I think we have a terminology problem here. I'll try again.
A firewall does NOT affect the end-to-end nature of IP. NAT DOES affect the end-to-end nature of IP. When you add a NAT function to a firewall it WILL cause problems for PER. A firewall that does not use NAT will NOT cause problems for PER.
A service provider that wants to protect their internal hosts or networks does NOT need to use NAT. Therefore this whole discussion is pointless. :)
At 04:45 PM 3/31/99 -0500, Melinda Shore wrote:
There's a problem in that it makes the signaling channel sufficiently complicated to parse that you end up having to put a proxy, or something that looks an awful lot like a proxy, on the firewall in order to pick up dynamically-allocated address/port tuples. This has somewhat negative architectural implications in that in a multi-firewall environment (which is, alas, the norm when traversing multiple administrative domains) you end up with tandemed signaling loops.
The short answer is that IP is supposed to be end-to-end and that firewalls create a big disconnect between the IP network and the IP telephony application-layer network.
Melinda
At 01:26 PM 3/31/99 -0800, Matt Holdrege wrote:
So why specifically does PER have a problem with firewalling/packet
filtering?
Melinda Shore Member of the Scientific Staff Nokia IP Telephony 127 West State Street Ithaca, New York 14850 +1 607 273 0724 x81 (office) +1 607 275 3610 (fax) +1 607 280 0010 (mobile) shore@ithaca-viennasys.com