Ryan, Thanks for your feedback! See inline: On Tue, Jun 19, 2018 at 12:20:40PM -0700, Ryan Delgrosso wrote:
As you well know i have been working on a platform, and started off using Kamailio as my edge proxy, but was pragmatically forced to pivot to OpenSIPS as it could do more SBC-flavored things, which it seems the Kamailio community find less than savory.
Some and not others.
Of major note is the mid-registrar module, which allowed for short-re-reg intervals on the outside for nat traversal, with long core intervals to alleviate load, while also exposing a directly adjacent contact to the core switch without the need for the core to support such esoteric measures as the path header. This is crucial when supporting commercial registrars such as broadsoft or a metaswitch (and to a lesser extent freeswitch which only KINDA supports path) which are written expecting the commercial SBC behavior of adjacent contacts.
Indeed, and I made mention in the article. I have reason to believe Kamailio will have a comparable solution in the foreseeable future.
Abandoning SIP over UDP is a major topic for me these days. Once upon a time SBC's were a great place to prune packets to limbo under the 1500 byte MTU bar, but as we all know this is a losing battle with the bloating of SDP's and the supported header, and can cause random breakage. Furthermore with the internet at large becoming increasingly hostile towards UDP as a transport due to the massive DDOS possibilities many UDP protocols offer, the sip over udp client space is becoming increasingly difficult. Moving access-side to TCP offers literally nothing but upside, with one exception, failover, as you well identified. Of course an open-source SBC in software carried with it the possibility for automation and orchestration, and if you go TCP, then there's literally no excuse to not encrypt everywhere and go TLS with LetsEncrypt. TLS signaling also carries the benefit of carving through ALG's and anti-competitive ISP practices.
I don't think most of the ITSP industry has moved to that insight yet, although anecdotally, it appears that the metastasis of increasingly tenacious ALGs is creating a NAT support crisis.
Im still a proponent of UDP in the core, where jumbo-framing can be guaranteed, as it allows for easier fail-over of core elements mid-dialogue, and eliminates cumbersome state tracking inside a trusted core.
I would agree with that. -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/