Home
· Download
· Support
· Success Stories
· Blog
· Contact
· Imprint
· Privacy Policy

Documentation
· English Manual
· Chinese Manual
· French Manual
· Spanish Manual
· Persian Manual
· Portuguese Manual
· FAQ
· Interoperability
· Usage Examples
· Configuration Notes
· GnuGk and SIP

Tools & Addons
· GUI
· ISDN Gateway
· CTI / ACD
· GnuGk Addons
· Endpoints
· Gateways
· MCUs
· IVRs
· Billing

Development
· Compiling
· Development
· Tools

Misc
· Events
· Recommended Books
· Site Map

GnuGk/VRRP Howto

Introduction

In a H.323 network the gatekeeper is a crucial component, providing address resolution, call routing, number rewriting, call authorization, etc. In addition it can provide advanced features like routing control channels and logical channels. The use of these features creates a single point of failure, so running redundant gatekeepers is clearly important. GnuGk supports the notion of an alternate gatekeeper by forwarding RRQ and URQ messages. By using VRRP (Virtual Router Redundancy Protocol) two gatekeepers can be setup up in an active/passive mode. In the case that the master gatekeeper fails, the backup gatekeeper will take over operations within seconds with complete endpoint state information. After the first machine resumes operation, it becomes the backup so endpoint state information is not lost.

Basic Configuration

Software Used

• FreeBSD 5.4
• GnuGk 2.2.2 (the IP switching described below does not work with GnuGk 3.0 and higher)
• freevrrpd 0.9.3

IP Addresses

• Shared IP Address: 192.168.1.20
• Gatekeeper 1: 192.168.1.21
• Gatekeeper 2: 192.168.1.22

Setting the Hostname

Set both machines' hostname to one that resolves to the shared IP. If you are operating in routed mode, GnuGk returns the address of the hostname for the CallSignalling address during call setup.

Setup freevrrpd

freevrrpd is a VRRP implementation for FreeBSD. In a VRRP cluster, both machines share an IP address and optionally a virtual MAC address. In this configuration, both machines have the same priority. Normally one machine has a higher priority, so after a failure it is promoted back to the master. Since client state is shared between gatekeepers, a failed gatekeeper should come back online as the backup so it can start receiving endpoint state information.

VRRP uses Multicast(224.0.0.18) for all communications. Below is a basic setup for a machine with one interface(em0). The addr is set to the shared IP address. It should be noted that the password is sent as clear text as specified by RFC2338. To improve security of your cluster, use ipf (or your favorite packet filter) to only accept packets from the other machine in your cluster destined for 224.0.0.18. For more infomation read the RFC and man page.

freevrrpd config - /usr/local/etc/freevrrpd.conf

      [VRID]
      serverid = 207
      interface = em0
      useVMAC = yes
      carriertimeout = 0
      spanningtreelatency = 0
      sendgratuitousarp = yes
      priority = 100
      addr = 192.168.1.20/32
      monitoredcircuits = yes
      MCClearErrorsCount = 3600
      password = secret
      masterscript = /usr/local/bin/master_script.sh
      backupscript = /usr/local/bin/backup_script.sh
     

Master Script - /usr/local/bin/master_script.sh

      #!/bin/sh
      cp /usr/local/etc/gnugk.ini.master /usr/local/etc/gnugk.ini
      kill -HUP `cat /var/run/gnugk/gnugk.pid`
     

Backup Script - /usr/local/bin/master_script.sh

      #!/bin/sh
      cp /usr/local/etc/gnugk.ini.backup /usr/local/etc/gnugk.ini
      kill -HUP `cat /var/run/gnugk/gnugk.pid`
     

Setup GnuGk

GnuGk config

Two different configurations are used depending on if a gatekeeper is in master or backup mode. The Home setting has to be set to a single address. If Home is set to multiple address, in some cases GnuGk will source packets from a different address than where it recieved packets on. Example, GnuGk will source packets from 192.168.1.21 when the endpoint is expecting packets coming from 192.168.1.20, if Home=192.168.1.20,192.168.1.21. In most cases the endpoint doesn't care, but certain bridges (eg. Codian) are a little more pickey about who is returning packets to them. So this is the reason for master and backup configurations.

Running in master mode, the AlternateGKs setting is set to the shared address. The AlternateGKs setting is used by endpoints upon failure of a gatekkeeper. We always want endpoints going to the shared address. SendTo is the actual address that RRQ and URQ messages are sent to.

Gatekeeper 1(master) - /usr/local/etc/gnugk.master.ini

      [Gatekeeper::Main]
      Fourtytwo=42
      Name=vt-gatekeeper
      TimeToLive=120
      Home=192.168.1.20
      AlternateGKs=192.168.1.20;1719;false;1;gatekeeper
      SendTo=198.82.169.22:1719


      [RoutedMode]
      GKRouted=1
      H245Routed=1
      CallSignalPort=1720
     

Gatekeeper 1(backup) - /usr/local/etc/gnugk.backup.ini

      [Gatekeeper::Main]
      Fourtytwo=42
      Name=gatekeeper
      TimeToLive=120
      Home=192.168.1.21

      [RoutedMode]
      GKRouted=1 
      H245Routed=1
      CallSignalPort=1720
     

Gatekeeper 2(master) - /usr/local/etc/gnugk.master.ini

      [Gatekeeper::Main]
      Fourtytwo=42
      Name=gatekeeper
      TimeToLive=120
      Home=198.168.1.20
      AlternateGKs=198.82.169.20;1719;false;1;gatekeeper
      SendTo=198.168.1.21:1719


      [RoutedMode]
      GKRouted=1
      H245Routed=1
      CallSignalPort=1720
     

Gatekeeper 2(backup) - /usr/local/etc/gnugk.backup.ini

      [Gatekeeper::Main]
      Fourtytwo=42
      Name=gatekeeper
      TimeToLive=120
      Home=198.168.1.22

      [RoutedMode]
      GKRouted=1 
      H245Routed=1
      CallSignalPort=1720
     

Start Order

FreeBSD GnuGk rc script - /usr/local/etc/rc/001.gnugk.sh

FreeBSD freevrrpd rc script - /usr/local/etc/rc/002.freevrrpd.sh

Start order is fairly important. GnuGk is started first in backup mode. Then, freevrrpd starts and determines what state the machine is in(master or backup). The coresponding script is then run that copies the correct gatekeeper config and sends the gatekeeper process a HUP signal.

Putting it all together

Now, we have two machines running GnuGk, gatekeeper 1 operating as the master gatekeeper and gatekeeper 2 as the backup. If the master gatekeeper fails, the backup detects this. freevrrpd then adds 192.168.1.20 as an alias to interface em0. The master_script.sh runs, replacing our gatekeeper config and sending a HUP singal to reread the config. The key here is that GnuGk HUPs correctly. It rereads its config, starts listening on the new address, all without loosing any endpoint information or current connections. Gatekeeper 2 is now operating as the master. If gatekeeper 1 comes back online, it will become the backup and start receiving forwarded state information from the master.

References

• GnuGk - opensource H.323 gatekeeper.
• FreeBSD - stable opensource OS.
• VRRP - virtual router redundancy protocol.
• freevrrpd - FreeBSD implementation of VRRP