that may accelerate the adoption of VoIP in corporate environments and resolve
an issue that has slowed down the adoption of videoconferencing have been
completed by ITU-T.
The standards from ITU-Tís multimedia Study Group (Study Group 16)
provide a robust and easy to implement solution that will allow any H.323 based
system communicating on an IP network to more easily communicate across the
boundary imposed by NAT or firewalls (FW).
Videoconferencing and VoIP have long been plagued with problems when trying to
work across network address translation (NAT) and firewall boundaries. Despite
previous attempts to address the issue, no standardized way of dealing with the
problem has emerged until now.
Without the ITU solution many network managers and operators have found that
the only way to allow inbound VoIP calls in a firewall-protected environment is
to leave a permanent hole from the outside world, open a range of port numbers
for VoIP use, or locate devices outside of the firewall. Clearly, these
solutions violate even the most basic security policies.
Recommendation H.460.18 enables H.323 devices to exchange signalling and
establish calls, even when they are placed inside a private network behind
NAT/FW devices. These extensions, when used together with Recommendation
H.460.19, which defines NAT/FW traversal for media, enable upgraded H.323
endpoints to traverse NAT/FW installations with no additional equipment on the
customer premises. Alternatively, the H.460.18 and H.460.19 functionality may
be implemented in a proxy server, so that unmodified H.323 endpoints can also
benefit from it.
Work on the related Recommendation H.248.37 was also finished at the Study
Group meeting. Session border controllers (SBCs) are becoming an important part
of the Internet infrastructure, and some SBCs are being split into media
gateway controller (MGC) and media gateway (MG) components. One important
function of a SBC is to perform network address and port translation (NAPT).
H.248.37 allows the MGC to instruct a MG to latch to an address provided by an
incoming Internet Protocol (IP) application data stream, rather than the
address provided by the call/bearer control. This enables the MG to open a
pinhole for data flow, and hence allow connections to be established.
As well as these ITU-T Recommendations, Study Group 16 will shortly publish two
technical papers on the topic: The Requirements for Network Address
Translator and Firewall Traversal of H.323 Multimedia Systems and
Firewall and NAT traversal Problems in H.323 Systems.