Port randomization, Napt function, Authenticated requests – Nortel Networks NN10265-111 User Manual

Page 64

Advertising
background image

NN10265-111 MCS 5100 3.5 Standard 4.0 January 2006

64

Copyright © Nortel Networks Limited 2006

Port randomization
When the RTP Media Portal is deployed, each Media Blade is
configured with a pool of ports containing a specific number of ports in
a specific range based on configuration data (“Number Ports”, “Min Port
Value”, “Max Port Value”, respectively). For more information on these
configuration properties, refer to

Table 2, RTP Media Portal tab

configurable properties, on page 51

.

As multimedia sessions are initiated, a port is chosen from the port pool
associated with the selected Media Blade. For non-static port
configurations (i.e. “Static RTP Ports” is configured to be “false”), when
a multimedia session completes, their associated ports are deallocated
from the pool and new replacement ports are allocated to the pool. The
deallocation of used ports and allocation of replacement ports provides
randomization in the port pools for the Media Blades.

NAPT function
In order to obscure the MCP Services Network topology, the RTP Media
Portal uses the NAPT functionality to secure the multimedia sessions
so that there is no leakage of topology information.

This is achieved by maintaining a list of media ports (NAPT table) which
are being used within active multimedia sessions. Only packets which
arrive on these active ports are processed. Packets which arrive on
non-active ports are rejected and logged as potential problems.

RTP Media Portal component level security functions

The RTP Media Portal component also contributes to system security
by opening and closing media ports only in response to requests from
the SIP Application Module (which has pre-authenticated such
requests) and by rejecting any unauthorized packets arriving on an
active connection.

Authenticated requests
All requests to manipulate the media resources on the RTP Media
Portal originate from the SIP Application Module. The SIP Application
Module ensures that all requests are made by, or made to, a valid
service subscriber. In this way, the SIP Application Module effectively
authenticates all requests.

In addition, the portion of the RTP Media Portal which processes these
requests to manipulate the media resources resides safely within the
MCP Services Network.

Advertising
Popular Brands
Popular manuals