In our WebSphere deployment, we have defined a loopback alias to allow our application to bind to a virtual IP address, port 5060 for UDP/TCP and 5061 for TLS. When we initiate a request to our call server using TLS, the SIP headers use the virtual IP, but at the IP layer, the source address is the physical IP address of the machine.
However, if the request is initiated with UDP transport, the virtual IP is used at the IP layer. I have verified this using wireshark. Any ideas why the behavior is different?
jlawwill 0600025XQE1 Post
Re: JSR289 and secure transport chain2011-05-06T17:31:26ZThis is the accepted answer. This is the accepted answer.Hi,
I have a few questions.
1. Is your AppServer fronted by a SIP Proxy?
2. Your client is making a TLS connection to the virtual IP address right? It isn't using the machine IP address.
3. If you are using a Load Balancer, do you see the initial TCP request (SYN) sent to the virtual IP address? If so, is the LB forwarding it to the SIP machine using the virtual IP address?
WebSphere SIP Proxy Development
cheungda 2700045TJV20 Posts
Re: JSR289 and secure transport chain2011-05-06T17:37:47ZThis is the accepted answer. This is the accepted answer.
- jlawwill 0600025XQE
1. We don't have a SIP proxy.
2. When the call server wants to initiate a request back to our servlet, it will use the virtual IP address, as referenced in the Contact header of a previous outgoing request from our servlet. The TLS connection is setup properly, certificates exchanged etc, and then all requests from our servlet start using that connection on the virtual IP.
3. We don't have a load balancer. Our setup is not using the recommended IBM deployment because of the extra box needed for the LB.