[Spce-user] SPCE on AWS with both internal (VPC) and external endpoints

Barry Flanagan barry at flanagan.ie
Thu Oct 6 08:44:59 EDT 2016 

On 20 September 2016 at 07:30, Robert Cuaresma <rcuaresma at telcon.es> wrote:

> Hi Skyler,
>
>
>
> I have the same problem too. Do you know the solution? Please, can you
> tell us which will be the configuration for the custom.tt2?
>

I figured out a hack/solution until I work out a better way.

First off, copy /etc/default/ngcp-rtpengine-daemon
to /etc/ngcp-config/templates/etc/default/ngcp-rtpengine-daemon.customtt.tt2

This is needed, because otherwise the next steps will result in the
rtpengine failing to start - it appears that it will not allow a hostname
for its advertised IP. Copying the working rtpengine defaults into a
customtt ensures it keeps working.


Next, set up a DNS  entry for your sipwise host as a CNAME pointing to its
aws hostname, e.g.

sipwise.domain.com -> CNAME ec2-XX-XX-XX-XX.eu-west-1.compute.amazonaws.com

Now, edit your network.yml and change the "advertised_ip" setting replacing
your external IP with this newly create DNS host name like:

    eth0:
      advertised_ip:
        - sipwise.domain.com

Do an 'ngcpcfg apply'

Now, within AWS VPC, provided you are using the AWS resolver (which I think
is the default) your AWS hostname (
ec2-XX-XX-XX-XX.eu-west-1.compute.amazonaws.com in our example) will
resolve to the internal private IP address, while outside of AWS it will
resolve to the public IP.

As I said, a hack, but it works well enough for our dev environment until
AWS is fully supported.



