Ceci est le manuel Français pour GNU Gatekeeper 2.2.1 (partially updated for 2.3.2).
Une version plus récente (Anglais) du manuel se trouve dans l'archive téléchargée de GnuGk.

Chapitres: Contenu · Introduction · Installation · Pour commencer · Config basique · Routage · Config RAS · Authentification · Accounting · Voisins · Config par terminal · Config avancée · Surveillance

5. Configuration du Routage

Les sections suivantes du fichier de configuration peuvent être utilisées pour configurer comment les appels sont routés.

Chaque appel passe par une chaine de politiques de routage. Chaque politique peut router l'appel et ceci termine la chaine ou modifier l'appel et le transmettre. Vous pouvez utiliser ce paramètrage dans les sections suivantes pour spécifer quelles politiques vous voulez utiliser et modifier leur comportement.

5.1 Section [RoutingPolicy]

Cette section explique comment les diverses politiques de routage possibles du gatekeeper fonctionnent.

Les demandes entrantes d'appel peuvent être routées de plusieurs manières:

  • explicit

    La destination est explicitement indiquée dans la demande de routage.

  • internal

    La règle classique; cherche la destination dans la RegistrationTable

  • parent

    Route l'appel en utilisant des informations envoyées par le GK parent en réponse à un ARQ que le gatekeeper enverra. Vous pouvez défnir votre gatekeeper parent en utilisant la section <@@ref>endpointEndpoint.

  • neighbor

    Route l'appel en utilisant les voisins en échangeant des messages LRQ

  • dns

    La destination est résolue par "DNS A records".

  • sql

    Route les appels en réécrivant l'alias appelé par un appel à une base de données puis les envoie directement vers la destination IP. Les paramètres de la base de données sont spécifiés dans la section Routing::Sql.

  • vqueue

    Utilise le mécanisme de queue virtuelle et génère un événement RouteRequest pour laisser une application externe faire le routage

  • numberanalysis

    Provides support for overlapped digit sending for ARQ messages. This also partially supports Setup messages (no overlapped sending - only number length validation).

  • enum

    ENUM (RFC3761) is a method to use DNS lookups to convert real International Direct Dialing E.164 numbers into H.323 dialing information. The default servers are e164.voxgratia.net, e164.org and e164.arpa. To specify your own server you may either specify the list via the ENUMserver variable in the RoutedMode section or specify an environmental variable PWLIB_ENUM_PATH with the address of your preferred enum servers. Multiple servers should be separated by a colon(:) on Linux and a semicolon (;) on Windows. (PWLIB_ENUM_PATH is supported starting with PWLib 1.8.0)

    The enum policy replaces the destination with the information returned by the ENUM server, so you must have the appropriate routing policies to continue processing the call after the enum policy. You should have the srv and dns policies after the enum policy, because the new location is often returned in the form of 'number@gatekeeper' and the srv and dns policies are needed to resolve this.

    Finally, keep in mind that each routing check with the enum policy requires a DNS lookup. To speed up your routing, make sure you resolve internal destinations before the enum policy is applied.

  • srv

    DNS SRV or H.323 Annex O allows for the routing of calls using a H.323 URI. Addresses can be configured as user (at) domain. H.323 URIs are stored in the SRV DNS records of the domain and are queried to find the destination.

  • rds

    URN RDS or Universal resources name resolver discovery system is a system (as defined in RFC 2915 Sect 7.2 whereby domain names SRV records are hosted on other domains. In this policy the servers set by [RoutedMode] RDSServers are queried to resolve URI's whose domains do not have SRV records. This can be used to virtually host URL domains or centralize the control of SRV records.

  • catchall

    This policy will route all calls that reach it to one endpoint specified in the Routing::CatchAll section. You can use it as a fallback at the end of the policy chain to route all calls which would otherwise fail.

La configuration par défautj des politiques de routage est la suivante:

[RoutingPolicy]
default=explicit,internal,parent,neighbor

Si une politique ne correspond pas, la politique suivante est essayée.

