We are excited to announce the general availability of sip:providerCE mr5.2.1 and sip:providerPRO mr5.2.1.
What’s the sip:provider platform?
The Sipwise sip:provider platform is a highly versatile open source based VoIP soft-switch for ISPs and ITSPs to serve large numbers of SIP subscribers. It leverages existing building blocks like Kamailio, Sems and Asterisk to create a feature-rich and high-performance system by glueing them together in a best-practice approach and implementing missing pieces on top of it.
Sipwise engineers have been working with Asterisk and Kamailio (and its predecessors SER and OpenSER) since 2004, and have roles on the management board of Kamailio and are contributing to these projects both in terms of patches and also financially by sponsoring development tasks. The sip:provider platform is available as a Community Edition (SPCE), which is fully free and open source, and as a commercial PRO appliance shipped turn-key in a high availability setup.
The SPCE provides secure and feature-rich voice and video communication to end customers (voice, video, instant messaging, presence, buddy lists, file transfer, screen sharing, remote desktop control) and connect them to other SIP-, Mobile- or traditional PSTN-networks. It can therefore act as open Skype replacement system, traditional PSTN replacement, Over-The-Top (OTT) platform and also as a Session Border Controller in front of existing VoIP services in order to enable signaling encryption, IPv6 support, fraud- and Denial-of-Service prevention. Another use-case is to act as a Class4 SIP concentrator to bundle multiple SIP peerings for other VoIP services.
What’s new in mr5.2.1?
The most important changes for mr5.2.1 compared to mr5.1 are:
- A preconfigured firewall subsystem was added to secure the NGCP. The firewall whitelists all services vital to NGCP’s operations while blocking all other traffic. After upgrade, the firewall subsystem will be disabled by default to avoid inadvertent self-lockout of the operator during upgrade. The firewall has to be enabled manually after successful upgrade in /etc/ngcp-config/config.yml setting security.firewall.enable: ‘yes’. During upgrade the NGCP configuration framework will prepare a standard rule set ready to be used after successful upgrade. If iptables rules already exist on the system, those will be save to a customtt.tt2 and will persist until custom.tt2 and tt2 are merged. If a third-party firewall system is detected, the upgrade procedure will stop. To resume the upgrade, the situation needs to be consolidated (e.g. by removing the unsupported firewall subsystem and merging existing rules into the NGCP firewall subsystem). Notice: Make sure SSH access is correctly configured in /etc/ngcp-config/config.yml to allow SSH access after activating the firewall. Please read the handbook carefully for further instructions before activating the firewall subsystem. [TT#9717]
- [PRO/Carrier] The default rotate_days configuration for backuptools was decreased from 7 to 3 days to avoid disk space issues (if the configuration is already less than 7 days it will stay unmodified during upgrades) [TT#9816]
- sshd: in preparation for the upcoming Debian Stretch release upgrade of the underlying operating system, the protocol version 1 specific settings KeyRegenerationInterval, RSAAuthentication, RhostsRSAAuthentication + ServerKeyBits have been removed from the sshd_config (using their defaults now)
- Improved NGCP documentation style
- [CPBX] Implement Yealink CP860 and Grandstream GXW-4008 auto provisioning
- Migrate NGCP admin’s passwords to bcrypt and drop admin’s ssl client cert from DB, providing an API function to fetch PEM and P12 certificates. IMPORTANT: Due to migrating to bcypt hashing of admin and reseller passwords both on the admin panel and the API, password authentication via the API will take ~500ms for each request. It is highly advised to use ssl client certificate based authentication instead of passwords on the API for performance reasons!
Is mr5.2 LTS (long time supported) release?
No. Release mr5.2 will be out of support once build mr5.2.2 has been published.
How do I test-drive the new version?
- AMI ID for region us-east-1: ami-501c9146
- AMI ID for region us-west-2: ami-2359c843
- AMI ID for region us-west-1: ami-b9c19bd9
- AMI ID for region eu-central-1: ami-4d12c122
- AMI ID for region eu-west-1: ami-60a09806
- AMI ID for region ap-southeast-1: ami-5ada6439
- AMI ID for region ap-southeast-2: ami-f4262897
- AMI ID for region ap-northeast-1: ami-1877577f
- AMI ID for region sa-east-1: ami-2ddab941
Check the relevant section in SPCE Handbook for detailed instructions.
How do I install the new version or upgrade from an older one?
For new users, please follow the Installation Instructions in the Handbook to set up the SPCE mr5.2.1 from scratch.
For the users of the previous version of the SPCE, please follow the upgrade procedure outlined in the Handbook. If you have customized your configurations using customtt.tt2 files, you must migrate your changes to the new configuration files after the upgrade, otherwise all your calls will most certainly fail.
How can I contribute to the project?
Over the last months we’ve started to publish our software components at github.com/sipwise. This is still an on-going effort, which is done on a component-per-component basis. Please check back regularly for new projects to appear there, and feel free to fork them and send us pull requests. For development related questions, please subscribe to our SPCE-Dev Mailing-List at lists.sipwise.com/listinfo/spce-dev.
We want to thank our PRO customers and the SPCE community for their feedback, bug reports and feature suggestions to make this release happen. We hope you enjoy using the mr5.2.1 build and keep your input coming. A big thank you also to all the developers of Kamailio, Sems and Prosody, who make it possible for us to provide an innovative and future-proof SIP/XMPP engine as the core of our platform! And last but not least a HUGE thank you to the Sipwise development team, who worked insanely hard to create this release. You are awesome!