asterisk users - Feb 2014 - Telco with multipe SIP servers

Hi!

My telco is Deutsche Telekom and they got about 30 SIP servers right now. 
Currently I've set up a template for incoming calls in sip.conf and added 
each SIP server by it's IP address like this:

[DTAG-in-1](DTAG-in-template)
host=217.0.16.103

...

[DTAG-in-30](DTAG-in-template)
host=217.0.20.99

I've done that to improve security and to be able to assign all calls 
coming in via Deutsche Telekom to a dedicated dialplan context. 
Unfortunately this approach is not scalable and it's a PITA to maintain a 
list of server IP addresses since Deutsche Telekom will get more SIP 
servers in the future. They've started to migrate the classic POTS/ISDN 
network to VoIP, the goal is get it done by 2016. Customers with DSL get 
VoIP directly, i.e. they need SIP phones or a SIP PBX, and customers with 
a phone line only are converted by the MSAN. And they don't provide an 
official list of the SIP servers :-( By some reverse engineering I found 
out that all SIP servers are within a specific subnet. Is there any way to 
match peers by subnet(s) instead of FQDNs or single IP addresses? If not, 
it would be a feature really needed to be able to cope with telcos running 
multiple or tons of SIP servers.

cu, Markus
-- 
/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:240/1661 \
\                / \                             / \                    /

On 2/2/14, 9:42 AM, Markus Reschke wrote:
> Hi!
>
> My telco is Deutsche Telekom and they got about 30 SIP servers right 
> now. Currently I've set up a template for incoming calls in sip.conf 
> and added each SIP server by it's IP address like this:
>
> [DTAG-in-1](DTAG-in-template)
> host=217.0.16.103
>
> ...
>
> [DTAG-in-30](DTAG-in-template)
> host=217.0.20.99
>
> I've done that to improve security and to be able to assign all calls 
> coming in via Deutsche Telekom to a dedicated dialplan context. 
> Unfortunately this approach is not scalable and it's a PITA to 
> maintain a list of server IP addresses since Deutsche Telekom will get 
> more SIP servers in the future. They've started to migrate the classic 
> POTS/ISDN network to VoIP, the goal is get it done by 2016. Customers 
> with DSL get VoIP directly, i.e. they need SIP phones or a SIP PBX, 
> and customers with a phone line only are converted by the MSAN. And 
> they don't provide an official list of the SIP servers :-( By some 
> reverse engineering I found out that all SIP servers are within a 
> specific subnet. Is there any way to match peers by subnet(s) instead 
> of FQDNs or single IP addresses? If not, it would be a feature really 
> needed to be able to cope with telcos running multiple or tons of SIP 
> servers.
I agree this would be a great feature to have.  We have Voxbone DIDs, 
and keeping track of 60+ SIP Addresses they have is a
PITA.
>
> cu, Markus

-- 
Technical Support
http://www.cellroute.net

On 14-02-02 10:42 AM, Markus Reschke wrote:
> Hi!
Greetings,

<snip>
> I've done that to improve security and to be able to assign all calls
> coming in via Deutsche Telekom to a dedicated dialplan context.
> Unfortunately this approach is not scalable and it's a PITA to maintain
> a list of server IP addresses since Deutsche Telekom will get more SIP
> servers in the future. They've started to migrate the classic POTS/ISDN
> network to VoIP, the goal is get it done by 2016. Customers with DSL get
> VoIP directly, i.e. they need SIP phones or a SIP PBX, and customers
> with a phone line only are converted by the MSAN. And they don't
provide
> an official list of the SIP servers :-( By some reverse engineering I
> found out that all SIP servers are within a specific subnet. Is there
> any way to match peers by subnet(s) instead of FQDNs or single IP
> addresses? If not, it would be a feature really needed to be able to
> cope with telcos running multiple or tons of SIP servers.
Mucking in chan_sip to add this functionality is not something I'd
really want to do... matching there is complicated and anything to do
with chan_sip is prone to introducing some sort of regression. If we
were to add that feature it would certainly require tons of tests.