Ces politiques peuvent être appliquées à un certain nombre de types de requêtes de routage et de données d'entrée de routage. Les différents types sont: ARQ, LRQ, Setup et Facility (avec la raison callForwarded) Il y a aussi la politique de routage générale, qui est une sorte de valeur par défaut pour les autres types.

Exemple:

[RoutingPolicy]
h323_ID=dns,internal
002=neighbor,internal
Default=internal,neighbor,parent

Quand un des messages est reçu qui demande une décision de routage, tous les appels à un alias du type h323_ID seront résolus en utilisant le DNS. Si le DNS échoue à déterminer l'alias, il est comparé à la table interne d'enregistrement. Si un appel est demandé pour un alias commençant par 002, les voisins sont d'abord vérifiés puis la table interne d'enregistrement. Si l'alias demandé n'est par un h323_ID ou un alias commençant par 002, la politique par défaut est utilisée en recherchant dans la table interne d'enregistrement, puis les voisins, et si çà échoue le parent.

Pour les messages ARQ, LRQ, Setup et Facility on peut utiliser les sections [RoutingPolicy::OnARQ], [RoutingPolicy::OnLRQ], [RoutingPolicy::OnSetup] et [RoutingPolicy::OnFacility] en utilisant la syntaxe expliquée ci-dessus.

Exemple:

[RoutingPolicy::OnARQ]
default=numberanalysis,internal,neighbor

Une mise en place typique d'un routage ENUM ressemble à ceci:

Exemple:

[RoutingPolicy]
default=explicit,internal,enum,srv,dns,internal,parent,neighbor

5.2 Section [RasSrv::RewriteE164]

Cette section définit les règles de réécriture pour dialedDigits (numéro E.164).

Format:

[!]original-prefix=target-prefix

Si l'alias est original-alias, il est réécrit en tant que target-alias.

Exemple:

bill=033123456

5.3 Section [RasSrv::GWRewriteE164]

Cette section décrit la réécriture des dialedDigits des numéros E.164 en fonction de la passerelle d'où provient l'appel ou vers où est envoyé l'appel. Ceci permet une manipulation beaucoup plus flexible des dialedDigits pour le routage, etc. En combinaison avec le RasSrv::RewriteE164 vous pouvez avoir une réécriture en trois étapes:

Appel de "gw1", dialedDigits 0867822
                |
                |
                V
Règles d'entrée pour "gw1", dialedDigits now 550867822
                |
                |
                V
Règles générales, dialedDigits maintenant 440867822
                |
                |
                V
Sélection de passerelle, dialedDigits maintenant 440867822, passerelle de sortie "gw2"
                |
                |
                V
Règles de sortie pour "gw2", dialedDigits maintenant 0867822
                |
                |
                V
Appel de "gw2", dialedDigits 0867822

Format:

gw-alias=in|out=[!]original-prefix=target-prefix[;in|out...]

Si l'appel correspond à la passerelle, la direction et commence par original-prefix il est réécrit en target-prefix. Si le drapeau `!' précède le original-prefix, le sens est inversé. Les caractères jokers spéciaux ('.' and '%') sont disponibles. Des règles multiple pour une même passerelle doivent être séparées par ';'.

Exemple:

gw1=in=123=321

Si un appel est reçu de "gw1" à 12377897, il est réécrit en 32177897 avant qu'une action supplémentaire ne soit prise.

5.4 Section [Endpoint::RewriteE164]

Une fois que vous avez défini le(s) préfixe(s) pour votre terminal gatekeeper, le gatekeeper parent routera les appels avec dialedDigits commençant par ces préfixes. Le gatekeeper fils peut réécrire la destination en accord avec les règles définies dans cette section. Par contraste, quand un terminal interne appelle un terminal enregistré dans le gatekeeper parent, la source sera réécrite à l'envers.

