Transcript Gatekeeper

H.323 Gatekeepers
Lucent Technologies - elemedia
Agenda
• Introduction
• Overview of Gatekeeper Functions
• Why are Gatekeepers Useful?
• Gatekeeper Concepts
• Signalling Models
• Gatekeeper Operations
• Signalling Flows
• Policy/Service Examples
• Gatekeepers and H.323v2
• Beyond H.323v2
2
INTRODUCTION
H.323 Components
•
•
•
•
Terminal
Gateway (GW)
Gatekeeper (GK)
Multipoint Control Unit (MCU)
– Multipoint Controller (MC)
– Multipoint Processor (MP)
Terminal 1
Terminal 2
MC
Gatekeeper 1
Gatekeeper 2
MC
Gatekeeper 3
MC
MP
LAN
Gateway 1
MC
Gateway 2
Gateway 3
MC
MP
MCU 1
MC
MP
MCU 2
MC
GW, GK & MCU can be a single device 3
INTRODUCTION
Gatekeeper in H.323
• Gatekeepers are optional
• Mandatory functions if present:
– Address translation (routing) to determine destination
address of H.323 endpoint for a call
– Admission control to determine whether to allow
endpoints to originate and terminate calls
– Bandwidth control to, at a minimum, process
bandwidth requests (can be a null function)
– Zone management
4
INTRODUCTION
Gatekeeper in H.323 (contd.)
• Gatekeeper optional functions:
– Call control signalling to handle directly the Q.931
signalling between the H.323 endpoints
– Call authorization using some policy (e.g. subscription
status)
– Bandwidth management to process bandwidth requests
using some policy (e.g. based on current conditions)
– Call management to process call requests using some
policy (e.g. based on endpoint status)
– Gatekeeper management information (MIB)
– Bandwidth reservation for terminals not capable of
performing it
– Directory services
5
INTRODUCTION
Why are Gatekeepers Useful?
• Centralized Management
– Authentication, routing, call detail recording, etc.
• Isolate Endpoints from Network Internals
– Knowledge of naming structures, gateway routing
algorithms, etc, stays in network
• Interface to New and Existing Network Databases
– LDAP directories, RADIUS servers, SCPs, etc.
• Interfaces to Other H.323 Networks
– Calls between service providers
6
INTRODUCTION
Gatekeeper Standards
• Standards specify the communications between
H.323 entities and Gatekeepers (RAS messages)
• Standards specify the services a Gatekeeper
must provide
BUT
• Standards DO NOT specify how the Gatekeeper
should provide those services
• Standards DO NOT fully specify how
Gatekeepers locate other Gatekeepers
7
CONCEPTS AND FUNCTIONS
H.323 ZONE
• Simply defined as the collection of H.323 devices
managed by a single gatekeeper
• Boundaries of a zone can be based on
administrative, naming structure, geographic,
engineering (or other) criteria
• Calls between endpoints in a zone handled by a
single gatekeeper
• Calls between endpoints in different zones might
involve gatekeepers from both zones
8
CONCEPTS AND FUNCTIONS
Gatekeeper Components
Network Based Information
and Control
Policy
Features &
Services
Protocol Procedures:
RAS, Q.931, H.245, H.450
Protocols:
• TCAP/SS7
• LDAP
• SNMP
• RADIUS
• et al.
