Multimedia Conferencing Over IP
perhaps because NAT, PAT (Port Address Translation) or some other address
translation scheme will be in use. These schemes provide some protection for
internal IP addresses, which are then usually completely inaccessible by external
users.
Thus NAT schemes are nearly always incompatible with H.323 dialling schemes. In
some cases, vendors of NAT type devices make them to a certain extent H.323
aware. This means that outgoing calls can be established from a single endpoint on
the internal network, but that's as far as it goes. Another solution to this problem is
to use the Accord VGC 20 gateway, described below under Firewalls, to bridge the
NAT device. Cisco also has a solution the Cisco Multimedia Conference manager,
using both the Cisco Proxy and Cisco gateway.
Secrecy
Another problem also related to IP addressing is that one or more of the parties
involved in the call may not know their IP address or may not be prepared to divulge
it. Kenneth Tanner, Information Technology Analyst at the Louisiana State Univer
sity Health Sciences Centre (LSUHSC), gives an example of this situation.
I was asked to bring in people from various locations via videoconferencing to
discuss the establishment of the Production network,, he said. The other H.323
systems were either on our own network and thus used the network dial scheme,
or the site gave me the IP address of the endpoint and I was able to dial them directly.
Except for one H.323 site. The person we needed to participate in the conference
was not agreeable to giving me the IP address of his endpoint.
Gatekeepers are devices responsible for establishing H.323 calls, and perform the
translation from dial schemes to IP addresses. But without the IP address of the
endpoint, the only other way that Tanner could connect to the site was to register
the LSUHSC resources with the gatekeeper of third party network, Vide. Then, he
would have been able to access the site using their dial scheme, instead of directly
via the IP address. But to do that would also have meant that the LSUHSC dial
scheme would have to change to match the Vide dial scheme clearly, a major and
impractical task.
Tanner was able to solve the problem using a feature of the Accord videoconferenc
ing server. One setting on each of our three H.323 interface cards is the IP address
of the gatekeeper you want the card to register with. In our case, all of the cards had
always been assigned to a gatekeeper within our network. However, there is no
reason why you can't assign a different gatekeeper per individual cards so what I
did was go in and reconfigure one of the three H.323 cards to register with one of
the Vide gatekeepers.
Negotiation
Another way the problem can be solved in some circumstances is by negotiation
between the gatekeepers. The LSUHSC gatekeeper could have communicated with
the Vide network gatekeeper to determine how to address the user's endpoint.
However, the complexities involved with this solution mean that it's unlikely to be
practical for an ad hoc arrangement; and because the protocols used involve broad
cast messages from the gatekeepers, security concerns may prohibit it altogether.
Firewalls
H.323 presents difficulties for firewalls because it can use several out of a large
H.323 presents
number of different ports. In fact, H.323 is the protocol used to establish the call. The
actual multimedia data is transmitted using RTP, which uses UDP and has no fixed
difficulties for firewalls
port assigned to it. Firewalls must either have huge holes blown through them to
allow any of the possible ports something that is clearly undesirable or must have
because it can use
the intelligence to understand the H.323 protocol and therefore work out, dynami
cally, which ports need to be open. However, a protocol aware firewall uses proc
several out of a large
essing power to perform this task, and therefore has scalability issues.
number of different
It is not unusual for firewalls to be the source of performance bottlenecks anyway
Mercury Interactive's ActiveTest service found that one major insurance company
ports.
was only obtaining 50% of its Internet connection's bandwidth owing to firewall
performance issues and so it's clearly undesirable to exacerbate the situation.
Issue 138:January 2002
PC Network Advisor
File: T1848.2
page 12
Tutorial:Internet
www.pcnetworkadvisor.com
< Next page >
New! The best sites for quality inkjet printer cartridges and the best sites for cheap inkjet cartridges