Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support
Presentation Agenda • IP Telephony Overview • The ITU H.323 Specification • Microsoft ISA Server H.323 Gateway • Microsoft ISA Server H.323 Gatekeeper • Microsoft ISA Server Scenarios
IP Telephony OverviewDefinition • IP Telephony refers to the hardware and software technologies that provide the ability to place telephone calls over IP based networks.
IP Telephony OverviewTraditional Voice Networks – PSTN • The Public Switched Telephone Network • The collection of networking equipment that belongs to the carriers involved in providing telephone service. • The PSTN is a Circuit Switched Network • A virtual circuit is created in the PSTN “Cloud” for each telephone call. The circuit is allocated (64k bps) and maintained for the duration of the call, regardless of the amount of traffic flowing over the circuit.
IP Telephony OverviewTraditional IP Networks – The Internet • Packet Switched Networks • Separate packets from the same communication may take different paths through the cloud. • More efficient use of network resources • No inherent QoS or Security, without special a special implementation to address these issues. • Signaling and Media use the same network
IP Telephony OverviewStandards Bodies • International Telecommunications Union (ITU) • ITU-T division’s H SERIES specs define the Transmission of non-telephone signals. • Specifications must be licensed from the ITU • Internet Engineering Task Force (IETF) • RFC and Internet-Draft specifications are well-known to most IT professionals • Available in the public domain : http://www.ietf.org
IP Telephony OverviewThe 3 competing signaling protocols • H.323 (ITU) • Umbrella specification defining the protocols and codecs to be used by H.323 compliant devices. • SIP (IETF) • Session Initiation Protocol. New, up and coming standard. Similar to H323 mechanically, but text-based and simpler. More closely related to HTTP “on the wire.” • S/MGCP (IETF) • Signaling Gateway Control Protocol / Media Gateway Control Protocol.
IP Telephony OverviewMedia Protocols • RTP/RTCP (IETF) • Real-Time Protocol/ Real-Time Control Protocol. • This is used almost universally for media transport. Both H.323 and SIP specify RTP as the media transport protocol of choice
The ITU H.323 Specification • H.323 Specification Title: Visual telephone systems and equipment for local area networks which provide a non‑guaranteed quality of service
The ITU H.323 SpecificationImportant Terms • H.323 Entity: Any H.323 component, including • Terminals • Gateways • Gatekeepers • MCs, MPs, and MCUs. • Endpoint: A Terminal, Gateway, or MCU. • Call: Point-to-point multimedia communication between two H.323 endpoints • Multipoint Conference: A conference between three or more terminals
The ITU H.323 Specification H.323 Protocol Stack
The ITU H.323 SpecificationBasic Call Model A typical H.323 Call consists of 5 phases: • Call Setup (Phase A) • Initial communication between endpoints and terminal capability exchange (Phase B) • Establishment of of Audio / Visual communication between endpoints (Phase C) • Request and negotiation of Call Services (Phase D) • Call Termination (Phase E)
ISA Server H.323 GatewayIntroduction • The ISA Server H.323 Gateway is an application layer H.323 Proxy. • Traditional circuit-layer proxies (Winsock Proxy, ISA Firewall Service) and transparent proxies (NAT, SecureNAT) do not properly handle H.323 traffic because of the Protocol’s complexity.
ISA Server H.323 GatewayProxy History • Proxy Server 2.0 • Winsock Proxy could handle only one outbound H.323 call at a time. • No inbound H.323 calls were possible (No Server Proxy) • Windows 2000 NAT • H.323 / LDAP Protocol Editor allows outbound H.323 Calls (LDAP is needed for ILS lookup) • ISA H.323 Gateway • supports outbound H.323 calls and inbound calls with Gatekeeper assistance
ISA Server H.323 GatewayH.323 Gateway Implementation • The ISA H.323 Proxy is implemented as an ISA Application Filter. • Application Filters can be externally developed using the ISA SDK. • Application filters plug-in to the ISA Firewall Service • Application filters can perform • protocol editing, e.g., H.323 filter • Content inspection, e.g., SMTP filter • Virus scanning, e.g., 3rd Party filter • Other activities enabled by access to the application data stream • Both SecureNAT Clients and Firewall (WSP) Clients can use the H.323 Gateway
ISA Server H.323 GatekeeperIntroduction • ISA Gatekeeper Functionality • Register Users (directory) • The GK defines an H.323 zone and is referenced when attempting to locate a user or terminal. The GK provides alias to IP address resolution. • Route Calls • Terminals specify a GK if one exists for their zone. The GK will route calls to the appropriate destinations based on routing rules created by an administrator.
ISA Server H.323 GatekeeperCall Routing Rules • Rules are used to determine how a GK should help the caller route the call. • 3 Types of Call Routing Rules • Phone Number Rules • Email Address Rules • IP Address Rules • By matching the ID type to a destination, • Phone# calls can be routed to a PSTN Gateway • External IP Addresses, Email addresses, or Names can be routed to external endpoints or GK’s.
ISA Server H.323 GatekeeperRouting Rule Precedence • GK finds matching rules for each destination type. • Matching rules are then sorted by • Quality of match (more matching elements) • If Quality of match is equal, “exact” rule types have precedence over “prefix” (ph#) or “suffix” (domain/IP) rule types. • If Quality and Type match, rule precedence number is used.
ISA Server H.323 GatekeeperRouting Rule Precedence (cont) • Now that rules have been sorted based on matching, there may be equal rules with different destinations. Each destination should be tried in the case that a previous response is negative. e.g., If ILS lookup fails, we should try Active Directory for a match as well (assuming there are rules for each of these destinations)
ISA Server H.323 GatekeeperRouting Rule Precedence (cont) • Destinations are contacted in the following order: • None. This is a “deny rule” and causes processing to cease. • Local Registration Database • Gateway/Proxy • Internet Locator Service (ILS) • Gatekeeper • Multicast Gatekeeper • DNS • Active Directory • Local Network
ISA Server H.323 GatekeeperRouting Rule Precedence (cont) Which Rules get applied? What order are the applied rules processed?
Resources and References • Books • IP Telephony. (Bill Douskalis) • Much of the VoIP and H.323 information in this presentation came from this book • IP Telephony: Packet-Based Multimedia Communications Systems (Hersent, Gurle, Petit) • Web Sites • Databeam. This site has a good primer on H.323 and T.120 • http://www.databeam.com/standards/index.html • Intel. This page describes the problems and pitfalls of getting H.323 through Firewalls • http://support.intel.com/support/videophone/trial21/h323_wpr.htm
Resources and References(cont.) • Specs • ITU-T: • H.323 • T.120 • IETF: • RTP (RFC 1889) ftp://ftp.isi.edu/in-notes/rfc1889.txt