Introduction
Purpose and scope
Collaborators
Business Department
- PortaOne QA (Eugene Lyodoviy)
Development Department
Testing and Support Departments
Definitions, acronyms and abbreviation
- Control IP/port - and address/port pair which is used by SIP Cluster for internal communication between ProcessinNode Controller and other SIP Cluster components.
- SIP Cluster component - any service which is a part of a SIP Cluster and is eligible to communicate with other SIP Cluster component by design. At the moment of writing they are: ProcesingNode, DispatchingNode, Registrar and ProcessingNode Controller (however as SIP Cluster evolves other new components may appear or legacy ones disappear or merge combined with others).
References
- https://docs.portaone.com/DevelDocs/Specifications/dosprotection
- https://docs.portaone.com/DevelDocs/Specifications/PortaSipProjects/20150205MucScalabilityRelability (see PC_HLDR_4)
- TT#417723
Overview
SIP Cluster solution doesn't have any means or mechanisms to protect an internal communication channel or prevent it from accidental or intentional abuse. In this regard it completely relies on some kind of external protection. It's natural to utilize sip-protector for basic yet reliable solution for such kind of protection as this component is in stock anyway and requires minimal efforts to configure.
Also sip-protector provides a basic DDOS-protection for ordinary PortaSIPs and it's quite logical to expand this functionality to cover a SIP Cluster protection. For more advanced protection though admins should employ more advanced tools/techniques which are not covered here (usage of external firewalls/SBC and whatsoever).
Specifications
Create "Business requirements" Create "Software requirements" Create "Design requirements"