Intertex Data AB, Sweden Tillämpad IP-telefoni Brandväggen och LANet Förberedd för:IP-dagarna 2002 Av: Karl Erik Ståhl VD Intertex Data AB Ordförande Ingate

Intertex Data AB, Sweden

Tillämpad IP-telefoniBrandväggen och LANet

Förberedd för: IP-dagarna 2002

Av: Karl Erik Ståhl

VD Intertex Data AB

Ordförande Ingate Systems AB

[email protected]

© 2002 Intertex Data AB 1


VoIP as we have seen it…

InternetPC

PCWanna talkto me?

Remember how it started in 95?

Now it is coming back in a most useful form!



Gateway

Internet

Gateway

STO

LA

Then this service was offered to end users?

Nowdays long distance VoIP minutes are bought by the established telcos. Your normal international calls often run over the public Internet!



VoIP between branch offices

Gateway

PSTN

Europe

IP

InternetVPN VPN

USGateway

IP

- But NOT globally to others!


VoIP as we see it…

MGCP often used to phones

PSTN

FW

Internet

Phones get locked to operator

SOFTSWITCH


Hmm, didn’t we pass this stage…

Paper was a very compatible media - So is POTS today…

But we need to move beyond!

PSTN

email

printer

fax

Organization 1Email system 1

email

Organization 2Email system 2

fax faxfax


What about universal connectivity?

Wouldn’t that be fine?

Black Phone

RJ45

LAN Intranet Internet

IP Phone

PSTN

RJ11

IAP

Connect to PSTN when required! IP PhoneIP Phone

IP Phone

IP Phone

PSTN

IP/PSTNGateway

Internet

Home LANBusiness LAN

Let IP Phones Talk to Each Other!

XP

PIM


SIP – Session Initiation Protocol

An Internet Standard IETF RFC 2543, replaced by new RFC 3261

Used for setting up IP Communication between peopleVoIP, IP TelephonyVideo ConferencingPresence, Instant Messaging

Lots of activity, ongoing work and developmenthttp://www.cs.columbia.edu/~hgs/sip/http://www.sipforum.orghttp://www.sipcenter.com

http://www.pulver.com


Next Big Step in Internet Usage

HTTP Created the Web

SIP Creates IP Communication Person-to-Person

SMTP Created Email


What is the difference?

Typical Internet protocol (SMTP, HTTP…)

Internet

HOSTSERVER

SIP (and H.323…) connects person-to-person

Internet

PERSONPERSON

IAP

Firewall/NAT problems! IP PhoneIP Phone

IP Phone

IP Phone

PSTN

SIP/PSTNGateway

Internet

Home LANBusiness LAN

DSLCableMTU

Operator network with NAT

NATFirewall

NAT

XP

PIM

Status until now:SIP is the Protocol for IP Communication Person-to-Person,BUT IT DOES NOT REACH THE EDGE!

SIPServer

VoIP and SIP Services Out to the Edge


SIP Firewall Problems

Firewall Problems:

Sessions initiated from outside the firewall

- OK, open port 5060, but…

Media streams on dynamically allocated port numbers

- Ooops… !Even with public IP addresses inside


SIP NAT/PAT Problems

NAT & PAT Problems:Where is the device?

- Registration/location function

Private IP addresses and ports in SIP messages

- Rewrite with globally routable addresses

IP address and port of media stream has to be modified

- NAT engine has to be dynamically controlled

Worse with privateIP addresses inside


Suggested Solutions

Dynamically controlled Firewall/NATs Midcom: By Firewall Control Proxy [Dynamicsoft…]uPnP: By the client (Windows) [Microsoft]SIP aware Firewall/NATs (SIP Proxy + Registrar)[Intertex (SOHO), Ingate (enterprise), …]SIP aware Firewall/NATs (SIP ALG)[Cisco,… TLS not possible]Making SIP NAT friendly - Drafts in progress: • draft-ietf-sipping-nat-scenarios-00.txt• draft-ietf-midcom-stun-02.txt• draft-ietf-sip-nat-02.txt• draft-ietf-sip-symmetric-response-00.txt


Adding SIP Support to a Firewall

Important components:Firewall & NAT

Dynamic Firewall Engine

SIPProxy

SIP Proxy Server, controlling the firewall

UserLocation

SIP Registrar, user location information

FirewallControl

Protocol Communication between

SIP Proxy and firewall

Firewall/NAT problems!

Firewall/NAT SIP transparency!

