freeswitch配置SBC实例

 

 

概述

freeswitch 是一款好用的开源软交换平台。

随着voip客户的发展和运营商网络的升级换代，SBC在对接测试中的应用场景越来越多。

freeswitch通过简单的安装配置即可满足大部分SBC的功能需求。

我们需要有一个稳定版本的fs-sbc的安装过程和配置指南。

在这里记录一下新安装的fs作为sbc的基本配置。

环境

centos：CentOS  release 7.0 (Final)或以上版本

freeswitch：v1.10.7

GCC：4.8.5

fs1.10.7安装

freeswitch-1.10.7基础平台的编译安装见文档“freeswitch1.10.7 on CENTOS7编译安装“。

配置方案

FS-SBC的初始配置方案。

删除多余配置

conf/chatplan/default.xml

conf/dialplan/*

conf/directory/*

conf/ivr_menus/*

conf/jingle_profiles/*

conf/mrcp_profiles/*

conf/sip_profile, external-ipv6 external-ipv6.xml internal-ipv6.xml internal.xml

conf/skinny_profiles/*

conf配置

vars.xml

<X-PRE-PROCESS cmd="set" data="default_password=dq.1.2.3.4.warn"/>

<X-PRE-PROCESS cmd="set" data="global_codec_prefs=PCMA,PCMU"/>

<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMA,PCMU"/>

<X-PRE-PROCESS cmd="set" data="console_loglevel=debug"/>

autoload_configs/acl.conf.xml

<list name="list_out" default="deny">

  <node type="allow" cidr="1.2.3.4/32"/>

</list>

<list name="list_in" default="deny">

  <node type="allow" cidr="1.2.3.4/32"/>

</list>

autoload_configs/log.conf.xml

<param name="rollover" value="104857600"/>

<!-- <param name="maximum-rotate" value="32"/> -->

autoload_configs/modules.conf.xml

<!-- <load module="mod_verto"/> -->

<!-- <load module="mod_conference"/> -->

<load module="mod_translate"/>

autoload_configs/sofia.conf.xml

autoload_configs/switch.conf.xml

<param name="min-idle-cpu" value="20"/>

<param name="max-sessions" value="60000"/>

<param name="sessions-per-second" value="1000"/>

<param name="loglevel" value="debug"/>

<param name="rtp-start-port" value="20000"/>

<param name="rtp-end-port" value="60000"/>

autoload_configs/translate.conf.xml

<profile name="GB-CALLER-IN">

    <rule regex="^(12345678)$" replace="$1"/>

</profile>

<profile name="GB-CALLER-OUT">

    <rule regex="^\+86([2-9]\d+)$" replace="0$1"/>

    <rule regex="^\+86(10\d+)$" replace="0$1"/>

    <rule regex="^\+86(1\d+)$" replace="$1"/>

</profile>

<profile name="GB-DEST-IN">

    <rule regex="^(1\d+)$" replace="+86$1"/>

    <rule regex="^0(\d+)$" replace="+86$1"/>

</profile>

<profile name="GB-DEST-OUT">

    <rule regex="^\+86010(12345678)$" replace="$1"/>

</profile>

dialplan/sbc-dp.xml

<include>

<X-PRE-PROCESS cmd="set" data="callout_answer_timeout=60"/>

<X-PRE-PROCESS cmd="set" data="sip_contact_user=SBC001"/>

<context name="out2in">

<extension name="sbc-out2in" continue="true">

<condition field="${acl(${network_addr} list_out)}" expression="true"/>

<condition field="destination_number" expression="^(\d+)$">

<action application="set" data="effective_caller_id_name=_undef_" />

<action application="set" data="effective_caller_id_number=${translate(${caller_id_number} GB-CALLER-IN)}" />

<action application="set" data="destination_number=${translate(${destination_number} GB-DEST-IN)}" />

<action application="set" data="inherit_codec=true"/>

<action application="set" data="sip_copy_custom_headers=false"/>

<action application="set" data="ringback=${cn-ring}"/>

<action application="export" data="nolocal:sip_h_Allow=INVITE,ACK,BYE,CANCEL,REGISTER,INFO,PRACK,SUBSCRIBE,NOTIFY,UPDATE,MESSAGE,REFER"/>

<action application="unset" data="X-FS-Support"/>

<action application="bridge" data="{${as_record_param},sip_h_CSeq=1 INVITE,

sip_contact_user=${effective_caller_id_number},sip_invite_contact_params=user=phone,sip_cid_type=none,

sip_invite_to_params=user=phone,sip_invite_from_params=transport=udp;user=phone,sip_invite_from_uri=${effective_caller_id_number}@1.2.3.4:5066,

sip_invite_params=user=phone,sip_invite_call_id=${sip_call_id}

}sofia/external5066/sip:${destination_number}@1.2.3.4:5060"/>

</condition>

</extension>

</context>

 

