H.320 gateways a MEGACO / ITU
Matt Holdrege
matt at ASCEND.COM
Wed Mar 31 16:57:57 EST 1999
I think we have a terminology problem here. I'll try again.
A firewall does NOT affect the end-to-end nature of IP. NAT DOES affect the
end-to-end nature of IP. When you add a NAT function to a firewall it WILL
cause problems for PER. A firewall that does not use NAT will NOT cause
problems for PER.
A service provider that wants to protect their internal hosts or networks
does NOT need to use NAT. Therefore this whole discussion is pointless. :)
At 04:45 PM 3/31/99 -0500, Melinda Shore wrote:
>There's a problem in that it makes the signaling channel sufficiently
>complicated to parse that you end up having to put a proxy, or something
>that looks an awful lot like a proxy, on the firewall in order to
>pick up dynamically-allocated address/port tuples. This has somewhat
>negative architectural implications in that in a multi-firewall
>environment (which is, alas, the norm when traversing multiple
>administrative domains) you end up with tandemed signaling loops.
>
>The short answer is that IP is supposed to be end-to-end
>and that firewalls create a big disconnect between the IP network
>and the IP telephony application-layer network.
>
>Melinda
>
>At 01:26 PM 3/31/99 -0800, Matt Holdrege wrote:
>>So why specifically does PER have a problem with firewalling/packet
filtering?
>
>Melinda Shore
>Member of the Scientific Staff
>Nokia IP Telephony
>127 West State Street
>Ithaca, New York 14850
>+1 607 273 0724 x81 (office)
>+1 607 275 3610 (fax)
>+1 607 280 0010 (mobile)
>shore at ithaca-viennasys.com
>
More information about the sg16-avd
mailing list