|Summary:||ASTERISK-09965: Chan SIP and ACL Source Based Routing|
|Date Opened:||2007-07-26 18:22:42||Date Closed:||2011-07-26 15:08:39|
|Description:||If asterisk is connected to two ISP connections statically. SIP registrations fail and ACL reports cannot connect. Asterisk uses the routing table and does not pass a source ip to the table and all routing will default to the default route or gateway. If a SIP registration comes in on ISP1 and the default route is for ISP2 then any and all responses go out ISP2. |
****** ADDITIONAL INFORMATION ******
Using source based routing as outlined in
http://lartc.org/howto/lartc.rpdb.multiple-links.html . I have been able
to successfully set up sourced based routing using the operating system. And other applications worked fine, including apache, ssh, etc.
I was hopeful to think that this would have fixed my problem but I have
found that Asterisk does not pass the source address information for
responses. Instead Asterisk ends up using the default route if there id one and nothing if there is not. The following errors are received:
[Jun 25 12:58:11] WARNING: acl.c:385 ast_ouraddrfor: Cannot
[Jun 25 12:58:11] WARNING: chan_sip.c:1770 __sip_xmit: sip_xmit of
0x40162ca8 (len 461) to 220.127.116.11:5060 returned -2: Network is
|Comments:||By: Olle Johansson (oej) 2007-11-06 02:29:12.000-0600|
I think this is a duplicate bug report, it's been an open case for a very long time.
By: Sergey Tamkovich (sergee) 2008-01-06 02:46:24.000-0600
i think this is the same issue as 0009225
By: Stefano Brandimarte (stevens) 2008-02-27 08:46:58.000-0600
sergee: they seem to be different to me.
This report is related to a lack of a (very useful) feature where chan_sip
isn't able to use a specific address for a specific link.
Something like "sourceaddress" is for chan_iax2.
If the asterisk box is behind a NAT it could be even more problematic,
due to the fact that "externip" is a single value for every outbound
connection. So multi-homed connections aren't possible.
Am I wrong on this (maybe since I'm not exactly up-to-date on the latest changes/additions)?
By: Joshua C. Colp (jcolp) 2008-03-11 15:14:46
This is a known issue with the way chan_sip deals with networking and will be solved in a future 1.6 release.
By: JonBFS (bfsworks) 2008-03-11 17:10:26
Is this confirmed to be fixed in 1.6? Has the progression towards a fix started with 1.6 or is it scheduled? Thanks for any input into this issue.
By: Joshua C. Colp (jcolp) 2008-03-11 17:17:16
Well, I have already started working on a gneneral network API for everything to use that will solve this, and that will go into a future 1.6 release but I can't say one as I do not know.
By: Joshua C. Colp (jcolp) 2008-04-14 13:37:03
Suspending as something that is acknowledged and will be fixed in a future 1.6 release.
By: JonBFS (bfsworks) 2008-06-05 11:36:33
Only reopening issue to keep alive and I have not found any other reference to the new network API except for here, at least that will handle this specific problem.
I would like to confirm the status of the 1.6 network API that will resolve source based routing.
By: David Woolley (davidw) 2008-06-06 05:44:12
The big difference between Asterisk and ssh/Apache, is that the latter use TCP, so there is a connection which has a source address associated with it. VoIP mainly uses UDP, for which you have to be much more explicit about source address. If you bind a socket to INADDR_ANY, for TCP, the source address for replies on the socket will be the destination address used to establish the incoming connection, without any explicit action, but there are no connections for UDP, so you need to choose a socket that is bound to the specific address.
This sort of poor man's multihoming without proper autonomous system numbers and supporting routing protocols wasn't part of the original IP routing concept.
Thus, for sshd and Apache, you don't need to do anything in the code, but for VoIP you need to design specifically for this scenario.
By: Joshua C. Colp (jcolp) 2008-06-10 09:57:38
The network API is still being worked on and will be in a future 1.6 release.
By: JonBFS (bfsworks) 2008-10-13 19:51:18
After reviewing: http://svn.digium.com/view/asterisk/trunk/CHANGES?view=markup. I noticed there has not been any advancement in a network API supporting source based routing. This would be a major advancement of the use of asterisk in a WAN environment. Any thoughts or updates?
By: Leif Madsen (lmadsen) 2008-10-21 22:53:13
No updates at this time.
By: Joshua C. Colp (jcolp) 2008-12-10 09:01:49.000-0600
This is a known issue and previously mentioned and will be fixed in an upcoming 1.6 release.
By: JonBFS (bfsworks) 2009-06-02 12:45:07
Looking to help or have someone look that the development of the mentioned general network API. Is the development code available to test or comment on? Please point the direction to the work in progress or update as to the status. Thanks.
By: Joshua C. Colp (jcolp) 2009-06-02 12:52:43
There has been no progress made as of yet, this is/was being done as part of the IPv6 work and that has not yet been brought up to date. It continues to be on the list of things.
By: JonBFS (bfsworks) 2010-03-07 12:24:53.000-0600
Any updates on this, 1.6 is fully evolving and I have not seen this make an appearance. Creating asterisk to use all these protocols and codecs and cross compatibility/interoperability but it can only route over a DEFAULT IP route?
By: lancey (lancey) 2010-09-14 05:00:51
I'm having a machine which has a secondary IP address used for voice traffic only. When I have chan_sip bind to it, all works fine. But now I have to add a dedicated VLAN for direct communication with one of our peers. In order for asterisk to use that, I have to tell it to bind to 0.0.0.0, but then some of the other peers connecting through the dedicated voice IP address fail, because asterisk replies from the wrong IPs.
Is there any progress on the multiple bind issue, or is there anything else I can do in this case (despite running another instance of asterisk and connect both of them)?
By: Leif Madsen (lmadsen) 2010-09-14 14:51:01
I don't believe anything has been done to correct for that really. This is starting to sound like a feature request to me, but we'll triage it and figure out what to do with it.
By: Leif Madsen (lmadsen) 2011-07-26 15:08:34.447-0500
Suspended due to lack of activity. Please request a bug marshal in #asterisk-bugs on the IRC network irc.freenode.net to reopen the issue should you have the additional information requested. Further information can be found at http://www.asterisk.org/developers/bug-guidelines
By: JonBFS (bfsworks) 2013-05-06 20:41:40.094-0500
I know this has been closed for while but I did notice at recent discussion with Kevin thread here: http://lists.digium.com/pipermail/asterisk-users/2012-July/273429.html
Any updates or knowledge on this issue? Thanks!
By: JonBFS (bfsworks) 2014-09-05 13:59:23.290-0500
Any new issues opened on this ticket or any roadmap?