DigitalOcean introduced Floating IPs in 2015 (here is a referral link for $100 credit), but I had not previously used them with VoIP. This post details my experience configuring a Floating IP for VoIP, specifically with Asterisk.
(Note: At the time of publishing, all IP addresses mentioned were released, and associated data was removed.)
Droplet and Floating IP Configuration
A Floating IP, 206.189.246.114
, was assigned via the DigitalOcean console to a newly created Debian Linux Droplet. The IP addresses of the test Droplet were:
root@test:~# /sbin/ifconfig | grep -B 1 'inet '
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 206.189.20.174 netmask 255.255.240.0 broadcast 206.189.31.255
--
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.16.0.5 netmask 255.255.0.0 broadcast 10.16.255.255
SIP Configuration
For testing purposes, I installed Asterisk from the OS repository (apt-get install -yqq asterisk
) and configured a SIP client to register to the Floating IP 206.189.246.114
. As expected, this initial attempt was unsuccessful, with SIP packets not flowing correctly:
Next, I updated sip.conf
with typical settings for Asterisk behind NAT, utilizing externip
(as described in the default sip.conf
comments regarding externip
, externhost
, and externaddr
):
externip=206.189.246.114
nat=force_rport,comedia
This yielded inconsistent results; in most cases, SIP registration still failed.
A quick investigation of the SIP dump (revealing a third IP address) led me to change the SIP bind address in sip.conf
to the Droplet’s private IP:
udpbindaddr=10.16.0.5
tcpenable=yes
tcpbindaddr=10.16.0.5
; ...
externip=206.189.246.114
nat=force_rport,comedia
Now, SIP registration and calls function correctly.
Calls are also working as expected:
Docker Setup
Let’s attempt to achieve the same result using Docker.
The configuration works if Asterisk inside the Docker container can bind to the same private IP address to which the Floating IP is pointed. This requires running the container with the --net=host
option:
docker run -ti --rm \
--net=host \
--name asterisk \
-v /etc/asterisk/sip.conf:/etc/asterisk/sip.conf \
andrius/asterisk \
asterisk -vvvddddc
Technically, this is sufficient for many use cases. However, an Asterisk container configured this way does not integrate well into a docker-compose
development environment, as other containers will not be able to “see” it through Docker’s network bridging. I plan to investigate this further. Perhaps passing the NET_ADMIN
capability or running the container in privileged mode would allow for the necessary iptables
manipulations to resolve this.