Dear Professor Phil,
In Tim Siglin’s AV Technology article (July/August, 2013) about video streaming, he stated that the big H protocol, HTTP, is becoming popular for transporting video because of its ability to traverse firewalls. He noted that other video streaming protocols such as RTP (real-time protocol) and RTSP (real time streaming protocol) don’t work well with firewalls. But VoIP uses RTP and it seems to pass through some of the company firewalls that we have. Can you provide more details on the issue?
—Ralph, San Francisco, CA
- Dear Ralph,
- The issue is not whether or not the video traffic can be made to pass through the firewall. Rather, the issue is how difficult it is to configure the firewall to succeed at this task.
First, consider these facts:
(1) Inexpensive firewalls often can’t be configured to handle some necessary tasks for passing RTP or RTSP streams. This would likely preclude their use in the consumer market.
(2) HTTP doesn’t separate the control signaling stream from the media delivery stream as is done with VoIP and video conferencing.
(3) Firewalls have grown more complex but also more able to deal with the needs introduced by the newer protocols.
When RTP is used for VoIP or video conferencing, a separate control protocol stream is used. Usually this stream conforms to one of three protocol standards: H.323, SIP, or Cisco’s Skinny protocol. These must also pass through the firewall. This control information contains the port number to be used for a call. It is selected from a wide range of numbers. The technical problem created now is how can that port number be communicated to the firewalls without creating vulnerabilities with a large number of open ports? Some newer, high-end routers can open a port and then close it at the end of the call; however, this is not a capability of low-end firewall that might be used in the mass market. When RTSP is used, the problem is nearly identical.
The advantage of using HTTP is that it solves these issues in the same way it did for web page retrieval. For nearly twenty-five years, it integrates the control and media delivery functions while using either port 80 or port 8080. This made firewall configuration relatively simple.
Phil Hippensteel, PhD, has spent more than forty years in higher educaton, and now teaches at Penn State Harrisbug. Email your questions to pjh15@psu.edu.
