Forum Discussion

fwti_128923's avatar
fwti_128923
Icon for Nimbostratus rankNimbostratus
Jul 15, 2013

Configure BIG-IP as gateway for SIP servers

Hello everyone,

 

 

I am new to using F5 to process outbound SIP traffic as I've always been using it as an inbound SIP load balancer. Now, I have a need to "wrap" F5 around multiple SIP servers so that from outside, it looks like 1 BIG SIP server. So with that said:

 

 

1. I've configure a Virtual Server (e.g. 192.168.0.10) to process inbound SIP traffic. So from the firewall prespective, I've NAT a public IP (e.g. 65.65.65.65) onto 192.168.0.10 And forward all port 5060 traffic that comes in from WAN to 192.168.0.10

 

 

2. on 192.168.0.10 virtual server, I have assign a pool with 30 members (SIP servers)

 

 

So now the trick is the outbound traffic. If those 30 SIP server do not use F5 as gateway, when the initial INVITE SIP message goes out, it do not go thourgh the F5, thus, other SIP message from that call which when it comes back in, it will get forced into F5 (from the firewall NAT above) which F5 would not know where to route to.

 

 

So, now I have to:

 

 

1. Use F5 as gateway for all these 30 SIP servers.

 

2. I've configure a "default" outbound virtual server. But in my F5, in the virtual server configuration page, there is only 2 chose, host or network.

 

 

And I've been doing some diggging around, some documentation or (some one on blog) post that this "outbound" server need to choose "IP Forward". But like I said, I don't see that as a choice when configuring a virtual server. I am running no 9.4.7 and 9.4.8, is it that those version don't have this "feature"? Or do I not have the correct module? What is the module or version I need to be able to use BIG-IP as gateway?

 

 

And if I do not need "IP forward", and simply use, e.g. Host or network, but in the IP section of the virtual server it was told to use 0.0.0.0, so in my SIP server what is the IP I should use in order to use BIG-IP as gateway? The Self IP? And lastly, do I need to configure a SNAT resource for the 30 SIP server? Or once I have "default" outbound server configured, any computer that point to the self ip of F5 can use F5 as a gateway, no other configure needed?

 

 

Thank you in advance!

 

 

Frank

 

config
design

1 Reply

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Sep 02, 2013

    Hey Frank, I'm not a SIP expert but here's my view;

     

    1) I think it's good the SIP servers have the F5 as their gateway but you could alternatively have a different default gateway and static routes for the client networks/addresses pointing to the F5.

     

    2) If you do use the F5 as the default gateway, the IP address you would use is the Self IP on the F5 for the VLAN the servers reside on. If you're using HA, the Floating Self IP.

     

    3) If you want connections initiated by the SIP servers to appear to be from the inbound Virtual Server IP you'll need to do some SNATting. This may negate the need for a VS at all.

     

    4) I'm pretty sure you should be able to configure an IP Forwarding type of VS with that version but I'll have to investigate further later today.