Technical White Paper for Traversal of Huawei Videoconferencing Systems Between Private and Public Networks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Technical White Paper for Traversal of Huawei Videoconferencing Systems Between Private and Public Networks"

Transcription

1 Technical White Paper for Traversal of Huawei Videoconferencing Systems Between Private and Public Networks Huawei Technologies Co., Ltd. All rights reserved.

2 Contents Contents 1 Overview H Firewall Concept Basic Functions Packet Filtering Proxy Service State Inspection NAT Concept NAT Implementation Static NAT Dynamic NAT NAPT SBC Concept Implementation Principles for the Proxy Solution Basic Principles for Implementing NAT Traversal in the Proxy Solution Difference Between the Proxy and NAT H Concept Implementation Mode Signaling Interworking Process Interworking Process of Media Streams Problems and Current Situation of Traversal Problems Enabling Ports on the Firewall Address Translation for H.323 Packets HTTP Proxy Server Mode Current Situation i

3 Contents Static NAT NAT Device Supporting H Traversal Using H.323 Proxy Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Traversal Using SNP Implementation Principle Networking Applications Firewall Traversal in Static NAT Mode Network Topology Implementation Principle Solution Analysis FW/NAT Devices (Eudemon) Supporting Transparent H.323 Transmission Network Topology Implementation Principle Solution Analysis Traversal by Adding Proxy (SE2000) Proxy Mode UDP Tunnel Traversal Mode Solution Analysis Interworking Between Private Networks by Adding VP 8520 MG Devices Network Topology Implementation Principle Solution Analysis Interworking Between Private Networks Using Existing MCU Devices Network Topology Implementation Principle Solution Analysis Traversal by Adding the H.460 GK Server Function Network Topology Implementation Principle Solution Comparison and Proposals ii

4 1 Overview 1 Overview Network address translation (NAT)/Firewall devices are configured in the egress of the Intranet to resolve the IPv4 address shortage problem and network security problem. During the deployment of videoconferencing services, the IP addresses in the signaling protocol are private addresses because the media stream addresses in the H.323 protocol are dynamically negotiated in the signaling protocol. Private addresses cannot be routed on a public network. In this case, the IP addresses in the signaling protocol must be translated. However, many NAT/firewall devices do not support address translation, leading to difficulty in deploying videoconferencing services. Therefore, the NAT/firewall traversal must be implemented. At present, multiple solutions for NAT traversal are available, for example, application layer gateway (ALG), simple traversal of UDP through NAT (STUN), Middlebox communications (MIDCOM), session border controller (SBC) proxy, supper network passport (SNP), tunnel, and H.460. As a leading network solution provider, Huawei implements the NAT traversal for videoconferencing by using the ALG (Eudemon firewall), SNP, SE2000, MG8520, MCU supporting the video firewall function, and gatekeeper (GK) supporting H

5 2 H H.323 Most videoconferencing systems currently use the H.323 protocol suite (including H.225, H.245, and Q.931) specified by the International Telecommunications Union (ITU) Telecommunication Standardization Sector (ITU-T). H.323 is defined early and has found wide commercial application. For example, Microsoft Corporation's NetMeeting uses the mature H.323 protocol; telecom enterprises in China usually use the H.323 protocol during the implementation of voice over Internet Protocol (VoIP). H.323 defines a protocol set for flexible, real-time, and interactive multimedia communication on a packet based network (PBN). H.323 describes the protocols and devices that provide multimedia communication services (including real-time audio and data communication) on PBNs without QoS guarantee. H.323 defines four types of components: terminal, gateway, GK, and multipoint control unit (MCU). H.323 is a major protocol for video communication. H.323 networks include terminals, gateways, GKs, and MCUs. The functions of gateways, GKs, and MCUs are as follows: GKs monitor all H.323 calls in its area on the local area network (LAN). The GK provides two major services: call admission and address resolution. All H.323 clients in the area of the GK originate calls at the assistance of the GK. In addition, the GK determines whether a call is allowed based on the current available bandwidth. Gateways provide the capability of operations between heterogeneous networks. For example, a gateway must be configured between a PSN and a telephone network to translate protocols and data. MCUs provide the multimedia conferencing capability for multiple participants. MCUs coordinate the media communication capability of all participants and provide audio mixing and video selection for endpoints. This document describes the H.323 communication process using the point-to-point H.323 communication as an example. A and B are two endpoints of H.323 communication. Endpoint A is located outside the firewall, and endpoint B is located inside the firewall. Figure 2-1 shows the H.323 communication process. 2

6 2 H.323 Figure 2-1 H.323 communication process A Setup(openlogicalchannel) B CallProceeding Alerting Q.931 OVER TCP Connect(H.245 Address) Capability exchange Master-slave determination OpenLogicalChannel(RTCP Address) OpenLogicalChannelAck(RTCP&RTP Address) Rtcp Stream Rtp Stream H.245 OVER TCP RTP OVER UDP The process is as follows: 1. A connection is established from endpoint A to the well-known H.323 port (1720) of endpoint B. 2. Endpoint B and endpoint A transmit Q.931 packets on this connection. Endpoint B sends packets containing dynamic ports used for establishing an H.245 connection (that is, the H.245 Address field carried by the CONNECT packet) to endpoint A. 3. Endpoint A establishes an H.245 connection in the temporary ports negotiated in the Q.931 code stream. H.245 processes the negotiation of all call parameters, for example, the encoding and decoding algorithms. After negotiation, the H.245 session starts the OpenLogicalChannel process. This process negotiates the Real-Time Transport Protocol (RTP) and Real-Time Transport Control Protocol (RTCP) addresses (that is, the RTP Address field and the RTCP&RTP Address field carried by the OpenLogicalChannel and OpenLogicalChannelAck packets respectively) used for transmitting specified media streams (such as audio or video). 4. Media streams can be transmitted between the two endpoints until the session is complete. 3

7 3 Firewall 3 Firewall 3.1 Concept A firewall prevents unauthorized or un-verified accesses of the Internet from the protected network, and allows users in the internal network to visit web pages or receiving and sending s on the Internet. A firewall can be used as a permission control unit for Internet access. For example, a firewall allows specific persons in an organization to visit the Internet. Now many firewalls have other features, such as identification authentication, and information security (encryption) processing. Figure 3-1 shows the position of the firewall. Figure 3-1 Position of the firewall Internet Firewall Ethernet PC PC PC PC Server Firewalls are used for not only connecting to the Internet, but also protecting important devices and important resources (data) in an organization. Access to protected data must be filtered by firewalls, even though the access is from inside of the organization. When an external user accesses the resources on an Intranet, the firewall attempts to authenticate the access. When a user on the Intranet accesses external resources, the firewall 4

8 3 Firewall also attempts to authenticate the access. Therefore, a firewall is a guide, which can discard packets that are prohibited. 3.2 Basic Functions Packet Filtering Proxy Service State Inspection Packet filtering refers to the method for filtering IP packet headers. The firewall determines whether to allow the pass of a packet by detecting the IP packet header including the TCP or UDP packet header. You can define to allow or prohibit the pass of packets with the source address or destination address of X, define to allow or prohibit the pass of packets of certain ports, or define criteria based on the two filtering policies. Packet filtering costs much manpower during firewall configurations. Configuration methods vary with firewalls. Certain firewalls are configured by using command lines, and certain by using graphical interfaces. However, the contents are similar, which can be reflected as follows: permit/prohibit Source address Destination address Protocol (tcp/udp) Port (Destination port) For example, permit host udp In the preceding example, only three of the four consecutive factors (source address, source port, destination address, and destination port) are available, because most source ports are randomly allocated during connection establishment. Therefore, the firewall does not filter packets based on source ports. For a packet to be forwarded by a router, the firewall performs the following processing: Obtains the information about the packet header, including the protocol number of the upper-layer protocol carried by the IP layer, the source address, destination address, source port, and destination port of the packet. Compares the obtained information with the configured rules. Forwards or discards the packet based on the comparison result. Firewalls are configured with the proxy function. Certain firewalls implement the application-layer proxy (similar to the web proxy), and certain firewalls are configured with the common NAT or port address translation (NAPT). Although most firewalls are configured with the NAT or NAPT function, a firewall does not necessarily implement the NAT function. When people say that a device is located behind a firewall, NAT translation may not be performed. State inspection means that firewalls filter packets not only based on the application-layer information, but also based on the protocol at layers upper than layer four. The state inspection is called application specific packet filter (ASPF) or context-based access control (CBAC). 5

