H.323 Gatekeepers

H.323 GatekeepersH.323 GatekeepersLucent Technologies - elemedia

2

Agenda• Introduction

• Overview of Gatekeeper Functions• Why are Gatekeepers Useful?

• Gatekeeper Concepts

• Signalling Models

• Gatekeeper Operations• Signalling Flows • Policy/Service Examples

• Gatekeepers and H.323v2

• Beyond H.323v2

3

H.323 Components• Terminal• Gateway (GW)• Gatekeeper (GK)• Multipoint Control Unit (MCU)

– Multipoint Controller (MC)– Multipoint Processor (MP)

INTRODUCTION

Terminal 1 Terminal 2 Gatekeeper 1 Gatekeeper 2 Gatekeeper 3

MC MC MC MP

MC MP MCMC MPMC

Gateway 1 Gateway 2 Gateway 3 MCU 1 MCU 2

LAN

GW, GK & MCU can be a single device

4

Gatekeeper in H.323

• Gatekeepers are optional

• Mandatory functions if present:

– Address translation (routing) to determine destination address of H.323 endpoint for a call

– Admission control to determine whether to allowendpoints to originate and terminate calls

– Bandwidth control to, at a minimum, process bandwidth requests (can be a null function)

– Zone management

INTRODUCTION

5

Gatekeeper in H.323 (contd.)• Gatekeeper optional functions:

– Call control signalling to handle directly the Q.931 signalling between the H.323 endpoints

– Call authorization using some policy (e.g. subscription status)– Bandwidth management to process bandwidth requests using

some policy (e.g. based on current conditions)– Call management to process call requests using some policy

(e.g. based on endpoint status)– Gatekeeper management information (MIB)– Bandwidth reservation for terminals not capable of

performing it – Directory services

INTRODUCTION

6

Why are Gatekeepers Useful?

• Centralized Management– Authentication, routing, call detail recording, etc.

• Isolate Endpoints from Network Internals– Knowledge of naming structures, gateway routing algorithms, etc,

stays in network

• Interface to New and Existing Network Databases– LDAP directories, RADIUS servers, SCPs, etc.

• Interfaces to Other H.323 Networks– Calls between service providers

INTRODUCTION

7

Gatekeeper Standards

INTRODUCTION

• Standards specify the communications between H.323 entities and Gatekeepers (RAS messages)

• Standards specify the services a Gatekeeper must provide

BUT• Standards DO NOT specify how the Gatekeeper

should provide those services• Standards DO NOT fully specify how

Gatekeepers locate other Gatekeepers

8

H.323 ZONE• Simply defined as the collection of H.323 devices

managed by a single gatekeeper• Boundaries of a zone can be based on

administrative, naming structure, geographic, engineering (or other) criteria

• Calls between endpoints in a zone handled by a single gatekeeper

• Calls between endpoints in different zones might involve gatekeepers from both zones

CONCEPTS AND FUNCTIONS

9

Gatekeeper Components


Q.931/ASN Encode/Decode and Transport

Protocol Procedures:RAS, Q.931, H.245, H.450

PolicyFeatures &

ServicesManagement

Endpoint &ConferenceState Data

H.323

Network Based Informationand Control

• TCAP/SS7• LDAP• SNMP• RADIUS• et al.

Protocols:

10

Signalling Models• The signalling model determines which protocol

messages pass through the gatekeeper, and which pass directly between the two endpoints

• The more messages that are routed between the gatekeeper, the more informational and control it has -- and more load and responsibility

• The gatekeeper ultimately decides the signalling model

• Media never passes through the gatekeeper function (although a proxy could be co-located on same host)

SIGNALLING MODELS

11

Signalling Models

• The following signalling model scenarios show calls between a PC terminal and a PSTN gateway, but generally apply to any call between two H.323 endpoints


Notes:

12

Direct Endpoint Call Signalling

SIGNALLING MODELS

Call Signalling (Q.931)

Address Translation

Admission Control

Bandwidth Control

(RAS)

GK

Terminal Gateway

Call Control (H.245)

Media Stream (RTP)

13

Direct Endpoint Call Signalling• Gatekeeper participates in call admission but has

limited direct knowledge of connected calls• Due to limited involvement, single gatekeeper can

process large number of calls• Limits service management functions: gatekeeper

cannot determine call completion rates, for example• Limits centralized security: gatekeeper cannot validate

Q.931 message fields (e.g. caller’s ID)• Limits call detail recording function: gatekeeper

depends on endpoint(s) for call duration information, for example

SIGNALLING MODELS

14

Gatekeeper Routed Call Signalling (Q.931)

