Intertex Data AB, Sweden

Transcript Intertex Data AB, Sweden

Intertex Data AB, Sweden
Tillämpad IP-telefoni
Brandväggen och LANet
Förberedd för:
IP-dagarna 2002
Av:
Karl Erik Ståhl
VD Intertex Data AB
Ordförande Ingate Systems AB
[email protected]
© 2002 Intertex Data AB
1
VoIP as we have seen it…
Remember how it started in 95?
PC
Wanna talk
to me?
PC
Internet
Now it is coming back in a most useful form!
© 2002 Intertex Data AB
2
VoIP as we have seen it…
Then this service was offered to end users?
Gateway
Gateway
Internet
STO
LA
Nowdays long distance VoIP minutes are bought by
the established telcos.
Your normal international calls often run over the
public Internet!
© 2002 Intertex Data AB
3
VoIP as we have seen it…
PSTN
Internet
Europe Gateway
IP
VPN
Gateway
VPN
US
IP
VoIP between branch offices
- But NOT globally to others!
© 2002 Intertex Data AB
4
VoIP as we see it…
PSTN
SOFT
SWITCH
Internet
FW
MGCP often used to phones
Phones get locked to operator
© 2002 Intertex Data AB
5
Hmm, didn’t we pass this stage…
Organization 1
Email system 1
PSTN
fax
Organization 2
Email system 2
fax
fax
fax
printer
emai
l
emai
l
Paper was a very compatible media - So is POTS today…
But we need to move beyond!
© 2002 Intertex Data AB
6
What about universal connectivity?
RJ11
Black
Phone
PSTN
RJ45
LAN
Intranet
Internet
IP
Phone
Wouldn’t that be fine?
© 2002 Intertex Data AB
7
Let IP Phones Talk to Each Other!
Internet
PSTN
IP/PSTN
Gateway
PIM
XP
IP Phone
IP Phone
Home LAN
Business LAN
IP Phone
IAP
Connect to PSTN
when required!
IP Phone
SIP – Session Initiation Protocol
An Internet Standard
IETF RFC 2543, replaced by new RFC 3261
Used for setting up IP Communication between people
VoIP, IP Telephony
Video Conferencing
Presence, Instant Messaging
Lots of activity, ongoing work and development
http://www.cs.columbia.edu/~hgs/sip/
http://www.sipforum.org
http://www.sipcenter.com
http://www.pulver.com
© 2002 Intertex Data AB
9
Next Big Step in Internet Usage
SMTP Created Email
HTTP Created the Web
SIP Creates IP Communication
Person-to-Person
© 2002 Intertex Data AB
10
What is the difference?
Typical Internet protocol (SMTP, HTTP…)
SERVER
HOST
Internet
SIP (and H.323…) connects person-to-person
PERSON
PERSON
Internet
© 2002 Intertex Data AB
11
VoIP and SIP Services Out to the Edge
Internet
SIP
Server
PSTN
Status until now:
SIP is the Protocol for IP Communication
SIP/PSTN
Person-to-Person,
Gateway
PIM
DSL
BUT IT DOES Cable
NOT REACH THE EDGE!
XP
MTU
IP Phone
Operator network with NAT
Firewall
NAT
NAT
IP Phone
Home LAN
Business LAN
IP Phone
IAP
Firewall/NAT
problems!
IP Phone
SIP Firewall Problems
Firewall Problems:
Sessions initiated from outside
the firewall
- OK, open port 5060, but…
Media streams on dynamically
allocated port numbers
- Ooops…  !
Even with public
IP addresses inside
© 2002 Intertex Data AB
13
SIP NAT/PAT Problems
NAT & PAT Problems:
Where is the device?
- Registration/location function
Private IP addresses and ports
in SIP messages
- Rewrite with globally routable
addresses
IP address and port of media
stream has to be modified
- NAT engine has to be
dynamically controlled
© 2002 Intertex Data AB
Worse with private
IP addresses inside
14
Suggested Solutions
Dynamically controlled Firewall/NATs
Midcom: By Firewall Control Proxy [Dynamicsoft…]
uPnP: By the client (Windows) [Microsoft]
SIP aware Firewall/NATs (SIP Proxy + Registrar)
[Intertex (SOHO), Ingate (enterprise), …]
SIP aware Firewall/NATs (SIP ALG)
[Cisco,… TLS not possible]
Making SIP NAT friendly - Drafts in progress:
• draft-ietf-sipping-nat-scenarios-00.txt
• draft-ietf-midcom-stun-02.txt
• draft-ietf-sip-nat-02.txt
• draft-ietf-sip-symmetric-response-00.txt
© 2002 Intertex Data AB
15
Adding SIP Support to a Firewall
Important components:
Firewall & NAT
 Dynamic Firewall Engine
 SIP Proxy Server,