9 3 Firewall At present, most firewalls provide the state inspection function. For example, if you want an FTP server in the firewall to provide external services, enable port 21 that supports TCP because other port ares dynamically enabled in the FTP session. 6

10 4 NAT 4 NAT 4.1 Concept With the widely use of IP networks, more and more devices run TCP/IP. As a result, IPv4 addresses are seriously insufficient. NAT is used to implement the translation between private addresses and public addresses. A private address refers to a host address inside a network (inside the LAN), and a public address refers to an external address of the LAN (the globally unique IP address on the Internet). Internet Corporation for Assigned Names and Numbers (ICANN) specifies the following three network segments as private addresses: That is, the addresses in the three network segments are not allocated on the Internet; however, the addresses can be used inside an enterprise (LAN). 4.2 Implementation Static NAT Static NAT refers to translating private addresses into Internet addresses in one-to-one mode. An address on a private network is always translated to a fixed Internet address. Figure 4-1 shows the translation in static NAT mode. 7

11 4 NAT Figure 4-1 Translation in static NAT mode Dynamic NAT Private addresses , , and are translated to , , and respectively. In static NAT mode, source addresses change whereas source ports do not change. In addition, the address mapping relationship is fixed. Dynamic NAT refers to translating multiple private addresses to multiple public addresses; however, the address mapping relationship is not fixed and a private address may be translated to another public address the next time. These public addresses are usually called NAT pool. Figure 4-2 shows the translation in dynamic NAT mode. Figure 4-2 Translation in dynamic NAT mode The public address pool is available. Private addresses , , and are translated to the addresses in the public address pool. In dynamic NAT mode, source addresses change whereas source ports do not change. In addition, the address mapping relationship changes. 8

12 4 NAT NAPT NAPT, also known as NAT overloading, refers to translating multiple private addresses to a public address with different source ports. The ports are used to differentiate connections. Figure 4-3 shows the translation in NAPT mode. Figure 4-3 Translation in NAPT mode Private addresses , , and are mapped to the public address Communication connections are differentiated by using port numbers. In NAPT mode, source addresses and source ports change. In addition, the address mapping relationship and port mapping relationship change. 9

13 5 SBC 5 SBC 5.1 Concept An SBC is a gateway that is based on the proxy solution and support IP services. The SBC provides the proxy for signaling and media steams (the SBC supports H.323 and can parse and process H.323 packets for H.323-based videoconferencing services). The SBC processes all call packets and media streams, forwards the packets and media streams in a specified direction, and re-assigns receiving addresses and ports of users on the internal network/external network. The SBC implements the address translation between network domains, including the translation between private and public addresses in the NAT environment. In conjunction with GKs and MCUs, the SBC provides the functions required for the deployment of videoconferencing services, such as NAT traversal, security, QoS, and connectivity. As a convergence-layer device, the SBC provides functions such as security protection, QoS assurance, and terminal access management for important devices. 5.2 Implementation Principles for the Proxy Solution Figure 5-1 shows the basic principles for the proxy solution. Figure 5-1 Basic principles for the proxy solution Application layer Application layer Application layer Transport layer Transport layer Transport layer Network layer Network layer Network layer Data link layer Physical layer Data link layer Physical layer Data link layer Physical layer Network user Proxy server Destination server 10

14 5 SBC Usually the proxy operates at the application layer and processes specific application protocols. When a client accesses the destination server using the proxy, the communication process is as follows: 1. The client communicates with the proxy. The proxy receives data sent from the client and processes the data. 2. The proxy sends the processed data to the destination server. When the destination server returns data to the client, the communication process is as follows: 3. The destination server returns data to the proxy. 4. The proxy sends the data to the client. That is, the proxy is always the device that the client and the destination server can directly communicate with. 5.3 Basic Principles for Implementing NAT Traversal in the Proxy Solution Based on the implementation principle for the proxy solution, if the proxy is placed in the position of the NAT device, the user and the proxy are located on the same network and the destination server and the proxy are located on the same network. In this way, the NAT traversal is implemented using the proxy (processing related service data). As shown in Figure 5-2, the SBC (proxy) is located in the boundary served by the public network and the private network (that is, the position of the NAT device); terminals are located on the private network; the MCU and the GK are located on the public network. Figure 5-2 shows the networking for implementing NAT traversal using the proxy. Figure 5-2 Networking for implementing NAT traversal using the proxy Terminal 1 Terminal 2 11

15 5 SBC In H.323-based videoconferencing services, the processing process of the proxy is as follows: 1. Terminals are registered with the GK using the proxy. Note that according to the basic principles of the proxy, the actual GK address configured on terminals is the SBC (proxy) address and the actual terminal address displayed on the GK is the SBC (proxy) address. 2. When a terminal on the private network places a call to the MCU, the call reaches the proxy according to H.323. The proxy parses the call signaling. The proxy parses and processes the address and port of the audio and video media streams (that is, RTP/RTCP) carried in the call signaling as follows: The proxy records the RTP/RTCP address and port number of the terminal on the private network. The proxy changes the RTP/RTCP private address to a public IP address of the proxy and changes the port of the media stream to the external port allocated on the proxy. The proxy maps the RTP/RTCP address/port on the private network to the RTP/RTCP address/port on the public network of the proxy. The proxy sends the call signaling to the MCU. 3. The MCU receives the call signaling that carries the proxy address reflecting the address and port of the audio and video media stream. 4. After signaling processing, the terminal on the private network sends media streams to the proxy. The proxy sends the media streams to the MCU based on the RTP/RTCP address mapping relationship. In the same way, the MCU sends media streams to the terminal on the private network by using the proxy. In this way, the NAT traversal using the proxy is completed. The SBC (proxy) can be used with the tunnel technology to further improve the solution for NAT traversal. Figure 5-3 shows the typical networking for implementing NAT traversal using the proxy and the tunnel technology. Figure 5-3 Typical networking for implementing NAT traversal using the proxy and the tunnel technology Terminal 1 Terminal 2 12

16 5 SBC 5.4 Difference Between the Proxy and NAT The proxy and NAT devices are placed in the same position; however, the implementation principles are different. 1. The NAT device operates at the network layer and implements the translation of IP addresses and port numbers. The proxy operates at the application layer and must support specific application protocols, for example, H The NAT device is transparent in the actual application. For example, video terminals cannot detect the NAT device. The proxy device is not transparent in the actual application. Video terminals must know the address of the proxy device. On terminals, the GK IP address must be configured as the proxy IP address. 3. For users, the proxy is configured with the NAT function. 13

17 6 H H Concept H.460 is a firewall/nat traversal standard approved by ITU and includes H (defined by Tandberg) and H (defined by Radvision). H is responsible for the traversal of H.323 call signaling, and H is responsible for the traversal of media data. H.460 is a series of extensions to the functions of the H.323 protocol stack and helps H.323 calls to traverse the firewall/nat without changing ANS.1 descriptions in H.225. Before the emergence of H.460, the H.323-based modem over IP (MoIP) applications traverse network boundaries. Enterprises have their own firewall/nat traversal solutions, which are incompatible with each other. Therefore, IP communication between enterprises is difficult. H.460 resolves the compatibility problem. IP communication between enterprises is easy due to unified standards. Wide selection space, flexible deployment solutions, and low investment and maintenance cost are provided for network service providers of MoIP applications and users of MoIP services. 6.2 Implementation H.460 implements the multi-boundary traversal and simplifies the network interconnection of MoIP applications, without changing the original firewall/nat. H.460 must be implemented on the client and server. The client is placed on the internal network of the firewall. The client can be a standalone device or be integrated into standard H.323 terminals. The client serves as a proxy that is responsible for sending the registration and call signaling of H.323 terminals on the internal network to the server on the external network. In addition, the client establishes and maintains a signaling and control channel to the server. The server is placed on the public network outside the firewall. The server can be located on the demilitarized zone (DMZ) of the Intranet or the networks of the service provider. The server serves as the GK proxy that is responsible for forwarding registration and call signaling (sent from the client) to the central GK. 14

