[Freeswitch-users] Authorizations when using DNS SRV bug?

Raymond Chandler intralanman at freeswitch.org
Thu Aug 20 10:54:58 PDT 2009 

On Aug 20, 2009, at 1:28 PM, Carlos S. Antunes wrote:

> Hello!
>
> I am using Callcentric for my tests and have observed what appears  
> to me
> a possible bug in the way Freeswitch handles DNS SRV records.
>
> Callcentric uses DNS SRV records as a way to direct traffic to their  
> SIP
> server. A 'srv' 'dig' of '_sip._udp.callcentric.com' returns:
>
> _sip._udp.callcentric.com. 10025 IN     SRV     20 7 5080
> alpha6.callcentric.com.
> _sip._udp.callcentric.com. 10025 IN     SRV     20 7 5080
> alpha7.callcentric.com.
> _sip._udp.callcentric.com. 10025 IN     SRV     20 7 5080
> alpha1.callcentric.com.
> _sip._udp.callcentric.com. 10025 IN     SRV     20 7 5080
> alpha3.callcentric.com.
>
> Based on this information, Freeswitch appears to correctly round robin
> all available IP addresses except in a particular situation: in the
> middle of authorizations.
>

very true, but i've been reading over the RFCs on this, and it seems  
that FreeSWITCH isn't doing anything incorrectly.

in RFC3263 (section 4), when talking about client usage of SRV:
The procedures here MUST be done exactly once per transaction, where  
transaction is as defined in [1].
[1] being RFC3261

in RFC3261 (section 8.1.3.5), when talking about 4xx responses:
In all of the above cases, the request is retried by creating a new
    request with the appropriate modifications.  This new request
    constitutes a new transaction and SHOULD have the same value of the
    Call-ID, To, and From of the previous request, but the CSeq should
    contain a new sequence number that is one higher than the previous.

> For example, in a registration, Freeswitch send a packet to
> alpha1.callcentric.com. Callcentric then challenges Freeswitch with a
> Proxy Authorization request. Freeswitch then sends the packet with the
> requested credentials but not necessarily to alpha1.callcentric.com!  
> In
> many cases, instead of sticking to the 'challenging' server,  
> Freeswitch
> round robins and sends the second packet to, one of the other servers.
> This continues for a little while and eventually, simply by luck, the
> second packet is sent to the 'challenging' Callcentric server.
>
> Shouldn't Freeswitch stick to the same server when challenged for
> credentials?

can you show anything in the RFCs that says so?



> Is this a bug?

see above



> Is there a way to make Freeswitch behave
> differently?
disable-srv on the profile



All that said, if it has to be a "bug", then it seems to me that it's  
more of a "bug" in callcentric's service. They'd probably be better of  
actually prioritizing their SRV records. If they want load balancing  
and want to do checking for stale nonces, then they should be sharing  
nonces across all of their proxies or using a proper load balancer.


Raymond Chandler
     http://freeswitchsolutions.com
     http://cluecon.com
     http://cudatel.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090820/c73c9821/attachment-0002.html

More information about the FreeSWITCH-users mailing list