SIGNALLING MODELS


Address Translation

Admission Control

Bandwidth Control

(RAS)

GK

Terminal Gateway


Media Stream (RTP)

15

Gatekeeper Routed Call Signalling (Q.931)• Gatekeeper aware of connection state of call but

not media usage (no access to H.245 signalling)• More load on gatekeeper as it must process Q.931

messages and maintain Q.931 signalling channel• Service management functions can include

connection statistics but not media usage• Gatekeeper can validate Q.931 message

parameters such as calling party information• Call detail recording functions enhanced by direct

knowledge of connection state

SIGNALLING MODELS

16

Direct Endpoint Call Signalling w/UUIE

SIGNALLING MODELS


Address Translation

Admission Control

Bandwidth Control

Q.931 UUIE Notification (v2)

(RAS)

GK

Terminal Gateway


Media Stream (RTP)

17

Direct Endpoint Call Signalling w/UUIE• Hybrid between direct call signalling and

gatekeeper routed signalling• Q.931 messages do not flow through the

gatekeeper, but gatekeeper is notified of Q.931 content in RAS messages.

SIGNALLING MODELS

18

Gatekeeper Routed Call Signalling (Q.931/H.245)

SIGNALLING MODELS


Address Translation

Admission Control

Bandwidth Control

(RAS)

GK

Terminal Gateway


Media Stream (RTP)

19

Gatekeeper Routed Call Signalling (Q.931/H.245)

• Gatekeeper aware of connection state of call and media channels in use (can audit bandwidth usage)

• Highest load on gatekeeper as it must process Q.931 and H.245 messages and maintain the corresponding signalling channels

• Service management functions can include connection and media usage statistics

• Call detail recording functions further enhanced by direct knowledge of media usage

SIGNALLING MODELS

20

Gatekeeper Operations and Policy

• List of parameters in messages is not inclusive• Parameter names displayed as follows:

– – –

• LDAP/TCAP message content is paraphrased for illustration

GATEKEEPER OPERATIONS

Notes:

21

Endpoint/GK Discovery

(2) I can be your GK


(1) Who is my GK?

Endpoint

GK

(1) GRQ

(2) GCF/GRJ

22

Endpoint/GK Discovery Processing• Discovery can be multicast (most useful for LAN

environments) or unicast based on endpoint configuration data

• Possible acceptance criteria to be used by gatekeeper:– IP address (or IP subnet) of endpoint

– Gatekeeper ID supplied by endpoint

– Aliases supplied by endpoint

– Gatekeeper load

• Gatekeeper might need to consult external database (e.g. LDAP directory)


23

Endpoint/GK Registration


Endpoint

GK

(1) RRQ

(2) RCF/RRJ

(1) Here are my aliases and IP address (2) OK

24

Endpoint/GK Registration Processing• Gatekeeper might authenticate endpoint

– H323v1 must use ad hoc/proprietary methods such as supplied aliases, IP address, etc.

– H.323v2 can use encrypted password or certificates• Gatekeeper might authorize endpoint

– Validate list of supplied aliases

• Associate aliases with the IP address for later location

• Gatekeeper assigns and returns Endpoint ID to be used in subsequent messages


25

Example: Reservation Authorization via LDAPGATEKEEPER OPERATIONS

LDAP SEARCH:

Filter: e164=13141592654 AND h323ID=johnDoe

LDAP Directory containingsubscriber data

GK

RRQ

RCF/RRJ

Register: johnDoe +13141592654

Needs to authorize aliases

LDAP SEARCH RESULT:

Entry: e164=13141592654 h323ID=johnDoe status=active

26

Call Admission


Endpoint GK(1) ARQ

(2) ACF/ARJ

(2) Yes, contact this IP address(1) Can I call +1323931245 using 16 Kb/sec?

27

Call Admission Processing• Gatekeeper might authenticate endpoint to ensure it

is registered and check if it is authorized to make call• Gatekeeper must determine call model

– Endpoint can ask for preference but gatekeeper will decide

• Gatekeeper might check for bandwidth

• If direct signalling, gatekeeper supplies destination endpoint address (discussed later)

• If gatekeeper routed signalling, it supplies its own address and can defer routing


28

Example: Admission Authorization via SS7GATEKEEPER OPERATIONS

GK

ARQ

ACF/ARJ

Admit: johnDoe Calling card: 271828182+8459

Needs to authorize calling card number

TCAP QUERY: Invoke: Provide Value Digits = 271828182 Pin=8459

TCAP END: Return Result: Record Status Indicator

Service Control Point containingcalling card info (e.g. LIDB inthe US)