18 6 H Signaling Interworking Process Figure 6-1 shows the signaling interworking process. Figure 6-1 Signaling interworking process Terminal on the private network Terminal on the public network Standard SCI message A notification message informing the private network of a call from the public network and requesting the private network to establish a TCP channel Standard SCR message I have got the message. I will establish a TCP channel Establishing the TCP connection for the calling channel ARQ message for placing a call to the private network Standard ACF message The TS receives the message. The TS sends a TS calling address. You can place a call to me. SETUP message for placing a call to the TS Standard Facility message A TCP connection has been established. You can call me now. SETUP message for placing a call to the private network CONNECT message of the private network Standard Facility message CONNECT message of the TS I tell you an H.245 address. You establish an H.245 TCP channel based on the H.245 address. Establishing the H.245 TCP connection H.245 indication message The terminal on the private network notifies the TS that the H.245 channel is based on a certain call. TCS and MSD of the TS and public network TCS and MSD of the TS and private network Huawei implements calls between private and public networks according to H.460. TCP channels for calls are established by terminals on the private network. Terminals on private and public networks adopt standard H.323 call signaling. 15

19 6 H Interworking Process of Media Streams Figure 6-2 shows the interworking process of media streams. Figure 6-2 Interworking process of media streams Terminal on the private network NAT/NAPT Terminal on the public network OLC message for enabling the logic channel from the public network to the private network The message contains the keepalive field, keepalive port, and keepalive duration. RTP keepalive code streams The code streams are sent from the port of the terminal on the private network to the port of the terminal on the public network. Media code streams from the public network to the private network Keepalive duration RTP keepalive code streams The code streams are sent from the port of the terminal on the private network to the port of the terminal on the public network. RR and SR packets of the RTCP from the private network to the public network RR and SR packets of the RTCP from the public network to the private network A port for code streams between the public network and the private network is established by using H.460 keepalive packets, and the port is maintained by subsequent timing keepalive packets. 16

20 7 Problems and Current Situation of Traversal Between Private and Public Networks 7 Problems and Current Situation of Traversal 7.1 Problems This section describes the problems faced by users in LAN access mode if they expect to deploy videoconferencing services Enabling Ports on the Firewall Firewalls are configured with the packet filtering and state inspection functions. Therefore, when the firewall on the user side accesses the configurations, other ports are disabled except well-known ports required for providing Intranet services (such as HTTP port 80). This ensures the network security. For video communication, firewalls must support H.323. If the firewall supports H.323, you must enable the support of the firewall for H.323. When the firewall receives a call from the public network, the firewall dynamically enables ports required for H.323 communication. After the call is complete (the firewall can automatically discover the completion using the H.323 signaling), the firewall automatically disables all ports that are dynamically enabled during the call. This ensures the network security and hackers cannot attack the network. If the firewall does not support H.323, the following service ports must be enabled on the firewall to ensure that media streams can be transmitted to the network: RAS registration signaling: based on UDP and requires port Q.931 call signaling: based on TCP and requires port H.245 control signaling: based on TCP and requires ports ranging from port 1320 to port For IP voice and video media streams, many other ports must be enabled to receive call control information used for establishing voice and video channels. These ports are dynamically allocated. That is, network administrators have to enable all ports on the firewall for audio and video communication. In this case, the firewall is meaningless. Few enterprises enable all ports on their firewalls due to the network security. 17

21 7 Problems and Current Situation of Traversal Between Private and Public Networks Address Translation for H.323 Packets On a private network, the access of common services is implemented by firewalls. However, the structure of H.323 IP packets in videoconferencing applications is different from that in other applications. In H.323 IP packets, the IP addresses contained in the packet header and the packet body must be translated. If a firewall supports H.323, the firewall automatically translates the addresses contained in H.323 packets. However, most firewalls do not fully support H.323 in the actual application, leading to H.323 communication problems after the H.323 function of the firewall is enabled HTTP Proxy Server Mode Certain LANs provide Internet access services using only the HTTP proxy server. The HTTP proxy uses the buffer technology to store HTTP web pages. The limitations are as follows: The real-time storage is inapplicable. The TCP connection between internal and external networks is not supported. Transmission of UDP packets is not supported. These limitations affect the transmission of H.323 packets. Therefore, an enterprise is advised to use the direct router configuring with NAT access mode and configure firewall devices (such as NetScreen, Checkpoint, and Huawei Eudemon) on the internal network side of the egress router to implement IP videoconferencing services. 7.2 Current Situation Static NAT The preceding problems challenge the traversal between private and public networks in H.323 video communication. This section describes the common methods in the industry. When there is only a small number of video terminals on the private network and the corresponding public addresses can be provided, the static NAT mode is available. Based on the static NAT, IP addresses of terminals on the private network are mapped to public addresses in one-to-one mode. 1. Application scope Terminals on the private network can interwork with terminals on the public network, and terminals on a private network can interwork with terminals on another private network. 2. Limitations and requirements The limitations and requirements are as follows: Terminals support static NAT. The number of IP addresses in the public address pool of the firewall is larger than or equal to the total number of terminals on the private network That is, a large number of public addresses must be used for a private network using videoconferencing services. The firewall must be configured as follows: IP addresses of terminals on the private network are mapped to public addresses in one-to-one mode. 18

22 7 Problems and Current Situation of Traversal Between Private and Public Networks The related ports of public IP addresses that have been mapped to private address must be enabled NAT Device Supporting H.323 A large number of networks on the user side use the dynamic NAT or NAPT mode. In this networking mode, the use of common NAT devices will cause problems when a terminal on the private network places a call to a terminal on the public network or a terminal on the private network places a call to a terminal on the public network. Terminal 2 RTP transmitting port RTP receiving port RTP receiving port Common NAT device Terminal 1 RTP transmitting port (port 1) Public network Private network 1. A terminal on the private network places a call to a terminal on the public network. The terminal on the private network can obtain the IP address of the terminal on the public network from the GK. However, the RTP receiving port is configured in a place whereas the transmitting port is configured in other place on the terminals due to limitations of H.323 for video and audio RTP code streams. In this case, the terminal on the public network (public IP address) can receive RTP code streams sent by the terminal on the private network; however, the RTP code streams sent by the terminal on the public network cannot pass the NAT device because the NAT device does not translate the IP address. In this case, one-way audio occurs. 2. A terminal on the public network places a call to a terminal on the private network. The address of the call is the public address mapped to the address of the terminal on the private network. The NAT device does not support the translation for H.323. Therefore, the call cannot be established. Conclusion: If two terminals are located inside the firewall and outside the firewall respectively and the firewall is configured with a common NAT, one-way audio occurs for calls from the terminal on the private network to the terminal on the public network and calls from the terminal on the public network to the terminal on the private network cannot be established. Huawei Eudemon supports dynamic NAT for H.323 and can translate H.323 IP code streams. The advantages are as follows: Terminals on the LAN of the enterprise serve as terminals on the public network. In this way, terminals inside the enterprise can interwork with external terminals. The network security is ensured. The network structure with parallel or series connections does not affect the original network security structure. 19