Management
Endpoint &
Conference
State Data
Q.931/ASN Encode/Decode and Transport
H.323
9
SIGNALLING MODELS
Signalling Models
• The signalling model determines which protocol
messages pass through the gatekeeper, and which
pass directly between the two endpoints
• The more messages that are routed between the
gatekeeper, the more informational and control it
has -- and more load and responsibility
• The gatekeeper ultimately decides the signalling
model
• Media never passes through the gatekeeper
function (although a proxy could be co-located on
same host)
10
CONCEPTS AND FUNCTIONS
Signalling Models
Notes:
• The following signalling model scenarios
show calls between a PC terminal and a
PSTN gateway, but generally apply to any
call between two H.323 endpoints
11
SIGNALLING MODELS
Direct Endpoint Call Signalling
Terminal
Call Signalling (Q.931)
Gateway
Call Control (H.245)
Media Stream (RTP)
Address Translation
Admission Control
GK
Bandwidth Control
(RAS)
12
SIGNALLING MODELS
Direct Endpoint Call Signalling
• Gatekeeper participates in call admission but has
limited direct knowledge of connected calls
• Due to limited involvement, single gatekeeper can
process large number of calls
• Limits service management functions: gatekeeper
cannot determine call completion rates, for
example
• Limits centralized security: gatekeeper cannot
validate Q.931 message fields (e.g. caller’s ID)
• Limits call detail recording function: gatekeeper
depends on endpoint(s) for call duration
information, for example
13
SIGNALLING MODELS
Gatekeeper Routed Call Signalling (Q.931)
Terminal
Gateway
Call Control (H.245)
Media Stream (RTP)
Address Translation
Admission Control
GK
Bandwidth Control
(RAS)
Call Signalling (Q.931)
14
SIGNALLING MODELS
Gatekeeper Routed Call Signalling (Q.931)
• Gatekeeper aware of connection state of call but
not media usage (no access to H.245 signalling)
• More load on gatekeeper as it must process Q.931
messages and maintain Q.931 signalling channel
• Service management functions can include
connection statistics but not media usage
• Gatekeeper can validate Q.931 message
parameters such as calling party information
• Call detail recording functions enhanced by direct
knowledge of connection state
15
SIGNALLING MODELS
Direct Endpoint Call Signalling w/UUIE
Terminal
Call Signalling (Q.931)
Gateway
Call Control (H.245)
Media Stream (RTP)
Address Translation
Admission Control
GK
Bandwidth Control
Q.931 UUIE Notification (v2)
(RAS)
16
SIGNALLING MODELS
Direct Endpoint Call Signalling w/UUIE
• Hybrid between direct call signalling and
gatekeeper routed signalling
• Q.931 messages do not flow through the
gatekeeper, but gatekeeper is notified of Q.931
content in RAS messages.
17
SIGNALLING MODELS
Gatekeeper Routed Call Signalling (Q.931/H.245)
Terminal
Gateway
Media Stream (RTP)
Address Translation
Admission Control
GK
Bandwidth Control
(RAS)
Call Signalling (Q.931)
Call Control (H.245)
18
SIGNALLING MODELS
Gatekeeper Routed Call Signalling (Q.931/H.245)
• Gatekeeper aware of connection state of call and
media channels in use (can audit bandwidth usage)
• Highest load on gatekeeper as it must process
Q.931 and H.245 messages and maintain the
corresponding signalling channels
• Service management functions can include
connection and media usage statistics
• Call detail recording functions further enhanced
by direct knowledge of media usage
19
GATEKEEPER OPERATIONS
Gatekeeper Operations and Policy
Notes:
• List of parameters in messages is not inclusive
• Parameter names displayed as follows:
– Required parameters shown in bold
– Optional parameters shown in italic
– Version 2 parameters shown in blue
(bold or italic)
• LDAP/TCAP message content is paraphrased for
illustration
20
GATEKEEPER OPERATIONS
Endpoint/GK Discovery
(1) Who is my GK?
Endpoint
(2) I can be your GK
(1) GRQ
GK
(2) GCF/GRJ
GatekeeperRequest:
requestSeqNum
rasAddress
endpointType
gatekeeperIdentifier
endpointAlias
GatekeeperConfirm:
requestSeqNum
gatekeeperIdentifier
rasAddress
alternateGatekeeper
et al.
et al.
21
GATEKEEPER OPERATIONS
Endpoint/GK Discovery Processing
• Discovery can be multicast (most useful for LAN
environments) or unicast based on endpoint
configuration data
• Possible acceptance criteria to be used by
gatekeeper:
– IP address (or IP subnet) of endpoint
– Gatekeeper ID supplied by endpoint
– Aliases supplied by endpoint
– Gatekeeper load
• Gatekeeper might need to consult external database
(e.g. LDAP directory)
22
GATEKEEPER OPERATIONS
Endpoint/GK Registration
(1) Here are my aliases and IP address
(2) OK
(1) RRQ
Endpoint
GK
(2) RCF/RRJ
RegistrationRequest:
requestSeqNum
callSignalAddress
RegistrationConfirm:
requestSeqNum
terminalAlias
terminalAlias
timeToLive
endpointIdentifier
endpointIdentifier
willRespondToIRR
keepAlive
willSupplyUUIEs
et al.
alternateGatekeeper
timeToLive
preGrantedARQ
et al.