29

Q.931 SetupGATEKEEPER OPERATIONS

Endpoint

(1) Connect me to +108061998

(2) Determine gateway

SETUPSETUP

(2) Start PSTN origination

GKGW

30

Setup Processing

• Gatekeeper associates Setup with previous admission using Conference ID

• Destination determined using Calling Party Number or destination alias(es)

• External databases might be consulted to determine destination endpoint:– Map full destination alias to a terminal

– Map leading digits of E.164 number to gateway(s)• Setup message is forwarded to destination


31

Example: Endpoint Location Via LDAP


Endpoint

(1) Connect me to +14142135624

SETUPSETUP


GKGW

LDAP SEARCH: Filter: E164=1414 OR E164=1414213

LDAP SEARCH RESULT: IP=192.168.26.68 STATE=IS IP=192.168.26.102 STATE=IS

LDAPDIRECTORY

(2) Query LDAP Directory

32

Example: Endpoint Location Via SS7


Endpoint

(1) Connect me to 8001732050

SETUPSETUP


GKGW

SCP PROVIDINGFREEPHONE SERVICE

(2) Freephone! - Query SCP - Translate E.164

TCAP QUERY: Invoke: Provide Instructions Digits=8001732050 et al.

TCAP END: Invoke: Connect: Digits=2236067977 et al.

33

Remaining Call Setup


ALERTING

CALL PROCEEDING

CONNECT

CONNECT

ACF

ARQ

Terminal Gatekeeper Gateway

ALERTING

CALL PROCEEDING

34

Remaining Call Setup Processing

• Gatekeeper processes terminating admissions request doing potential authorization and bandwidth checks

• Gatekeeper primarily a “pipe” for Q.931 messages but might authorize some fields (e.g. Display)

• Gatekeeper substitutes its own address in “h245address” fields if it wishes to route H.245


35

Stable Call Processing

• Gatekeeper verifies calls are “alive” using one of the following techniques:– Wait for periodic IRRs (as requested in the ACF)

– Periodically send an IRQ, expecting an IRR

– Periodically send a Q.931 Status Enquiry, expecting a Status

• Gatekeeper might receive bandwidth changes requests (BRQ) and must allow (BCF) or deny (BRJ) the request


36

Call Teardown


RELEASE COMPLETE

DCF

DRQ

Terminal Gatekeeper Gateway

RELEASE COMPLETE

DRQ

DCF

37

Call Teardown Processing

• Gatekeeper processes Release Complete, noting the time and forwards it to the other endpoint

• Gatekeeper processes DRQ from both endpoints and releases any allocated bandwidth

• Gatekeeper might create call detail record for the call, recording endpoint information and Connect and Release times for example


38

H.323v2 Features Related to Gatekeeper• Authentication Framework

– Tokens (password or certificate based) for RAS

– TLS (certificate based) for Q.931

– Negotiated H.245 security

– H.323 defines the framework - need profiles to nail down specific choices of algorithms

• Mechanism to specify alternative gatekeepers to endpoints

• Registration “keep alive” similar to conference IRR “keep alive”

H.323v2 and Gatekeepers

39

H.323v2 Features Related to Gatekeeper• RAS Transport Improvements

– IRR ACK/NAK

– Request In Progress (RIP) to ask for more time

• Signalling changes– Excuse endpoints from Admission Requests

– Fast call setup / tunneled H.245

– Gatekeeper can request Q.931 information be forwarded to it on direct routed calls

• H.450 Services– Call transfer and call forwarding

H.323v2 and Gatekeepers

40

Beyond H.323v2: Network Management• Definition of Management Information Bases (MIB) for

H.323 protocols and devices under development• Gatekeepers can provide large amount of centralized

management information and control

Beyond H.323v2

NetworkManagementStation

Gatekeeper Gateway MCU and others

SNMP/CMIP

41

Beyond H.323v2: Inter-gatekeeper Communication

• Current H.323 standards do not provide an inter-zone model that scales well for large networks

• Inter-gatekeeper protocols being discussed to enable gatekeepers to efficiently locate one another to route calls to non-local address

• Hierarchical arrangements with “clearinghouse” gatekeepers have been proposed

Beyond H.323v2

42

... integrating voice, fax, data and video... integrating voice, fax, data and video

Internet Multimedia Communications Software

For information on elemedia’s H.323 Gateway Toolkits and H.323 Gatekeeper Toolkits, please contact us at:

+1 732-949-2184888-elemedia (1-888-353-6334) (U.S. and Canada)Email: [email protected]

http://www.elemedia.com

H.323 Gatekeepers

Documents

Transcript of H.323 Gatekeepers