Customers Auths
This entity authenticates calls from customers or gateways, applies them to routing table and has some useful filters and options. Authentication process is based on using following parameters:
PoP - Point of presence that received the call;
Remote IP address – IP address from which the call was received;
Transport protocol - Protocol (TCP or UDP) that was used for transferring signaling information to Yeti;
URI name – Destination number;
From name – Source number;
URI domain – Domain part of the URI;
From domain – Domain part of the URI in the From header;
To domain – Domain part of the URI in the To header;
X-Yeti-Auth - Custom SIP-header value.
Authentication algorithm is represented on the picture below:
On the first step of authentication algorithm Yeti is looking into Load Balancers table for the records where Signaling IP is equal Remote IP address. If call was received from Load Balancer Yeti will use special headers (X-ORIG-IP, X-ORIG-PORT and X-ORIG-PROTO) that were received from Load Balancer for receiving information about real Remote IP address, port and Transport protocol. If call was received from IP address that isn’t specified in the Load Balancers table the original network parameters (Remote IP address and Transport protocol) will be used for future authentication process.
On the second step of authentication algorithm Yeti is looking into Customer Auth table for the records that are matching ALL following conditions:
IP address of Customer Auth record contains or equals Remote IP address;
Note
Examples:
IP address of Customer Auth record = 0.0.0.0/0 ; Remote IP address = 8.8.8.8 => TRUE
IP address of Customer Auth record = 192.168.1/24 ; Remote IP address = 192.168.1.1 => TRUE
IP address of Customer Auth record = 192.168.1/24 ; Remote IP address = 192.168.2.1 => FALSE
IP address of Customer Auth record = 192.168.1/24, 192.168.2.1 ; Remote IP address = 192.168.2.1 => TRUE
IP address of Customer Auth record = 192.168.1/24, 192.168.2.1 ; Remote IP address = 195.5.30.10 => FALSE
Dst Prefix of Customer Auth record is in the prefix range of URI name;
Note
Examples:
Dst Prefix of Customer Auth record = ** ; URI name = 0662296132 => TRUE
Dst Prefix of Customer Auth record = 066 ; URI name = 0662296132 => TRUE
Dst Prefix of Customer Auth record = 066[1-3] ; URI name = 0662296132 => TRUE
Dst Prefix of Customer Auth record = 066[1-3] ; URI name = 0665296132 => FALSE
Dst Prefix of Customer Auth record = 066[1-3], 0665 ; URI name = 0665296132 => TRUE
Dst Prefix of Customer Auth record = 066[1-3], 0665 ; URI name = 0666296132 => FALSE
Src Prefix of Customer Auth record is in the prefix range of From name;
Note
Examples:
Src Prefix of Customer Auth record = ** ; From name = 0662296132 => TRUE
Src Prefix of Customer Auth record = 066 ; From name = 0662296132 => TRUE
Src Prefix of Customer Auth record = 066[1-3] ; From name = 0662296132 => TRUE
Src Prefix of Customer Auth record = 066[1-3] ; From name = 0665296132 => FALSE
Src Prefix of Customer Auth record = 066[1-3], 0665 ; From name = 0665296132 => TRUE
Src Prefix of Customer Auth record = 066[1-3], 0665 ; From name = 0666296132 => FALSE
PoP of Customer Auth record (if chosen) equals PoP that received the call;
Note
Examples:
PoP of Customer Auth record = Any ; PoP = ONAT.EDU.UA DC => TRUE
PoP of Customer Auth record = ONAT.EDU.UA DC ; PoP = ONAT.EDU.UA DC => TRUE
PoP of Customer Auth record = City ; PoP = ONAT.EDU.UA DC => FALSE
X-Yeti-Auth of Customer Auth record (if not empty) equals X-Yeti-Auth;
Note
Examples:
X-Yeti-Auth of Customer Auth record = ** ; X-Yeti-Auth = 18unID => TRUE
X-Yeti-Auth of Customer Auth record = 18unID ; X-Yeti-Auth = 18unID => TRUE
X-Yeti-Auth of Customer Auth record = 18unID ; X-Yeti-Auth = ** => FALSE
X-Yeti-Auth of Customer Auth record = 18unID, 20Pd4A ; X-Yeti-Auth = 20Pd4A => TRUE
X-Yeti-Auth of Customer Auth record = 18unID, 20Pd4A ; X-Yeti-Auth = 24578 => FALSE
URI domain of Customer Auth record (if not empty) equals URI domain;
Note
Examples:
URI domain of Customer Auth record = ** ; URI domain = onat.edu.ua => TRUE
URI domain of Customer Auth record = onat.edu.ua ; URI domain = onat.edu.ua => TRUE
URI domain of Customer Auth record = onat.edu.ua ; URI domain = yeti-switch.org => FALSE
URI domain of Customer Auth record = onat.edu.ua, yeti-switch.org ; URI domain = yeti-switch.org => TRUE
URI domain of Customer Auth record = onat.edu.ua, yeti-switch.org ; URI domain = demo.yeti-switch.org => FALSE
To domain of Customer Auth record (if not empty) equals To domain;
Note
Examples:
To domain of Customer Auth record = ** ; To domain = onat.edu.ua => TRUE
To domain of Customer Auth record = onat.edu.ua ; To domain = onat.edu.ua => TRUE
