[VoiceOps] New blog article: Kamailio as an SBC - five years on

Alex Balashov abalashov at evaristesys.com
Tue Jun 19 15:24:17 EDT 2018


Ryan,

Thanks for your feedback!

See inline:

On Tue, Jun 19, 2018 at 12:20:40PM -0700, Ryan Delgrosso wrote:

> As you well know i have been working on a platform, and started off
> using Kamailio as my edge proxy, but was pragmatically forced to pivot
> to OpenSIPS as it could do more SBC-flavored things, which it seems
> the Kamailio community find less than savory.

Some and not others. 

> Of major note is the mid-registrar module, which allowed for short-re-reg
> intervals on the outside for nat traversal, with long core intervals to
> alleviate load, while also exposing a directly adjacent contact to the core
> switch without the need for the core to support such esoteric measures as
> the path header. This is crucial when supporting commercial registrars such
> as broadsoft or a metaswitch (and to a lesser extent freeswitch which only
> KINDA supports path) which are written expecting the commercial SBC behavior
> of adjacent contacts.

Indeed, and I made mention in the article.

I have reason to believe Kamailio will have a comparable solution in
the foreseeable future.

> Abandoning SIP over UDP is a major topic for me these days. Once upon
> a time SBC's were a great place to prune packets to limbo under the
> 1500 byte MTU bar, but as we all know this is a losing battle with the
> bloating of SDP's and the supported header, and can cause random
> breakage. Furthermore with the internet at large becoming increasingly
> hostile towards UDP as a transport due to the massive DDOS
> possibilities many UDP protocols offer, the sip over udp client space
> is becoming increasingly difficult. Moving access-side to TCP offers
> literally nothing but upside, with one exception, failover, as you
> well identified. Of course an open-source SBC in software carried with
> it the possibility for automation and orchestration, and if you go
> TCP, then there's literally no excuse to not encrypt everywhere and go
> TLS with LetsEncrypt. TLS signaling also carries the benefit of
> carving through ALG's and anti-competitive ISP practices.

I don't think most of the ITSP industry has moved to that insight yet,
although anecdotally, it appears that the metastasis of increasingly
tenacious ALGs is creating a NAT support crisis.

> Im still a proponent of UDP in the core, where jumbo-framing can be
> guaranteed, as it allows for easier fail-over of core elements
> mid-dialogue, and eliminates cumbersome state tracking inside a
> trusted core.

I would agree with that.

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/


More information about the VoiceOps mailing list