Getting Videoconferencing Calls Through Firewalls by Phil Hippensteel

Author:
Publish date:
Social count:
0

Dear Professor Phil,

We’ve encountered a problem when getting video conferencing calls established through our firewall. A consultant solved the problem but I don’t understand how his changes eliminated the difficulty. The calls used H.323 and he indicated that he made the firewall H.323 aware. What does that mean?

Kyra, Tampa Fl



Kyra,

Some protocols create a particular problem to conventional firewall operation because they list the IP address in some part of the packet other than the IP header. Of course, the IP header must carry the source and destination IP addresses in order that the packet can be properly routed. But in part of the H.323 protocol, the IP address of the endpoint making the call may also be listed twice. First, it’s in the IP header, in order that the packet can be routed properly. Then, it’s written again in the H.323 part of the packet, which will appear after the TCP header. Here it is used to define the address/port combination to which the voice packets will be delivered. H.323 uses multiple ports for this purpose.

Under normal operation, the firewall might be doing network address translation in order to protect the identity of corporate devices. In this process, an address such as 10.3.4.5 could be changed to a registered address that would be routed on the Internet. However, unless the router is configured at the factory or by an engineer managing the firewall, the second address may not be changed. Consequently, a packet may arrive at a gateway or H.323 server with a mismatch between the IP header address and the H.323 address. An unpredictable behavior, like discarding the packet, could be the consequence.

To address this issue most modern firewalls allow for a rule that looks for a second appearance of the IP address and makes sure that any secondary appearance of the address matches the one in the IP header. Your consultant likely added such a rule to the firewall.



Phil Hippensteel, PhD, is a professor of information systems at Penn State Harrisburg.

Related

Understanding IPTV by Phil Hippensteel

Dear Professor Phil There is something that confuses me.  I know that changing channels in an IP video network takes longer because of a fact related to IP addressing, but I not sure of the details.  Also, why do these changes happen quickly in some cases but much more slowly in other cases? Kevin, Houston, TX  

Explaining the IP Subnet Mask by Phil Hippensteel

Dear Professor Phil: What is the purpose of the IP subnet mask and how does it work? Scott, Charlotte, NC Hello Scott. The answer to this question has two parts.  The first involves the interpretation of the IP address.  IP addresses are 32 bits (four bytes) long. Devices interpret the address as two parts:

Digital Video and IP Video are Not the Same by Phil Hippensteel

Dear Professor Phil, I continually hear people talking about digital video and IP video as if they are the identical.  Are they the same? Sam,  Hershey, PA Sam, They are not, but they are closely related terms. Consequently, you are correct that many people who are very familiar with analog video seem to confuse

Explaining IP Network Connections by Phil Hippensteel

Dear Professor Phil, What happens when a device connects to an IP network? Simon, West Chester, PA Simon, you’ve asked a question about something that all of initiate on our computers every day but rarely contemplate exactly what it requires. As soon as there is a physical connection to a network switch, your netw

What causes “tiling” in video? by Phil Hippensteel

Dear Professor Phil: What causes “tiling” in video, particularly when watching HDTV? Jose, Tampa, Fl Hello Jose, To understand what causes tiling, we must first understand certain aspects of MPEG compression. This is the compression method used by nearly all modern video systems. The camera typically records 30

Will the Change from IP v4 to IP v6 Impact AV Pros? by Phil Hippensteel

Dear Professor Phil, I’ve heard a lot about the change from IP version four to IP version six.  Is it really a big deal to AV professionals? Ben, Atlanta, GA Yes, it is a really big deal. Many people think that the significant issue is the change in the size of the IP address. It’s changing from four bytes to six

Why Are Some Codecs Implemented in Software? by Phil Hippensteel

Dear Professor Phil: I understand that some video codecs are hardware devices and some are implemented in software.  Should I care about the difference, and is there a trend relative to this difference? Lorie, Everett, WA Hello Lorie, You are correct that video and audio codecs are implemented in both hardwar