Videoconferencing and VoIP have long been plagued with problems when trying to work across network address translation (NAT) and firewall boundaries. Despite previous attempts to address the issue, no standardized way of dealing with the problem has emerged until now.
Without the ITU solution many network managers and operators have found that the only way to allow inbound VoIP calls in a firewall -protected environment is to leave a permanent hole from the outside world, open a range of port numbers for VoIP use, or locate devices outside of the firewall . Clearly, these solutions violate even the most basic security policies.
Recommendation H.460.18 enables H.323 devices to exchange signalling and establish calls, even when they are placed inside a private network behind NAT/FW devices. These extensions, when used together with Recommendation H.460.19, which defines NAT/FW traversal for media, enable upgraded H.323 endpoints to traverse NAT/FW installations with no additional equipment on the customer premises. Alternatively, the H.460.18 and H.460.19 functionality may be implemented in a proxy server, so that unmodified H.323 endpoints can also benefit from it.
Work on the related Recommendation H.248.37 was also finished at the Study Group meeting. Session border controllers (SBCs) are becoming an important part of the Internet infrastructure, and some SBCs are being split into media gateway controller (MGC) and media gateway (MG) components. One important function of a SBC is to perform network address and port translation (NAPT). H.248.37 allows the MGC to instruct a MG to latch to an address provided by an incoming Internet Protocol (IP) application data stream, rather than the address provided by the call/bearer control. This enables the MG to open a pinhole for data flow, and hence allow connections to be established. |
