H.320 gateways a MEGACO / ITU

Matt Holdrege matt at ASCEND.COM
Wed Mar 31 16:57:57 EST 1999


I think we have a terminology problem here. I'll try again.

A firewall does NOT affect the end-to-end nature of IP. NAT DOES affect the
end-to-end nature of IP. When you add a NAT function to a firewall it WILL
cause problems for PER. A firewall that does not use NAT will NOT cause
problems for PER.

A service provider that wants to protect their internal hosts or networks
does NOT need to use NAT. Therefore this whole discussion is pointless. :)



At 04:45 PM 3/31/99 -0500, Melinda Shore wrote:
>There's a problem in that it makes the signaling channel sufficiently
>complicated to parse that you end up having to put a proxy, or something
>that looks an awful lot like a proxy, on the firewall in order to
>pick up dynamically-allocated address/port tuples.  This has somewhat
>negative architectural implications in that in a multi-firewall
>environment (which is, alas, the norm when traversing multiple
>administrative domains) you end up with tandemed signaling loops.
>
>The short answer is that IP is supposed to be end-to-end
>and that firewalls create a big disconnect between the IP network
>and the IP telephony application-layer network.
>
>Melinda
>
>At 01:26 PM 3/31/99 -0800, Matt Holdrege wrote:
>>So why specifically does PER have a problem with firewalling/packet
filtering?
>
>Melinda Shore
>Member of the Scientific Staff
>Nokia IP Telephony
>127 West State Street
>Ithaca, New York  14850
>+1 607 273 0724 x81 (office)
>+1 607 275 3610 (fax)
>+1 607 280 0010 (mobile)
>shore at ithaca-viennasys.com
>



More information about the sg16-avd mailing list