Standards that may accelerate the adoption of VoIP in corporate environments and resolve an issue that has slowed down the adoption of videoconferencing have been completed by ITU-T.
The standards from ITU-T’s multimedia Study Group (Study Group 16) provide a robust and easy to implement solution that will allow any H.323 based system communicating on an IP network to more easily communicate across the boundary imposed by NAT or firewalls (FW).
Videoconferencing and VoIP have long been plagued with problems when trying to work across network address translation (NAT) and firewall boundaries. Despite previous attempts to address the issue, no standardized way of dealing with the problem has emerged until now.
Without the ITU solution many network managers and operators have found that the only way to allow inbound VoIP calls in a firewall-protected environment is to leave a permanent hole from the outside world, open a range of port numbers for VoIP use, or locate devices outside of the firewall. Clearly, these solutions violate even the most basic security policies.
Recommendation H.460.18 enables H.323 devices to exchange signalling and establish calls, even when they are placed inside a private network behind NAT/FW devices. These extensions, when used together with Recommendation H.460.19, which defines NAT/FW traversal for media, enable upgraded H.323 endpoints to traverse NAT/FW installations with no additional equipment on the customer premises. Alternatively, the H.460.18 and H.460.19 functionality may be implemented in a proxy server, so that unmodified H.323 endpoints can also benefit from it.
Work on the related Recommendation H.248.37 was also finished at the Study Group meeting. Session border controllers (SBCs) are becoming an important part of the Internet infrastructure, and some SBCs are being split into media gateway controller (MGC) and media gateway (MG) components. One important function of a SBC is to perform network address and port translation (NAPT). H.248.37 allows the MGC to instruct a MG to latch to an address provided by an incoming Internet Protocol (IP) application data stream, rather than the address provided by the call/bearer control. This enables the MG to open a pinhole for data flow, and hence allow connections to be established.
As well as these ITU-T Recommendations, Study Group 16 will shortly publish two technical papers on the topic: The Requirements for Network Address Translator and Firewall Traversal of H.323 Multimedia Systems and Firewall and NAT traversal Problems in H.323 Systems.
Via the ITU-T Newslog.