23 7 Problems and Current Situation of Traversal Between Private and Public Networks Traversal Using H.323 Proxy At present, free H.323 proxy software is available on the Internet. That is, a PC is used as the proxy device in the egress of the firewall. In this mode, an H.323 proxy must be configured outside each firewall and the proxy must be configured with the public IP address, as shown in Figure 7-1. Figure 7-1 Traversal between private and public networks using H.323 proxy Operation support system Private network Convergence layer Private network Private network On the firewall, configurations must be performed to allow the proxy to communicate with the external. The proxy must know the public addresses of other proxies, and can determine the proxy that manages the terminal based on the broadband number of the terminal. To improve the private network security, the private network side of the proxy device can be configured as limited known port numbers. On the private network, the H.323 entity and the proxy communicates by using the known ports. The H.323 proxy can be used to resolve the NAT translation problem; however, the H.323 proxy brings the following problems: 1. Each private network must be configured with an H.323 proxy. Proxies are located on user networks. Therefore, telecom operators cannot maintain proxies. 2. All H.323 proxies must be configured with public addresses and must know the public addresses of other proxies. This brings difficulties to telecom operators and the operation cannot be performed. 3. Usually common PCs serve as H.323 proxies and audio and video code streams pass the H.323 proxy simultaneously. In this case, the transmission of code streams may be delayed on the proxy and affected by the PC performance. 20

24 7 Problems and Current Situation of Traversal Between Private and Public Networks 4. H.323 proxies use PC systems. Therefore, H.323 proxies are vulnerable to attacks from virus and hackers. In addition, the system is weak due to security weakness of the Windows system. 21

25 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks 8.1 Traversal Using SNP Huawei uses the super network passport (SNP) technology to implement the traversal between private and public networks without deploying additional network devices Implementation Principle Figure 8-1 shows the implementation principle of traversal using SNP. Figure 8-1 Implementation principle of traversal using SNP Private Network 1 Public Network 1 Terminal Terminal F W N A T Public IP Network Terminal Terminal FW MCU GK Normal call Service Provider Redirected call Redirected code stream 22

26 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Basic principle Terminals on private and public networks communicate with each other as required by the protocol. When a terminal on the private network places a call to a terminal on the public network and the call is established, the terminal on the public network can properly receive the RTP code stream from the terminal on the private network. However, the terminal on the private network cannot receive the RTP code stream from the terminal on the public network within a certain period. During this period, the terminal on the private network sends a request for private communication from the public network by using a proprietary protocol. The network devices process the request and redirect the code stream establishment process. In this way, the media stream communication process between the private and public networks is established Networking Applications Point-to-point networking without a GK Figure 8-2 shows the point-to-point networking without a GK. Figure 8-2 Point-to-point networking without a GK Terminal C Public network Firewire Terminal A Private network Solution The SNP technology enables terminal A on the private network to call terminal C on the public network through the IP address. In this way, no change to terminals and networks is required (some communication ports specified in the protocol must be enabled in the case of firewalls with a high security level). Point-to-point networking with a GK Figure 8-3 shows the point-to-point networking with a GK. Figure 8-3 Point-to-point networking with a GK Terminal C Firewire GK Public network Terminal A Private network Solution Terminals on both private network and public- network register with the GK using the SNP technology. In this way, the terminal on the private network can resister with the GK on the public network, and terminals A and C can call each other without obstruction. In addition, no change to the terminals and networks is required. 23

27 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Networking with one private network and two public networks Figure 8-4 shows the networking with one private network and two public networks. Figure 8-4 Networking with one private network and two public networks Terminal D Public network Terminal C Firewire GK MCU Public network Terminal A Terminal B Private network Solution The point-to-point communications between terminals on private and public networks can be implemented using the SNP technology. That is, the point-to-point communications between terminals A &B and terminal C, and that between terminal D and terminal C. In this way, a conference with the participation of terminals from multiple private and public networks can be held using the Multipoint Control Unit (MCU). This solution applies to operation networks. Networking with two private networks and one public network Figure 8-5 shows the networking with two private networks and one public network. Figure 8-5 Networking with two private networks and one public network Terminal D Private network Eudemon1 Firewire Terminal C GK MCU Public network Firewire Eudemon2 Terminal A Terminal B Private network 24

28 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Solution Due to restrictions on direct routing between private networks, point-to-point calls between terminals on different private networks cannot be implemented using the SNP technology (can be implemented using the MCU). In this case, the Eudemon device can be added in the networking, and such a networking solution is regarded as a standard IP address operation solution. In this networking mode, Eudemon 1 can serve as a standby device. When the terminal D communicates with terminals A and B, Eudemon 1 is not required. When the terminal D communicates with other terminals on the same private network and there is no Eudemon device on the egress of the private network, Eudemon 1 must be used. With this solution, any terminals can communicate with each other and participate in a multipoint conference held using the MCU. In addition, the Eudemon device can serve as a firewall if no firewall is available. Therefore, the networking becomes simpler and more cost-effective. 8.2 Firewall Traversal in Static NAT Mode If the FW/NAT cannot identify H.323, terminals can be connected to the network in static NAT mode Network Topology Figure 8-6 shows the network topology in static NAT mode. Figure 8-6 Network topology in static NAT mode 25

29 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Implementation Principle In both routers, the IP addresses of terminals on private networks are translated to the public network address, and settings related to static mapping are performed for ports TCP and UDP. In this way, point-to-point calls between terminals can be implemented, and multipoint conferences between different private networks can be held. Huawei video terminals support static NAT. With this function, terminals can be easily connected to public networks to participate in video conferences Solution Analysis Advantages: This solution can be easily implemented by modifying the configuration without adding a peripheral device. Disadvantages: The network configuration is complex, and a variety of network devices must be configured on each private network. Generally, the public network interface of a router must have multiple public IP addresses. When there is only one public IP address, only one terminal on the private network can be connected to the public network. As a result, other terminals on the private network cannot be connected to the public network. 8.3 FW/NAT Devices (Eudemon) Supporting Transparent H.323 Transmission In NAT or NAPT mode, the traversal problem between private and public networks can be resolved if firewall devices (for example, Huawei Eudemon series firewalls) can support H.323. In addition, terminals from different private networks can participate in video conferences. Huawei video terminals closely cooperate with Eudemon devices to implement all videoconferencing functions, which resolve all traversal problems between private networks Network Topology Figure 8-7 shows the network topology of FW/NAT devices (Eudemon) supporting transparent H.323 transmission. 26

30 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Figure 8-7 Network topology of FW/NAT devices (Eudemon) supporting transparent H.323 transmission Public network Private network Private network Implementation Principle The Eudemon firewall works at a protocol layer higher than layer 3 and can understand H.323. In addition, The Eudemon firewall performs direct protocol translation for IP code streams of H.323. In this way, terminals on an Intranet can work in the same way as terminals on a public network, and can communicate with external terminals without obstruction. Figure 8-8 shows the implementation principle of Eudemon supporting transparent H.323 transmission. Figure 8-8 Implementation principle of Eudemon supporting transparent H.323 transmission Eudemon records terminal information. Eudemon forwards call signaling and modifies related address information in the signaling based on the recorded terminal information. Eudemon forwards media streams based on the recorded call information. Public network Private network 27

31 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks If a firewall device is already configured on the customer premises network, a Eudemon device can also be added to serve as an H.323 gateway and support H.323. In this case, the Eudemon gateway only performs protocol translation for the IP code streams of the H.323 protocol, and other Internet access services, such as HTTP and FTP services, are not affected. When a non-h.323 IP packet is identified, the Eudemon gateway automatically forwards the packet in a transparent manner and does not process the packet. Therefore, functions of the firewall are not affected. If no firewall device is configured on the customer premises network, a Eudemon device can serve as a standard firewall. H.323 applications are filtered on the Eudemon device using the access control list (ACL) rule. That is, H.323 applications are forwarded to the firewall after the NAT translation is complete on the Eudemon device. Non-H.323 applications are directly forwarded to the firewall, which implements the NAT translation. In this way, the original user security policy, network access mode, and private network remain unchanged Solution Analysis This solution has the following advantages: This solution does not require any change to the network and supports video conferences with a large capacity. This solution does not affect any services and guarantees the security and quality of video conferences. All video terminals can be used on the customer premises network. This solution has the following disadvantages: Eudemon devices must be added if no Eudemon device is configured on the original network. 28

