To start things off, the H.323 terminal originating a call (caller) makes a TCP connection to the well-known port for H.323, port 1720. The terminal being called (callee) and the caller exchange Q.931 packets across this connection to propose ephemeral (dynamic and greater than 1024) ports that will be used from this point forward to exchange H.245 system control information.
This use of ephemeral TCP and UDP ports is important to the generality and flexibility of H.323 communications over LANs and WANs. However, it complicates communications through firewalls and proxies. (We'll explain more about this later.)
Use of the H.245 control packet protocol is the underpinning for call parameter negotiations, such as which codecs to use. Once the audio and video codecs and parameters have been negotiated, the H.245 session initiates an OpenLogicalChannel sequence. This sends the caller's RTP (Real-Time Protocol) and RTCP (Real-Time Control Protocol) address and port number as well as the callee's RTP and RTCP address and port number for a particular media stream (i.e., audio or video). It should be noted that in H.323, each logical channel is considered to be one-way. Therefore, for two people to exchange audio, two logical channels must be opened-one from the caller to the callee and another from the callee to the caller. Another two channels are required to exchange video.
H.245's RTP has commands that cause UDP connections to be made. Audio and video data are transmitted in each direction over UDP channels because the goal is to deliver this data as fast as possible. There's no advantage in employing an error-correcting protocol, which could bottleneck the process and interrupt the orderly delivery of picture frames. However, TCP channels are used for T.120-related information: camera control exchanges, file transfers or whiteboard updates, because this type of data must arrive without errors. All of this adds up to the reality that H.323 call setup can become very complicated and involve many simultaneous ephemeral TCP and UDP connections.
This leads to complications when a proxy is inserted into the stream. Firewalls that perform packet filtering, circuit filtering and address translation operate at the IP layer and therefore are transparent to callers. Because of H.323's heavy use of ephemeral (dynamic) ports, the only way for a packet filtering router to support H.323 is to open all UDP and TCP ports above 1024 in each direction. This policy does not provide much protection.
|
REPORTS
ANALYTICS
Follow 
