© 2001 intertex data ab, all rights reserved moderator sandy teger 1 intertex data ab, sweden ix66...
Post on 21-Dec-2015
217 views
TRANSCRIPT
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 1
Intertex Data AB, Sweden
IX66 Internet Gate
A Firewall with SIP Support
Prepared for: Voice On the Net, Spring 2001
By: Lars Berggren
Research and Development
Intertex Data AB
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 2
The Swedish ”Broadband to the People” Race
What is going on?
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 3
The Swedish ”Broadband to the People” Race
Price level: 20 USD/month flat rate
Technologies: ADSL, Cable Modems,
Apartment Building LAN
Deployment: 8 % of households now
20 % of households end 2001
95 % of households in 5 years
Key factors: Faster + Always-On
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 4
Services and Applications
Killer applications?
Today: Faster Surfing
Coming: IP Telephony * Tomorrow: Home Appliances Control *
* Requires access from the Internet to YOU
and Always On!
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 5
The importance of SIP
A protocol is needed for
Session Initiation User/Device presence and location Event notification
Use SIP!
RFC2543, Proven compatibility Scalable, uses Internet services Extendable, Not limited to IP Telephony
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 6
The importance of SIP
SIP for Presence and Instant MessagingSee www.cs.columbia.edu/sip/drafts_presence.html SIP Already Provides Publication Capability Extended with Event Notification and
Subscription
Registrar
Client Client
Client
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 7
The importance of SIP
Control your temperature, refrigerator,
alarm, toaster and more…
An extension to SIP in progress See www.research.telcordia.com/iapp/ http://search.ietf.org/internet-drafts/draft-moyer-
sip-appliances-framework-01.txt
Submitted to OSGi See http://www.osgi.org
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 8
Broadband in the Home – Firewall & NAT
Do YOU want to be part of the public Internet?
Always On Internet – You need a firewall!
Firewall
Outside world Home
Internal LANInternet
Private IP Addresses
One public IP Address
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 9
Broadband in the Home – Firewall & NAT
Why do we need SIP capable firewalls / NATs?
Global end-to-end connectivity for SIP Privacy and protection of home devices Many SIP applications are typically used with
Always-On access Several SIP devices, but only one public IP
address
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 10
Accessing Protected Devices
Firewall Problems:
• Sessions initiated from outside of the firewall
- OK, open port 5060, but…
• Media streams on dynamically allocated port numbers
- Ooops… !Even with public IP addresses inside
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 11
Accessing Protected Devices
NAT & PAT Problems:
• Where is the device?- Registration/location function
• Private IP addresses and ports in SIP messages- Rewrite with globally routable addresses
• IP address and port of media stream has to be modified- NAT engine has to be dynamically controlled
Worse with privateIP addresses inside
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 12
Adding SIP support to a firewall
Important components:
• Dynamic Firewall Engine
• SIP Proxy Server, controlling the firewall
• SIP Registrar, user location information
• Communication between SIP Proxy and firewall SIP
ProxyRegistrar
Firewall & NAT
FirewallControl
Protocol?
Internal LAN
LACLACLACLAC
Internet
Firewallor NAT
Accessing into the home...
SIPProxy
Outside World In HomeProtection
© 2000 Telcordia Technologies, Inc.All Rights Reserved
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 14
Global End-to-End Connectivity
Now possible!
LAN Gateway
InternetInternet
PSTN
SIP End-to-End to utilize the possibilities of advanced IP Telephony services!
FIREWALL
FIREWALL
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 15
Demo – Let’s make a call…
LAN
PSTNGateway
InternetInternet
PSTN
Firewall
SIPProxy
Registrar
SIPServer
GSMGateway
Dialling: [email protected]
Dynamic session setup
siplab.net
SIP forwarding
RINGING!
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 16
Demo – Let’s turn the lamp on…
DO sip:[email protected]<Device>lamp</Device><Action>power on</Action>
Internet(Ethernet)
LAN(Ethernet)
InternetInternet SIPServer
siplab.netSIP
HomeAppliancesController
SIP
SIP
ENP
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 17
The Intertex IX66 Internet Gate
As Internet Gate ”only” or with integrated ADSL modem
The Intertex IX66 series OEM as:
• PowerBit• Telia SurfinBird
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 18
The Intertex IX66 Internet Gate
A closer look
Firewall & NAT/PAT SIP Proxy and Registrar DHCP Server WEB Server for configuration SIP Appliance Control, LAC via expansion port
SELECT
SET ALT CFG E T 1
A I
R
U S B
E T 2
W A N
T X D
R X D
ADR CFG DHP RST LQ
TX RX
SC
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 19
The Intertex IX66 Internet Gate
Goodies
Two Ethernet and one USB port Expansion port, e.g. for appliance control Smart Card Reader Upgradeable
ON DC USB ET2 ET1 EXP LINE PHONE
Optional ADSL Built-in