32 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks 8.4 Traversal by Adding Proxy (SE2000) Proxy Mode Based on the SBC (proxy) implementation principle, there are two NAT traversal solutions: proxy mode and UDP tunnel traversal mode. Figure 8-9 shows the proxy mode. Figure 8-9 Proxy mode Service software GK MCU Network 2 Network 1 Network 3 Networking description 1. The SBC proxy solution does not require any change to the network and firewall. In addition, terminals on a private network can be connected to a public network using this solution, and terminals on a public network can be connected to a videoconferencing system on a private network. 2. An SBC device is configured on the egress of network 1. The uplink and downlink ports are respectively connected to network 2 and network 3 (there can be multiple uplink and downlink ports). 3. On terminals of network 2 and network 3, the GK address is configured as the downlink network port address of the SBC. On the SBC, the server address is configured as the GK address of network 1. In this way, signaling and media streams of network 2 and network 3 can communicate with the GK and MCU of network 1 by using the SBC. This solution has the following advantages: 1. The live network does not need any changes and is easy to deploy. 2. The existing devices do not need any changes and have a powerful compatibility, including terminals, GK, and MCU. 3. The GK and MCU are indivisible to terminals, providing a high-level security. 4. All packets pass the SBC. Therefore, you can select proper QoS policies for the SBC on the network. 5. Interworking of videoconferencing services on multiple networks can be implemented using only one SBC device, featuring a low cost. 29

33 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks 6. This solution has the following disadvantages: The proxy device cannot implement traversal through a firewall device. Therefore, the proxy device is regarded as a concurrent device of the firewall device on the network. The proxy device must be used together with a GK UDP Tunnel Traversal Mode This mode applies to a large enterprise that deploys a firewall on the Intranet. The enterprise does not want to use the SBC proxy solution and does not want to modify the configuration of the firewall frequently. In this mode, you need to enable only one or two UDP ports on the firewall. The tunneling function is established in the SBC. In this way, the NAT traversal of videoconferencing services is implemented. Figure 8-10 shows the UDP tunnel traversal mode. Figure 8-10 UDP tunnel traversal mode Terminal supporting H.323 Intranet Bearer network Intranet Media stream Terminal supporting H.323 Signaling stream Networking description 1. Two SBCs are added to the network and are respectively used by the customer premises network and network side. Customer premises network: An SBC is added to the user network to serve as a client of the UPD tunnel. Network side: An SBC is added to the network side to serve as the server of the UDP tunnel. 2. The internal SBC integrates clients (UTC) of the UDP tunnel. The external SBC integrates the server (UTS) of the UDP tunnel. The UDP tunnel is located between the UTC and UTS, and is used to transmit various packets (including signaling and audio/video media streams) from external networks to internal networks. 3. In this mode, the GK address of terminals on the private network is configured as the internal-sbc address. The address of the external proxy configured in the internal SBC is configured as the address of the SBC on the public network. 30

34 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks This solution has the following advantages: 1. There is no restriction on terminals and servers. This solution can be used for firewall NAT traversal. 2. The existing devices do not need any changes and have a powerful compatibility, including terminals, GK, and MCU. 3. The security level is high. The GK and MCU are indivisible to terminals. After the packets sent by terminals are encapsulated and decapsulated by the tunnel, the proxy performs the security check for these packets. 4. All packets pass the SBC. Therefore, you can select proper quality of service (QoS) policies for the SBC on the network. 5. This solution has the following disadvantages: Multiple SBCs are required, which increases the implementation cost. The network deployment is relatively complex. Routing between the UTC and UTS must be considered. In addition, the existing configuration of the firewall must be modified. Media streams must be transmitted as follows: UTC NAT/FW UTS. Therefore, the network performance of the media stream is restricted. Huawei Quidway SessionEngine2000 (SE2000) aims at session boundary controllers (SBCs), and is a proxy-based IP service gateway. SE2000 is used for deployment of videoconferencing services on an IP network. SE2000 is also used to help videoconferencing GKs and terminals resolve problems concerning NAT traversal, security, QoS, and interworking. SE2000 uses the signaling and media proxy technology to process and forward call packets and media streams in a directional manner. In addition, SE2000 is used to redirect the RTP stream receive address and port of private and public network users. In this way, address translation between network domains (including address translation between a public network and a private network) can be easily implemented. This ensures the traversal from media streams to NAT gateways. Different from a NAT application layer gateway (ALG), SE2000 uses the full-proxy mode to transmit media streams in a direct manner. There is no special requirement on NAT devices. Therefore, the existing devices on the live network do not need reconstruction. This provides convenience for telecom operators to deploy services Solution Analysis This solution has the following advantages: SE2000 uses the full-proxy mode to transmit media streams in a directional manner. There is no special requirement on NAT devices. Therefore, the existing devices on the live network do not need reconstruction. This provides convenience for telecom operators to deploy services. This solution does not affect any services and guarantees the security and quality of video conferences. All video terminals can be used on the customer premises network. As a convergence-layer device, the SBC can prevent terminals from accessing important devices such as GKs. This provides functions such as security protection, QoS guarantee, and terminal access management for important devices. This solution has the following disadvantages: SE2000 series devices must be added to the original network. 31

35 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks 8.5 Interworking Between Private Networks by Adding VP 8520 MG Devices Network Topology Figure 8-11 shows the network topology of the VP 8520 MG solution. Figure 8-11 Network topology of the VP 8520 MG solution NAT device 1 NAT device 2 Videoconferencing terminal Videoconferencing terminal Networking description SwitchCentre: a GK of the ViewPoint 8000 videoconferencing system, used for address resolution, access control, territory management, bandwidth control, and call authentication. The configuration and management of the SwitchCentre are performed on the SwitchManager. ResourceManager: a core device of the ViewPoint 8000 videoconferencing system, used for allocation and management of conference resources. MCU: a core device of the ViewPoint 8000 videoconferencing system, used for video switching, audio mixing, and data processing. Video terminal: a terminal of the ViewPoint 8000 videoconferencing system manufactured by Huawei, supporting SNP of Huawei. For example, video phone and Openeye. 32

36 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks NAT device: a firewall or a router that supports and is configured with the dynamic NAT or port address translation (PAT), used for isolation of terminals on a private network. 8520: ViewPoint 8520, used for call connection and media stream forwarding between private networks Implementation Principle Terminal on a private network places a call to terminal on another private network. Due to translation of ports and addresses on NAT, the users on different private networks fail to establish the video/audio communication. The 8520 is deployed to address this issue. The 8520 can connect calls from different private networks, establish video/audio media stream channels with different private networks, and forwards the transmitted/received media streams in a transparent manner. The 8520 is used as follows: Prerequisite The terminals ( and ) and the 8520 are successfully registered with the SwitchCentre (GK). Procedure for implementing a call using the 8520 Figure 8-12 shows the procedure for implementing a call using the Figure 8-12 Procedure for implementing a call using the 8520 Terminal Common NAT device 2 Private network 2 Public network Common NAT device 1 Private network 1 Terminal Terminal connects to the 8520 located on the public network. 2. The 8520 connects to terminal Terminal communicates properly with terminal using the Solution Analysis This solution has the following advantages: 33

