[SR-Users] nathelper: ping options over tcp

Daniel-Constantin Mierla miconda at gmail.com
Wed Apr 5 14:45:44 CEST 2017 

Hello,

if it happens also between INVITE and 200ok or between 200ok and the
ACK, then very likely sending the OPTIONS will not help. Probably the
far end routers have a broken implementation of NAT.

Is this happening only for a specific group of users, or happens
randomly for different users?

Cheers,
Daniel


On 05.04.17 14:25, Abdoul Osséni wrote:
> Hello,
>
> Thanks for this feedback.
>
> Here the description of the issue I am trying to solve.
>
> I use already tcp_keepalive.
>
> Call flow is:
> UACs --> Nat device --> Kamailio
>
> Transport protocol is TLS.
>
> Kamailio sends TCPs keepalive (tcp_keepalive option) to the softphone
> located behind the nat devices in order to prevent disconnection due
> to network inactivity.
> In most cases I have the expected behavior, I do not have any problems.
>
> I think somes NAT devices don't properly handle TCPs keepalive because
> they close the connection after TCP keepalives.
> I have always this issue with NAT devices using VSS-Monitoring protocol.
>
> A network capture shows:
> - Kamailio sends a tcp keepalive 
> - The NAT device sends a tck keepalive ACK to Kamailio with a new
> filed : vss-monitoring
> Frame 70: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
> Linux cooked capture
> Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x
> Transmission Control Protocol, Src Port: 13178, Dst Port: 443, Seq:
> 2752, Ack: 6214, Len: 0
> *VSS-Monitoring ethernet trailer, Source Port: 0*
> *Src Port: 0*
>
> - Kamailio received then a TCP from the NAT device that notifies the
> closure of the connection.
>
> Frame 73: 87 bytes on wire (696 bits), 87 bytes captured (696 bits)
> Linux cooked capture
> Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x
> Transmission Control Protocol, Src Port: 13178, Dst Port: 443, Seq:
> 3436, Ack: 6214, Len: 31
> Secure Sockets Layer
>     TLSv1.2 Record Layer: Alert (Level: Warning, Description: Close
> Notify)
>         Content Type: Alert (21)
>         Version: TLS 1.2 (0x0303)
>         Length: 26
>         Alert Message
>             Level: Warning (1)
>             Description: Close Notify (0)
> - After a FIN ACK sent to Kamailio by the NAT device, a new tcp
> three-way handshake is made again.
>
> Sometimes, I have this issue during the connection establishment that
> cause a problem of sending or receiving SIP messages (for examples 200
> OK and ACK).
>
>
> The advantage of the SIP ping options is a bidirectional traffic
> through NAT. I think in this case, my issue will be solved.
>
> Regards
> Abdoul OSSENI
>
> 2017-04-05 12:48 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>>:
>
>     Hello,
>
>     nathelper module does ping OPTIONS only for UDP.
>
>     For tcp/tls, there is transport layer keepalive:
>
>       -
>     https://www.kamailio.org/wiki/cookbooks/5.0.x/core#tcp_keepalive
>     <https://www.kamailio.org/wiki/cookbooks/5.0.x/core#tcp_keepalive>
>
>     What is the problem you are trying to solve with this? Maybe there
>     are some other options for it.
>
>     Cheers,
>     Daniel
>
>     On 31.03.17 13:03, Abdoul Osséni wrote:
>>     Hi,
>>
>>     Is it possible to send ping OPTIONS over tcp or tls?
>>
>>     If yes, could you me how?
>>
>>     Regards
>>     Abdoul.
>>
>>
>>     _______________________________________________
>>     SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>     sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>     <http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>
>     -- 
>     Daniel-Constantin Mierla
>     www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>     Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com <http://www.asipto.com>
>     Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170405/ab5ebe0a/attachment.html>

More information about the sr-users mailing list