Format:

external prefix=internal prefix

Par exemple, si vous avez la configuration suivante,

                        [Parent GK]
                        ID=CitronGK
                        /         \
                       /           \
                      /             \
                     /               \
                [Child GK]          [EP3]
                ID=ProxyGK          E164=18888200
                Prefix=188886
                /       \
               /         \
              /           \
           [EP1]         [EP2]
           E164=601      E164=602

Avec cette règle:

188886=6

Quand EP1 appelle EP3 avec 18888200, le CallingPartyNumber dans le Q.931 Setup sera réécrit en 18888601. Inversement, EP3 peut atteindre EP1 et EP2 en appelant 18888601 et 18888602, respectivement. En conséquence, un terminal enregistré auprès du GK fils avec le préfixe '6' apparaîtra comme un terminal avec le préfixe '188886', pour les terminaux enregistrés auprès du gatekeeper parent.

Cette section ne se rapporte pas à la section RasSrv::RewriteE164, bien que le plus récent prendra effet en premier.

5.5 Section [Routing::Sql]

Rewrite the called alias with a SQL query. Supports routing OnARQ, OnLRQ and OnSetup.

If the string returned from the database is 'REJECT' (upper or lower case), the call is rejected. If the string matches a dotted IP address, it is taken as destination IP otherwise it is treated as a new destination alias. If 2 columns are returned, the first is treated as the new destination alias and the second is treated as new destination IP.

If multiple rows of destination IPs are returned they are used as alternative routes for failover and GnuGk will try them in order.

When at least one destination IP is specified or the call is rejected, the SQL policy will end the routing chain. If only the alias is changed, the chain continues with this updated alias.

When rejecting a call, the 2nd column can contain an integer designating the reject reason (H.225 AdmissionRejectReason for registered calls, H.225 LocationRejectReason for neighbor calls, H.225 disconnect reason for unregistered calls).

If the database returns nothing, the call is passed on unchanged.

  • Driver=MySQL | PostgreSQL | Firebird | ODBC | SQLite
    Default: N/A

    SQL database driver to use. Currently, MySQL, PostgreSQL, Firebird, ODBC and SQLite drivers are implemented. GnuGk supports only version 3 of SQLite.

  • Host=DNS[:PORT] | IP[:PORT]
    Default: localhost

    SQL server host address. Can be in the form of DNS[:PORT] or IP[:PORT]. Like sql.mycompany.com or sql.mycompany.com:3306 or 192.168.3.100.

  • Database=gnugk
    Default: N/A

    The database name to connect to.

  • Username=gnugk

    The username used to connect to the database.

  • Password=secret

    The password used to connect to the database. If the password is not specified, a database connection attempt without any password will be made.

  • Query=SELECT ...
    Default: N/A

    Define a SQL query to fetch the new destination number. The query is parameterized - that means parameter replacement is made before each query is executed. The following parameters are defined:

    • %c - the called alias
    • %p - the called IP (only available on Setup, empty otherwise)
    • %s - the calling IP
    • %r - the calling aliases
    • %{Calling-Station-Id} - the calling station ID (same value as used in accounting and authentication events)
    • %i - the call ID
    • %m - the message type (ARQ, LRQ or Setup)
    • %{client-auth-id} - an ID provided to GnuGk when authenticating the call (through SqlAuth)
    Some of these can be empty if they aren't included in the ARQ, LRQ or Setup message.

    If the query returns no rows, the current alias is used. Otherwise, the first result row is used.

    Query string examples. Note that these are examples; the actual structure and schema are user defined, as are the various field names in these examples. GnuGk is simply expecting either IP addresses or aliases as a result of the query.

    SELECT destination FROM routes WHERE called = '%c'
    SELECT concat(prefix,'%c') FROM routes WHERE prefix = LEFT('%c', 5)
    SELECT gatewayip FROM routes WHERE prefix = LEFT('%c',5)
    SELECT concat(prefix,'%c'), gatewayip FROM routes WHERE route = LEFT('%c', 5) limit 3
    

5.6 Section [Routing::NumberAnalysis]

Cette section définit les règles pour la politique de routage numberanalysis. La politique contrôle un numéro composé pour un nombre minimum et/ou maximum de chiffres et envoie ARJ, si nécessaire (le nombre de chiffres est en dehors de la plage), pour supporter l'envoi de chiffres qui se recouvrent.

