Transcript Intertex Data AB, Sweden

Time to Connect Over IP!
Don’t we already?
Prepared for:
Summer VON Europe 2003
Industry Perspective
By:
Karl Erik Ståhl
President Intertex Data AB
Chairman Ingate Systems AB
[email protected]
© 2003 Intertex Data AB
1
How do we connect?
Non Real Time
OR
Real Time
SERVER
IP
GSM
PSTN
3G
XP
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
2
VoIP as we have seen it…
We’ve got all the protocols:
Proprietary
H.323
MGCP
SIP
Proprietary
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
3
And all the VoIP islands…
Gateway
US
Gateway
Toll
Bypass
PSTN
IP
Gateway
VPN
Tunnel
SOFT
SWITCH
Europe
IP
MGCP
But no connectivity
between the IP clouds!
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
4
Hmm, didn’t we pass this stage…
Organization 1
Email system 1
PSTN
fax
Organization 2
Email system 2
fax
printer
emai
l
fax
fax
emai
l
Paper was a very compatible media - So is POTS today…
But isn’t it time to move beyond?
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
5
We are rapidly moving towards “a single” protocol!
SIP – Session Initiation Protocol
An Internet Standard
Used for real time person to person IP Communication
VoIP, IP Telephony
Audio, Video, Data Collaboration
Presence, Instant Messaging
Lots of activity, ongoing work and development
“Everyone” is on the train
MCI/Worldcom, Microsoft, Nortel, AT&T, Alcatel,
Siemens, Sprint…
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
6
We have “a single” new network
IP
PIM
XP
IP Phone
Operator Network
SOHO LAN
IP Phone
IP Phone
Enterprise LAN
IP Phone
Everyone has a connection…
…but it is seldom used for person to person communication!
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
7
So there is a big potential!
SMTP created Email
HTTP created the Web
SIP can create universal IP
Communication person to person!
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
8
The Next Big Usage of the Internet!
How do we get there?
A. Go beyond replacing sections of the PSTN by IP!
The PSTN is something to interwork with, not the core to
build around!
B. Go beyond the “quality” and “services” of the PSTN!
The mobile phone world has shown that there is more than
“black telephony”! POTS is 50-100 years old!
C. Get connectivity out to the end users!
Aren’t we there??? THE TICKING BOMB!
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
9
So, why don’t we just connect?
IP
SIP
Server
PSTN
SIP/PSTN
SIP
is
the
Protocol
for
IP
Communication
Gateway
PIM
DSL
Person
to Person,
Cable
XP
MTU
BUT IT DOES
NOT REACH THE EDGE!
IP Phone
Operator network with NAT
SIP does not traverse common NATs and Firewalls!
And they are still being installed…Firewall
NAT
NAT
IP Phone
SOHO LAN
Business LAN
IP Phone
IAP
Firewall/NAT
Everyone
has
a connection
problems!
IP Phone
What is the difference?
Typical Internet protocol (SMTP, HTTP…)
SERVER
HOST
Internet
SIP (and H.323…) connects person to person
PERSON
PERSON
Internet
Locate the person - Set up a session - Open real time media streams
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
11
SIP Firewall Problems
Firewall Problems:
Sessions initiated from outside
the firewall
- OK, open port 5060, but…
Media streams on dynamically
allocated port numbers
- Ooops…  !
Even with public
IP addresses inside
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
12
SIP NAT/PAT Problems
NAT & PAT Problems:
Where is the device?
- Registration/location function
Private IP addresses and ports
in SIP messages
- Rewrite with globally routable
addresses
IP address and port of media
stream has to be modified
- NAT engine has to be
dynamically controlled
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
Worse with private
IP addresses inside
13
Suggested Solutions
Dynamically controlled Firewall/NATs
Midcom: By Firewall Control Proxy
UPnP: By the client (Windows)
SIP aware Firewall/NATs (SIP Proxy + Registrar)
General, handles complex scenarios
[Intertex (SOHO), Ingate (enterprise), …]
SIP aware Firewall/NATs (SIP ALG – non Proxy)
TLS not possible
STUN - Can cope with certain types existing NATs
SIP clients need to get STUN into their SIP stacks
Requires STUN servers on the net
Tunnelling - Brings the SIP-client to an operator or a corporate LAN
Requires ALG for each client on LAN with own address space
IPSec, Proprietary
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
14
Real and Complex Scenarios
Sooner or later:
Internet
IP
TLS
XP
The NAT/Firewall
problem
needs to be solved
SIP/PSTN
where it occurs! Gateway
SIP
Server 3
SIP
Server 2
Complications:
 Tight firewalls?
Firewall/NAT
LAN
SIP
Server 4
 Call transfer?
IP Phone
SIP
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
 SIP server on the LAN?
 Trusted connections, TLS?
