Forum Discussion

Blake_Douglas_1's avatar
Blake_Douglas_1
Icon for Nimbostratus rankNimbostratus
Jul 01, 2015

SIP SDP::media conn <media-index> “new value” re-write command not working</media-index>

Hi,

 

I'm testing the below irule to NAT SIP signalling and media through an LTM and am finding that the command used to re-write the SDP media IP address is not actually replacing the existing value but appending an additional value.

 

Load-Balance-Outbound-SIP-Voice-Traffic-Signalling-AND-Media-with-SNAT

 

If anyone has any advice I'd greatly appreciate it...

 

This is the code from the irule:

 

 COMMENT OUT THE BELOW LINE TO DISABLE RTP (MEDIA STREAM) ROUTING THROUGH THE F5
121
         Modify SDP Media (Outbound - Connection Address)
122
        if { [SDP::media count] > 0 } then {
123
            SDP::media conn 0 "IN IP4 [table lookup -subtable [SIP::call_id] source_outside]"
124
        }

It should re-write the media v4 IP address with the virtual server IP that the SIP client connected to. The replacement value doesn't matter, it could be written directly into the rule as 1.1.1.1 instead of a dynamic table lookup as used here, the result is the same. Instead of replacing the value it is appending a second media IP.

 

Since it's appending instead of replacing the media IP, the result is that I cannot NAT the RTP through the LTM using an iRule because the SIP endpoints are using the first media IP address they see.

 

Here's a packet capture showing the original and appended media IP's after the iRule. 2.2.2.2 is the SIP client, 3.3.3.3 is the F5 Virtual Server IP, 4.4.4.4 is the internal IP address of the media server which should be replaced with the Virtual Server IP of 3.3.3.3.

 

"c=IN IP4" are the two lines of concern:

 

SIP/2.0 200 OK
Via: SIP/2.0/UDP 2.2.2.2:50403;branch=z9hG4bK-524287-1---d6856d5b5b914e76;rport;received=2.2.2.2:50403
From: "9001";tag=98959c48
Call-ID: 76589NTg5YTM2NjgwMTE3ZDdkZDljNTIyYmVhMjkyODkzZDk
CSeq: 1 INVITE

To: ;tag=002B0AAC-48F9-1592-AE96-0101007FAA77-139
Contact: 

v=0
o=- 1435650662 1 IN IP4 4.4.4.4
s=phone-call
c=IN IP4 4.4.4.4
t=0 0
m=audio 16390 RTP/AVP 9 8 0 101
c=IN IP4 3.3.3.3
a=sendrecv
a=rtpmap:9 g722/8000
a=rtpmap:8 pcma/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

3 Replies

    • dustin_l_campbe's avatar
      dustin_l_campbe
      Icon for Nimbostratus rankNimbostratus

      I had to modify the same information and couldn't get it to fully remove/replace the private IP information from the Contact portion of the SDP body. I did however, get it to add a second line for "Connection Information" through an iRule and now calls are working correctly. Here's the iRule I used:

       

      when SIP_RESPONSE_SEND {

       

      SIP::header remove Contact

       

      SIP::header insert Contact

       

      SDP::media conn 0 "IN IP4 xx.xx.xx.xx" }

       

      I removed the SIP header "Contact" and inserted the appropriate IP, which for me was the VIP. Then the SDP line adds the VIP in the SDP body portion of the packet. Again, this doesn't remove the other private IP information from my server on the inside, but it does add another contact line and the end user/clients seem to be using that last line so calls (SIP and RTP) are now flowing through the F5.

       

      The rest of my setup includes two virtual servers; one for UDP 5060 with a SIP profile, SIP-persistence profile, and a UDP profile. The second (RTP VS) is for all UDP services with only a UDP profile. I know it's super late on this thread, but I see another comment from 3 weeks ago so I decided to respond.

       

      -Dustin

       

    • ____177053's avatar
      ____177053
      Icon for Cirrus rankCirrus

      Hi Dustin.I used SDP::media conn 0 "IN IP4 xx.xx.xx.xx",but the "Connection Information" still was not changed.Do you have some suggestion?