diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index 862f26e..9aacded 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -52,6 +52,7 @@ loadmodule "rr.so"
 modparam("rr", "enable_full_lr", RR_FULL_LR)
 modparam("rr", "enable_double_rr", RR_DOUBLE_RR)
 modparam("rr", "force_send_socket", RR_FORCE_SOCKET)
+modparam("rr", "ignore_sips", 1)
 
 ######## Max-Forward processor module ########
 loadmodule "maxfwd.so"
@@ -116,9 +117,6 @@ include_file "db_KAMAILIO_DBMS.cfg"
 include_file "kazoo-bindings.cfg"
 
 ####### Role Configurations ##########
-#!ifdef AUTHORIZATION_ROLE
-include_file "authorization-role.cfg"
-#!endif
 #!ifdef DISPATCHER_ROLE
 include_file "dispatcher-role-MAJOR.cfg"
 #!endif
@@ -167,8 +165,8 @@ include_file "nodes-role.cfg"
 #!ifdef SIP_TRACE_ROLE
 include_file "sip_trace-role.cfg"
 #!endif
-#!ifdef KEEPALIVE_ROLE
-include_file "keepalive-role.cfg"
+#!ifdef SIP_TRACE_ALL_ROLE
+include_file "sip_trace_all-role.cfg"
 #!endif
 #!ifdef BLOCKER_ROLE
 include_file "blocker-role.cfg"
@@ -179,7 +177,7 @@ include_file "sanity.cfg"
 
 ## auth ##
 include_file "trusted.cfg"
-include_file "auth.cfg"
+include_file "authorization.cfg"
 
 ###### local route ######
 tcp_children = 5
@@ -224,14 +222,34 @@ route
     route(SIP_TRACE);
     #!endif
 
-    route_if_exists("CUSTOM_START_ROUTES");
-
     route(HANDLE_NOTIFY);
 
-    #!ifdef AUTHORIZATION_ROLE
-    route(AUTHORIZATION_CHECK);
+    #!ifdef REGISTRAR_ROLE
+    route(HANDLE_REGISTER);
     #!endif
 
+    route_if_exists("CUSTOM_START_ROUTES");
+
+    #!ifdef RESPONDER_ROLE
+    if (isflagset(FLAG_INTERNALLY_SOURCED)) {
+        route(HANDLE_RESPOND);
+    }
+    #!endif
+
+    if (!t_newtran()) {
+        xlog("L_ERROR", "$ci|log|failed to create transaction\n");
+        drop;
+        exit;
+    }
+
+    route(HANDLE_AUTHORIZATION);
+
+}
+
+route[MAIN]
+{
+	route(AUTHORIZATION);
+
     #!ifdef MESSAGE_ROLE
     route(HANDLE_MESSAGE);
     #!else
@@ -246,10 +264,6 @@ route
     route(HANDLE_PUBLISH);
     #!endif
 
-    #!ifdef REGISTRAR_ROLE
-    route(HANDLE_REGISTER);
-    #!endif
-
     route(HANDLE_REFER);
 
     route(HANDLE_IN_DIALOG_REQUESTS);
@@ -260,16 +274,7 @@ route
     route(PUSHER_ROUTE);
     #!endif
 
-    #!ifdef RESPONDER_ROLE
-    if (isflagset(FLAG_INTERNALLY_SOURCED)) {
-        route(HANDLE_RESPOND);
-    }
-    #!endif
-
-    route(AUTH);
-
     route(SETUP);
-
 }
 
 #!trydef KZ_LOG_REQUEST_OPTIONS 0
@@ -304,18 +309,15 @@ route[CHECK_RETRANS]
 
 route[CLASSIFY_SOURCE]
 {
-    #!ifdef DISPATCHER_ROLE
-    route(DISPATCHER_CLASSIFY_SOURCE);
-    #!endif
-
-    if (allow_source_address(TRUSTED_ADR_GROUP)) {
+    if (allow_source_address()) {
         xlog("$var(log_request_level)", "$ci|log|request from trusted IP\n");
         setflag(FLAG_TRUSTED_SOURCE);
+        return;
     }
 
-    if (isflagset(FLAG_INTERNALLY_SOURCED) || is_myself($si)) {
-        setflag(FLAG_TRUSTED_SOURCE);
-    }
+    #!ifdef DISPATCHER_ROLE
+    route(DISPATCHER_CLASSIFY_SOURCE);
+    #!endif
 
 }
 
@@ -384,10 +386,6 @@ route[HANDLE_NOTIFY]
            sl_send_reply("200", "Rawr!!");
         }
 
-        #!ifdef KEEPALIVE_ROLE
-        route(KEEPALIVE_ON_NOTIFY);
-        #!endif
-
     }
     exit;
 }
@@ -403,9 +401,13 @@ route[HANDLE_REFER]
     } else {
        $var(referred_by) = $_s(<sip:$Au>;created=true);
     }
-    $xavp(regcfg=>match_received) = $su;
-    if(registered("location", "$rz:$Au", 2, 1) == 1) {
-        $var(referred_by) = $_s($var(referred_by);endpoint_id=$(xavp(ulattrs=>token){re.subst,/(.*)@(.*)/\1/});account_id=$(xavp(ulattrs=>token){re.subst,/(.*)@(.*)/\2/}));
+
+    if(!isflagset(FLAG_INTERNALLY_SOURCED)) {
+      if(isflagset(FLAG_AUTHORIZED)) {
+         $var(referred_by) = $_s($var(referred_by);endpoint_id=$(xavp(ulattrs=>token){re.subst,/(.*)@(.*)/\1/});account_id=$(xavp(ulattrs=>token){re.subst,/(.*)@(.*)/\2/}));
+      }
+    } else {
+      record_route();
     }
 
     remove_hf_re("^Referred-By");
@@ -522,30 +524,19 @@ route[PREPARE_INITIAL_REQUESTS]
         #!endif
     }
 