Format:

prefix=MIN_DIGITS[:MAX_DIGITS]

Si le numéro correspond au prefix, il est vérifié qu'il est composé d'au moins MIN_DIGITS chiffres et (si MAX_DIGITS est présent) d'au plus MAX_DIGITS chiffres. Les caractères joker spéciaux (!, '.' et '%') sont disponibles. Si le numéro est trop court, un ARJ est envoyé avec rejectReason fixé à incompleteAddress. Si le numéro est trop long, un ARJ est envoyé avec rejectReason fixé à undefinedReason. La liste de préfixes est parcourue du préfixe le plus long au plus court pour une correspondance.

Exemple:

[RoutingPolicy::OnARQ]
default=numberanalysis,internal

[Routing::NumberAnalysis]
0048=12
48=10
.=6:20

Les appels aux destinations commençant par 0048 ont besoin d'au moins 12 chiffres, par 48 - 10 chiffres et pour tous les autres au moins 6 et au plus 20 chiffres.

5.7 Section [Routing::CatchAll]

  • CatchAllIP=1.2.3.4
    Default: (empty)

    Specify an IP address to route all calls to. This overrides CatchAllAlias.

  • CatchAllAlias=Frank
    Default: catchall

    If CatchAllIP is not specified, then route all calls to this alias.

5.8 Section [RewriteCLI]

This section contains a set of rewrite rules for ANI/CLI/H.323_ID numbers (Caller ID). The rewrite process is done in two stages - inbound rewrite and outbound rewrite. The inbound rewrite is done before any other Q.931 Setup message processing (such as inbound GWRewrite, authentication, accounting, ...), and because it alters the Calling-Station-Id it will have an effect in the authorization and accounting modules. The outbound rewrite takes place just before the Setup message is to be forwarded and its effect is visible only to the callee.

An inbound rewrite rule can be matched by a caller's IP and a dialed number or an original CLI/ANI. An outbound rewrite rule can be matched by a caller's IP, callee's IP and a dialed number or a destination number (the dialed number after rewrite) or a CLI/ANI (after inbound rewrite).

This module also provides CLIR (Calling Line Identification Restriction) feature that can be configured for each endpoint (rule).

  • ProcessSourceAddress=1
    Default: 1

    In addition to rewriting a Calling-Party-Number Information Element ("IE"), the sourceAddress element of a H.225.0 Setup message can be rewritten, so both contain consistent information.

  • RemoveH323Id=1
    Default: 1

    When a sourceInfo element of an H.225.0 Setup message is rewritten, aliases of type H323_ID, email_ID and url_ID can be left untouched if this option is disabled.

  • CLIRPolicy=apply
    Default: N/A

    A global Presentation Indicator ("PI") processing policy can be set up. This policy will be applied to all CLI rewrite rules that do not override it. Possible choices are forward - just forward the received PI as-is, apply - examine the received PI and hide CLI if it is set to "presentation restricted" and applyforterminals - similar to apply except that the number is removed only when the call is sent to a terminal, not a gateway.

Format for an inbound rule:

in:CALLER_IP=[pi=[allow|restrict][,forward|apply|applyforterminals]] [cli:|dno:]number_prefix(=|*=|~=|^=|/=)NEW_CLI[,NEW_CLI]...

The in: prefix tells that this is an inbound rule and the CALLER_IP will be used to match the rule (it can be a single IP or an entire subnet).

The optional pi= parameter controls CLIR (Calling Line Identification Restriction) features. Specifying either allow or restrict forces presentation indicator to be set to "presentation allowed" or "presentation restricted". forward, apply and applyforterminals controls how the received (if any) presentation indicator is processed by the gatekeeper. forward means forward it to the callee as-is, apply means hiding CLI if the PI is set to "presentation restricted", applyforterminals is similar to apply, except that CLI is hidden only when sending the call to a terminal, not a gateway.

