Re: Firewall/NAT Crossing by H.323/H.248
Euchner:
Steve Davies has provided another URL to me. It is working for me. Hope that it will work for all of you.
Best regards,
Radhika R. Roy AT&T +1 732 420 1580 rrroy@att.com
-----Original Message----- From: Steve Davies [mailto:SDavies@Ridgeway-Sys.com] Sent: Thursday, March 22, 2001 2:45 PM To: Roy, Radhika R, ALCOO Subject: RE: Firewall/NAT Crossing by H.323/H.248
Radhika,
The document is going through the IETF draft process - we sent it on Tuesday. In the meantime its available from www.vxserver.com/standards.
We will be at the SIP discussion tomorrow. Thanyou - we think it is a better solution too. The PIA does not need to be application aware (so its future proof), the PS takes care of that. The PIA can be client software (i.e a shim to the application) or a standalone unit. It scales down as well as up.
regards
Steve
Steve Davies Chief Technical Officer Ridgeway Systems and Software Email: mailto:sdavies@ridgeway-sys.com Web: www.ridgeway-sys.com Tel B: +44 (0) 118 938 1114 Tel H: +44 (0) 1285 770979
-----Original Message----- From: Euchner Martin [mailto:Martin.Euchner@icn.siemens.de] Sent: Monday, March 26, 2001 9:38 AM To: Roy, Radhika R, ALCOO; ITU-SG16@mailbag.cps.INTEL.COM Subject: AW: Firewall/NAT Crossing by H.323/H.248
Radhika,
thanks for pointing to this interesting draft. However, I was unable to obtain that document; http://www.ietf.org/internet-drafts/draft-davies-fw-nat-traversal-00.txt http://www.ietf.org/internet-drafts/draft-davies-fw-nat-traversal-00.txt is not successful.
Would someone be so kind and send it to me?
Kind Regards
Martin Euchner. ----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 722 55790 | Martin Euchner Fax : +49 89 722 46841 | Siemens AG | ICN M NT 5 mailto:Martin.Euchner@icn.siemens.de mailto:Martin.Euchner@icn.siemens.de | mailto:martin.euchner@ties.itu.int mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://intranet.icn.siemens.de/marketing/network_technology/security/pki.htm | D-81359 Muenchen Internet: http://www.siemens.de http://www.siemens.de | __________________ | Germany -----------------------------------------------------------------------
-----Ursprüngliche Nachricht----- Von: Roy, Radhika R, ALCOO [SMTP:rrroy@ATT.COM] Gesendet am: Donnerstag, 22. März 2001 05:18 An: ITU-SG16@mailbag.cps.INTEL.COM Betreff: Firewall/NAT Crossing by H.323/H.248
Folks:
The following Internet draft (draft-davies-fw-nat-traversal-00.txt) deals with the proposal how H.323, H.248, and other applications (e.g., SIP) can cross the firewalls and NATs that do not require any changes in NATs and firewalls.
I would request the members that it may be worthwhile to look into the proposal.
(I would also propose the authors to see whether this can be presented in the ITU-T SG16 for possible examination. If attendance is a problem by the authors, whether Rapporteurs, as they did in the past, can help in collaboration with the authors in the presenting the proposal.)
Best regards, Radhika R. Roy AT&T
-----Original Message----- From: Steve Davies [mailto:SDavies@Ridgeway-Sys.com] Sent: Tuesday, March 20, 2001 8:45 PM To: mshore@cisco.com Cc: sob@harvard.edu; Steve Davies; midcom@ietf.com; sip@lists.bell-labs.com Subject: [SIP] Contribution to Midcom WG
Melinda,
Please excuse this email at the 11th hour. I've taking the liberty of copying it to the SIP and Midcom WGs in order to maximise the opportunity for discussion.
Ridgeway Systems & Software have just completed an Internet draft for the traversal of non-protocol aware firewalls and NATs by session-oriented protocols such as H.323, SIP and H.248/Megaco. The draft is the culmination of the last 2 years of research and development within Ridgeway. The methods outlined in the draft have been implemented and proven to work. The main benefit to the Internet and Telecommunications community of the method outlined in this draft is that it is protocol agnostic - a single method can carry multiple protocols. Until it is available through the system it is available from http://www.vxserver.com/standards/ - username is 'standards' password is 'stevedavies'.
The method outlined in the draft is probably ahead of where Midcom is at this point. I bring it to your attention now because I see similar initiatives within the SIP WG and because I would like to suggest to the Midcom WG that there are at least 2 classes of problem with potentially multiple solutions to address and capture. My basic premise is that it is not just a FW/NAT problem to address, but a FW/NAT + deployment set of problems.
Class A: This class of problem is characterised by the fact that it is not possible or it is undesirable to upgrade the firewalls and NAT devices. Typically, NAPT is being used and Internet data and voice/video packets are transported on the same network (at some point, e.g. the LAN). Security must not be compromised. Examples deployments include residential and enterprise access to the Converged Network via an ISP.
The Traversal method Ridgeway has developed addresses this class of problem.
Class B: This class of problem is characterised by the fact that it is possible to upgrade existing or deploy new equipment to transport voice/video over IP.
ALGs in firewalls and NATs is one solution to this class of problem.
It seems that the approach within Midcom is to formalise and abstract ALGs such that one method suits all protocols. However, this doesn't address deployments in Class A.
My colleague, Pete Cordell, and I will be in Minneapolis from Wednesday thru Friday and shall be attending the Midcom WG where we hope such requirements and issues will be raised and captured.
Please feel free to contact me should you want to discuss this offline.
Kindest regards
Steve
Steve Davies Chief Technical Officer Ridgeway Systems and Software Email: mailto:sdavies@ridgeway-sys.com Web: www.ridgeway-sys.com Tel B: +44 (0) 118 938 1114 Tel H: +44 (0) 1285 770979 US cell: +1 512 771 7160
_______________________________________________ This list is for continuing development of the SIP protocol. The sip-implementor's list is the place to discuss implementation, and to receive advice on understanding existing sip. To subscribe to it, send mail to sip-implementors-request@cs.columbia.edu with "subscribe" in the body.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com
participants (1)
-
Roy, Radhika R, ALCOO