Configuring H.323 Gatekeepers and Proxies

H.323 Gatekeeper Configuration Examples

Enabling the Proxy to Forward H.323 Packets

To enable the proxy to forward H.323 packets received from the edge network to the multimedia backbone, designate the interface that connects the proxy to the multimedia backbone to the ASR interface by entering the h323 asr command in interface configuration mode. Enabling the proxy to forward H.323 packets satisfies the first goal identified earlier in this section.

Because the proxy terminates two call legs of an H.323 call and bridges them, any H.323 packet that traverses the proxy will have the proxy address either in its source field or in its destination field.

To prevent problems that can occur in proxies that have multiple IP addresses, designate only one interface to be the proxy interface by entering the h323 interface command in interface configuration mode. Then all H.323 packets that originate from the proxy will have the address of this interface in their source fields, and all packets that are destined to the proxy will have the address of this interface in their destination fields.

Figure 62 illustrates that all physical proxy interfaces belong either to the multimedia network or to the edge network. These two networks must be isolated from each other for the proxy to be closed; however, the proxy interface must be addressable from both the edge network and the multimedia network. For this reason, a loopback interface must be created on the proxy and configured to the proxy interface.

It is possible to make the loopback interface addressable from both the edge network and the multimedia network without exposing any physical subnets on one network to routers on the other network. Only packets that originate from the proxy or packets that are destined to the proxy can pass through the proxy interface to the multimedia backbone in either direction. All other packets are considered unintended packets and are dropped. This can be achieved by configuring access control lists (ACLs) so that the closed proxy acts like a firewall that only allows H.323 packets to pass through the ASR interface. This satisfies the second goal identified earlier in this section, which is to ensure that only H.323-compliant packets can access or traverse the multimedia backbone.

Isolating the Multimedia Network

The last step is to configure the network so that non-H.323 traffic never attempts to traverse the multimedia backbone and so that it never risks being dropped by the proxy. This is achieved by completely isolating the multimedia network from all edge networks and from the data backbone and by configuring routing protocols on the various components of the networks.

The example provided in Figure 62 requires availability of six IP address classes, one for each of the four autonomous systems and one for each of the two loopback interfaces. Any Cisco-supported routing protocol can be used on any of the autonomous systems, with one exception: Routing Information Protocol (RIP) cannot be configured on two adjacent autonomous systems because this protocol does not include the concept of an autonomous system. The result would be the merging of the two autonomous systems into one.

If the number of IP addresses are scarce, use subnetting, but the configuration can get complicated. In this case, only the Enhanced IGRP, Open Shortest Path First (OSPF), and RIP Version 2 routing protocols, which allow variable-length subnet masks (VLSMs), can be used.

Cisco IOS Voice, Video, and Fax Configuration Guide

VC-351

Page 63
Image 63
Cisco Systems VC-289 manual Enabling the Proxy to Forward H.323 Packets, Isolating the Multimedia Network, VC-351

VC-289 specifications

Cisco Systems has long been a leader in networking technology, and among its diverse range of products is the VC-289. Designed specifically for enhanced performance in high-demand environments, the VC-289 serves a critical role in supporting the modern networking infrastructure.

One of the standout features of the VC-289 is its scalability. The device is engineered to easily accommodate expanded workloads, ensuring that organizations can grow without the need for frequent upgrades. This scalability is complemented by Cisco's commitment to backward compatibility, allowing businesses to integrate new systems with existing setups seamlessly.

In terms of performance, the VC-289 boasts impressive processing power. With advanced multi-core architecture, it is capable of handling multiple data streams simultaneously, making it ideal for environments that require consistent data flow, such as cloud computing and IoT applications. The device’s high throughput ensures that users experience minimal latency, facilitating quick data transfers even during peak usage times.

Security is another key characteristic of the VC-289. Cisco has integrated robust security protocols that protect against various cyber threats. Through features such as advanced encryption standards and intrusion prevention systems, organizations can ensure that sensitive data remains secure and is not compromised during transmission.

Another notable technology within the VC-289 is its support for software-defined networking (SDN) capabilities. This allows for more flexible network management, enabling IT teams to adapt the network according to evolving business needs. The ability to programmatically control the network also means that businesses can implement changes more rapidly, reducing downtime and improving overall productivity.

The VC-289 is designed with energy efficiency in mind, featuring power-saving modes that help reduce operational costs. This focus on sustainability not only benefits the environment but also appeals to organizations striving to meet corporate social responsibility objectives.

In conclusion, the Cisco Systems VC-289 stands as an exemplary solution for modern networking challenges. With its scalability, performance capabilities, enhanced security features, SDN support, and energy efficiency, it meets the demands of today's fast-paced and ever-evolving technological landscape. Organizations looking to invest in a robust networking solution would do well to consider the VC-289 as a cornerstone of their infrastructure.