D-Link DFL-2500 User Manual

Page 153

Advertising
background image

VOIP see also Section 6.2.8, “H.323”.)

SIP Components

The following components are the logical building blocks for SIP communication:

User Agents

These are the end points or "peers" that are involved in the peer-to-peer
communication. These would typically be the workstation or device used in an
IP telephony conversation. The word peer will often be used in this section in
this context.

Proxy Servers

These act as routers in the SIP protocol, performing both as peer and server
when receiving peer requests. They forward requests to a peer's current
location as well as authenticating and authorizing access to services. They also
implement provider call-routing policies.

The proxy is typically located on the unprotected side of the D-Link Firewall
and this is the proxy location supported by the NetDefendOS SIP ALG.

Registrars

A server that handles SIP REGISTER requests is given the special name of
Registrar. The Registrar server has the task of locating the host where the
other peer is reachable.

The Registrar and Proxy Server are logical entities and my in fact reside in the
same physical server.

SIP Media-related Protocols

SIP sessions make use of a number of sub-protocols:

SDP

Session Description Protocol (RFC4566) is used for media session initialization.

RTP

Real-time Transport Protocol (RFC3550) is used as the underlying packet format for
delivering audio and video streaming via IP using the UDP protocol.

RTCP

Real-time Control Protocol (RFC3550) is used in conjunction with RTP to provide
out-of-band control flow management.

SIP Usage Scenarios

The NetDefendOS SIP ALG supports the following usage scenarios:

1. Internal to External

The SIP session is between a peer on the protected side of a
D-Link Firewall and a peer which is on the external,
unprotected side. Communication typically takes place across
the public Internet.

2. Same Network

A refinement of the internal to internal scenario is the case
where the two peers in a session reside on the same network.

In all these three scenarios the proxy server is assumed to be on the unprotected side of the D-Link
Firewall.

SIP Configuration Options

The following options can be configured for a SIP ALG object:

6.2.7. SIP

Chapter 6. Security Mechanisms

153

Advertising
Popular Brands
Popular manuals