Installation and Configuration of H.323 Gatekeeper Best Practice Document
Total Page:16
File Type:pdf, Size:1020Kb
Installation and configuration of H.323 Gatekeeper Best Practice Document Produced by the AMRES/RCUB-led Multimedia – VoIP working group Author: Ognjen Milosavljevic (RCUB) April 2016 © AMRES, 2016 © GÉANT, 2016. All rights reserved. Document No: GN4-1-NA3-T2-AMRES-BDP-116 Version / date: V1.2 / 20-04-2016 Original language : Serbian Original title: “Instalacija i konfiguracija H.323 Gatekeeper-a” Original version / date: Version 1 / 8. December 2014 Contact: [email protected] AMRES/RCUB is responsible for the contents of this document. The document was developed by the AMRES Multimedia – VoIP (AMRES BPD 116 topic) working group. Parts of the report may be freely copied, unaltered, provided that the original source is acknowledged and copyright preserved. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). Table of Contents 1 Executive Summary 1 2 A Description of the H323 Technology 2 2.1 H.323 2 2.2 H.323 Gatekeeper 4 2.3 Global Dialling Scheme (GDS) 7 3 A Description of the Solution 9 3.1 The National Gatekeeper 9 3.2 The NREN Gatekeeper 10 3.3 The Institutional Gatekeeper 11 4 Installing the GNU Gatekeeper 12 5 Configuring the Gatekeeper 13 5.1.1 The National Gatekeeper 13 5.1.2 The NREN Gatekeeper 16 5.1.3 The Institutional Gatekeeper 19 5.2 Configuring the iptables Tool 20 Appendix A GNU-GK installation script 21 References 27 Glossary 28 Deliverable Best Practice Document: Installation and configuration of H.323 i Gatekeeper Contents Table of Figures Figure 2.1: Logical elements in the H.323 environment (the figure taken from [1]) 2 Figure 2.2: Routing the call signalling through the gatekeeper 6 Figure 2.3: Calling a terminal from another zone 6 Figure 2.4: Hierarchy in the GDS network 8 Figure 3.1: Structural scheme of the design 9 Best Practice Document: Installation and configuration of H.323 ii Gatekeeper 1 Executive Summary This paper describes the theoretical basis of the H.323 protocol with the aim of presenting a solution for the software implementation and integration of H.323 Gatekeeper into the existing infrastructure of the Academic Network of Serbia (AMRES). A gatekeeper is the central controlling device in the H.323 environment and includes functions such as admission control, translation of H.323 addresses to IP addresses, bandwidth control, zone management, call control and additional services during the call. The gatekeeper can also serve as a proxy server, i.e. the entire traffic between the endpoints (terminals) participating in the communication can be routed through the gatekeeper for security or quality control purposes. Summary (in Serbian) U ovom radu je opisana teorijska osnova H.323 protokola, sa ciljem predstavljanja rešenja za implementaciju i integraciju H.323 gatekeeper-a u postojeću infrastrukturu Akademske mreže Srbije (AMRES). Prikazana je izabrana softverska implementacija rešenja za gatekeeper. Best Practice Document: Installation and configuration of H.323 1 Gatekeeper 2 A Description of the H323 Technology This section describes the technologies that are necessary for understanding the configuration of the gatekeeper. A short overview of the H.323 protocol is presented, with a special emphasis on the H.323. gatekeeper. The description also includes the hierarchy of the GDS (Global Dialling Scheme) and information on GDS numbering. 2.1 H.323 H.323 is a recommendation of the ITU-T (ITU Telecommunication Standardisation Sector), the body that defines protocols for audio-visual communication in IP-based networks. H.323 defines several logical elements shown Figure 2.1, and their roles are explained below: Figure 2.1: Logical elements in the H.323 environment (the figure taken from [1]) • H.323 Gatekeeper is the central controlling device in the H.323 environment, which includes a set of functionalities such as admission control, translation of H.323 addresses to IP Best Practice Document: Installation and configuration of H.323 2 Gatekeeper A Description of the H323 Technology addresses, bandwidth control, zone management, call control, additional services during the call, etc. Besides this, the gatekeeper can also act as a proxy server, i.e. the entire traffic between the endpoints (terminals) participating in the communication can be routed through the gatekeeper for security or quality control purposes. • H.323 Terminal is an H.323-compatible user device accessing the H.323 network in order to establish a video conference call. This can be achieved by way of software, i.e. as a program installed on a certain computer, or by way of hardware, in the form of a separate device (e.g. an H.323 video conference device). The terminals have their respective identifications in the form of a username and password and/or number, whereby they are uniquely identified on the H.323 network. • H.323 MCU (Multipoint Control Unit) is a combination of an MC (Multipoint Controller) and an MP (Multipoint Processor) within one device and it is