Calling Across The Boundaries
Download
Report
Transcript Calling Across The Boundaries
Unleashing the Power of IP Communications™
Calling Across The Boundaries
Mike Burkett, VP Products
[email protected]
September 2002
Why should you care about
NATs and Firewalls?
Network Address
Translation (NAT)
and Firewalls will
block your IP voice
and video calls.
September 2002
Unleashing the Power of IP Communications
3
What is NAT?
Shared
Public
Address
64.121.30.1
Private
Address
10.1.1.1
September 2002
Private
Address
10.1.1.2
Private
Address
10.1.1.3
• Network Address
Translation
• Allows multiple
users/devices to share
a single public internet
address
• Implemented within the
router
• Think of it like a PBX
with a public trunk
number and private
extensions for IP
networks
Unleashing the Power of IP Communications
4
What is a Firewall?
Outside
World
Private
Network
Request
Response
Unsolicited
September 2002
Disallowed
• Separates and
“Protects” the Private
Network from the
outside world.
• Examines every packet
that goes in to or out
from the enterprise.
• Typically blocks all
unsolicited inbound
packets
• Think of a mail room
clerk filtering your
inbound and outbound
mail
Unleashing the Power of IP Communications
5
The Imaginary IP World
Corporate
207.46.230.5
Teleworker
24.30.203.101
Branch Office
208.45.133.21
• No Firewalls
• No NAT
• No Security
• All public IP
Addresses
• All Calls Successful
Bob
64.123.31.15
September 2002
Susan
34.58.15.21
Tom
216.115.109.7
• Not the real world!
Unleashing the Power of IP Communications
6
Today’s Real IP Video World
Teleworker
10.100.5.4
Corporate
10.1.1.25
Branch Office
172.16.31.13
WAN
NAT or Firewall
hidden in the network
Susan
192.168.0.107
WAN
Bob
10.2.1.5
September 2002
Firewall/NAT at the edge of
the corporate network
Unleashing the Power of IP Communications
Tom
192.168.0.108
7
Firewalls & NAT: Where?
• Deployed
Everywhere:
–
–
–
–
WAN
Corporate Networks
Home Networks
Individual PCs
And Hidden In the
Net
• Anywhere someone
wants to
– Share a connection
– Protect a network
September 2002
Unleashing the Power of IP Communications
8
Why H.323 & SIP Don’t Work…
• With firewalls
– Require inbound connections for inbound calls
– Each call requires multiple TCP and UDP
connections to random ports
• With NATs
– Private addresses hidden from the outside
network – means no inbound calling
– Outbound calling endpoints request media sent to
their private address – means one way
video/audio
September 2002
Unleashing the Power of IP Communications
9
What choices do you have?
1. Bypass
–
–
–
–
Public Endpoints
Private Network
Gateway
MCU
2. Replace
– Upgrade Hardware Infrastructure
3. Traverse
– Use Ridgeway Software
September 2002
Unleashing the Power of IP Communications
10
Bypass: Public Endpoints
• How
WAN
– Give the endpoints public IP
addresses
– Move them outside the
firewall
• Benefits
– May be lowest capital cost?
• Issues
– Requires Dedicated Public
IP Addresses
– Removes Protection of
Firewall
– Not easily scalable
– Cannot overcome network
based NAT/FW
September 2002
Unleashing the Power of IP Communications
11
Bypass: Private Network
• How
WAN
– Establish Virtual Private
Network (VPN), usually via
Firewall configuration
• Benefits
VPN
– Works for Intra-Company
communications
– May already be in place
• Issues
– Not for inter-enterprise
communications
– Requires configuration at
every location
– May have performance
impacts – increased delay
– Some VPNs won’t handle
NAT
September 2002
Unleashing the Power of IP Communications
12
Bypass: PSTN/ISDN Gateway
IP WAN
• How
– Gateway to PSTN or
ISDN at edge of network
• Benefits
– May already be in place
for calling “off-net”
• Issues
PSTN/
ISDN
September 2002
– Loses benefits of the
pure IP solution
– Doesn’t solve problem for
the mobile IP endpoint
Unleashing the Power of IP Communications
13
Bypass: MCU
• How
WAN
– Deploy MCU with two
network interfaces, one
inside & one outside of
firewall/NAT
• Benefits
– Natural extension for
existing MCU deployments
• Issues
– Can be expensive solution;
not appropriate for SOHO or
consumer deployment
– Localized solution, needs to
be deployed at every
NAT/FW
– Cannot overcome network
based NAT/FW
September 2002
Unleashing the Power of IP Communications
14
Replace: Upgrade Infrastructure
• How
– Upgrade firewalls and
routers with Application
Level Gateway (ALG)
• Benefits
– Brand name solutions?
• Issues
WAN
September 2002
– This means changes to
mission critical network
components for the
enterprise network
– Fix every NAT & Firewall for
every protocol
– Unreachable: Physically,
Politically, or Intellectually?
– Cannot overcome network
based NAT/FW
Unleashing the Power of IP Communications
15
Traverse: Ridgeway
IP Freedom
Server
Ridgeway
Client
DMZ
• How
Proxy/Registrar/GK
• Benefits
Host Network
WAN
Guest Network
Guest Network
September 2002
– Place single server at
“reachable address”
– Download software client for
any “guest network”
– No upgrade for existing
mission critical components
– Handles any number of
NATs & Firewalls, even
network based
– Handles SIP or H.323
– Compatible with your
existing infrastructure
– Voice and Video
– Mobile solution
– Download-and-Call means no
waiting to call into a new
location
Unleashing the Power of IP Communications
16
The Ridgeway Method
IP Freedom
Server
Ridgeway
Client
DMZ
Host Network
Proxy/Registrar/GK
1.
–
–
2.
3.
WAN
Guest Network
Ridgeway (RW) Clients connect to
the RW Server
4.
RW Server/Clients “proxy” the GK
so it appears at the RW Client
Endpoints set RW Client as their
GK and register and then appear as
a ports on the RW Server
Behind the scenes:
•
•
Ridgeway
Client
5.
September 2002
Outbound
Fixed ports: 2776/2777
All TCP traffic goes over the preestablished TCP connection
As UDP streams are needed the
RW client pushes a stream out to
the server that the server can use
for return traffic (outbound, fixed
ports)
From endpoint perspective, calls
proceed as usual
Unleashing the Power of IP Communications
17
More On Ridgeway Traversal
• Commercially deployed today in both
enterprise and service provider environments
• One server for multiple endpoints & networks
• No upgrade to existing NAT/FW or endpoints
• No open inbound firewall ports
• No charge for client
• Upgrade server capacity instantly
• Add-on for VPN & PSTN gateway solutions
September 2002
Unleashing the Power of IP Communications
18
Summary
• Firewalls & NATs are everywhere
• Firewalls & NATs block IP Voice & Video
• Solution Choices:
– Bypass, Replace, Traverse
• Traversal:
– Don’t mess with your critical components
– Treat the network like a black box
– Download and call today!
• Free trial
– www.ridgewaysystems.com
– http://www.vide.net/vpz/firewalls.html
September 2002
Unleashing the Power of IP Communications
19