To domain of Customer Auth record = onat.edu.ua ; To domain = yeti-switch.org => FALSE
To domain of Customer Auth record = onat.edu.ua, yeti-switch.org ; To domain = yeti-switch.org => TRUE
To domain of Customer Auth record = onat.edu.ua, yeti-switch.org ; To domain = demo.yeti-switch.org => FALSE
From domain of Customer Auth record (if not empty) equals From domain;
Note
Examples:
From domain of Customer Auth record = ** ; From domain = onat.edu.ua => TRUE
From domain of Customer Auth record = onat.edu.ua ; From domain = onat.edu.ua => TRUE
From domain of Customer Auth record = onat.edu.ua ; From domain = yeti-switch.org => FALSE
From domain of Customer Auth record = onat.edu.ua, yeti-switch.org ; From domain = yeti-switch.org => TRUE
From domain of Customer Auth record = onat.edu.ua, yeti-switch.org ; From domain = demo.yeti-switch.org => FALSE
Transport protocol of Customer Auth record (if chosen) equals Transport protocol;
Note
Examples:
Transport protocol of Customer Auth record = TCP ; Transport protocol = TCP => TRUE
Transport protocol of Customer Auth record = Any ; Transport protocol = UDP => TRUE
Transport protocol of Customer Auth record = UDP ; Transport protocol = TCP => FALSE
Length of URI name is between Dst number min and max length values of Customer Auth record;
Note
Examples:
Dst number min length of Customer Auth record = 3 ; Dst number max length of Customer Auth record = 15 ; URI name = 380662296132 => TRUE
Dst number min length of Customer Auth record = 7 ; Dst number max length of Customer Auth record = 7 ; URI name = 7050460 => TRUE
Dst number min length of Customer Auth record = 0 ; Dst number max length of Customer Auth record = 7 ; URI name = 0487050460 => FALSE
Customer Auth record is enabled;
Contractor that is associated with Customer Auth record has Customer status.
If no records were found on previous step the procedure of Authentication will be exited with Disconnect Code 110 (Can’t find Customer or Customer locked).
On the third step of authentication algorithm Yeti sorts of Customer Auth records (if any were found on the previous step) with following rules:
records with the longest mask of IP address first;
Note
Examples:
Record with IP address = 192.168.30.1 will be higher than record with IP address = 192.168.30.0/24
Record with IP address = 192.168.30.0/24 will be higher than record with IP address = 0.0.0.0/0
Record with IP address = 192.168.30.0/24 will be on same level with record with IP address = 195.5.30.0/24
records with chosen Transport protocol, PoP and with entered URI domain, To domain and From domain values first;
records with longest Dst Prefix and Src Prefix first.
After sorting of Customer Auth records routing procedure will be continued with using first record from the sorted list of Customer Auth records that was received.
Customer Auth form is splitted to 3 tabs and each one is described below.
General Customers Auth’s attributes:
- Id
Unique Customers Auth’s id.
- Name
Unique name of Accounting profile. Uses for informational purposes and doesn’t affect system behaviour.
- Enabled
Disabled records will be ignored.
- Customer
Customer, who this Customer Auth belongs to.
- Account
Account of Customer, which this Customer Auth belongs to.
- Check account balance
If this flag is enabled Yeti will check current Balance of Account that is associated with this Customer Auth record. If current balance is less than Min balance call will dropped with Disconnect code 8000 (No enought customer balance).
- Gateway
Gateway which related to this Customer Auth. That gateway (its parameters), will be used for media handling on the A-leg of a call.
- Require incoming auth
In case of enabling this checkbox incoming authorization of Gateway (in case of using Gateway as Originator of calls) will be required. Authorization parameters (username and password) are available in the Signaling tab (Origination section) of Gateway’s attributes (Equipment menu). Call will be dropped in case of incorrect authorization.
- Rateplan
Rateplan, which this Customer Auth belongs to.
- Routing Plan
Routing Plan that is associated with this Customer Auth. Only Dialpeers that are related to this Routing Plan could be used for routing of the calls that were received in the framework of this Customer Auth.
- Dst Numberlist
You may apply Dst Numberlist (Destination) and check B-numbers, by prefix or full-match, then reject it or allow.
- Src Numberlist
You may apply Src Numberlist (Source) and check B-numbers, by prefix or full-match, then reject it or allow.
- Dump Level
It is possible to capture calls to PCAP files, using this option. You may choose what kind of information should be captured. Possible values are: Capture nothing, Capture signalling traffic, Capture RTP traffic, Capture all traffic.