The prefix cli: or dno: (the default) selects what number will be used to match the number_prefix - a caller id (CLI/ANI) or a dialed number. Number matching/rewriting can be done in five ways:

  • = - a cli or dno number will be matched using a prefix match against number_prefix and, if the match is found, CLI will be replaced with NEW_CLI.
  • ~= - a cli or dno number will be matched using an identity match against number_prefix and, if both numbers are the same, CLI will be replaced with NEW_CLI.
  • *= - (VALID ONLY FOR cli) a cli number will be matched using a prefix match against number_prefix and, if the match is found, the matched CLI prefix (number_prefix) will be replaced with a NEW_CLI prefix.
  • ^= - a cli or dno number will be matched using a prefix match against number_prefix and, if the match is found, H.323_ID will be replaced with NEW_CLI, Calling-Station-Id will remain unchanged.
  • /= - a cli or dno number will be matched using an identity match against number_prefix and, if both numbers are the same, H.323_ID will be replaced with NEW_CLI, Calling-Station=Id will remain unchanged,
After the equality (=/ =/*=/^=//=) sign, there follows a list of new CLI values to be used. If more than one value is specified, one will be chosen on a random basis. It's possible to specify whole number ranges, like 49173600000-49173699999 (for number ranges CLIs should have a fixed length). There is a special string constant "any", that can be used in place of the CALLER_IP or the number_prefix. To enable CLIR for this rule, use a special string constant "hide" instead of the list of new CLI values. Note that CLIR is far more useful for outbound rules.

Example 1:

[RewriteCLI]
in:192.168.1.1=dno:5551=3003
in:192.168.1.1=cli:1001=2222
in:192.168.1.1=any=1111

These rules state that for calls from the IP 192.168.1.1: 1) if the user dialed a number beginning with 5551, set CLI to 3003, 2) if the call is from user with CLI beginning with 1001, set CLI to 2222, 3) for other calls from this IP, set CLI to 1111.

Example 2:

[RewriteCLI]
in:192.168.1.0/24=any=18001111
in:192.168.2.0/24=any=18002222
in:any=any=0

These rules state that: 1) for calls from the network 192.168.1.0/24, set CLI to 18001111, 2) for calls from the network 192.168.2.0/24, set CLI to 18002222, 3) for other calls, set CLI to 0.

Example 3:

[RewriteCLI]
in:192.168.1.0/24=0048*=48
in:192.168.1.0/24=0*=48
in:any=100.~=48900900900

These rules state that: 1) for calls from the network 192.168.1.0/24, rewrite 0048 to 48 (example - 0048900900900 => 48900900900), 2) for other calls from the network 192.168.1.0/24, rewrite 0 to 48 (example - 0900900900 => 48900900900), 3) for other calls, if CLI is 4 digits and starts with 100, set it to 48900900900.

Example 4 (CLIR):

[RewriteCLI]
in:192.168.1.0/24=any=hide

This example causes caller's number to be removed from Setup messages originating from the 192.168.1.0/24 network. It also causes proper presentation and screening indicators to be set in Setup messages.

Format for an outbound rule:

out:CALLER_IP=CALLEE_IP [pi=[allow|restrict][,forward|apply|applyforterminals]] [cli:|dno:|cno:]number_prefix(=|~=|*=)NEW_CLI[,NEW_CLI]...

The out: prefix tells that this is an outbound rule, the CALLER_IP and the CALLEE_IP will be used to match the rule and can be a single IP or a subnet address.

The optional pi= parameter controls CLIR (Calling Line Identification Restriction) features. Specifying either allow or restrict forces the presentation indicator to be set to "presentation allowed" or "presentation restricted". forward, apply and applyforterminals controls how the received (if any) presentation indicator is processed by the gatekeeper. forward means just to forward it to the callee as-is, apply means hiding CLI if the PI is set to "presentation restricted", applyforterminals is similar to apply, except that the CLI is hidden only when sending the call to a terminal, not a gateway.

