I have either found a problem with the CSS and UDP flows (specifically SIP over UDP).....OR....I am missing something, hopefully I am missing something. For test, I have a very simple design :
1x CSS115001 to Load Balance UDP/SIP traffic.
Two Servers running a SIP application (VoIP)
One VIP address.
By Default, when I configure "application sip" on the CSS content rule, we see the "flow-state 5060 udp flow-enable" command in the global config (as expected).
As I understand the SIP-flow allows UDP flows using port 5060 to be set-up. These UDP flows last approx five seconds before cleaned up by the garbage collector.
The CSS is configured and VoIP calls are "successfully" set-up using the UDP (SIP) protocol from an 'Internet-Client' to the 'SIP-Server'. Now, if the call lasts over five seconds and the SERVER disconnects by sending a UDP (SIP-BYE) packet, this particular UDP packet does NOT reach the 'Internet-Client'. This is because the flow has expired and been cleaned-up. Therefore, there is no state-information and the CSS is unable to route this UDP (SIP-BYE) packet.
To summarize, this default SIP flow-timer is uselessfor VoIP calls over 5 seconds.
Therefore, an option is to increase the flow-timer for the SIP UDP port. flow-timeout-multiplier 400 (this gives me approx 1.5 hours maximum length phone call)
However, this poses new problems.
1) After this "1.5" hour limit, ALL UDP (SIP) flows will time-out and the garbage collector will clean-up. Flows will be lost and therefore all UDP packets that are sent from the SERVER to CLIENT will never reach their destination. (i.e SIP BYE packets for call hang-ups). I will therefore experience this flood problems every 1.5 hours (or so).
2) We will be limited to 65500 flows.
Although this seems like an generous limit, by using SIP over UDP, this is actually not many flows at all. Let me illustrate ...
One SIP-Client can produce hundreds of flows per hour. A SIP Client can send a UDP Keepalive packet to a Server every 30 secs or even less(SIP REGISTER).
Each UDP packet therefore creates a NEW flow. 120 Flows per hour. In addition to these keepalives from client to server, (or so called SIP-Registers) each individual VoIP Call also produces several UDP flows.
So as you can appreciate, 65500 flows is exhausted easily under one hour.
(we are a ITSP and have over 5x calls per seconds and thousands of SIP-Clients registering, so this design will not work for us and appears flawed).
Hopefully you have not fallen asleep at this point and you can possible tell me I am missing a command or two. I am sure SIP and UDP flows work well and is a proven design within the CSS. (I hope)
Please help if ya can.