-    record_route();
+    if(!isflagset(FLAG_INTERNALLY_SOURCED)) {
+        record_route();
+    }
+
 }
 
 route[SETUP]
 {
 
-    if($sel(cfg_get.kazoo.strict_auth) == 1 && $avp(auth_allowed) != "true") {
-        if(is_present_hf("Proxy-Authorization")) {
-            xlog("L_WARN", "$ci|auth|request denied\n");
-        } else {
-            xlog("L_INFO", "$ci|auth|challenging invite\n");
-            proxy_challenge("$td", "4");
-        }
-        exit;
-    }
-
     #!ifdef DISPATCHER_ROLE
     if (!isflagset(FLAG_INTERNALLY_SOURCED)) {
         route(DISPATCHER_FIND_ROUTES);
-    }
-    #!endif
-    
-    #!ifdef REGISTRAR_ROLE
-    if (isflagset(FLAG_INTERNALLY_SOURCED)) {
+    } else {
         route(ROUTE_TO_AOR);
     }
     #!endif
@@ -560,12 +551,11 @@ route[BRANCH_HEADERS]
     } else {
         remove_hf_re("^X-");
     }
-    
 }
 
 # Manage outgoing branches
 branch_route[MANAGE_BRANCH] {
-    xlog("L_DEBUG", "$ci|branch|new branch [$T_branch_idx] to $ru => $du\n");
+    xlog("L_INFO", "$ci|branch|new branch [$T_branch_idx] to $ru\n");
     #!ifdef NAT_TRAVERSAL_ROLE
     route(NAT_MANAGE);
     #!endif
@@ -576,13 +566,19 @@ branch_route[MANAGE_BRANCH] {
 
 route[RELAY]
 {
-    if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE|NOTIFY")) {
+    if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE|NOTIFY|CANCEL")) {
         if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
     }
 
     if (isflagset(FLAG_INTERNALLY_SOURCED)) {
+        xlog("L_DEBUG", "$ci|relay|internal to external\n");
+        if(!isflagset(FLAG_RECORD_ROUTE_ADDED) && !has_totag()) {
+           xlog("L_DEBUG", "$ci|relay|adding record route\n");
+           record_route();
+        }
         route(INTERNAL_TO_EXTERNAL_RELAY);
     } else {
+        xlog("L_DEBUG", "$ci|relay|external to internal\n");
         route(EXTERNAL_TO_INTERNAL_RELAY);
     }
 
@@ -653,9 +649,7 @@ onreply_route[EXTERNAL_REPLY]
     }
 
     #!ifdef NAT_TRAVERSAL_ROLE
-    if(status=~"[12][0-9][0-9]") {
-        route(NAT_MANAGE);
-    }
+    route(NAT_MANAGE);
     #!endif
 
     #!ifdef ACL_ROLE
@@ -705,9 +699,7 @@ onreply_route[INTERNAL_REPLY]
     }
 
     #!ifdef NAT_TRAVERSAL_ROLE
-    if(status=~"[12][0-9][0-9]") {
-        route(NAT_MANAGE);
-    }
+    route(NAT_MANAGE);
     #!endif
 
     #!ifdef ACL_ROLE
@@ -720,10 +712,7 @@ onreply_route[INTERNAL_REPLY]
     route(DOS_PREVENTION);
     #!endif
 
-    if (is_method("INVITE") &&
-        !isflagset(FLAG_SESSION_PROGRESS) &&
-        t_check_status("(180)|(183)|(200)")
-        ) {
+    if (is_method("INVITE") && t_check_status("(180)|(183)|(200)")) {
         xlog("L_INFO", "$ci|log|call setup, now ignoring abnormal termination\n");
         setflag(FLAG_SESSION_PROGRESS);
     }
@@ -768,7 +757,7 @@ failure_route[INTERNAL_FAULT]
         xlog("L_INFO", "$ci|failure|ignoring failure after session progress\n");
     } else if (t_check_status("403") && $T_reply_reason=="Forbidden") {
         xlog("L_WARNING", "$ci|failure|Failed auth from IP $si\n");
-    } else if (t_check_status("(401)|(407)|(486)")) {
+    } else if (t_check_status("(401)|(486)")) {
         xlog("L_INFO", "$ci|failure|auth reply $T_reply_code $T_reply_reason\n");
     } else if (t_check_status("402")) {
         xlog("L_INFO", "$ci|failure|overriding reply code 402 with 486\n");
@@ -825,11 +814,11 @@ onsend_route {
 route[ROUTE_TO_AOR]
 {
     if ($hdr(X-KAZOO-AOR) == $null) {
+       xlog("L_DEBUG", "$ci|aor|not aor\n");
        return;
     }
 
     xlog("L_INFO", "$ci|log|using AOR $hdr(X-KAZOO-AOR)\n");
-    set_forward_no_connect();
     if ($hdr(X-KAZOO-INVITE-FORMAT) == "contact") {
        if(lookup("location", "$hdr(X-KAZOO-AOR)") > 0){
           xlog("L_INFO", "$ci|end|routing to contact $ru\n");