3.5.1 Firewalls
Firewalls are devices that are placed at the boundary of networks to protect the networks from denial of service attacks and unwanted traffic. Firewalls are used mainly to protect company intranets and web sites, ie they are used on end networks. However the need for protection and access control to support charging in transit networks may lead to firewalls being used more widely on interconnected networks that provide VoIP services.
Firewalls work by examining the IP addresses and port numbers used within incoming and outgoing packets and allowing only certain ranges of addresses and port numbers through. This examination adds delay that degrades the quality of real-time communications, and firewall developers are being challenged by the need to keep this delay adequately low for conversational voice. It is quite difficult to formulate policies for firewalls that will provide adequate protection whilst not rejecting too much wanted traffic.
A group in IETF called MIDCOM is developing a protocol for the control of firewalls by the devices that handle the call signalling. This will enable the signalling to instruct media gateways to open “pinholes” (particular IP address:port number combinations) that relate to calls that are in progress. These pinholes are then closed when a call is terminated.
3.5.2 NATS
Network Address Translators (NATs) are devices that enable a small number of public IP addresses to be pooled and shared by a larger number of terminals. The terminals inside the area served by a NAT have private IP addresses. The NAT changes the values of the public address in the incoming packets to a private address, and changes the value of the private address in an outgoing packet to a public address. Because NATs hide the internal private addresses of a network, they provide some protection.
NATs are used widely at present both to hide internal addresses and to reduce the demand for public IP addresses.
Because NATs change the values of IP addresses in packets they interfere with the operation of applications that are aware of IP addresses. The SIP signalling messages may contain end IP addresses in the call-ids, and these addresses will need to be altered as the SIP messages cross a NAT. This is a messy situation and requires an Application Layer Gateway (ALG) to make the necessary changes.
Many people in IETF see IPv6 as the solution to the shortage in IPv4 addresses and hope that when IPv6 is used NATs will disappear, but there is a wide range of views about when IPv6 will become widely used and whether operators will still want to use private IP accesses for security purposes.
4 VoIP services
What is VoIP (voice over IP)? There is no simple answer to this question as the term VoIP covers a variety of different services and implementations.
4.1.1 Categorisation
With the development of IP there are now several types of service that involve voice, whereas previously there was just public telephony. This situation is causing considerable confusion because the definitions and terminology that are agreed formally in standardisation bodies have not kept up with the developments in the technology and the market place.
In addition to the multiplication of service types, there is innovation in service presentation and access, and innovation in the way in which what we categorise as different services may be combined together.
It is unlikely that the definitions and terminology will catch up with the diversification in the market and this will cause significant difficulty for regulators who wish to continue to apply various requirements such as access to emergency services and malicious call tracing as it will be difficult for them to define the boundaries within which the requirements apply.
We think that it is worthwhile continuing to try to use some definitions and categorisation because doing so facilitates analysis and clarifies discussion. The alternative would make it impracticable to have any meaningful overview of the situation.
There are two aspects to the type of service:
-
the type of traffic – just voice or voice as part of multimedia
-
the method of identifying correspondents and setting up a call – either public telephony based on E.164 numbering or “Internet telephony” based on Internet naming (user@host) or instant messaging
Some people would argue that quality is an equally important aspect of a service and that the use of E.164 numbering should be linked to the achievement of an adequate level of quality. However, we do not include quality in the definition because we need a definition of telephony against which we can make statements about quality without the problem of circularity, and also because quality may change significantly as the technology develops, and users can handle changes in quality more easily than changes in numbering.
These aspects can be grouped into three main service types:
-
Public telephony, which uses only E.164 numbering. (There is also private telephony, which uses a private numbering plan but not Internet names.)
-
Internet named telephony16, which uses only Internet naming but in other respects is functionally similar to public telephony except that the quality is more unpredictable and may be significantly lower.
-
Multi-media, which may use either E.164 numbering or Internet naming. Multi-media services are at a very early stage of development with video telephony being one of the main examples to date.
The Internet trade-jargon describes three services:
-
Phone-Phone: a bypass service which uses ordinary telephones and the PSTN for access and termination and the Internet for the long distance or International part of a call. It includes calling card services. This is a subset of the natural meaning of “Phone – Phone”, which could include normal PSTN and Internet named telephony calls between IP based telephones
-
PC-Phone: where a call can be made to a traditional telephone from a PC and where the call will be carried most of the way on the Internet and handed to a circuit switched network operator at the terminating end. In our terminology, this is currently an implementation of public telephony since E.164 numbers are used for identifying the called party, but in the future phones may support Internet naming as well as E.164.
-
PC-PC: where a call will be made entirely on the Internet. In our terminology, at present this is only Internet named telephony where Internet names are used for identifying the called party, but in the future public telephony will also be supported on PCs via IP based networks.
This is a different categorisation from the one that we are adopting for this report. Its categories are based on terminal types rather than services, and although its categories can be equated to our service categories now, these relationships will change in the future. Figure 21 shows the relationships in these categories now and in the future. To equate “Phone” with E.164 and “PC” with either E.164 or Internet naming is misleading as the relationship is more complex.
Share with your friends: |