Transcript Intertex Data AB, Sweden

Intertex Data AB, Sweden
IX66 Internet Gate
A Firewall with SIP Support
Prepared for: Voice On the Net, Spring 2001
By:
Lars Berggren
Research and Development
Intertex Data AB
[email protected]
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
1
The Swedish ”Broadband to the People” Race
What is going on?
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
2
The Swedish ”Broadband to the People” Race
Price level: 20 USD/month flat rate
Technologies: ADSL, Cable Modems,
Apartment Building LAN
Deployment: 8 % of households now
20 % of households end 2001
95 % of households in 5 years
Key factors: Faster + Always-On
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
3
Services and Applications
Killer applications?
 Today: Faster Surfing
 Coming: IP Telephony
*
 Tomorrow: Home Appliances Control
*
* Requires access from the Internet to YOU
and Always On!
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
4
The importance of SIP
A protocol is needed for
 Session Initiation
 User/Device presence and location
 Event notification
Use SIP!
 RFC2543, Proven compatibility
 Scalable, uses Internet services
 Extendable, Not limited to IP Telephony
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
5
The importance of SIP
SIP for Presence and Instant Messaging
See www.cs.columbia.edu/sip/drafts_presence.html
 SIP Already Provides Publication Capability
 Extended with Event Notification and
Subscription
Registrar
Client
Client
© 2001 Intertex Data AB, All Rights Reserved
Client
Moderator Sandy Teger
6
The importance of SIP
Control your temperature, refrigerator,
alarm, toaster and more…
An extension to SIP in progress
 See www.research.telcordia.com/iapp/
 http://search.ietf.org/internet-drafts/draft-moyersip-appliances-framework-01.txt
Submitted to OSGi
 See http://www.osgi.org
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
7
Broadband in the Home – Firewall & NAT
Do YOU want to be part of the public Internet?
Firewall
Internet
Internal LAN
Private IP Addresses
One public IP Address
Outside world
Home
Always On Internet – You need a firewall!
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
8
Broadband in the Home – Firewall & NAT
Why do we need SIP capable firewalls / NATs?
 Global end-to-end connectivity for SIP
 Privacy and protection of home devices
 Many SIP applications are typically used with
Always-On access
 Several SIP devices, but only one public IP
address
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
9
Accessing Protected Devices
Firewall Problems:
• Sessions initiated from outside
of the firewall
- OK, open port 5060, but…
• Media streams on dynamically
allocated port numbers
- Ooops…  !
Even with public
IP addresses inside
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
10
Accessing Protected Devices
NAT & PAT Problems:
• Where is the device?
- Registration/location function
• Private IP addresses and ports
in SIP messages
- Rewrite with globally routable
addresses
• IP address and port of media
stream has to be modified
- NAT engine has to be
dynamically controlled
© 2001 Intertex Data AB, All Rights Reserved
Worse with private
IP addresses inside
Moderator Sandy Teger
11
Adding SIP support to a firewall
Important components:
• Dynamic Firewall Engine
Firewall & NAT
• SIP Proxy Server,
controlling the firewall
• SIP Registrar, user location
information
• Communication between
SIP Proxy and firewall
© 2001 Intertex Data AB, All Rights Reserved
SIP
Proxy
Registrar
Firewall
Control
Protocol?
Moderator Sandy Teger
12
Accessing into the home...
Internet
Firewall
or NAT
Internal LAN
LAC
SIP
Proxy
Outside World
Protection
In Home
© 2000 Telcordia Technologies, Inc.
All Rights Reserved
Global End-to-End Connectivity
Now possible!
Internet
Internet
[email protected]
FIREWALL
LAN
PSTN
Gateway
FIREWALL
SIP End-to-End to utilize the possibilities of
advanced IP Telephony services!
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
14
Demo – Let’s make a call…
SIP forwarding
SIP
Server
siplab.net
Internet
Internet
GSM
Gateway
RINGING!
Firewall
LAN
SIP
Proxy
Registrar
PSTN
Gateway
PSTN
Dialling: [email protected]
Dynamic session setup
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
15
Demo – Let’s turn the lamp on…
DO sip:[email protected]
<Device>lamp</Device>
<Action>power on</Action>
SIP
Internet
(Ethernet)
LAN
(Ethernet)
ENP
siplab.net
Internet
Internet
SIP
SIP
Home
Appliances
Controller
SIP
Server
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
16
The Intertex IX66 Internet Gate
 The Intertex IX66 series
 OEM as:
• PowerBit
• Telia SurfinBird
As Internet Gate ”only”
or with integrated ADSL
modem
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
17
The Intertex IX66 Internet Gate
A closer look
SET





SELECT
SC
ADR CFG DHP RST
LQ
TX
RX
A U
I S
R B
E
T
1
E W T
T A X
2 N D
R
X
D
ALT CFG
Firewall & NAT/PAT
SIP Proxy and Registrar
DHCP Server
WEB Server for configuration
SIP Appliance Control, LAC via expansion port
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
18
The Intertex IX66 Internet Gate
Goodies
ON




DC
USB
ET2
ET1
EXP
LINE PHONE
Optional ADSL
Built-in
Two Ethernet and one USB port
Expansion port, e.g. for appliance control
Smart Card Reader
Upgradeable
© 2001 Intertex Data AB, All Rights Reserved
Moderator Sandy Teger
19