeeper which is not predefined as a
neighbor in the routing policy. I have redressed that by extending the
neighbor policy to accept LRQ from non-neighbors (by default is switched
off) and extending the authentication module to cover authentication of
LRQ's. This function is still experimental.

Simon

> 

> Thanks again for answering with such detail.

> Dimitris

> 

> > 

> > Simon

> > 

> > 

> > 

> > At 07:35 PM 31/10/2006, you wrote:

> > 

> >> Hi all,

> >>

> >> I have the following problem that I would like to discuss
with others

> >> who use H.323 enum on GnuGk 2.2.4.

> >> The GnuGk 2.2.4 manual states:

> >>

> >>     * |enum|

> >>

> >>       The enum policy
replaces the destination with the information

> >>       returned by ENUM
server, so you must have the appropriate routing

> >>       policies to finally
route the call after the enum policy. Usually

> >>       you should also have
the dns policy after the enum policy, since

> >>       the new location is
often returned in the form of

> >>      
'number@gatekeeper' and the dns
policy is needed to resolve this.

> >>

> >> Reading this, you expect that GnuGk will be able to resolve
ENUM entries

> >> pointing to the responsible gatekeeper

> >> e.g. IN NAPTR 100 10 "u"
"E2U+h323"

> >> "!^\\+(.*)$!h323:\\1@xxxxxxxxxxxxxxxx:1719!"
.

> >>

> >> However, the above example will not work, because after the
ENUM query

> >> is resolved and DNS policy is applied,

> >> GnuGk places a call to the Signalling Port of the ENUM
resolved host.

> >> Thus, only an entry such as this may work,

> >> pointing to :

> >> e.g. IN NAPTR 100 10 "u"
"E2U+h323"

> >> "!^\\+(.*)$!h323:\\1@xxxxxxxxxxxxxxxx:1721!"
.

> >> assuming gnugk has a signalling port enabled (proxy or
routed mode)

> >>

> >> 2006/10/31 12:25:19.261
5             
Routing.h(168)   ROUTING Checking

> >> policy ENUM for the request ARQ 7924

> >> 2006/10/31 12:25:19.291
4           
Routing.cxx(1092)         
ENUM

> >> converted remote party xxxxx to
xxxxx@xxxxxxxxxxxxxxxx:1719

> >> 2006/10/31 12:25:19.291
5             
Routing.h(168)   ROUTING Checking

> >> policy DNS for the request ARQ 7924

> >> 2006/10/31 12:25:19.291
5             
Routing.h(174)   ROUTING Policy

> >> DNS applied to the request ARQ 7924

> >> 2006/10/31 12:25:19.291
2            
RasTbl.cxx(2293) 

> >> CallTable::Insert(CALL) Call No. 160, total sessions :
1

> >> 2006/10/31 12:25:19.291
2            
RasSrv.cxx(389)  

> >>
ACF|1.2.3.4:1720|8024_endp|14331|xxxxx:dialedDigits|yyy:h323_ID|false;

> >> 2006/10/31 12:25:19.291
3            
RasSrv.cxx(232)   RAS     Send to

> >> 1.2.3.4:1719

> >>

> >> Where the routing policy is:

> >> [RoutingPolicy]

> >> Default=enum,dns

> >>

> >> In general, ENUM entries may point to specific IPs of
endpoints

> >> listening on port 1720,

> >> or point to gateways for PSTN termination for a range of
numbers.

> >>  

> >> Is there a way to do both, i.e. first check if the user is
locally

> >> registered on an ENUM resolved gatekeeper

> >> and allow the gatekeeper to forward it to the gateway, if
the user is

> >> not locally registered.

> >> To do this we need to make GnuGk take the ENUM reply
and

> >> resolve it (LRQ) through a gatekeeper service, before
attempting the call.

> >>

> >> Is there a way to configure GnuGk to do this, or will it
take extra

> >> development effort?

> >> We would be interested to hear how others are using H.323
ENUM, if at all.

> >>

> >> Regards,

> >> Dimitris Daskopoulos

> >> GRNET/RTS

> >>

> >>
-------------------------------------------------------------------------

> >> Using Tomcat but need to do more? Need to support web
services, security?

> >> Get stuff done quickly with pre-integrated technology to
make your job 

> >> easier

> >> Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo

> >>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

> >> <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>

> >> _______________________________________________________

> >>

> >> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx

> >> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549

> >> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users

> >> Homepage: http://www.gnugk.org/

> > 

> > ------------------------------------------------------------------------

> > 

> > -------------------------------------------------------------------------

> > Using Tomcat but need to do more? Need to support web services, security?

> > Get stuff done quickly with pre-integrated technology to make your job easier

> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

> > 

> > 

> > ------------------------------------------------------------------------

> > 

> > _______________________________________________________

> > 

> > Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx

> > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549

> > Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users

> > Homepage: http://www.gnugk.org/

> 

> -------------------------------------------------------------------------

> Using Tomcat but need to do more? Need to support web services, security?

> Get stuff done quickly with pre-integrated technology to make your job easier

> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

> _______________________________________________________

> 

> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx

> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549

> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users

> Homepage: http://www.gnugk.org/ 

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/