Office or home LAN

IP PhoneIP Phone

IP Phone

IP Phone

SIPServer PSTN

SIP/PSTNGateway

Operator network with NAT

Internet

NATFirewall

NAT

Enterprise LAN

DSLCableMTU

DMZinGateSIParator

SIP Enabling the Private Networks

inGateFirewall

IP Phone IP Phone

IP Phone

SELECT

SET ALT CFG E T 1

A I

R

U S B

E T 2

W A N

T X D

R X D

ADR CFG DHP RST LQ

TX RX

SC IX66

IAP


“We need QoS of PSTN…”

3 kHz bandwith?

Video?

Presence?

draft-ietf-simple-presence-07.txt

Instant Messaging?draft-ietf-sip-message-07.txt

And more…

Is Black Telephony All We Want?

Voice & Video (XP)

Microsoft is Pushing – New RTC is SIP-based

.NET Server will include SIP server, with API (3Q2) Applications will arise

Windows Messenger 4.6 and later has SIP-mode Presence & IM

10:s of millions of RTC (SIP) users within a year

4255551212

Dial to phone Rich SIP APIs

IX66

Home User

USASweden

Internet

Just Another Internet Service…

IX66

IAP

Home LAN

Enterprise LAN

XP

inGateFirewall

SOHO LAN

IX66

XP

Helsinki PSTNSIP/PSTNGateway

DNSSRV

DMZinGateSIParator

XP

Ingate Linköping LAN

IX66

Intertex Stockholm LAN

Sweden

21

IP Communications Using IP NetworksIP Communications Using IP Networks

• Intranet IP VPN with IP communications• Domestic and global IP communications• PBX and PSTN – E.164 resolution

Customer Customer PremisesPremises

PBX PSTN Phone

ManagedServices

Router

Vmail OSS

SIP Phone

WorldComPSTN

DialingPlans

Network GWY

Conf

PSTN Phone

IM

IN

EnterpriseGateway

SIP Routing

Firewall

SIP Server

IP VPN

Global IP Comm

Intranet IP Comm

…other…

Many call routing options:• Private/Public IP address• DNS and DNS SRV records• SIP aware NAT/PAT servers

Henry Sinnreich 4/10/2002

WorldComPublic

IP Network

22

IP Communications Using IP NetworksIP Communications Using IP Networks

PBX PSTN Phone

ManagedServices

Router

Vmail OSS

SIP Phone

WorldComPSTN

DialingPlans

Network GWY

Conf

PSTN Phone

IM

IN

EnterpriseGateway

SIP Routing

Firewall

SIP Server

IP VPN

Global IP Comm

Intranet IP Comm

…other…

Integration with existing phones

SIP Capable FirewallIngate and IntertexFirst through SIT

Customer Customer PremisesPremises

No IP PBX Needed!

Enhanced Functionality

Enterprise LAN

WorldComPublic

IP Network


Internet

TeliaNet

Telefon-nätet

IP-växel

Gateway

Telia ProLane

FöretagetsLAN

Telia IP-växel i nätet

User End Points:MGCP – Closed modelSIP – More open model


Product Examples – Ingate Systems AB

A Complete Firewall An add-on to an Existing Firewall

DMZ

Existing Firewall

Firewall & NAT/PAT SIP Proxy SIP Registrar

Enterprise Products

Firewall 1400 SIParator 40


Product Examples – Intertex Data AB

IX66 Internet Gate with or withoutADSL modem built-in

OEM as: Telia SurfinBird Gate PowerBit SafeGateReview at: www.adslguide.org.uk/hardware/reviews/2002/q1/intertex_ix66-edflc.asp

SOHO Products


The Intertex IX66 Internet Gate

A closer look

Firewall & NAT/PAT SIP Proxy and Registrar DHCP Server and Client WEB Server for configuration Smart Card Reader for security applications SIP Appliance Control, LAC via expansion port

SELECT

SET ALT CFG E T 1

A I

R

U S B

E T 2

W A N

T X D

R X D

ADR CFG DHP RST LQ

TX RX

SC

Optional ADSLand Splitter Built-in


SIP-transparenta brandväggar!

Ingate Systems ABwww.ingate.comBox 10013, Slakthusplan 4 SE-121 26 Stockholm, SwedenVD Olle [email protected] Tel +46 8 6007750

Intertex Data ABwww.intertex.seRissneleden 45 SE-174 44 Sundbyberg, SwedenVD Karl Erik Stå[email protected] Tel +46 8 6282828

Documents

Intertex Data AB, Sweden Tillämpad IP-telefoni Brandväggen och LANet Förberedd för:IP-dagarna 2002 Av: Karl Erik Ståhl VD Intertex Data AB Ordförande Ingate