<context name="in2out">

<extension name="sbc-in2out" continue="true">

<condition field="${acl(${network_addr} list_in)}" expression="true"/>

<condition field="destination_number" expression="^\+(\d+)$">

<action application="set" data="effective_caller_id_name=${translate(${caller_id_name} GB-CALLER-OUT)}" />

<action application="set" data="effective_caller_id_number=${translate(${caller_id_number} GB-CALLER-OUT)}" />

<action application="set" data="destination_number=${translate(${destination_number} GB-DEST-OUT)}" />

<action application="set" data="inherit_codec=true"/>

<action application="set" data="sip_copy_custom_headers=false"/>

<action application="bridge" data="{${as_record_param},

sip_invite_params=user=phone,sip_invite_call_id=${sip_call_id}

}sofia/external3060/sip:${destination_number}@1.2.3.4:5080"/>

</condition>

</extension>

</context>

</include>

sip_profiles/external3060.xml

<profile name="external3060">

<param name="user-agent-string" value="sbc001"/>

<param name="username" value="sbc001"/>

<param name="pass-callee-id" value="false"/>

<param name="session-timeout" value="10800"/>

<param name="sip-port" value="3060"/>

<param name="context" value="out2in"/>

<param name="enable-100rel" value="true"/>

<param name="rtp-ip" value="$${local_ip_v4}"/>

<param name="sip-ip" value="$${local_ip_v4}"/>

<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>

<param name="ext-sip-ip" value="$${external_sip_ip}"/>

sip_profiles/external5066.xml

<profile name="external5066">

<param name="user-agent-string" value="sbc001"/>

<param name="username" value="sbc001"/>

<param name="pass-callee-id" value="false"/>

<param name="session-timeout" value="10800"/>

<param name="sip-port" value="5066"/>

<param name="context" value="in2out"/>

<param name="enable-100rel" value="true"/>

<param name="rtp-ip" value="$${local_ip_v4}"/>

<param name="sip-ip" value="$${local_ip_v4}"/>

<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>

<param name="ext-sip-ip" value="$${external_sip_ip}"/>

bin脚本

bin目录下需要一些简单的维护脚本。

clear_log.sh

clear_wav.sh

monitorfs.sh

防火墙

防火墙配置结果如下。

ports: 22/tcp 20000-60000/udp

rule family="ipv4" source address="1.2.3.4/32" port port="3060" protocol="udp" accept

rule family="ipv4" source address="1.2.3.4/32" port port="5066" protocol="udp" accept

系统配置

系统资源限制

vi /etc/security/limits.conf

* soft core unlimited

* hard core unlimited

* soft data unlimited

* hard data unlimited

* soft fsize unlimited

* hard fsize unlimited

* soft sigpending unlimited

* hard sigpending unlimited

* soft nofile 65536

* hard nofile 65536

* soft msgqueue unlimited

* hard msgqueue unlimited

* soft nproc 65536

* hard nproc 65536

* soft locks unlimited

* hard locks unlimited

* soft memlock unlimited

* hard memlock unlimited

 

修改账户启动执行脚本。

vi ./bash_profile

ulimit -c unlimited

ulimit -d unlimited

ulimit -f unlimited

ulimit -i unlimited

ulimit -n 65536

ulimit -q unlimited

ulimit -u 65536

ulimit -x unlimited

ulimit -l unlimited

系统端口范围

查看linux系统端口范围

sysctl -a | grep ipv4.ip_local_port_range

修改sysctl.conf

vi /etc/sysctl.conf

net.ipv4.ip_local_port_range = 20000    60999

使sysctl配置立即生效：

sysctl -p

非本机IP绑定

vi /etc/sysctl.conf

net.ipv4.ip_nonlocal_bind=1

定时任务

sudo crontab -e

00 4 * * * sh /usr/local/freeswitch/bin/clear_log.sh 15

30 4 * * * /usr/sbin/ntpdate cn.pool.ntp.org; /sbin/hwclock -w

0 5 * * * /usr/local/freeswitch/bin/fs_cli -x "fsctl sync_clock_when_idle"

总结

freeswitch的基础功能基本可以满足SBC的功能需求，通过简单配置即可使用。

sbc作为公私网的信令和媒体通道，安全性一定是最重要的考虑项。

 

空空如常

求真得真