unleashing the power of ip communications™ calling across the boundaries mike burkett, vp products...
TRANSCRIPT
Unleashing the Power of IP Communications™
Calling Across The Boundaries
Mike Burkett, VP [email protected]
September 2002
3September 2002 Unleashing the Power of IP Communications
Why should you care about NATs and Firewalls?
Network Address Translation (NAT) and Firewalls will block your IP voice and video calls.
4September 2002 Unleashing the Power of IP Communications
What is NAT?
• Network Address Translation
• Allows multiple users/devices to share a single public internet address
• Implemented within the router
• Think of it like a PBX with a public trunk number and private extensions for IP networks
SharedPublic
Address64.121.30.1
PrivateAddress10.1.1.1
PrivateAddress10.1.1.2
PrivateAddress10.1.1.3
5September 2002 Unleashing the Power of IP Communications
What is a Firewall?
• Separates and “Protects” the Private Network from the outside world.
• Examines every packet that goes in to or out from the enterprise.
• Typically blocks all unsolicited inbound packets
• Think of a mail room clerk filtering your inbound and outbound mail
OutsideWorld
PrivateNetwork
Unsolicited
RequestResponse
Disallowed
6September 2002 Unleashing the Power of IP Communications
The Imaginary IP World
• No Firewalls• No NAT• No Security
• All public IP Addresses
• All Calls Successful
• Not the real world!Bob
64.123.31.15Susan
34.58.15.21Tom
216.115.109.7
Branch Office208.45.133.21
Teleworker24.30.203.101
Corporate207.46.230.5
7September 2002 Unleashing the Power of IP Communications
Today’s Real IP Video World
WANWAN
WANWAN
Bob10.2.1.5
Susan192.168.0.107
Tom192.168.0.108
Teleworker10.100.5.4
Corporate10.1.1.25
Branch Office172.16.31.13
Firewall/NAT at the edge of the corporate network
NAT or Firewall hidden in the network
8September 2002 Unleashing the Power of IP Communications
Firewalls & NAT: Where?
• Deployed Everywhere:– Corporate Networks– Home Networks– Individual PCs– And Hidden In the Net
• Anywhere someone wants to– Share a connection– Protect a network
WANWAN
9September 2002 Unleashing the Power of IP Communications
Why H.323 & SIP Don’t Work…
• With firewalls– Require inbound connections for inbound calls– Each call requires multiple TCP and UDP
connections to random ports
• With NATs– Private addresses hidden from the outside
network – means no inbound calling– Outbound calling endpoints request media sent to
their private address – means one way video/audio
10September 2002 Unleashing the Power of IP Communications
What choices do you have?
1. Bypass– Public Endpoints– Private Network– Gateway– MCU
2. Replace– Upgrade Hardware Infrastructure
3. Traverse– Use Ridgeway Software
11September 2002 Unleashing the Power of IP Communications
Bypass: Public Endpoints
• How– Give the endpoints public IP
addresses– Move them outside the
firewall
• Benefits– May be lowest capital cost?
• Issues– Requires Dedicated Public
IP Addresses– Removes Protection of
Firewall– Not easily scalable– Cannot overcome network
based NAT/FW
WANWAN
12September 2002 Unleashing the Power of IP Communications
Bypass: Private Network
• How– Establish Virtual Private
Network (VPN), usually via Firewall configuration
• Benefits– Works for Intra-Company
communications– May already be in place
• Issues– Not for inter-enterprise
communications– Requires configuration at
every location– May have performance
impacts – increased delay– Some VPNs won’t handle
NAT
WANWAN
VPN
13September 2002 Unleashing the Power of IP Communications
Bypass: PSTN/ISDN Gateway
• How– Gateway to PSTN or
ISDN at edge of network
• Benefits– May already be in place
for calling “off-net”
• Issues– Loses benefits of the
pure IP solution– Doesn’t solve problem
for the mobile IP endpoint
IP WANIP WAN
PSTN/ISDN
PSTN/ISDN
14September 2002 Unleashing the Power of IP Communications
Bypass: MCU
• How– Deploy MCU with two
network interfaces, one inside & one outside of firewall/NAT
• Benefits– Natural extension for
existing MCU deployments• Issues
– Can be expensive solution; not appropriate for SOHO or consumer deployment
– Localized solution, needs to be deployed at every NAT/FW
– Cannot overcome network based NAT/FW
WANWAN
15September 2002 Unleashing the Power of IP Communications
Replace: Upgrade Infrastructure
• How– Upgrade firewalls and
routers with Application Level Gateway (ALG)
• Benefits– Brand name solutions?
• Issues– This means changes to
mission critical network components for the enterprise network
– Fix every NAT & Firewall for every protocol
– Unreachable: Physically, Politically, or Intellectually?
– Cannot overcome network based NAT/FW
WANWAN
16September 2002 Unleashing the Power of IP Communications
Host Network
Guest Network
Guest Network
DMZ Proxy/Registrar/GK
WANWAN
Traverse: Ridgeway
• How– Place single server at
“reachable address”– Download software client for
any “guest network”• Benefits
– No upgrade for existing mission critical components
– Handles any number of NATs & Firewalls, even network based
– Handles SIP or H.323– Compatible with your
existing infrastructure– Voice and Video– Mobile solution– Download-and-Call means no
waiting to call into a new location
Ridgeway Client
IP Freedom Server
17September 2002 Unleashing the Power of IP Communications
The Ridgeway Method
1. Ridgeway (RW) Clients connect to the RW Server– Outbound
– Fixed ports: 2776/2777
2. RW Server/Clients “proxy” the GK so it appears at the RW Client
3. Endpoints set RW Client as their GK and register and then appear as a ports on the RW Server
4. Behind the scenes:• All TCP traffic goes over the pre-
established TCP connection
• As UDP streams are needed the RW client pushes a stream out to the server that the server can use for return traffic (outbound, fixed ports)
5. From endpoint perspective, calls proceed as usual
Host Network
Guest Network
DMZ
Proxy/Registrar/GK
WANWAN
Ridgeway Client
IP Freedom Server
Ridgeway Client
18September 2002 Unleashing the Power of IP Communications
More On Ridgeway Traversal
• Commercially deployed today in both enterprise and service provider environments
• One server for multiple endpoints & networks• No upgrade to existing NAT/FW or endpoints• No open inbound firewall ports• No charge for client• Upgrade server capacity instantly• Add-on for VPN & PSTN gateway solutions
19September 2002 Unleashing the Power of IP Communications
Summary
• Firewalls & NATs are everywhere• Firewalls & NATs block IP Voice & Video• Solution Choices:
– Bypass, Replace, Traverse• Traversal:
– Don’t mess with your critical components– Treat the network like a black box– Download and call today!
• Free trial– www.ridgewaysystems.com – http://www.vide.net/vpz/firewalls.html