|
Morgan Fainberg wrote:
> In theory, you could use a FWM (firewall mark) setup and persistent
> connections. If you map the virtual server group to use the same FWM
> for the TCP ( SIP uses TCP port 5060) and UDP (RTP usually is
> configured for UDP ports 16384-32767) datastreams. It should work in
> theory.
>
> However, the application-based Load-balancing in Asterisk does
> function fairly well and you might end up with a better solution.
> Typically, with load-balancing I find that the more complexity you add
> just makes it that much harder to debug when things go awry.
>
>
I think the fwmark approach might work. And I like this since
load-balancing with LVS is better for me because I have all my other
services on it.
I'm keeping all traffic going through the Asterisk box with
canreinvite=no. canreinvite=yes would present a further scenario as the
endpoints would then end up in direct communication for RTP.
You'll have to excuse me if I've oversimplified this. I have not used
fwmarks before.
So let's see, I'm using keepalived so in the conf I guess I would have
something like:
virtual service RS_IP 5060 { # SIP
persistent...
virtual service fwmark 1 { # SIP RTP
persistent...
In iptables (directors):
iptables -t mangle -A PREROUTING -p udp -d 192.168.1.27-28 --dport
10000:20000 -j MARK --set-mark 1 # SIP RTP: where -d has ip of real servers
In iptables (realservers): # only for NAT, what about DR?
iptables -A PREROUTING -t mangle -d <VIRTUAL_IP> -j MARK --set-mark 1 #
route back to director
Does this look reasonable?
Regards,
Gerry
|
