DigitalOcean, Floating IP and VoIP


DigitalOcean introduced Floating IPs in 2015 (here is a referral link for $100 credit), but I had not previously used them with VoIP. This post details my experience configuring a Floating IP for VoIP, specifically with Asterisk.

(Note: At the time of publishing, all IP addresses mentioned were released, and associated data was removed.)

Droplet and Floating IP Configuration

A Floating IP, 206.189.246.114, was assigned via the DigitalOcean console to a newly created Debian Linux Droplet. The IP addresses of the test Droplet were:

root@test:~# /sbin/ifconfig | grep -B 1 'inet '

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 206.189.20.174  netmask 255.255.240.0  broadcast 206.189.31.255
--
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.16.0.5  netmask 255.255.0.0  broadcast 10.16.255.255

SIP Configuration

For testing purposes, I installed Asterisk from the OS repository (apt-get install -yqq asterisk) and configured a SIP client to register to the Floating IP 206.189.246.114. As expected, this initial attempt was unsuccessful, with SIP packets not flowing correctly:

SIP registration failure with basic setup

Next, I updated sip.conf with typical settings for Asterisk behind NAT, utilizing externip (as described in the default sip.conf comments regarding externip, externhost, and externaddr):

externip=206.189.246.114
nat=force_rport,comedia

This yielded inconsistent results; in most cases, SIP registration still failed.

Inconsistent SIP registration with externip

A quick investigation of the SIP dump (revealing a third IP address) led me to change the SIP bind address in sip.conf to the Droplet’s private IP:

udpbindaddr=10.16.0.5
tcpenable=yes
tcpbindaddr=10.16.0.5
; ...
externip=206.189.246.114
nat=force_rport,comedia

Now, SIP registration and calls function correctly.

Successful SIP registration with private IP binding

Calls are also working as expected:

Successful call with private IP binding

Docker Setup

Let’s attempt to achieve the same result using Docker.

The configuration works if Asterisk inside the Docker container can bind to the same private IP address to which the Floating IP is pointed. This requires running the container with the --net=host option:

docker run -ti --rm \
  --net=host \
  --name asterisk \
  -v /etc/asterisk/sip.conf:/etc/asterisk/sip.conf \
  andrius/asterisk \
  asterisk -vvvddddc

Technically, this is sufficient for many use cases. However, an Asterisk container configured this way does not integrate well into a docker-compose development environment, as other containers will not be able to “see” it through Docker’s network bridging. I plan to investigate this further. Perhaps passing the NET_ADMIN capability or running the container in privileged mode would allow for the necessary iptables manipulations to resolve this.