![dispatcher module
• list of balancing nodes from file or database
• monitoring of nodes (activate/inactivate
automatically)
• re-route in case of failure
• various algorithms: hashing, weight distribution, round
robin, call load distribution, priority routing
• reload list of nodes without restart
10
LOAD BALANCER
# Dispatch requests
route[DISPATCH] {
# round robin dispatching on gateways group '1'
if(!ds_select_dst("1",“4")) {
send_reply("404", "No destination");
exit;
}
xdbg("--- SCRIPT: going to <$ru> via <$du>n");
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
# Re-route in case of failure
failure_route[RTF_DISPATCH] {
if (t_is_canceled()) {
exit;
}
# next node - only for 500 or local timeout
if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) {
if(ds_next_dst()) {
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
}
}
media servers - gateways - pbxes](https://image.slidesharecdn.com/kamailio-dev-updates-160410184614/85/Kamailio-Updates-VUC-588-10-320.jpg)
![plenty of options
• lcr module
• carrierroute module
• prefix_route module
• drouting module
• combinations: mtree + dispatcher
LEAST COST OR DID ROUTING
11
route[LCR] {
if (!load_gws("1")) {
send_reply("503", "Error loading gateways");
exit;
}
if (!next_gw()) {
send_reply("503", "No available gateways");
exit;
}
t_on_failure(“RTF_LCR");
route(RELAY);
exit;
}
# Re-route in case of failure
failure_route[RTF_LCR] {
if (t_is_canceled()) {
exit;
}
# next node - only for 500 or local timeout
if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) {
if(next_gw()) {
t_on_failure("RTF_LCR");
route(RELAY);
exit;
}
}
}
pstn
provider
pstn
provider
pstn
provider
lcr DID
routing](https://image.slidesharecdn.com/kamailio-dev-updates-160410184614/85/Kamailio-Updates-VUC-588-11-320.jpg)
![block DOS or dictionary attacks
part of default kamailio.cfg
• htable module
• pike module
• detect high volume of traffic from same source and
block it for a specific interval of itme
12
SIP FIREWALL
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", “ipban=>size=8;autoexpire=300;")
…
route[SAFEGUARD] {
# flood detection from same IP and traffic ban for a specific interval
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)n");
exit;
}
if (!pike_check_req()) {
xlog("ALERT: pike blocking $rm from $fu (IP:$si:$sp)n");
$sht(ipban=>$si) = 1;
exit;
}
}
if($ua =~ "friendly-scanner") {
sl_send_reply("200", "OK");
exit;
}
}](https://image.slidesharecdn.com/kamailio-dev-updates-160410184614/85/Kamailio-Updates-VUC-588-12-320.jpg)
![core and tm module
• set transport in R-URI or outbound proxy address
• force transport via dedicated function
13
TRANSPORT LAYER GATEWAY
# Force UDP
route[TOUDP] {
# round robin dispatching on gateways group '1'
record_route();
$du = “sip:nexthop.com:5060;transport=udp”;
force_send_socket(“udp:10.1.1.10:5080”);
route(RELAY);
exit;
}
tls
web socket
udp
udp udp
IPv6
bridging networks
• public to private networks and back
• IPv4 to IPv6 and back
• any transport layer to another one and back](https://image.slidesharecdn.com/kamailio-dev-updates-160410184614/85/Kamailio-Updates-VUC-588-13-320.jpg)
Kamailio Updates - VUC 588
- 1. Daniel-Constantin Mierla Co-Founder Kamailio Project @miconda VUC588 - April 8, 2016 project updates
- 2. (c) asipto.com 2 History 2002 Jun 2005 Jul 2008 Aug 2008 Nov 2008 SIP Express Router (SER) OpenSER Kamailio Other Forks... Same application: Kamailio - SER Oct 2009 Jan 2010 v3.0.0 Integration Completed v1.5.0 Sep 2011 Sep 2001 First Line Of Code Open Source GPL FhG Fokus Institute Berlin rename Awarded Best Open Source Networking Software 2009 By InfoWorld 10 Years Jun 2012 v3.3.0 ITSPA UK Award Mar 2013 v4.0.0 Kamailio v4.1.0 Dec 2013 ………. v4.2.0 Oct 2014 Jun 2015 v4.3.0 Mar 2016 v4.4.0
- 6. ! SIP Signaling Server " SIP registrar " handle registrations from devices " SIP location server " locate targets - lcr, load balancer, user location service " SIP proxy server (router) " routing and re-routing huge volume of SIP traffic " SIP application server " rich telephony services " instant messaging and presence " integration with third party applications " integration with web 2.0 and social networking 6
- 7. ! It is not " SIP phone " SIP media server " SIP back-to-back user agent ! It handles only signaling X 7
- 9. TWO BASIC ARCHITECTURES 9 main signalling server edge signalling server
- 10. dispatcher module • list of balancing nodes from file or database • monitoring of nodes (activate/inactivate automatically) • re-route in case of failure • various algorithms: hashing, weight distribution, round robin, call load distribution, priority routing • reload list of nodes without restart 10 LOAD BALANCER # Dispatch requests route[DISPATCH] { # round robin dispatching on gateways group '1' if(!ds_select_dst("1",“4")) { send_reply("404", "No destination"); exit; } xdbg("--- SCRIPT: going to <$ru> via <$du>n"); t_on_failure("RTF_DISPATCH"); route(RELAY); exit; } # Re-route in case of failure failure_route[RTF_DISPATCH] { if (t_is_canceled()) { exit; } # next node - only for 500 or local timeout if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) { if(ds_next_dst()) { t_on_failure("RTF_DISPATCH"); route(RELAY); exit; } } } media servers - gateways - pbxes
