Adjusting source IPs for Voiceless
MAINTENANCE Closed VoIP and SIMs
STATUS
Closed
CREATED
Apr 11, 08:50 AM (9¾ years ago)
AFFECTED
VoIP and SIMs
STARTED
Apr 12, 12:00 AM (9¾ years ago)
CLOSED
Apr 12, 08:42 AM (9¾ years ago)
REFERENCE
1920 / AA1920
INFORMATION
  • INITIAL
    9¾ years ago by Adrian

    Customers using our VoIP services will be aware that we have reserved 10 IPv4 addresses for all of our VoIP control traffic. For our current platform "Voiceless" these are also used for the media (RTP) traffic. This makes firewalling simpler, etc. Customers using asterisk will know that the config for these can be somewhat complex, listing 10 hostnames each for IPv4 and IPv6 as the way asterisk works is to look up an IP for a hostname, pick the first, and check that against the request IP address. Asterisk really needs fixing. For voiceless we have been using two addresses 81.187.30.111 and 81.187.30.112 as well as IPv6 addresses 2001:8b0:0:30::5060::1 and 2001:8b0:0:30::5060::2. We recently tried a slight change on the IPv6 addresses, and this caused some issues. What we are planning to do now, for the "voiceless" call servers is use two addresses per server for each of IPv4 and IPv6. These shall be 81.187.30.111 and 81.187.30.113 for the A server and 81.187.30.112 and 81.187.30.114 for the B server. You do not need to know if A or B. The additional two addresses will be used as "source" addresses for any request from these servers to you that need authentication. This allows asterisk to be configured separately for authenticated and unauthenticated requests. Requests may also come from other addresses within the published block when test servers are used, etc. We are also making the corresponding change to IPv6 addresses using :1 and :3 for the A server and :2 and :4 for the B server. We may adjust which IPs are which server at a future date as we also have to consider how we expand beyond the two servers in use currently. These IPs will be accessible via DNS as a.voiceless.aa.net.uk and a.auth.voiceless.aa.net.uk, and so on. If your existing asterisk config is working as per the recommendations, no changes will be needed. The wiki will be updated to explain how you can use these changes.

  • UPDATE
    9¾ years ago by James

    We have made changes this morning - these are slightly different to planned so as to allow for future expansion.

    A.voiceless 81.187.30.111 and 2001:8b0:0:30::5060:1

    A.Auth.voiceless 81.187.30.112 and 2001:8b0:0:30::5060:2

    B.voiceless 81.187.30.113 and 2001:8b0:0:30::5060:3

    B.Auth.voiceless 81.187.30.114 and 2001:8b0:0:30::5060:4

    I believe all of the necessary DNS changes have been made to match and allow existing configs to work.

  • UPDATE
    9¾ years ago by Adrian

    We have seen some issues with calls to registered phones coming from the auth'd address and this is being looked in to now.

  • UPDATE
    9¾ years ago by Adrian

    We tracked it down - and was a slight error in this mornings config. IPv4 was all coming from the auth address even if no authentication required. This would have had an impact on some calls to some devices not working properly during today.

  • Closed