23
GATEKEEPER OPERATIONS
Endpoint/GK Registration Processing
• Gatekeeper might authenticate endpoint
– H323v1 must use ad hoc/proprietary methods such as
supplied aliases, IP address, etc.
– H.323v2 can use encrypted password or certificates
• Gatekeeper might authorize endpoint
– Validate list of supplied aliases
• Associate aliases with the IP address for later location
• Gatekeeper assigns and returns Endpoint ID to be
used in subsequent messages
24
GATEKEEPER OPERATIONS
Example: Reservation Authorization via LDAP
Needs to authorize
aliases
Register: johnDoe
+13141592654
RRQ
GK
RCF/RRJ
LDAP SEARCH:
Filter:
e164=13141592654
AND h323ID=johnDoe
LDAP SEARCH RESULT:
Entry:
e164=13141592654
h323ID=johnDoe
status=active
LDAP Directory containing
subscriber data
25
GATEKEEPER OPERATIONS
Call
Admission
(1) Can I call +1323931245
(2) Yes, contact this IP address
using 16 Kb/sec?
(1) ARQ
GK
Endpoint
(2) ACF/ARJ
AdmissionRequest:
requestSeqNum
callModel
endpointIdentifier
destinationInfo
destCallSignalAddress
srcInfo
bandwidth
conferenceID/callID
willSupplyUUIEs
et al.
AdmissionConfirm:
requestSeqNum
bandwidth
callModel
destCallSignalAddr
irrFrequency
willRespondToIRR
uuiesRequested
et al.
26
GATEKEEPER OPERATIONS
Call Admission Processing
• Gatekeeper might authenticate endpoint to ensure
it is registered and check if it is authorized to make
call
• Gatekeeper must determine call model
– Endpoint can ask for preference but gatekeeper will decide
• Gatekeeper might check for bandwidth
• If direct signalling, gatekeeper supplies destination
endpoint address (discussed later)
• If gatekeeper routed signalling, it supplies its own
address and can defer routing
27
GATEKEEPER OPERATIONS
Example: Admission Authorization via SS7
Admit: johnDoe
Calling card: 271828182+8459
Needs to authorize
calling card number
ARQ
GK
ACF/ARJ
TCAP QUERY:
Invoke:
Provide Value
Digits = 271828182
Pin=8459
TCAP END:
Return Result:
Record Status Indicator
Service Control Point containing
calling card info (e.g. LIDB in
the US)
28
GATEKEEPER OPERATIONS
Q.931 Setup
(1) Connect me to
+108061998
Endpoint
(2) Determine
gateway
SETUP
(2) Start PSTN
origination
SETUP
GK
SETUP message IEs:
Bearer capability IE
Display IE
Calling party number IE
Called party number IE
GW
User-to-user IE:
h245Address
sourceInfo
destinationAddr
conferenceID
callIdentifier
fastStart
fastCap
et al.
29
GATEKEEPER OPERATIONS
Setup Processing
• Gatekeeper associates Setup with previous
admission using Conference ID
• Destination determined using Calling Party
Number or destination alias(es)
• External databases might be consulted to
determine destination endpoint:
– Map full destination alias to a terminal
– Map leading digits of E.164 number to gateway(s)
• Setup message is forwarded to destination
30
GATEKEEPER OPERATIONS
Example: Endpoint Location Via LDAP
(1) Connect me to
+14142135624
Endpoint
(2) Query LDAP
Directory
SETUP
(3) Start PSTN
origination
SETUP
GK
LDAP SEARCH:
Filter: E164=1414
OR E164=1414213
GW
LDAP SEARCH RESULT:
IP=192.168.26.68 STATE=IS
IP=192.168.26.102 STATE=IS
LDAP
DIRECTORY
31
GATEKEEPER OPERATIONS
Example: Endpoint Location Via SS7
(1) Connect me to
8001732050
Endpoint
(2) Freephone!
