Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support

Presentation Agenda IP Telephony Overview The ITU H.323 Specification Microsoft ISA Server H.323 Gateway Microsoft ISA Server H.323 Gatekeeper Microsoft ISA Server Scenarios

IP Telephony Overview Definition IP Telephony refers to the hardware and software technologies that provide the ability to place telephone calls over IP based networks.

IP Telephony Overview Traditional Voice Networks – PSTN The Public Switched Telephone Network –The collection of networking equipment that belongs to the carriers involved in providing telephone service. The PSTN is a Circuit Switched Network –A virtual circuit is created in the PSTN “Cloud” for each telephone call. The circuit is allocated (64k bps) and maintained for the duration of the call, regardless of the amount of traffic flowing over the circuit.

IP Telephony Overview PSTN - Basic Network Topology

IP Telephony Overview Traditional IP Networks – The Internet Packet Switched Networks –Separate packets from the same communication may take different paths through the cloud. –More efficient use of network resources –No inherent QoS or Security, without special a special implementation to address these issues. Signaling and Media use the same network

IP Telephony Overview Standards Bodies International Telecommunications Union (ITU) –ITU-T division’s H SERIES specs define the Transmission of non-telephone signals. –Specifications must be licensed from the ITU Internet Engineering Task Force (IETF) –RFC and Internet-Draft specifications are well-known to most IT professionals –Available in the public domain :

IP Telephony Overview The 3 competing signaling protocols H.323 (ITU) –Umbrella specification defining the protocols and codecs to be used by H.323 compliant devices. SIP (IETF) –Session Initiation Protocol. New, up and coming standard. Similar to H323 mechanically, but text-based and simpler. More closely related to HTTP “on the wire.” S/MGCP (IETF) –Signaling Gateway Control Protocol / Media Gateway Control Protocol.

IP Telephony Overview Media Protocols RTP/RTCP (IETF) –Real-Time Protocol/ Real-Time Control Protocol. –This is used almost universally for media transport. Both H.323 and SIP specify RTP as the media transport protocol of choice

IP Telephony Overview Basic VoIP network diagram

The ITU H.323 Specification H.323 Specification Title: Visual telephone systems and equipment for local area networks which provide a non ‑ guaranteed quality of service

The ITU H.323 Specification Important Terms H.323 Entity: Any H.323 component, including –Terminals –Gateways –Gatekeepers –MCs, MPs, and MCUs. Endpoint: A Terminal, Gateway, or MCU. Call: Point-to-point multimedia communication between two H.323 endpoints Multipoint Conference: A conference between three or more terminals

The ITU H.323 Specification H.323 Protocol Stack

The ITU H.323 Specification Basic Call Model A typical H.323 Call consists of 5 phases: 1.Call Setup (Phase A) 2.Initial communication between endpoints and terminal capability exchange (Phase B) 3.Establishment of of Audio / Visual communication between endpoints (Phase C) 4.Request and negotiation of Call Services (Phase D) 5.Call Termination (Phase E)

The ITU H.323 Specification Basic Call in Action

ISA Server H.323 Gateway Introduction The ISA Server H.323 Gateway is an application layer H.323 Proxy. Traditional circuit-layer proxies (Winsock Proxy, ISA Firewall Service) and transparent proxies (NAT, SecureNAT) do not properly handle H.323 traffic because of the Protocol’s complexity.

ISA Server H.323 Gateway Proxy History Proxy Server 2.0 –Winsock Proxy could handle only one outbound H.323 call at a time. –No inbound H.323 calls were possible (No Server Proxy) Windows 2000 NAT –H.323 / LDAP Protocol Editor allows outbound H.323 Calls (LDAP is needed for ILS lookup) ISA H.323 Gateway –supports outbound H.323 calls and inbound calls with Gatekeeper assistance

ISA Server H.323 Gateway H.323 Gateway Implementation The ISA H.323 Proxy is implemented as an ISA Application Filter. –Application Filters can be externally developed using the ISA SDK. –Application filters plug-in to the ISA Firewall Service –Application filters can perform protocol editing, e.g., H.323 filter Content inspection, e.g., SMTP filter Virus scanning, e.g., 3 rd Party filter Other activities enabled by access to the application data stream Both SecureNAT Clients and Firewall (WSP) Clients can use the H.323 Gateway

ISA Server H.323 Gateway H.323 Gateway Implementation (cont.)

ISA Server H.323 Gatekeeper Introduction ISA Gatekeeper Functionality –Register Users (directory) The GK defines an H.323 zone and is referenced when attempting to locate a user or terminal. The GK provides alias to IP address resolution. –Route Calls Terminals specify a GK if one exists for their zone. The GK will route calls to the appropriate destinations based on routing rules created by an administrator.

ISA Server H.323 Gatekeeper Scenario Example

ISA Server H.323 Gatekeeper Server Properties

ISA Server H.323 Gatekeeper Server Properties (cont.)

ISA Server H.323 Gatekeeper Registering Users

ISA Server H.323 Gatekeeper Call Routing - Destinations

ISA Server H.323 Gatekeeper Call Routing Rules Rules are used to determine how a GK should help the caller route the call. 3 Types of Call Routing Rules –Phone Number Rules – Address Rules –IP Address Rules By matching the ID type to a destination, –Phone# calls can be routed to a PSTN Gateway –External IP Addresses, addresses, or Names can be routed to external endpoints or GK’s.

ISA Server H.323 Gatekeeper Routing Rule Precedence GK finds matching rules for each destination type. Matching rules are then sorted by –Quality of match (more matching elements) –If Quality of match is equal, “exact” rule types have precedence over “prefix” (ph#) or “suffix” (domain/IP) rule types. –If Quality and Type match, rule precedence number is used.

ISA Server H.323 Gatekeeper Routing Rule Precedence (cont) Now that rules have been sorted based on matching, there may be equal rules with different destinations. Each destination should be tried in the case that a previous response is negative. e.g., If ILS lookup fails, we should try Active Directory for a match as well (assuming there are rules for each of these destinations)

ISA Server H.323 Gatekeeper Routing Rule Precedence (cont) Destinations are contacted in the following order: –None. This is a “deny rule” and causes processing to cease. –Local Registration Database –Gateway/Proxy –Internet Locator Service (ILS) –Gatekeeper –Multicast Gatekeeper –DNS –Active Directory –Local Network

ISA Server H.323 Gatekeeper Routing Rule Precedence (cont) Which Rules get applied? What order are the applied rules processed?

Resources and References Books –IP Telephony. (Bill Douskalis) Much of the VoIP and H.323 information in this presentation came from this book –IP Telephony: Packet-Based Multimedia Communications Systems (Hersent, Gurle, Petit) Web Sites –Databeam. This site has a good primer on H.323 and T –Intel. This page describes the problems and pitfalls of getting H.323 through Firewalls htmhttp://support.intel.com/support/videophone/trial21/h323_wpr. htm

Resources and References (cont.) Specs –ITU-T: H.323 T.120 –IETF: RTP (RFC 1889) ftp://ftp.isi.edu/in-notes/rfc1889.txtftp://ftp.isi.edu/in-notes/rfc1889.txt