Firewall/NAT Crossing by H.323/H.248

Roy, Radhika R, ALCOO rrroy at ATT.COM
Wed Mar 21 23:18:28 EST 2001 

Folks:

The following Internet draft (draft-davies-fw-nat-traversal-00.txt) deals
with the proposal how H.323, H.248, and other applications (e.g., SIP) can
cross the firewalls and NATs that do not require any changes in NATs and
firewalls.

I would request the members that it may be worthwhile to look into the
proposal.

(I would also propose the authors to see whether this can be presented in
the ITU-T SG16 for possible examination. If attendance is a problem by the
authors, whether Rapporteurs, as they did in the past, can help in
collaboration with the authors in the presenting the proposal.)

Best regards,
Radhika R. Roy
AT&T

-----Original Message-----
From: Steve Davies [mailto:SDavies at Ridgeway-Sys.com]
Sent: Tuesday, March 20, 2001 8:45 PM
To: mshore at cisco.com
Cc: sob at harvard.edu; Steve Davies; midcom at ietf.com;
sip at lists.bell-labs.com
Subject: [SIP] Contribution to Midcom WG


Melinda,

Please excuse this email at the 11th hour. I've taking the liberty of
copying it to the SIP and Midcom WGs in order to maximise the opportunity
for discussion.

Ridgeway Systems & Software have just completed an Internet draft for the
traversal of non-protocol aware firewalls and NATs by session-oriented
protocols such as H.323, SIP and H.248/Megaco. The draft is the culmination
of the last 2 years of research and development within Ridgeway. The methods
outlined in the draft have been implemented and proven to work. The main
benefit to the Internet and Telecommunications community of the method
outlined in this draft is that it is protocol agnostic - a single method can
carry multiple protocols. Until it is available through the system it is
available from http://www.vxserver.com/standards/  - username is 'standards'
password is 'stevedavies'.

The method outlined in the draft is probably ahead of where Midcom is at
this point. I bring it to your attention now because I see similar
initiatives within the SIP WG and because I would like to suggest to the
Midcom WG that there are at least 2 classes of problem with potentially
multiple solutions to address and capture. My basic premise is that it is
not just a FW/NAT problem to address, but a FW/NAT + deployment set of
problems.

Class A:
This class of problem is characterised by the fact that it is not possible
or it is undesirable to upgrade the firewalls and NAT devices. Typically,
NAPT is being used and Internet data and voice/video packets are transported
on the same network (at some point, e.g. the LAN). Security must not be
compromised. Examples deployments include residential and enterprise access
to the Converged Network via an ISP.

The Traversal method Ridgeway has developed addresses this class of problem.

Class B:
This class of problem is characterised by the fact that it is possible to
upgrade existing or deploy new equipment to transport voice/video over IP.

ALGs in firewalls and NATs is one solution to this class of problem.

It seems that the approach within Midcom is to formalise and abstract ALGs
such that one method suits all protocols. However, this doesn't address
deployments in Class A.

My colleague, Pete Cordell, and I will be in Minneapolis from Wednesday thru
Friday and shall be attending the Midcom WG where we hope such requirements
and issues will be raised and captured.

Please feel free to contact me should you want to discuss this offline.

Kindest regards

Steve

Steve Davies
Chief Technical Officer
Ridgeway Systems and Software
Email: mailto:sdavies at ridgeway-sys.com
Web:  www.ridgeway-sys.com
Tel  B: +44 (0) 118 938 1114
Tel H: +44  (0) 1285 770979
US cell: +1 512 771 7160











_______________________________________________
This list is for continuing development of the SIP protocol.
The sip-implementor's list is the place to discuss implementation,
and to receive advice on understanding existing sip.
To subscribe to it, send mail to
sip-implementors-request at cs.columbia.edu with "subscribe" in the body.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at mailbag.intel.com

More information about the sg16-avd mailing list