15
Adding General SIP Traversal to a Firewall
Important components:
Firewall & NAT
 Dynamic Firewall Engine
the Ingate and Intertex products:
 SIP ProxyInServer,
controlling
the got
firewall
You
a SIP server!
Use ituser
just location
for firewall traversal
 SIP Registrar,
AND/OR as your
information
- SIP Server
- Outbound
proxy
 Communication
between
- Inbound
proxy
SIP Proxy
and firewall
What have you got?
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
SIP
Proxy
Firewall
Control
Protocol
User
Location
16
SIP Enabling the Private Networks
Internet
SIP
Server
PSTN
inGate
SIParator
DMZ
SIP/PSTN
Gateway
DSL
Cable
MTU
IP Phone
Operator network with NAT
SET
SELECT
SC
ADR CFG DHP RST
A U
I S
R B
E
T
1
IX66NAT
LQ
TX
RX
E W T
T A X
2 N D
R
X
D
ALT CFG
IP Phone
Office or home LAN
inGate
Firewall
NAT
Firewall
Enterprise LAN
Firewall/NAT
SIP
Firewall/NAT
transparency!
problems!
IP Phone
Phone
IP
IAP
IP Phone
Phone
IP
IP Communications Using IP Networks
…other…
IM Conf Vmail
OSS
SIP Server
Global
IP Comm
SIP Phone
Firewall
Router
Intranet
IP Comm
SIP
Routing
WorldCom
Public
IP Network
Network GWY
IP VPN
Enterprise
Gateway
Managed
Services
WorldCom
PSTN
Customer
Premises
PBX
Many call routing options:
• Private/Public IP address
• DNS and DNS SRV records
• SIP aware NAT/PAT servers
Henry Sinnreich 4/10/2002
PSTN
Phone
PSTN
Phone
• Intranet IP VPN with IP communications
• Domestic and global IP communications
• PBX and PSTN – E.164 resolution
IN
Dialing
Plans
IP Communications Using IP Networks
…other…
IM Conf Vmail
OSS
No IP PBX Needed!
Enhanced Functionality
SIP Capable Firewall
Ingate and Intertex
First through SIT
SIP Phone
SIP Server
Global
IP Comm
Firewall
Router
Intranet
IP Comm
SIP
Routing
WorldCom
Public
IP Network
Network GWY
Enterprise LAN
Customer
Premises
IP VPN
Enterprise
Gateway
Managed
Services
WorldCom
PSTN
Integration with
existing phones
PBX
PSTN
Phone
PSTN
Phone
IN
Dialing
Plans
Presence
IM
TLS
Greenwich
Edge
DMZ
Proxy
Firewall
Microsoft Greenwich
Home Server:
Presence
IM
Audio
Video
Data Col.
Mixed Environments
SIP capable firewalls make the difference!
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
21
Just Another Internet Service…
Internet
IX66
FWD Booth #3
London
Sweden
SIP/PSTN
Gateway
Booth
#1
USA
Sweden
IX66
IX66
IX66
SOHO LAN
PSTN
Intertex Stockholm LAN
Home Office Users
XP
Booth
#2
inGate
Firewall
Enterprise LAN
inGate
SIParator
DMZ
DNS
SRV
Ingate Linköping LAN
XP
XP
Product Examples – Ingate Systems AB
Enterprise Products
Complete Firewalls
Add-on to Existing Firewalls
Existing
Firewall
SIParator
DMZ
 Firewall & NAT/PAT
 SIP Proxy
 SIP Registrar
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
23
Product Examples – Intertex Data AB
SOHO Products
IX66 Internet Gate
with or without
ADSL modem
built-in
OEM as:
Telia SurfinBird Gate
PowerBit SafeGate
Review at: www.adslguide.org.uk/hardware/reviews/2002/q1/intertex_ix66-edflc.asp
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
24
The Intertex IX66 Internet Gate
A closer look
SET







SELECT
SC
ADR CFG DHP RST
LQ
TX
RX
A U
I S
R B
E
T
1
E W T
T A X
2 N D
R
X
D
ALT CFG
Firewall & NAT/PAT Router
Optional ADSL
SIP Proxy and Registrar
and Splitter
DHCP Server and Client
Built-in
WEB Server for configuration
Smart Card Reader for security applications
Optional 802.11b Wireless Lan
SIP Appliance Control, LAC via expansion port
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
25
SIP Capable Firewalls!
See us in booth 1 & 2!
Intertex Data AB
Ingate Systems AB
www.intertex.se
www.ingate.com
Rissneleden 45
SE-174 44 Sundbyberg, Sweden
President Karl Erik Ståhl
[email protected]
Tel +46 8 6282828
Box 10013, Slakthusplan 4
SE-121 26 Stockholm, Sweden
CEO Olle Westerberg
[email protected]
Tel +46 8 6007750
© 2003 Ingate Systems
© 2003AB
Intertex Data AB
26