That being said...

When I was doing the new SIP channel driver for 12 (chan_pjsip) I knew
people would want this functionality and due to the way it's architected
there it was very easy to do. You can specify IP addresses and subnets
and they all get mapped back to a single entity (called an endpoint in
chan_pjsip).

I'm sorry this doesn't help you right now with chan_sip but I just
wanted to show that the future is bright and that we do listen. ^_^

Cheers,

-- 
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org

Markus,

We are developing an Asterisk intrusion detection & prevention tool which
will allow you to limit connections by geographic region
(continent/country/region/city), and include/exclude IP subnets, etc.

If you are interested let me know off-list (we're looking for beta
testers!).

Michelle

________________________________________
From: asterisk-users-bounces at lists.digium.com [asterisk-users-bounces at
lists.digium.com] On Behalf Of Markus Reschke [madires at theca-tabellaria.de]
Sent: Sunday, February 02, 2014 9:42 AM
To: Asterisk Users List
Subject: [asterisk-users] Telco with multipe SIP servers

Hi!

My telco is Deutsche Telekom and they got about 30 SIP servers right now.
Currently I've set up a template for incoming calls in sip.conf and added
each SIP server by it's IP address like this:

[DTAG-in-1](DTAG-in-template)
host=217.0.16.103

...

[DTAG-in-30](DTAG-in-template)
host=217.0.20.99

I've done that to improve security and to be able to assign all calls
coming in via Deutsche Telekom to a dedicated dialplan context.
Unfortunately this approach is not scalable and it's a PITA to maintain a
list of server IP addresses since Deutsche Telekom will get more SIP
servers in the future. They've started to migrate the classic POTS/ISDN
network to VoIP, the goal is get it done by 2016. Customers with DSL get
VoIP directly, i.e. they need SIP phones or a SIP PBX, and customers with
a phone line only are converted by the MSAN. And they don't provide an
official list of the SIP servers :-( By some reverse engineering I found
out that all SIP servers are within a specific subnet. Is there any way to
match peers by subnet(s) instead of FQDNs or single IP addresses? If not,
it would be a feature really needed to be able to cope with telcos running
multiple or tons of SIP servers.

cu, Markus
--
/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:240/1661 \
\                / \                             / \                    /

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

On 02/02/14 14:42, Markus Reschke wrote:
> Hi!
>
> My telco is Deutsche Telekom and they got about 30 SIP servers right 
> now. Currently I've set up a template for incoming calls in sip.conf 
> and added each SIP server by it's IP address like this:
>
> [DTAG-in-1](DTAG-in-template)
> host=217.0.16.103
>
> ...
>
> [DTAG-in-30](DTAG-in-template)
> host=217.0.20.99
>
> I've done that to improve security and to be able to assign all calls 
> coming in via Deutsche Telekom to a dedicated dialplan context. 
> Unfortunately this approach is not scalable and it's a PITA to 
> maintain a list of server IP addresses since Deutsche Telekom will get 
> more SIP servers in the future. They've started to migrate the classic 
> POTS/ISDN network to VoIP, the goal is get it done by 2016. Customers 
> with DSL get VoIP directly, i.e. they need SIP phones or a SIP PBX, 
> and customers with a phone line only are converted by the MSAN. And 
> they don't provide an official list of the SIP servers :-( By some 
> reverse engineering I found out that all SIP servers are within a 
> specific subnet. Is there any way to match peers by subnet(s) instead 
> of FQDNs or single IP addresses? If not, it would be a feature really 
> needed to be able to cope with telcos running multiple or tons of SIP 
> servers.
>
> cu, Markus
You could consider making use of opensips. We use it for inbound sip 
connections and its fairly easy to get it to perform a database lookup 
against a connecting IP address and pull out a record and pass that onto 
Asterisk using a custom header. Asterisk can then trust connections from 
opensips and you can read in the custom header and have the dialplan 
decide what to do based upon the value.