used for establishing conference calls involving more than two clients. • MC (Multipoint Controller) is a device that connects the signalling channels of two or more H.323 terminals in a star-shaped fashion. The MC performs the negotiation process about the audio-visual capabilities of the H.323 terminals in order to maintain the best possible communication. Also, the MC controls resource consumption during a multicast video conference. Besides the MCU, an MC can be used as part of any H.323 device (terminal, gateway, gatekeeper), and it can be implemented as a separate device. • MP (Multipoint Processor) serves for receiving and processing audio-visual data from individual endpoints, and for sending the data to other endpoints. The MP performs the conversion between different codecs and bandwidths. • H.323 Gateway is a device that connects the H.323 environment with other protocols and/or networks, such as ISDN, PSTN, ATM and other telephone networks. The following three control protocols are used for the communication between the components within the H.323 environment: • H.225.0 RAS (Registration, Admission and Status) - this control protocol is used for communication between the endpoints and the gatekeeper, and for communication between different gatekeepers. The endpoints rely on RAS for registering with the gatekeeper, for requesting permission to use the system resources, to send requests for the IP address translation of another endpoint etc. The gatekeeper uses RAS for maintaining the list of registered endpoints and for gathering the resource information at the end of the call. RAS provides a user authentication and call authorisation mechanism. • H.225.0 Call Signalling - this channel serves for establishing calls and for messages such as ringing, successfully established or failed connections, and for additional services during the call. These messages are derived from the Q.931 signalling (IDSN call signalling), but the procedure is simplified and only a subset of the messages is used. The signalling can be performed directly between the endpoints as well as through one or more gatekeepers. • H.245 Conference Control - this channel is used for controlling the audio-visual format. It enables two or more participants in the conference to agree on a multimedia format that will be understood by all the participants. This concerns the compression, decompression and auto-configuration of multimedia content between the users. The control of the audio-visual format can be performed directly between the endpoints (terminal-terminal, terminal-MCU), as well as through one or more gatekeepers. Best Practice Document: Installation and configuration of H.323 3 Gatekeeper A Description of the H323 Technology The audio-visual content is directly exchanged between the endpoints and the following two protocols are used for that purpose: RTP (Real Time Protocol) and RTCP (Real Time Control Protocol). An RTP session is established for each multimedia content separately. The session contains an IP address and a pair of ports, the one port for the RTP, and the other port for the RTCP. According to the specification under Reference [2], the RTP port should be an even number, while a larger odd number should be used for the RTCP. Available UDP ports (1024-65565) are usually used for that. The RTP uses the UDP protocol to establish a number of connections between two points. The RTP header contains the ordinal number of the packet, the time of its creation, the source that generated the packet, etc. The RTCP contains the information on data quality, the number of listeners, the identification of listeners and senders, etc. Moreover, the SRTP (Secure RTP) can be used for additional data security. There are several types of H.323 addresses, i.e. several ways in which endpoints can be identified in the H.323 environment. They include E.164 numbers, H.323 URLs having the h323:[email protected] structure, various symbolic names, and IP addresses. 2.2 H.323 Gatekeeper As noted above, the gatekeeper is the central control and management device in the H.323 environment. According to the ITU-T H.323 recommendations, the gatekeeper should enable the following: • Address translation. • Admission control. • Bandwidth control. • Zone management. • Call control signalling. • Call authorisation. • Bandwidth control • Call management. The most common way of setting up the client device for a gatekeeper is through a static configuration of the IP address, which is the default manner referred to in this paper. Another way of configuration involves sending multicast messages to the 224.0.1.41 address in order to find the gatekeeper. Signalling messages can be sent directly between the endpoints or through the gatekeeper. In the first case, the gatekeeper cannot monitor the course of the call because the signalling, or part thereof, does not go through it, while in the second case the gatekeeper can control the entire course of the call, or parts thereof, depending on the signalling messages that pass through it.