-Barry Flanagan



>
> Thanks!
>
>
>
> Saludos,
>
> *Robert Cuaresma*
>
> *Dpto. Ingeniería de Clientes*
>
> <http://www.telcon.cat/soluciones-de-voz-en-la-nube-telcloud/>
>
> <http://www.telcon.cat/>
>
> c/Balmes, 8, plta.3 Dpcho. 6 D , 08291 Ripollet (Barcelona)
>
> Telf.:93.692.95.95  / Fax: 93.580.80.29
>
> Email: rcuaresma at telcon.es
>
> Web: www.telcon.es
>
> <http://www.telcon.cat/promociones/>
>
>
>
> **AVIS**
>
> Li informem que les seves dades personals que hi puguin constar en aquesta
> comunicació, estan incorporades en un fitxer propietat de TELCON, SA amb la
> finalitat de gestionar la relació negocial que ens vincula i informar-li
> dels nostres productes i serveis. Si desitja exercir els drets d’accés,
> rectificació, cancel·lació i oposició, es pot dirigir per escrit a: TELCON,
> SA, Carrer BALMES nº 8 Pis: 3 Pta.: 6, 08291, RIPOLLET, BARCELONA.
>
> En el cas que no desitgin rebre més informació sobre els serveis que
> oferim pot enviar-nos un missatge a la següent adreça de correu electrònic:
> telcon at telcon.es
>
> Aquest missatges es dirigeix exclusivament al seu destinatari o pot
> contenir informació privilegiada o confidencial. Si vostè no és el
> destinatari indicat, resta notificat de que la utilització, divulgació i/o
> còpia sense autorització està prohibida en virtut de la legislació vigent.
>
> Si ha rebut aquest missatge per error, preguem ens ho comuniqui
> immediatament per aquesta mateixa via i procedeixi a la seva destrucció.
>
>
>
> *De:* Spce-user [mailto:spce-user-bounces at lists.sipwise.com] *En nombre
> de *Skyler
> *Enviado el:* viernes, 16 de septiembre de 2016 13:58
> *Para:* Barry Flanagan <barry at flanagan.ie>
> *CC:* spce-user at lists.sipwise.com
> *Asunto:* Re: [Spce-user] SPCE on AWS with both internal (VPC) and
> external endpoints
>
>
>
> Yep. I know the problem well. Solution requires a custom.tt2
>
> If yer a SPCEpro client, then maybe that support can be more assistance.
> Or i could be persuaded to share/work on code if you were willing to do the
> same, in turn. ;)
>
> --Skyler
>
>
>
> On Sep 16, 2016 5:49 AM, "Barry Flanagan" <barry at flanagan.ie> wrote:
>
> On 16 September 2016 at 12:40, Skyler <skchopperguy at gmail.com> wrote:
>
> Hi,
>
> Ok you got me. I read the first paragraph. Usually when we say 'dev' it
> means "working into production" lol
>
>
>
> No, we run SPPro in production, but use a CE for testing/dev.
>
> VPC is a beast on its own. Sorry i gave up on it a while back. You'd
> thinknthey would just 'work' but i couldn't get it done. Thay was to reach
> a paying client even, many hours wasted for nothing.
>
>
>
> It would all be fine apart from the inability of any hosts in the VPC from
> accessing the Elastic IPs assigned to it.
>
>
>
> I got RTP working by changing the network.yml settings for eth1 to be
> rtp_aws and sip_aws and changing the prefs for this subscriber to set
> rtp_interface= 'aws' but still SPCE is sending the public IP in its Route
> and Contact header, so call is timing out because SPCE does not see the
> ACKs.
>
>
>
> -Barry
>
>
>
>
>
>
>
> --Skyler
>
>
>
> On Sep 16, 2016 5:14 AM, "Barry Flanagan" <barry at flanagan.ie> wrote:
>
> On 16 September 2016 at 11:41, Skyler <skchopperguy at gmail.com> wrote:
>
> You lost me at AWS.
>
>
>
> Haha, yeah. I did say it is only a dev box.
>
>
>
> -Barry
>
>
>
> --Skyler
>
>
>
> On Sep 16, 2016 3:47 AM, "Barry Flanagan" <barry at flanagan.ie> wrote:
>
> Hi,
>
>
>
> We are trying to move our SPCE dev platform to AWS. It works fine for
> external endpoints out of the box, using the advertised_address for the
> main interface.
>
>
>
> However, we also have some other endpoints in the same VPC and I can't get
> SPCE to not used the advertised_ip when it is communicating with the
> VPC-internal endpoints - it always advertises its elastic IP.
>
>
>
> I have created a second, eth1 interface for use with the VPC hosts, and my
> network.yml is as follows:
>
>
>
>     eth0:
>
>       advertised_ip:
>
>         - <My Elastic IP>
>
>       ip: 172.31.24.242
>
>       netmask: 255.255.240.0
>
>       type:
>
>         - web_ext
>
>         - sip_ext
>
>         - rtp_ext
>
>         - web_int
>
>         - ssh_ext
>
>     eth1:
>
>       ip: 172.31.58.136
>
>       netmask: 255.255.240.0
>
>       type:
>
>         - web_ext
>
>         - sip_ext
>
>         - rtp_ext
>
>         - web_int
>
>         - ssh_ext
>
>     interfaces:
>
>       - lo
>
>       - eth0
>
>       - eth1
>
>
>
>
>
> SPCE is communicating with the VPC hosts over eth1 as expected, but it is
> advertising the Elastic IP instead of 172.31.58.136. I tried adding an
> advertised_ip of 172.31.58.136 to eth1 as well to force it, but no go.
>
>
>
> If I were able to specify a hostname in advertised_ip I could make it work
> by manipulating DNS, but this does not seem to work as rtpengine complains
> "Invalid interface specification: ext"
>
>
>
> Any ideas?
>
>
>
> Thanks
>
>
>
>
>
> -Barry Flanagan
>
>
>
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
>
>
>
>
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20161006/cfe0e00c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 6590 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20161006/cfe0e00c/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13656 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20161006/cfe0e00c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10551 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20161006/cfe0e00c/attachment-0001.png>

More information about the Spce-user mailing list