Re: [lvs-users] LVS + Asterisk

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] LVS + Asterisk
From:	Gerry Reno <greno@xxxxxxxxxxx>
Date:	Mon, 26 May 2008 16:41:27 -0400

Morgan Fainberg wrote:
> Those looks reasonable, however, you will probably not want to  
> separate the SIP and RTP traffic.  It would make more sense to use two  
> iptables rules that set the same firewall mark.  IE: You can set as  
> many iptables rules as the system can handle to assign a given  
> firewall mark.  Any traffic (regardless of port/type) can be balanced  
> with the FWM.  FWM is (as you can see by the ipvsadm man-page) it's  
> own service type.  Instead of specifying --tcp-service or --udp- 
> service you specify --fwmark-service.  Given that I use Keepalived vs.  
> the other methods, it is slightly different than making direct calls  
> with ipvsadm.
>
> In short, no need to have separate VIPS for SIP and RTP unless you  
> have different servers handing SIP traffic.
>
> It would probably look something more like this:
>
>   
>> virtual service fwmark 1 { # SIP RTP
>> persistent...
>>     
>
>   
>> iptables -t mangle -A PREROUTING -p udp -d 192.168.1.27-28 --dport  
>> 10000:20000 -j MARK --set-mark 1 # SIP RTP: where -d has ip of real  
>> servers
>> iptables -t mangle -A PREROUTING -p tcp -d 192.168.1.27-28 --dport  
>> 5060 -j MARK --set-mark 1 # SIP RTP: where -d has ip of real servers
>>     
>
>   I've not used FWM+NAT in a good long while.  You probably don't need  
> to set the firewall mark on the realservers as the firewall mark (I  
> don't believe) stays with the packet once it leaves the local  
> networking stack (ie, it is not sent out on the wire).  So unless the  
> system needs to do something specific with the firewall mark (IE  
> iprule to policy-route to the director) the firewall mark will not  
> need to be set on the real-server.
>
> A DR configuration should work almost identically, however, I've not  
> done UDP in a DR configuration (always NAT).  A standard DR  
> configuration ~should~ function for a Asterisk setup like this.
>
>   

Yes, of course, I need to keep the SIP and RTP together since I'm not 
using a separate SIP server.  So now if we use ARA we should have a good 
extensible solution.  To me this seems like it might be better than 
OpenSER because with OpenSER you have a SPOF whereas with keepalived/LVS 
you have more robust solution.    My setup is LVS-DR so I need to think 
is the direct return route is going to create any problems.  Otherwise, 
the only thing lacking in this picture is FreePBX does not support ARA :-(

Regards,
Gerry

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] LVS + Asterisk, Gerry Reno Re: [lvs-users] LVS + Asterisk, Graeme Fowler Re: [lvs-users] LVS + Asterisk, Gerry Reno Re: [lvs-users] LVS + Asterisk, Graeme Fowler Re: [lvs-users] LVS + Asterisk, Gerry Reno Re: [lvs-users] LVS + Asterisk, Morgan Fainberg Re: [lvs-users] LVS + Asterisk, Gerry Reno Re: [lvs-users] LVS + Asterisk, Morgan Fainberg Re: [lvs-users] LVS + Asterisk, Gerry Reno <=

Previous by Date:	Re: [lvs-users] LVS + Asterisk, Morgan Fainberg
Next by Date:	[lvs-users] Can't make LVS work on Centos 5, Amos Shapira
Previous by Thread:	Re: [lvs-users] LVS + Asterisk, Morgan Fainberg
Next by Thread:	[lvs-users] Monitoring traffic, Thomas Pedoussaut
Indexes:	[Date] [Thread] [Top] [All Lists]