[asterisk-users] Selective canreinvite in multi-tenant environment

[John A. Sullivan III]

Hello, all.  In our multi-tenant environment, we would like to be able
to use the reinvite media redirection within Asterisk for calls within a
tenant but not between tenants.  We would like inter-tenant calls to be
fully proxied by the Asterisk server.  I think the answer is, "we
can't," but I thought I'd ask anyway.

I'd dearly like to remove the substantial traffic associated with
intra-tenant traffic from the Asterisk server and reduce the
intra-tenant latency by doing so.  However, I am very, very hesitant to
allow our VPN connections to tenants to function as a router between
tenants allowing one tenant to directly access phones on another tenant
(that's not as wild as it sounds because of our use of the ISCS project
- iscs.sourceforge.net).

Since the tenants are all connecting via VPN, we are using RFC1918
addresses and no NAT is involved thus the canreinvite=nonat option does
not help us.  If we set canreinvite=nonat, that will allow for
intra-tenant direct media but, if one tenant tries to call another via
SIP, it will redirect the media at the Asterisk level but the packets
will be dropped at the firewall / router level (or sooner as there may
be no route to the destination) and the call will connect but with no
sound.

Any guidance would be greatly appreciated.  Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society