amn Posted December 1, 2017 Report Posted December 1, 2017 (edited) How are people handling bring your own carriers? Some carriers only do IP authentication and as far as I can tell, IP authentication won't work for bring your own carrier because the carrier only allows the IP to be used once. Or am I missing something? Also, the carrier would need to be registered to each Freeswitch server used for outbound correct? How should I do that? I think for inbound I should just be able to add the Carrier IP to the ACL right? Any other gotcha's I need to be aware of for bring your own carrier? Edited December 1, 2017 by amn (see edit history)
extremerotary Posted December 8, 2017 Report Posted December 8, 2017 @amn Are you a hosted customer of 2600hz, or are you asking "As a service provider, how do others handle resellers/customers bringing their own carriers?" - I ask, because I don't know how 2600hz hosted platform handles those. As a service provider with your own cluster you have a few options. You can create carriers in the offnet database that require that flag in order for them to be used. Then, in those accounts, you'll set that flag on the devices. This will fulfill the outbound requirement. Inbound is pretty straight-forward; add them to your ecallmgr ACLs, and the numbers will route as they will. There is also some functionality in the 'resource' callflow module (newer version of 'offnet') that allows for a specific account to have its own carrier list. For more dev info on that, take a read on this article and let me know if you have additional questions: https://docs.2600hz.com/dev/applications/callflow/doc/resources/
amn Posted December 8, 2017 Author Report Posted December 8, 2017 (edited) 3 hours ago, extremerotary said: @amn Are you a hosted customer of 2600hz, or are you asking "As a service provider, how do others handle resellers/customers bringing their own carriers?" - I ask, because I don't know how 2600hz hosted platform handles those. As a service provider with your own cluster you have a few options. You can create carriers in the offnet database that require that flag in order for them to be used. Then, in those accounts, you'll set that flag on the devices. This will fulfill the outbound requirement. Inbound is pretty straight-forward; add them to your ecallmgr ACLs, and the numbers will route as they will. There is also some functionality in the 'resource' callflow module (newer version of 'offnet') that allows for a specific account to have its own carrier list. For more dev info on that, take a read on this article and let me know if you have additional questions: https://docs.2600hz.com/dev/applications/callflow/doc/resources/ I am only talking about reseller accounts with their own carriers. Not offnet/global. Yes it's my own cluster. Edited December 8, 2017 by amn (see edit history)
martin Posted December 9, 2017 Report Posted December 9, 2017 On 1-12-2017 at 6:29 PM, amn said: How are people handling bring your own carriers? Some carriers only do IP authentication and as far as I can tell, IP authentication won't work for bring your own carrier because the carrier only allows the IP to be used once. Or am I missing something? Also, the carrier would need to be registered to each Freeswitch server used for outbound correct? How should I do that? I think for inbound I should just be able to add the Carrier IP to the ACL right? Any other gotcha's I need to be aware of for bring your own carrier? But if the carrier allows the ip to be used only once it should still work right? If its IP auth and the request comes from your server IP then it would be permitted. So u need to put the IPs of your kamailio server into the white list or ip list of your carrier. Im rereading the question, and have a feeling i did not really get the question )) If i want to use an outbound carrier for outbound calls, and they do ip auth, i add the IPs to their system and thats it. I can make calls. Inbound is indeed a matter of putting the ips from where the call will be setup in the Kazoo ACLs. Please let me know if i did not understand the question correctly
amn Posted December 11, 2017 Author Report Posted December 11, 2017 (edited) On 12/9/2017 at 7:10 AM, martin said: But if the carrier allows the ip to be used only once it should still work right? If its IP auth and the request comes from your server IP then it would be permitted. So u need to put the IPs of your kamailio server into the white list or ip list of your carrier. Im rereading the question, and have a feeling i did not really get the question )) If i want to use an outbound carrier for outbound calls, and they do ip auth, i add the IPs to their system and thats it. I can make calls. Inbound is indeed a matter of putting the ips from where the call will be setup in the Kazoo ACLs. Please let me know if i did not understand the question correctly If using IP authentication, the carrier is associating the IP with the customer account on their end. So on the carrier end, you cannot have more than one customer account with that carrier using the same IP. Otherwise the carrier would not know who to bill. That is for termination (outbound calls to the carrier). For origination (DID inbound) I am not sure if it would be a problem or not since the carrier knows which customers are using which DID's and should not care what IPs they are assigned to. Edited December 11, 2017 by amn (see edit history)
martin Posted December 12, 2017 Report Posted December 12, 2017 (edited) 20 hours ago, amn said: If using IP authentication, the carrier is associating the IP with the customer account on their end. So on the carrier end, you cannot have more than one customer account with that carrier using the same IP. Otherwise the carrier would not know who to bill. That is for termination (outbound calls to the carrier). For origination (DID inbound) I am not sure if it would be a problem or not since the carrier knows which customers are using which DID's and should not care what IPs they are assigned to. Thats true, one could sent a 1. specific header (or how we call that, flag?), depending if the carrier allows it of course. 2. Add an ip to your system and ask a Kazoo guru to explain how to force that ip to be used for this specific account. Inbound is no issue, but if Kazoo allows IP auth, and customers can bring their own carrier, then the risk is rather high to have duplicate ip adresses. If not 100% guarunteed. If u have 1000 clients, this problem will exist. U could do smth with outbound CLI but that also depends on the provider and could be spoofed. I dont know how Kazoo handles this, but my brain does not see a solution other then stated Edited December 12, 2017 by martin (see edit history)
amn Posted December 13, 2017 Author Report Posted December 13, 2017 (edited) On 12/12/2017 at 3:43 AM, martin said: Thats true, one could sent a 1. specific header (or how we call that, flag?), depending if the carrier allows it of course. 2. Add an ip to your system and ask a Kazoo guru to explain how to force that ip to be used for this specific account. Inbound is no issue, but if Kazoo allows IP auth, and customers can bring their own carrier, then the risk is rather high to have duplicate ip adresses. If not 100% guarunteed. If u have 1000 clients, this problem will exist. U could do smth with outbound CLI but that also depends on the provider and could be spoofed. I dont know how Kazoo handles this, but my brain does not see a solution other then stated 10 Kazoo does the same thing as the carriers. If you try create an IP auth device in callflow and then try create another IP auth device with the same IP (even if it is in a different account), Kazoo will give you a "SIP IP already in use" error. Kazoo does not care about inbound IP from carriers as long as the IP is added to the ACL. It knows which account to route the call to based on the DID number. So again, that is the same as what most carriers seem to do. Edited December 13, 2017 by amn (see edit history)
Recommended Posts