37 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks Using the 8520, terminals on a private network can unrestrictedly communicate with terminals on a public network and terminals on another private network in common NAT mode. This solution does not affect any services and guarantees the security and quality of video conferences. As a convergence-layer device, the 8520 can prevent terminals from accessing important devices such as GKs. This provides functions such as security protection, QoS assurance, and terminal access management for important devices. This solution has the following disadvantages: The 8520 series devices must be added to the original network. In the 8520 network environment, terminals on private networks must support the SNP (a token protocol developed by Huawei to resolve traversal problem between private and public networks). If terminals on public networks do not support the SNP, a firewall must be configured to support the H.323 ALG (Huawei Eudemon firewall series can be used). 8.6 Interworking Between Private Networks Using Existing MCU Devices Network Topology Figure 8-13 shows the network topology of the MCU solution. Figure 8-13 Network topology of the MCU solution Networking description The video firewall solution is an easy mode to implement the traversal between private and public networks, and is currently used by most Huawei competitors. In this solution, a variety of networks are connected using different network ports so that terminals from private and public networks can participate in the same video conferences. For users on the dedicated 34

38 8 Huawei Videoconferencing System's Solution to Traversal Between Private and Public Networks network, an additional MCU is required to allow access from terminals on the private and public networks Implementation Principle The work mode of the GE1 port on the MCU's central control board is set to 4: NetFirewallMode to implement video firewall. Number of the board in which the video firewall function is to be enabled The configuration must be saved. Video firewall function Then a route to GE1 on the MCU's central control board is added. Destination address (in the same network segment as that of the GE1 network port of the board supporting the video firewall function) Mask (consistent with that of the GE1 network port of the board supporting the video firewall function) GE1 network port In this way, the signaling board and media board are allocated to the site on the GE1 side, which is connected to the GE1 port. When the node on the GE0 side places a call to the node on the GE1 side, the GE1 port receives the call. Therefore, the traversal between private and public networks is implemented. 35

IP Ports and Protocols used by H.323 Devices

IP Ports and Protocols used by H.323 Devices IP Ports and Protocols used by H.323 Devices Overview: The purpose of this paper is to explain in greater detail the IP Ports and Protocols used by H.323 devices during Video Conferences. This is essential

More information

VIDEOCONFERENCING. Video class

VIDEOCONFERENCING. Video class VIDEOCONFERENCING Video class Introduction What is videoconferencing? Real time voice and video communications among multiple participants The past Channelized, Expensive H.320 suite and earlier schemes

More information

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions Traversing Firewalls with Video over IP: Issues and Solutions V Table of Contents Introduction Role of a Firewall Deployment Issues Relating to IP Video and Firewall Traversal The VCON SecureConnect Solution

More information

Network Considerations for IP Video

Network Considerations for IP Video Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time

More information

An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons

An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons TRAVERSING FIREWALLS AND NATS WITH VOICE AND VIDEO OVER IP An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons Traversing Firewalls and NATs With Voice and Video Over

More information

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification 1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.

More information

TECHNICAL CHALLENGES OF VoIP BYPASS

TECHNICAL CHALLENGES OF VoIP BYPASS TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish

More information

Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks

Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks Document Overview This document provides an overview of how to effectively and securely provide IP-based videoconferencing

More information

Application Note - Using Tenor behind a Firewall/NAT

Application Note - Using Tenor behind a Firewall/NAT Application Note - Using Tenor behind a Firewall/NAT Introduction This document has been created to assist Quintum Technology customers who wish to install equipment behind a firewall and NAT (Network

More information

Hands on VoIP. Content. Tel +44 (0) 845 057 0176 enquiries@protelsolutions.co.uk. Introduction

Hands on VoIP. Content. Tel +44 (0) 845 057 0176 enquiries@protelsolutions.co.uk. Introduction Introduction This 4-day course offers a practical introduction to 'hands on' VoIP engineering. Voice over IP promises to reduce your telephony costs and provides unique opportunities for integrating voice

More information

Voice over IP (VoIP) Part 2

Voice over IP (VoIP) Part 2 Kommunikationssysteme (KSy) - Block 5 Voice over IP (VoIP) Part 2 Dr. Andreas Steffen 1999-2001 A. Steffen, 10.12.2001, KSy_VoIP_2.ppt 1 H.323 Network Components Terminals, gatekeepers, gateways, multipoint

More information

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address NAT Introduction: Vidyo Conferencing in Firewall and NAT Deployments Vidyo Technical Note Section 1 The VidyoConferencing platform utilizes reflexive addressing to assist in setup of Vidyo calls. Reflexive

More information

Master Kurs Rechnernetze Computer Networks IN2097

Master Kurs Rechnernetze Computer Networks IN2097 Chair for Network Architectures and Services Institute for Informatics TU München Prof. Carle, Dr. Fuhrmann Master Kurs Rechnernetze Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Dr. Thomas Fuhrmann

More information

PacketizerTM. Overview of H.323 http://www.packetizer.com/voip/h323/papers/ Paul E. Jones. Rapporteur, ITU-T Q2/SG16 paulej@packetizer.

PacketizerTM. Overview of H.323 http://www.packetizer.com/voip/h323/papers/ Paul E. Jones. Rapporteur, ITU-T Q2/SG16 paulej@packetizer. A resource for packet-switched conversational protocols Overview of H.323 http:///voip/h323/papers/ Paul E. Jones Rapporteur, ITU-T Q2/SG16 paulej@packetizer.com June 2004 Copyright 2004 Executive Summary

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Glossary of Terms and Acronyms for Videoconferencing

Glossary of Terms and Acronyms for Videoconferencing Glossary of Terms and Acronyms for Videoconferencing Compiled by Irene L. Ferro, CSA III Education Technology Services Conferencing Services Algorithm an algorithm is a specified, usually mathematical

More information

Application Note. Onsight Connect Network Requirements V6.1

Application Note. Onsight Connect Network Requirements V6.1 Application Note Onsight Connect Network Requirements V6.1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview... 3 1.2 Onsight Connect Servers... 4 Onsight Connect Network

More information

Indepth Voice over IP and SIP Networking Course

Indepth Voice over IP and SIP Networking Course Introduction SIP is fast becoming the Voice over IP protocol of choice. During this 3-day course delegates will examine SIP technology and architecture and learn how a functioning VoIP service can be established.

More information

Application Note. Onsight TeamLink And Firewall Detect v6.3

Application Note. Onsight TeamLink And Firewall Detect v6.3 Application Note Onsight And Firewall Detect v6.3 1 ONSIGHT TEAMLINK HTTPS TUNNELING SERVER... 3 1.1 Encapsulation... 3 1.2 Firewall Detect... 3 1.2.1 Firewall Detect Test Server Options:... 5 1.2.2 Firewall

More information

Voice over IP (VoIP) Overview. Introduction. David Feiner ACN 2004. Introduction VoIP & QoS H.323 SIP Comparison of H.323 and SIP Examples

Voice over IP (VoIP) Overview. Introduction. David Feiner ACN 2004. Introduction VoIP & QoS H.323 SIP Comparison of H.323 and SIP Examples Voice over IP (VoIP) David Feiner ACN 2004 Overview Introduction VoIP & QoS H.323 SIP Comparison of H.323 and SIP Examples Introduction Voice Calls are transmitted over Packet Switched Network instead

More information

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0 Application Note Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0 1 FIREWALL REQUIREMENTS FOR ONSIGHT MOBILE VIDEO COLLABORATION SYSTEM AND HOSTED

More information

Need for Signaling and Call Control

Need for Signaling and Call Control Need for Signaling and Call Control VoIP Signaling In a traditional voice network, call establishment, progress, and termination are managed by interpreting and propagating signals. Transporting voice

More information

LifeSize Transit Deployment Guide June 2011

LifeSize Transit Deployment Guide June 2011 LifeSize Transit Deployment Guide June 2011 LifeSize Tranist Server LifeSize Transit Client LifeSize Transit Deployment Guide 2 Firewall and NAT Traversal with LifeSize Transit Firewalls and Network Address

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

The Purpose of a SIP-Aware Firewall/ALG

The Purpose of a SIP-Aware Firewall/ALG NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application

More information

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1 Table of Contents 1. REQUIREMENTS SUMMARY... 1 2. REQUIREMENTS DETAIL... 2 2.1 DHCP SERVER... 2 2.2 DNS SERVER... 2 2.3 FIREWALLS... 3 2.4 NETWORK ADDRESS TRANSLATION... 4 2.5 APPLICATION LAYER GATEWAY...