The prefix cli:, dno: (the default) or cno: selects what number will be used to match the number_prefix - a caller id (CLI/ANI), a dialed number or a destination/called number (the dialed number after rewrite). Number matching/rewriting can be done in three ways:

  • = - a cli or dno number will be matched using a prefix match against number_prefix and, if the match is found, CLI will be replaced with NEW_CLI,
  • ~= - a cli or dno number will be matched using an identity match against number_prefix and, if both numbers are the same, CLI will be replaced with NEW_CLI,
  • *= - (VALID ONLY FOR cli) a cli number will be matched using a prefix match against number_prefix and, if the match is found, the matched CLI prefix (number_prefix) will be replaced with a NEW_CLI prefix.
After the equality sign (=/ =/*=), a list of new CLI values to be used is specified. If more than one value is configured, one will be chosen on a random basis. It's possible to specify entire number ranges, like 49173600000-49173699999. There is a special string constant "any" which can be used in place of the CALLER_IP, the CALLEE_IP or the number_prefix. To enable CLIR for this rule, use a special string constant "hide" or "hidefromterminals" instead of the list of new CLI values.

Example 1:

[RewriteCLI]
out:any=192.168.1.1 any=1001
out:any=192.168.1.2 any=1002

These rules set a fixed ANI/CLI for each terminating IP: 1) present myself with ANI 1001, when sending calls to IP 192.168.1.1, 2) present myself with ANI 1002, when sending calls to IP 192.168.1.2.

Example 2:

[RewriteCLI]
out:any=192.168.1.1 any=1001-1999,3001-3999

This rule randomly selects ANI/CLI from range 1001-1999, 3001-3999 for calls sent to 192.168.1.1.

Example 3 (CLIR):

[RewriteCLI]
out:any=any any=hidefromterminals
out:192.168.1.1=any any=hide

In this example each subscriber has enabled CLIR, so all calls to terminals will have a caller's number removed and presentation/screening indicators set. Calls to gateways will have the presentation indicator set to "presentation restricted" and the caller's number will not be removed to allow proper call routing and number removal at the destination equipment.
One exception to these rules are calls from 192.168.1.1 which will have a caller's number always removed, no matter whether calling a terminal or a gateway.

Example 4 (CLIP):

[RewriteCLI]
out:any=192.168.1.1 any=hide

In this example CLIP (Calling Line Identification Presentation) feature is disabled for the user 192.168.1.1.

Example 5 (CLIR):

[RewriteCLI]
out:192.168.1.1=any pi=restrict,apply cli:.*=.
out:any=any pi=allow cli:.*=.

These rules do not change CLI (.*=.) and: 1) enable CLIR for an endpoint 192.168.1.1. apply tells the gatekeeper to not only set the PI, but also to hide the number. 2) force CLI presentation for other endpoints.

The rule matching process has a strictly defined order:

  1. the closest caller's IP match is determined (closest means with the longest network mask - single IPs have the highest priority, "any" has the lowest priority),
  2. (outbound rules) the closest callee's IP match is determined,
  3. the longest matching prefix/number is searched for the given IP/IP pair in the following order:
    1. dno: type (dialed number) rules are searched,
    2. cno: type (destination/called number) rules are searched,
    3. cli: type (caller id) rules are searched.
After a match for caller's/caller's IP is found, no more rules are checked, even if no prefix/number is matched inside the set of rules for these IPs.

On the Windows platform, there is a problem with duplicated config keys in INI files, so GnuGk provides a workaround for this restriction. This example will not work because of the same key (in:192.168.1.1):

[RewriteCLI]
in:192.168.1.1=1001=2001
in:192.168.1.1=any=2000
As a workaround, you can use a string with percent signs (%) at the beginning and at the end before the key. This prefix will be automatically stripped from the key name before loading rules:
[RewriteCLI]
%r1% in:192.168.1.1=1001=2001
%r2% in:192.168.1.1=any=2000


Page suivante Page précédente Table des matières

Chapitres: Contenu · Introduction · Installation · Pour commencer · Config basique · Routage · Config RAS · Authentification · Accounting · Voisins · Config par terminal · Config avancée · Surveillance



Last updated: 20. Aug 2017
Page maintained by Jan Willamowius