[asterisk-users] Selective canreinvite in multi-tenant environment

John A. Sullivan III jsullivan at opensourcedevel.com
Mon Aug 31 22:18:35 CDT 2009 

On Thu, 2009-08-27 at 14:23 -0400, John A. Sullivan III wrote:
> Hello, all.  In our multi-tenant environment, we would like to be able
> to use the reinvite media redirection within Asterisk for calls within a
> tenant but not between tenants.  We would like inter-tenant calls to be
> fully proxied by the Asterisk server.  I think the answer is, "we
> can't," but I thought I'd ask anyway.
> 
> I'd dearly like to remove the substantial traffic associated with
> intra-tenant traffic from the Asterisk server and reduce the
> intra-tenant latency by doing so.  However, I am very, very hesitant to
> allow our VPN connections to tenants to function as a router between
> tenants allowing one tenant to directly access phones on another tenant
> (that's not as wild as it sounds because of our use of the ISCS project
> - iscs.sourceforge.net).
> 
> Since the tenants are all connecting via VPN, we are using RFC1918
> addresses and no NAT is involved thus the canreinvite=nonat option does
> not help us.  If we set canreinvite=nonat, that will allow for
> intra-tenant direct media but, if one tenant tries to call another via
> SIP, it will redirect the media at the Asterisk level but the packets
> will be dropped at the firewall / router level (or sooner as there may
> be no route to the destination) and the call will connect but with no
> sound.
> 
> Any guidance would be greatly appreciated.  Thanks - John

As mentioned in another post, we were able to solve this by setting a w
dial option to all inbound SIP calls from the Internet.  Thus, all
internal calls could reinvite but external calls could not.

However, just when we thought this was working splendidly well, we
turned up another roadblock - transfers.  We find that once we transfer
a call using our Snom phones, the call between the new call partners
does not seem bound by the "w" constraint, Asterisk tries to reinvite
the call, and the audio breaks because the firewall cannot associate the
new RTP stream with a SIP session.

How have others gotten around the problem of transfers causing reinvites
on calls which should not allow reinvites? Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

More information about the asterisk-users mailing list