- 11. plenty of options • lcr module • carrierroute module • prefix_route module • drouting module • combinations: mtree + dispatcher LEAST COST OR DID ROUTING 11 route[LCR] { if (!load_gws("1")) { send_reply("503", "Error loading gateways"); exit; } if (!next_gw()) { send_reply("503", "No available gateways"); exit; } t_on_failure(“RTF_LCR"); route(RELAY); exit; } # Re-route in case of failure failure_route[RTF_LCR] { if (t_is_canceled()) { exit; } # next node - only for 500 or local timeout if (t_check_status(“500") || (t_branch_timeout() && !t_branch_replied())) { if(next_gw()) { t_on_failure("RTF_LCR"); route(RELAY); exit; } } } pstn provider pstn provider pstn provider lcr DID routing
- 12. block DOS or dictionary attacks part of default kamailio.cfg • htable module • pike module • detect high volume of traffic from same source and block it for a specific interval of itme 12 SIP FIREWALL # ip ban htable with autoexpire after 5 minutes modparam("htable", "htable", “ipban=>size=8;autoexpire=300;") … route[SAFEGUARD] { # flood detection from same IP and traffic ban for a specific interval # be sure you exclude checking trusted peers, such as pstn gateways # - local host excluded (e.g., loop to self) if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { # ip is already blocked xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)n"); exit; } if (!pike_check_req()) { xlog("ALERT: pike blocking $rm from $fu (IP:$si:$sp)n"); $sht(ipban=>$si) = 1; exit; } } if($ua =~ "friendly-scanner") { sl_send_reply("200", "OK"); exit; } }
- 13. core and tm module • set transport in R-URI or outbound proxy address • force transport via dedicated function 13 TRANSPORT LAYER GATEWAY # Force UDP route[TOUDP] { # round robin dispatching on gateways group '1' record_route(); $du = “sip:nexthop.com:5060;transport=udp”; force_send_socket(“udp:10.1.1.10:5080”); route(RELAY); exit; } tls web socket udp udp udp IPv6 bridging networks • public to private networks and back • IPv4 to IPv6 and back • any transport layer to another one and back
- 14. edge proxy • authentication • nat traversal • parallel forking • serial forking • call forwarding • call blocking • white/black listing • DNS handling 14 OFFLOAD SIGNALLING PROCESSING
- 16. plenty at signalling layer • instant messaging • presence • gaming • notifications 16 EXTRA FEATURES extensibility • define your new request types • flexibility in handling unknown requests, headers, etc. additional functions • embedded XCAP server • embedded MSRP relay • IMS INVITE NOTIFY MESSAGE TICTACTOE PUBLISHTURNRIGHT
- 18. 18
- 19. 19 ! security " strong encryption algorithms for tls " flexibility to work with many certificates at the same time " dnssec, config file crypto tools ! performance, scalability and redundancy " full asynchronous processing layer " event driven api interface (json) " nosql: redis, memcached, mongodb, cassandra " distributed message queue between kamailio nodes " new memory managers ! flexibility " embedded http client for API interaction " dynamic memory manager selection " update of routing parameters without restart " more event routes " json sip routing format
- 20. 20 ! enhancements for typical use cases " webrtc - secure websockets with support for fragmentation " classic sip to webrtc gateway, including RTP to SRTP " volte - ims: dozens of extensions " sms routing handling " more load balancing algorithms ! call load distribution, relative weight, … " topology hiding and topology stripping " user location partitioning and replication " generic caching replication " prepaid and call stateful control " call rating limits " detecting attacks and blocking them " IPv6 cleanup
- 22. 22 ! native configuration with embedded interpreters " lua, perl, python, .net, … " ability to reload routing logic " highly optimized alternative of config with our own routing language ! continuous integration " unit tests " automatic builds " source code restructuring " review options for a new build system ! api driven processing " integration with external systems " keep kamailio as bare sip layer router ! your suggestions are welcome " …
- 23. The 4th Kamailio World Conference May 18-20, 2016 Berlin, Germany celebrating 15 years of Kamailio development
- 24. (c) asipto.com 24 www.kamailioworld.com May 18-20, 2016 - in Berlin, Germany
- 25. 25 highlights ! Berlin, same nice location in the city center " half day technical workshops " two days of conference ! workshops " IMS tutorial " continuous integration " troubleshooting " alternative: visit to Fraunhofer FOKUS testbeds (to be confirmed very soon) ! conference " SIP from classic telephony to webrtc and volte " Kamailio and other open source projects well represented ! Asterisk, FreeSwitch, Sems " security and scalability " typical use cases " experiences from operating large telephony platforms
- 26. (c) asipto.com 26 www.kamailioworld.com May 18-20, 2016 - in Berlin, Germany
- 27. 27 Questions? Daniel-Constantin Mierla Co-Founder Kamailio Project @miconda