- Enable Audio Recording
If checked, the media for calls passing through this Customer Auth will be stored in WAV files.
- Capacity
The capacity of the Customer Auth, i.e. how many calls it accepts at the moment.
- Allow Receive Rate Limit
A Customer may send special SIP-header in which he sends the price for this call he wants to pay. And YETI will rely on this price on the routing stage if we allow such a behaviour.
- Send Billing Information
If enabled, YETI adds the special SIP-header into 200 SIP-message, which contains current price for calls, in order to a Customer should be informed.
Match condition Customers Auth’s options
This part is crucial for authentication process of incoming calls. You should note that a one customer may have many of Customer Auth with almost the same parameters, so pay attention to parameters besides Ip address.
- Transport Protocol
Transport protocol (Any/TCP/UDP), which the customer uses for sending calls to YETI.
- Ip
IP address or array of IP-addresses (separated by comma(,)) of the originator (Customer).
- Pop
Point of presence (PoP), which receives calls from the Customer. If a call will come to the different PoP (a node which receives calls belongs to different PoP), such call will be processed with other Customer Auth entity.
- Src Prefix
You can define a prefix or array of prefixes (separated by comma(,)) which necessarily should be presented in Src-number for every call from the customer. Just a prefix (or prefixes) must be used here, not a regular expression.
- Dst Prefix
You can define a prefix or array of prefixes (separated by comma(,)) which necessarily should be presented in a Dst-number for every call from the customer. Just a prefix (or prefixes) must be used here, not a regular expression.
- Dst number min length
Minimum length of destination number allowed for this Customer Auth. In case of receiving destination number that is less than this minimal value other Customer Auth entity will be used (if any) for authentication.
- Dst number max length
Maximum length of destination number allowed for this Customer Auth. In case of receiving destination number that is longer than this maximum value call other Customer Auth entity will be used (if any) for authentication.
- Uri Domain
If specified, YETI checks the domain part of the URI for every call. If the domain part is not the same as specified other Customer Auth entity will be used (if any) for authentication. You can specify more than one Uri Domain (separated by comma(,)).
- From Domain
If specified, YETI checks the domain part of the URI in the From header for every call. If presented domain mismatches other Customer Auth entity will be used (if any) for authentication. You can specify more than one From Domain (separated by comma(,)).
- To Domain
If specified, YETI checks the domain part of the URI in the To header for every call. If presented domain mismatches other Customer Auth entity will be used (if any) for authentication. You can specify more than one To Domain (separated by comma(,)).
- X Yeti Auth
It’s possible to define the custom SIP-header X-Yeti-Auth or array of headers (separated by comma(,)) for the customer’s calls and specify its value in YETI. In case they match, YETI passes such calls with using this Customer Auth entity for authentication.
Number translation Customers Auth’s options
- Diversion policy
Defines what to do with Diversion header within SIP-signalization. Default value is “Clear header”, so this header will be deleted.
- Diversion rewrite rule
This option should contain a regular expression for changing a Diversion header. See how to use POSIX Regular Expressions in Yeti.
- Diversion rewrite result
The result of changing a Diversion header, using the Rewrite Rule above. See how to use POSIX Regular Expressions in Yeti.
- Src name rewrite rule
This field should contain a regular expression for changing the Name field in the Source-number within SIP-signalization. See how to use POSIX Regular Expressions in Yeti.
- Src name rewrite result
The result of changing the Name field in the Source-number, using the Src name rewrite rule above. See how to use POSIX Regular Expressions in Yeti.
- Src rewrite rule
This field should contain a regular expression for changing the Source-number within SIP-signalization. See how to use POSIX Regular Expressions in Yeti.
- Src rewrite result
The result of changing the Source-number, using the Src rewrite rule above. See how to use POSIX Regular Expressions in Yeti.
- Dst rewrite rule
This field should contain a regular expression for changing the Destination-number within SIP-signalization. See how to use POSIX Regular Expressions in Yeti.
- Dst rewrite result
The result of changing the Name field in the Destination-number, using the Dst rewrite rule above. See how to use POSIX Regular Expressions in Yeti.
Radius Customers Auth’s options
- Radius auth profile
Must be specified if the additional radius authentication is required.
- Src number radius rewrite rule
Should contain regular expression for changing Source-number which will be send to Radius-server if it’s required. See how to use POSIX Regular Expressions in Yeti.
- Src number radius rewrite result
The result of applying the Src number radius rewrite rule to Source-number. See how to use POSIX Regular Expressions in Yeti.
- Dst number radius rewrite rule
Should contain regular expression for changing Destination-number which will be send to Radius-server if it’s required. See how to use POSIX Regular Expressions in Yeti.
- Dst number radius rewrite result
The result of applying the Dst number radius rewrite rule to Destination-number. See how to use POSIX Regular Expressions in Yeti.
- Radius accounting profile
Must be specified if the radius accounting is required.