(3) Start PSTN
- Query SCP
origination
- Translate E.164
SETUP
SETUP
GK
TCAP QUERY:
Invoke:
Provide Instructions
Digits=8001732050
et al.
GW
TCAP END:
Invoke:
Connect:
Digits=2236067977
et al.
SCP PROVIDING
FREEPHONE SERVICE
32
GATEKEEPER OPERATIONS
Remaining Call Setup
Gatekeeper
Terminal
Gateway
CALL PROCEEDING
CALL PROCEEDING
ARQ
ACF
ALERTING
ALERTING
CONNECT
CONNECT
33
GATEKEEPER OPERATIONS
Remaining Call Setup Processing
• Gatekeeper processes terminating admissions
request doing potential authorization and
bandwidth checks
• Gatekeeper primarily a “pipe” for Q.931 messages
but might authorize some fields (e.g. Display)
• Gatekeeper substitutes its own address in
“h245address” fields if it wishes to route H.245
34
GATEKEEPER OPERATIONS
Stable Call Processing
• Gatekeeper verifies calls are “alive” using one of
the following techniques:
– Wait for periodic IRRs (as requested in the ACF)
– Periodically send an IRQ, expecting an IRR
– Periodically send a Q.931 Status Enquiry, expecting a Status
• Gatekeeper might receive bandwidth changes requests
(BRQ) and must allow (BCF) or deny (BRJ) the
request
35
GATEKEEPER OPERATIONS
Call Teardown
Gatekeeper
Terminal
Gateway
RELEASE COMPLETE
RELEASE COMPLETE
DRQ
DRQ
DCF
DCF
36
GATEKEEPER OPERATIONS
Call Teardown Processing
• Gatekeeper processes Release Complete, noting the
time and forwards it to the other endpoint
• Gatekeeper processes DRQ from both endpoints
and releases any allocated bandwidth
• Gatekeeper might create call detail record for the
call, recording endpoint information and Connect
and Release times for example
37
H.323v2 and Gatekeepers
H.323v2 Features Related to Gatekeeper
• Authentication Framework
–
–
–
–
Tokens (password or certificate based) for RAS
TLS (certificate based) for Q.931
Negotiated H.245 security
H.323 defines the framework - need profiles to nail down
specific choices of algorithms
• Mechanism to specify alternative gatekeepers to
endpoints
• Registration “keep alive” similar to conference IRR
“keep alive”
38
H.323v2 and Gatekeepers
H.323v2 Features Related to Gatekeeper
• RAS Transport Improvements
– IRR ACK/NAK
– Request In Progress (RIP) to ask for more time
• Signalling changes
– Excuse endpoints from Admission Requests
– Fast call setup / tunneled H.245
– Gatekeeper can request Q.931 information be forwarded to
it on direct routed calls
• H.450 Services
– Call transfer and call forwarding
39
Beyond H.323v2
Beyond H.323v2: Network Management
• Definition of Management Information Bases (MIB) for
H.323 protocols and devices under development
• Gatekeepers can provide large amount of centralized
management information and control
Network
Management
Station
SNMP/
CMIP
Gatekeeper
Gateway
MCU and others
40
Beyond H.323v2
Beyond H.323v2: Inter-gatekeeper
Communication
• Current H.323 standards do not provide an interzone model that scales well for large networks
• Inter-gatekeeper protocols being discussed to
enable gatekeepers to efficiently locate one another
to route calls to non-local address
• Hierarchical arrangements with “clearinghouse”
gatekeepers have been proposed
41
Internet Multimedia Communications Software
integratingvoice,
voice, fax,
......
integrating
fax, data
dataand
andvideo
video
For information on elemedia’s H.323 Gateway Toolkits
and H.323 Gatekeeper Toolkits, please contact us at:
+1 732-949-2184
888-elemedia (1-888-353-6334) (U.S. and Canada)
Email: [email protected]
http://www.elemedia.com
42