Re: SIP, NAT, and load balancing problems

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Andrew McGill wrote:

On Tuesday Dec 12, 2006 around 3:44pm, François Delawarde wrote,


Hello all,
I have a linux machine with a SIP server (Asterisk) and 2 WAN interfaces (NATed) configured to do load balancing. I experienced problems with the SIP/RTP protocols and load balancing, because when initiating a call to an external SIP Host, a new RTP flow starts from the server to the Host, that sometimes uses another default route (due to the nexthop configuration). As i have two different public IPs, the external host gets confused while receiving flows from different IPs, and doesn't work (or sometimes we only have one-way communication).
There is a similar problem with openvpn which the --multihome patch in 2.1_rc* solves (SOL_IP / IP_PKTINFO option on the socket). Unless the application (asterisk in your case) chooses to bind a UDP socket to a particular IP address, the routing subsystem will assign the IP address. Since UDP is connectionless, there is no reason to use the same IP address as the incoming 'connection'. (ip_conntrack doesn't count.)
I cannot bind Asterisk to a particular IP address, as I need to use it for both LAN and WAN, but if the routing subsystem assigns the IP, does it take into account netfilter MARK and special rules, or do you know a way to "force" this routing subsystem into assigning an IP address?
I'm trying to understand when and how this IP address is chosen, and see if I can act at that level (doing NAT and ROUTE things doesn't seem to work a lot, and it's probably too "late" to work the problem.
*You* may be able to solve the problem with some creative use of the CONNMARK target (I didn't succeed). The best solution, in the absence of a kernel hack to treat UDP as a connection-oriented protocol, is to fix asterisk (IMHO, IANAKH). 

&:-)
I was thinking of trying that along with the netfilter SIP helper, but I don't even understand how helpers work yet. If you have an idea of how i could use those things, it would also be worth trying. 


Thank you very much,
François.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux