Any Advice on HA setup with keepalived and postgreSQL streaming DB

[Joeviking]

Good day Everyone

Ok i have setup keepalived on 2 nodes
XX.XX.XX.114
XX.XX.XX.115
with floating ip of
XX.XX.XX.116

With testing i find that when i forward port 5060-5090 on XX.XX.XX.114 phones register and works
when i forward ports 5060-5090 on XX.XX.XX.116 nothing will register

sngrep
Shows the phones trying to register but they just don't get a reply from the server.

For the life of me i can't figure this out

my Setup
2 Virtual machines "nodes" on Synology
Synology firewall off
ufw installed and ports forwarded
i have a shitty router that does not have full cone NAT so the calls don't work correctly that's fine the setup will go into a production environment anyway.

Any help or criticism much appreciated lol

Regards

 

[Joeviking]

Can i share my wireshark notes

 

[hfoster]

Sure, why are you forwarding 5060 to 5090 though? By default, the only internal port is 5060, and 5061 if you have set up TLS.

 

[Joeviking]

Sure, why are you forwarding 5060 to 5090 though? By default, the only internal port is 5060, and 5061 if you have set up TLS.

Well that's what the website suggested i have changed it to your suggestion now tnx

 

[Joeviking]

Can absolutely none tell me why only http requests gets sent over keepalived?

 

[hfoster]

You might have to create a SIP profile on each PBX that uses the floating IP as the SIP/RTP address. I imagine there's freeswitch logs which state registrations on domains that don't exist. I've never used keepalived (well, for anything other than http), so I'm not entirely sure myself.

 

[Joeviking]

You might have to create a SIP profile on each PBX that uses the floating IP as the SIP/RTP address. I imagine there's freeswitch logs which state registrations on domains that don't exist. I've never used keepalived (well, for anything other than http), so I'm not entirely sure myself.

Tnx for the reply. I really appreciate it. Issue is that it won't even register the device within my local network. with the proxy and sip server address set to the VIP. weird.

 

[hfoster]

FreeSwitch won't let you register to a domain it doesn't know about, in this case presumably the VIP. It should end up, ideally with domain names:

Server Address: sip.example.com (configured on both fusionpbx servers, probably via pgsql mirroring)
Outbound Proxy: proxy.example.com (your virtual IP)

I *think* Freeswitch will sort the IP translation out automatically.

 

[Joeviking]

FreeSwitch won't let you register to a domain it doesn't know about, in this case presumably the VIP. It should end up, ideally with domain names:

Server Address: sip.example.com (configured on both fusionpbx servers, probably via pgsql mirroring)
Outbound Proxy: proxy.example.com (your virtual IP)

I *think* Freeswitch will sort the IP translation out automatically.

Fantastic let me try that

 

[Joeviking]

FreeSwitch won't let you register to a domain it doesn't know about, in this case presumably the VIP. It should end up, ideally with domain names:

Server Address: sip.example.com (configured on both fusionpbx servers, probably via pgsql mirroring)
Outbound Proxy: proxy.example.com (your virtual IP)

I *think* Freeswitch will sort the IP translation out automatically.

Great Tnx for the help got the failover part to work

 

[Joeviking]

FreeSwitch won't let you register to a domain it doesn't know about, in this case presumably the VIP. It should end up, ideally with domain names:

Server Address: sip.example.com (configured on both fusionpbx servers, probably via pgsql mirroring)
Outbound Proxy: proxy.example.com (your virtual IP)

I *think* Freeswitch will sort the IP translation out automatically.

Hi, hope all is well. Please can i ask you a question regarding this issue again. So i have tested the theory internally by changing my internal sip profile with my VIP ip address also a private ip. It works well. now when i create a domain and try to register it won't. Where am i going wrong here? Should both my instances have public facing ip's and my VIP be my public facing ip that will be used for fqdn? and then change my internal sip profile settings to my public facing ip/VIP? how can i test this with private ip's? how would i go about setting up my sip profiles to still accept domain name registrations when my sip profile ip address have been changed to my VIP ip. Thank you for all the help. Kind regards

 

[hfoster]

Keepalived is using VRRP, so everything has to be on the same layer 3 network. You have to remember that SIP the protocol uses FQDNs for a lot more than just the initial DNS lookup. If at any point you find yourself using IP addresses in SIP configuration, you know it's not going to float around or move.

Server 1: 10.0.0.1
Server 2: 10.0.0.2
Virtual IP: 10.0.0.250

(NAT, port forward 5060,5080 to 10.0.0.250)

In my above example, I think you could get away with not bothering about the proxy.example.com domain. Just ensure that a domain like: sip.example.com exists on both servers. (Old habit, we used to not bother creating domains for SIP domains). You would have to make use of split brain DNS if you have phones inside that network too so inside:

Inside: sip.example.com: 10.0.0.250
Outside: sip.example.com: 198.51.100.1

Anyway, the point is, whatever you end up doing make sure you do it with DNS.

In fact, most people do SIP failover with DNS SRV records anyway and forget about VRRP and others. There's an entire subsection of this forum dedicated to HA solutions.