[asterisk-users] Selective canreinvite in multi-tenant environment

Olle E. Johansson oej at edvina.net
Tue Sep 1 03:58:28 CDT 2009 

1 sep 2009 kl. 05.18 skrev John A. Sullivan III:

> On Thu, 2009-08-27 at 14:23 -0400, John A. Sullivan III wrote:
>> Hello, all.  In our multi-tenant environment, we would like to be  
>> able
>> to use the reinvite media redirection within Asterisk for calls  
>> within a
>> tenant but not between tenants.  We would like inter-tenant calls  
>> to be
>> fully proxied by the Asterisk server.  I think the answer is, "we
>> can't," but I thought I'd ask anyway.
>>
>> I'd dearly like to remove the substantial traffic associated with
>> intra-tenant traffic from the Asterisk server and reduce the
>> intra-tenant latency by doing so.  However, I am very, very  
>> hesitant to
>> allow our VPN connections to tenants to function as a router between
>> tenants allowing one tenant to directly access phones on another  
>> tenant
>> (that's not as wild as it sounds because of our use of the ISCS  
>> project
>> - iscs.sourceforge.net).
>>
>> Since the tenants are all connecting via VPN, we are using RFC1918
>> addresses and no NAT is involved thus the canreinvite=nonat option  
>> does
>> not help us.  If we set canreinvite=nonat, that will allow for
>> intra-tenant direct media but, if one tenant tries to call another  
>> via
>> SIP, it will redirect the media at the Asterisk level but the packets
>> will be dropped at the firewall / router level (or sooner as there  
>> may
>> be no route to the destination) and the call will connect but with no
>> sound.
>>
>> Any guidance would be greatly appreciated.  Thanks - John
>
> As mentioned in another post, we were able to solve this by setting  
> a w
> dial option to all inbound SIP calls from the Internet.  Thus, all
> internal calls could reinvite but external calls could not.
>
> However, just when we thought this was working splendidly well, we
> turned up another roadblock - transfers.  We find that once we  
> transfer
> a call using our Snom phones, the call between the new call partners
> does not seem bound by the "w" constraint, Asterisk tries to reinvite
> the call, and the audio breaks because the firewall cannot associate  
> the
> new RTP stream with a SIP session.
>
> How have others gotten around the problem of transfers causing  
> reinvites
> on calls which should not allow reinvites? Thanks - John

I think this is an issue that needs some code to solve it, so you can  
set a variable in the dialplan that prevents remote RTP bridges  
(reinvited media). Contact me off list if you're interested in  
sponsoring such development.

/O

More information about the asterisk-users mailing list