More information

TSIN02 - Internetworking

TSIN02 - Internetworking TSIN02 - Internetworking Lecture 9: SIP and H323 Literature: Understand the basics of SIP and it's architecture Understand H.323 and how it compares to SIP Understand MGCP (MEGACO/H.248) SIP: Protocol

More information

The H.323 NAT/FW Traversal Solution

The H.323 NAT/FW Traversal Solution Open Community Specification The H.323 NAT/FW Traversal Solution January 2014 International Multimedia Communications Consortium Summary This document describes the NAT/FW traversal solution defined by

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Secure VoIP for optimal business communication

Secure VoIP for optimal business communication White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product

More information

VOICE over IP H.323 Advanced Computer Network SS2005 Presenter : Vu Thi Anh Nguyet

VOICE over IP H.323 Advanced Computer Network SS2005 Presenter : Vu Thi Anh Nguyet VOICE over IP H.323 Advanced Computer Network SS2005 Presenter : Vu Thi Anh Nguyet 1 Outlines 1. Introduction 2. QoS in VoIP 3. H323 4. Signalling in VoIP 5. Conclusions 2 1. Introduction to VoIP Voice

More information

4. H.323 Components. VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19

4. H.323 Components. VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19 4. H.323 Components VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19 4.1 H.323 Terminals (1/2)...3 4.1 H.323 Terminals (2/2)...4 4.1.1 The software IP phone (1/2)...5 4.1.1 The software

More information

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in

More information

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style

More information

Internet and Intranet Calling with Polycom PVX 8.0.1

Internet and Intranet Calling with Polycom PVX 8.0.1 Internet and Intranet Calling with Polycom PVX 8.0.1 An Application Note Polycom PVX is an advanced conferencing software application that delivers Polycom's premium quality audio, video, and content sharing

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Comparison of Voice over IP with circuit switching techniques

Comparison of Voice over IP with circuit switching techniques Comparison of Voice over IP with circuit switching techniques Author Richard Sinden Richard Sinden 1 of 9 Abstract Voice-over-IP is a growing technology. Companies are beginning to consider commercial

More information

StarLeaf Network Guide

StarLeaf Network Guide Network Guide Contents Introduction------------------------------------------------------------------------------------------------------------------------- 3 Registration to the ------------------------------------------------------------------------------------------

More information

VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS

VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS Master of Science in Networking and Data Communications THESIS Thesis Title Voice over IP (VoIP) to Enterprise Users Dissertation submitted

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Enterprise Video Conferencing

Enterprise Video Conferencing Enterprise Video Conferencing When Voice Meets Video How SIP & H.323 Can Coexist SIPNOC 2014 Presented by: Gernot Scheichl June 2014 Agenda The Market The Challenges History Comparing the Protocols (H.323

More information

By Paolo Galtieri The public switched telephone network The Internet Convergence

By Paolo Galtieri The public switched telephone network The Internet Convergence By Paolo Galtieri This article provides an overview of Voice over Internet Protocol (VoIP), one of the many applications taking advantage of the enormous growth of the Internet over the last several years.

More information

I. INTRODUCTION II. PROBLEM DOMAIN. A. Multimedia Applications. A. IP-Telephony

I. INTRODUCTION II. PROBLEM DOMAIN. A. Multimedia Applications. A. IP-Telephony Evaluating and Improving Firewalls for IP-Telephony Environments Utz Roedig 1, Ralf Ackermann 1, Ralf Steinmetz 1,2 1 - Darmstadt University of Technology - Industrial Process and System Communications

More information

Application Note. Onsight Mobile Collaboration Video Endpoint Interoperability v5.0

Application Note. Onsight Mobile Collaboration Video Endpoint Interoperability v5.0 Application Note Onsight Mobile Collaboration Video Endpoint Interoperability v5. Onsight Mobile Collaboration Video Endpoint Interoperability... 3 Introduction... 3 Adding Onsight to a Video Conference

More information

Combining Voice over IP with Policy-Based Quality of Service

Combining Voice over IP with Policy-Based Quality of Service TechBrief Extreme Networks Introduction Combining Voice over IP with Policy-Based Quality of Service Businesses have traditionally maintained separate voice and data networks. A key reason for this is

More information

Session Border Controllers and Videoconferencing

Session Border Controllers and Videoconferencing Session Border Controllers and Videoconferencing Using a Field-Proven Solution to Simplify and Improve Multi-Vendor Conferencing Environments August 2011 Study sponsored by: Table of Contents Introduction...

More information

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios An Oracle White Paper June 2013 Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios Introduction Voice

More information

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 Coral IP Solutions TABLE OF CONTENTS 1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 2.1 UGW 4 2.2 IPG 4 2.3 FLEXSET IP 5 2.4 FLEXIP SOFTPHONE 6 2.5 TELEPORT FXS/FXO GATEWAYS 7 2.6 CORAL SENTINEL 7 3 CORAL IP

More information

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011 Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice

More information

Unit 23. RTP, VoIP. Shyam Parekh

Unit 23. RTP, VoIP. Shyam Parekh Unit 23 RTP, VoIP Shyam Parekh Contents: Real-time Transport Protocol (RTP) Purpose Protocol Stack RTP Header Real-time Transport Control Protocol (RTCP) Voice over IP (VoIP) Motivation H.323 SIP VoIP

More information

Voice over IP. Presentation Outline. Objectives

Voice over IP. Presentation Outline. Objectives Voice over IP Professor Richard Harris Presentation Outline Brief overview of VoIP and applications Challenges of VoIP IP Support for Voice Protocols used for VoIP (current views) RTP RTCP RSVP H.323 Semester

More information

Methods for Lawful Interception in IP Telephony Networks Based on H.323

Methods for Lawful Interception in IP Telephony Networks Based on H.323 Methods for Lawful Interception in IP Telephony Networks Based on H.323 Andro Milanović, Siniša Srbljić, Ivo Ražnjević*, Darryl Sladden*, Ivan Matošević, and Daniel Skrobo School of Electrical Engineering

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

NETPOINT FIREWALL TRAVERSAL SERVER INSTALLATION AND SETUP MANUAL

NETPOINT FIREWALL TRAVERSAL SERVER INSTALLATION AND SETUP MANUAL NETPOINT FIREWALL TRAVERSAL SERVER INSTALLATION AND SETUP MANUAL ClearOne 5225 Wiley Post Way Suite 500 Salt Lake City, UT 84116 Telephone 1.800.283.5936 1.801.974.3760 Tech Sales 1.800.705.2103 FAX 1.801.974.3669

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Integrate VoIP with your existing network

Integrate VoIP with your existing network Integrate VoIP with your existing network As organisations increasingly recognise and require the benefits voice over Internet Protocol (VoIP) offers, they stop asking "Why?" and start asking "How?". A

More information

An Introduction to VoIP Protocols

An Introduction to VoIP Protocols An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

H.323 and Associated Recommendations. This topic describes H.323 and its protocols and explains how H.323 is used in the IP internetwork environment.

H.323 and Associated Recommendations. This topic describes H.323 and its protocols and explains how H.323 is used in the IP internetwork environment. Configuring H.323 H.323 and Associated Recommendations This topic describes H.323 and its protocols and explains how H.323 is used in the IP internetwork environment. H.323 and Associated Recommendations

More information

Online course syllabus. MAB: Voice over IP

Online course syllabus. MAB: Voice over IP Illuminating Technology Course aim: Online course syllabus MAB: Voice over IP This course introduces the principles and operation of telephony services that operate over Internet Protocol (IP) networks

More information

159.334 Computer Networks. Voice over IP (VoIP) Professor Richard Harris School of Engineering and Advanced Technology (SEAT)

159.334 Computer Networks. Voice over IP (VoIP) Professor Richard Harris School of Engineering and Advanced Technology (SEAT) Voice over IP (VoIP) Professor Richard Harris School of Engineering and Advanced Technology (SEAT) Presentation Outline Basic IP phone set up The SIP protocol Computer Networks - 1/2 Learning Objectives

More information

Video Conferencing and Security

Video Conferencing and Security Video Conferencing and Security Using the Open Internet and Encryption for Secure Video Communications & Guidelines for Selecting the Right Level of Security for Your Organization 1 Table of Contents 1.

