1 / 10

H.323 NAT Traversal

H.323 NAT Traversal. Problem particular to H.323(RAS->Q.931->H.245): RAS from private network to public network can pass NAT Q931 、 H.245 adopts the TCP, if Q.931 is initialized from public network (such as from GK)

kynton
Télécharger la présentation

H.323 NAT Traversal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. H.323 NAT Traversal • Problem particular to H.323(RAS->Q.931->H.245): • RAS from private network to public network can pass NAT • Q931、H.245 adopts the TCP, if Q.931 is initialized from public network (such as from GK) • Cannot initialize a TCP connection from outside to a terminal inside a private network SYN A B TCP utilizes three way handshake, it has direction. SYN+ACK ACK SYN packet cannot pass the NAT device TE in private network TE in public network TCP SYN packet X NAT NAT TE TE

  2. Principle of UDP Enhanced Tunnel Public Network Private Network NAT Server xTC xTS TE Tunnel xTC -traversal Tunnel Client xTS -traversal Tunnel Server Signal and media stream share the same tunnel between xTC and xTS

  3. UDP enhanced Tunnel Mechanism UTH Encapsulated Original Data other-fields Data TCP/UDP Orig-protocol TCP/UDP UTH Standard UDP header IP IP • The UDP enhanced Tunnel Header(UTH) is comprised of three parts: • a UDP header (standard RFC0768 header) • a protocol field (holds the protocol field of original IP header.) • other-fields (reserved for extension)

  4. Different from RFC3948 RFC3948 UTH Encapsulated Data Data other-fields ESP header TCP/UDP Orig-protocol UDP UTH Standard UDP header IP IP RFC3948 is specific for IPsec ESP packets UTH can be used for more general aims

  5. xTC behavior • Encapsulate: • Insert a UDP enhanced tunnel header • Modify the IP header, and the relation fields of the new IP header are edited to match the resulting IP packet. • The destination should be one ip address of xTS. • And cause IP header is modified, a map entry should be recorded by xTC for correct processing the packets sent from xTS. • The resulting packet is forwarded to xTS.

  6. xTC behavior Decapsulate: • The UTH header is removed from the packet. • The IP header is modified, the relation fields in the new IP header are edited to match the resulting IP packet, in this procedure, the map entry recorded earlier is used to aid the process. • The resulting packet is forwarded to the real destination.

  7. xTS behavior Decapsulate: • The UTH header is removed from the packet. • Do the ALG process if needed. • The IP header is modified, and the relation fields in the new IP header are edited to match the resulting IP packet. • The resulting packet is forwarded to the real destination.

  8. xTS behavior • Encapsulate: • A properly formatted UDP enhanced tunnel header(UTH header) is inserted. • Do the ALG process if needed. • Modify the IP header, and the relation fields in the new IP header are edited to match the resulting IP packet. To accomplish this, the map entry recorded in previously procedure should be used. • The resulting packet is forwarded to xTC.

  9. How to use -Tunnel and Proxy (1) Tunnel client integrated with Proxy: • A dedicated proxy is deployed in the private network; • Tunnel is established between internal proxy and external proxy. • Terminals don't require modifications; • No public IP address will be consumed by proxy. Public Network Private Network TE1 Proxy NAT Proxy Server xTC xTS TE2 TEn Tunnel

  10. How to use -Tunnel and Proxy (2) Tunnel client integrated within the terminal: • No additional device is needed; • Tunnels are established between the terminals and proxy. • Terminals require modifications; • No public address will be consumed by terminals. Private Network Public Network TE xTC NAT Proxy Server xTS TE xTC TE xTC Tunnel

More Related