controlling the firewall
Firewall
Control
Protocol
 SIP Registrar, user location
information
 Communication between
SIP Proxy and firewall
© 2002 Intertex Data AB
SIP
Proxy
User
Location
16
SIP Enabling the Private Networks
Internet
SIP
Server
PSTN
inGate
SIParator
DMZ
SIP/PSTN
Gateway
DSL
Cable
MTU
IP Phone
Operator network with NAT
SET
SELECT
SC
ADR CFG DHP RST
A U
I S
R B
E
T
1
IX66NAT
LQ
TX
RX
E W T
T A X
2 N D
R
X
D
ALT CFG
IP Phone
Office or home LAN
inGate
Firewall
NAT
Firewall
Enterprise LAN
Firewall/NAT
SIP
Firewall/NAT
transparency!
problems!
IP Phone
Phone
IP
IAP
IP Phone
Phone
IP
Is Black Telephony All We Want?
“We need QoS of PSTN…”
3 kHz bandwith?
Video?
Presence?
draft-ietf-simple-presence-07.txt
Instant Messaging?
draft-ietf-sip-message-07.txt
And more…
© 2002 Intertex Data AB
18
Microsoft is Pushing – New RTC is SIP-based
Windows Messenger 4.6
and later has SIP-mode
 Presence & IM
 Voice & Video (XP)
 Dial to phone
 Rich SIP APIs
.NET Server will include
SIP server, with API (3Q2)
 Applications will arise
10:s of millions of RTC
(SIP) users within a year
4255551212
Just Another Internet Service…
Internet
IX66
Helsinki
Sweden
Home LAN
SIP/PSTN
Gateway
USA
Sweden
IX66
IAP
IX66
PSTN
Intertex Stockholm LAN
IX66
SOHO LAN
Home User
inGate
SIParator
XP
inGate
Firewall
Enterprise LAN
DMZ
DNS
SRV
Ingate Linköping LAN
XP
XP
IP Communications Using IP Networks
…other…
IM Conf Vmail
OSS
SIP Server
Global
IP Comm
SIP Phone
Firewall
Router
Intranet
IP Comm
SIP
Routing
WorldCom
Public
IP Network
Network GWY
IP VPN
Enterprise
Gateway
Managed
Services
WorldCom
PSTN
Customer
Premises
PBX
Many call routing options:
• Private/Public IP address
• DNS and DNS SRV records
• SIP aware NAT/PAT servers
Henry Sinnreich 4/10/2002
PSTN
Phone
PSTN
Phone
• Intranet IP VPN with IP communications
• Domestic and global IP communications
• PBX and PSTN – E.164 resolution
IN
Dialing
Plans
IP Communications Using IP Networks
…other…
IM Conf Vmail
OSS
No IP PBX Needed!
Enhanced Functionality
SIP Capable Firewall
Ingate and Intertex
First through SIT
SIP Phone
SIP Server
Global
IP Comm
Firewall
Router
Intranet
IP Comm
SIP
Routing
WorldCom
Public
IP Network
Network GWY
Enterprise LAN
Customer
Premises
IP VPN
Enterprise
Gateway
Managed
Services
WorldCom
PSTN
Integration with
existing phones
PBX
PSTN
Phone
PSTN
Phone
IN
Dialing
Plans
Telia IP-växel i nätet
Internet
Företagets
LAN
TeliaNet
IP-växel
Telia ProLane
Gateway
Telefonnätet
© 2002 Intertex Data AB
User End Points:
MGCP – Closed model
SIP – More open model
23
Product Examples – Ingate Systems AB
Enterprise Products
A Complete Firewall
An add-on to an Existing
Firewall
Existing
Firewall
Firewall 1400
SIParator 40
DMZ
 Firewall & NAT/PAT
 SIP Proxy
 SIP Registrar
© 2002 Intertex Data AB
24
Product Examples – Intertex Data AB
SOHO Products
IX66 Internet Gate
with or without
ADSL modem
built-in
OEM as:
Telia SurfinBird Gate
PowerBit SafeGate
Review at: www.adslguide.org.uk/hardware/reviews/2002/q1/intertex_ix66-edflc.asp
© 2002 Intertex Data AB
25
The Intertex IX66 Internet Gate
A closer look
SET






SELECT
SC
ADR CFG DHP RST
LQ
TX
RX
A U
I S
R B
E
T
1
E W T
T A X
2 N D
R
X
D
ALT CFG
Firewall & NAT/PAT
Optional ADSL
and Splitter
SIP Proxy and Registrar
Built-in
DHCP Server and Client
WEB Server for configuration
Smart Card Reader for security applications
SIP Appliance Control, LAC via expansion port
© 2002 Intertex Data AB
26
SIP-transparenta brandväggar!
Intertex Data AB
Ingate Systems AB
www.intertex.se
www.ingate.com
Rissneleden 45
SE-174 44 Sundbyberg, Sweden
VD Karl Erik Ståhl
[email protected]
Tel +46 8 6282828
Box 10013, Slakthusplan 4
SE-121 26 Stockholm, Sweden
VD Olle Westerberg
[email protected]
Tel +46 8 6007750
© 2002 Intertex Data AB
27

Intertex Data AB, Sweden

Transcript Intertex Data AB, Sweden

Directory