More information

14: Signalling Protocols

14: Signalling Protocols 14: Signalling Protocols Mark Handley H.323 ITU protocol suite for audio/video conferencing over networks that do not provide guaranteed quality of service. H.225.0 layer Source: microsoft.com 1 H.323

More information

EarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide

EarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide EarthLink Business SIP Trunking NEC SV8300 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 May 18, 2012 CHANGE HISTORY Version Date Change Details Changed By 1.0 5/18/2012

More information

Session Border Controller

Session Border Controller CHAPTER 13 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 13-1 Information Model Objects (IMOs), page 13-2 Vendor-Specific Inventory

More information

Encapsulating Voice in IP Packets

Encapsulating Voice in IP Packets Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols

More information

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security Patton Electronics Co. www.patton.com 7622 Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: +1 301-975-10001000 fax: +1 301-869-9293 Application Note Patton SmartNode in combination with a CheckPoint

More information

Alexandre Weffort Thenorio - Data. IP-Telephony

Alexandre Weffort Thenorio - Data. IP-Telephony Alexandre Weffort Thenorio - Data IP-Telephony 1. Introduction... 3 2. What is it?... 4 3. Why IP-Telephony?... 4 3.1. Advantages... 4 3.1.1. Cost... 4 3.1.2. Functionality and Mobility... 4 3.2. Disadvantages...

More information

Crossing firewalls. Liane Tarouco Leandro Bertholdo RNP POP/RS. Firewalls block H.323 ports

Crossing firewalls. Liane Tarouco Leandro Bertholdo RNP POP/RS. Firewalls block H.323 ports Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS Firewalls block H.323 ports 1 H.323 ports Security issues For the H.323 protocol to cross a firewall, the specific static ports and all ports

More information

Voice over IP Communications

Voice over IP Communications SIP The Next Big Step Voice over IP Communications Presented By: Stephen J. Guthrie VP of Operations Blue Ocean Technologies Goals What are our Goals for Today? Executive Summary: It is expected that real-time

More information

EarthLink Business SIP Trunking. NEC SV8100 IP PBX Customer Configuration Guide

EarthLink Business SIP Trunking. NEC SV8100 IP PBX Customer Configuration Guide EarthLink Business SIP Trunking NEC SV8100 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 August 30, 2011 CHANGE HISTORY Version Date Change Details Changed By 1.0 8/30/2011

More information

Understanding Voice over IP

Understanding Voice over IP Introduction Understanding Voice over IP For years, many different data networking protocols have existed, but now, data communications has firmly found its home in the form of IP, the Internet Protocol.

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

A Model-based Methodology for Developing Secure VoIP Systems

A Model-based Methodology for Developing Secure VoIP Systems A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN

More information

A Technical FAQ. Frequently Asked Questions About Voice and Video over IP Networks. January 2003. Saqib Jang, Margalla Communications

A Technical FAQ. Frequently Asked Questions About Voice and Video over IP Networks. January 2003. Saqib Jang, Margalla Communications A Technical FAQ Frequently Asked Questions About Voice and Video over IP Networks January 2003 Saqib Jang, Margalla Communications E. Brent Kelly, Wainhouse Research Andrew W. Davis, Wainhouse Research

More information

A Comparative Study of Signalling Protocols Used In VoIP

A Comparative Study of Signalling Protocols Used In VoIP A Comparative Study of Signalling Protocols Used In VoIP Suman Lasrado *1, Noel Gonsalves *2 Asst. Prof, Dept. of MCA, AIMIT, St. Aloysius College (Autonomous), Mangalore, Karnataka, India Student, Dept.

More information

Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer

Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer Mathias Johanson Alkit Communications AB Introduction The Alkit Reflex reflector/mixer system can be set-up to interconnect

More information

FIREWALLS & CBAC. philip.heimer@hh.se

FIREWALLS & CBAC. philip.heimer@hh.se FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

Fig. 4.2.1: Packet Filtering

Fig. 4.2.1: Packet Filtering 4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the

More information

A Scalable Multi-Server Cluster VoIP System

A Scalable Multi-Server Cluster VoIP System A Scalable Multi-Server Cluster VoIP System Ming-Cheng Liang Li-Tsung Huang Chun-Zer Lee Min Chen Chia-Hung Hsu mcliang@nuk.edu.tw {kpa.huang, chunzer.lee}@gmail.com {minchen, chhsu}@nchc.org.tw Department

More information

Operation Manual Voice Overview (Voice Volume) Table of Contents

Operation Manual Voice Overview (Voice Volume) Table of Contents Operation Manual Voice Over (Voice Volume) Table of Contents Table of Contents Chapter 1 Voice Over... 1-1 1.1 Introduction to VoIP... 1-1 1.1.1 VoIP System... 1-1 1.1.2 Basic VoIP Call Flow... 1-2 1.1.3

More information

Version 0.1 June 2010. Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

Version 0.1 June 2010. Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP) Version 0.1 June 2010 Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP) Thank you for choosing the Xerox WorkCentre 7120. Table of Contents Introduction.........................................

More information

Session Border Controller and IP Multimedia Standards. Mika Lehtinen mika.lehtinen@teliasonera.com

Session Border Controller and IP Multimedia Standards. Mika Lehtinen mika.lehtinen@teliasonera.com Session Border Controller and IP Multimedia Standards Mika Lehtinen mika.lehtinen@teliasonera.com December 1, 2005 Contents Introduction Motivation Research problem Research method Results Conclusion December

More information

Interactive communications over IP networks

Interactive communications over IP networks How many times have you heard "IP networks don't make any money!" Probably way too many! Compared to the PSTN, IP networks are big zeroes in terms of financial appeal. Today, while data consumes more than

More information

Region 10 Videoconference Network (R10VN)

Region 10 Videoconference Network (R10VN) Region 10 Videoconference Network (R10VN) Network Considerations & Guidelines 1 What Causes A Poor Video Call? There are several factors that can affect a videoconference call. The two biggest culprits

More information

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...

More information

The Basics. Configuring Campus Switches to Support Voice

The Basics. Configuring Campus Switches to Support Voice Configuring Campus Switches to Support Voice BCMSN Module 7 1 The Basics VoIP is a technology that digitizes sound, divides that sound into packets, and transmits those packets over an IP network. VoIP

More information

Alkit Reflex RTP reflector/mixer

Alkit Reflex RTP reflector/mixer Alkit Reflex RTP reflector/mixer Mathias Johanson, Ph.D. Alkit Communications Introduction Real time audio and video communication over IP networks is attracting a lot of interest for applications like

More information

IP Telephony Deployment Models

IP Telephony Deployment Models CHAPTER 2 Sections in this chapter address the following topics: Single Site, page 2-1 Multisite Implementation with Distributed Call Processing, page 2-3 Design Considerations for Section 508 Conformance,

More information

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes. This unit has 6 learning outcomes. 1. Know telephony principles. 1.1. Demonstrate application of traffic engineering concepts Prioritization of voice traffic Trunking requirements Traffic shaping. 1.2.

More information

VegaStream Information Note Considerations for a VoIP installation

VegaStream Information Note Considerations for a VoIP installation VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document

More information

SIP Trunking Manual 05.15. Technical Support Web Site: http://ws1.necii.com (registration is required)

SIP Trunking Manual 05.15. Technical Support Web Site: http://ws1.necii.com (registration is required) SIP Trunking Manual 05.15 Technical Support Web Site: http://ws1.necii.com (registration is required) This manual has been developed by NEC Unified Solutions, Inc. It is intended for the use of its customers

More information