© 2001 intertex data ab, all rights reserved moderator sandy teger 1 intertex data ab, sweden ix66...

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 1

Intertex Data AB, Sweden

IX66 Internet Gate

A Firewall with SIP Support

Prepared for: Voice On the Net, Spring 2001

By: Lars Berggren

Research and Development

Intertex Data AB

lars.berggren@intertex.se

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 2

The Swedish ”Broadband to the People” Race

What is going on?

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 3

The Swedish ”Broadband to the People” Race

Price level: 20 USD/month flat rate

Technologies: ADSL, Cable Modems,

Apartment Building LAN

Deployment: 8 % of households now

20 % of households end 2001

95 % of households in 5 years

Key factors: Faster + Always-On

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 4

Services and Applications

Killer applications?

Today: Faster Surfing

Coming: IP Telephony * Tomorrow: Home Appliances Control *

* Requires access from the Internet to YOU

and Always On!

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 5

The importance of SIP

A protocol is needed for

Session Initiation User/Device presence and location Event notification

Use SIP!

RFC2543, Proven compatibility Scalable, uses Internet services Extendable, Not limited to IP Telephony

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 6

The importance of SIP

SIP for Presence and Instant MessagingSee www.cs.columbia.edu/sip/drafts_presence.html SIP Already Provides Publication Capability Extended with Event Notification and

Subscription

Registrar

Client Client

Client

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 7

The importance of SIP

Control your temperature, refrigerator,

alarm, toaster and more…

An extension to SIP in progress See www.research.telcordia.com/iapp/ http://search.ietf.org/internet-drafts/draft-moyer-

sip-appliances-framework-01.txt

Submitted to OSGi See http://www.osgi.org

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 8

Broadband in the Home – Firewall & NAT

Do YOU want to be part of the public Internet?

Always On Internet – You need a firewall!

Firewall

Outside world Home

Internal LANInternet

Private IP Addresses

One public IP Address

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 9

Broadband in the Home – Firewall & NAT

Why do we need SIP capable firewalls / NATs?

Global end-to-end connectivity for SIP Privacy and protection of home devices Many SIP applications are typically used with

Always-On access Several SIP devices, but only one public IP

address

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 10

Accessing Protected Devices

Firewall Problems:

• Sessions initiated from outside of the firewall

- OK, open port 5060, but…

• Media streams on dynamically allocated port numbers

- Ooops… !Even with public IP addresses inside

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 11

Accessing Protected Devices

NAT & PAT Problems:

• Where is the device?- Registration/location function

• Private IP addresses and ports in SIP messages- Rewrite with globally routable addresses

• IP address and port of media stream has to be modified- NAT engine has to be dynamically controlled

Worse with privateIP addresses inside

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 12

Adding SIP support to a firewall

Important components:

• Dynamic Firewall Engine

• SIP Proxy Server, controlling the firewall

• SIP Registrar, user location information

• Communication between SIP Proxy and firewall SIP

ProxyRegistrar

Firewall & NAT

FirewallControl

Protocol?

Internal LAN

LACLACLACLAC

Internet

Firewallor NAT

Accessing into the home...

SIPProxy

Outside World In HomeProtection

© 2000 Telcordia Technologies, Inc.All Rights Reserved

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 14

Global End-to-End Connectivity

Now possible!

karl@intertex.se

LAN Gateway

InternetInternet

PSTN

SIP End-to-End to utilize the possibilities of advanced IP Telephony services!

FIREWALL

FIREWALL

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 15

Demo – Let’s make a call…

LAN

PSTNGateway

InternetInternet

PSTN

Firewall

SIPProxy

Registrar

SIPServer

GSMGateway

Dialling: lars@siplab.net

Dynamic session setup

siplab.net

SIP forwarding

RINGING!

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 16

Demo – Let’s turn the lamp on…

DO sip:lars.home.apps@siplab.net<Device>lamp</Device><Action>power on</Action>

Internet(Ethernet)

LAN(Ethernet)

InternetInternet SIPServer

siplab.netSIP

HomeAppliancesController

SIP

SIP

ENP

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 17

The Intertex IX66 Internet Gate

As Internet Gate ”only” or with integrated ADSL modem

The Intertex IX66 series OEM as:

• PowerBit• Telia SurfinBird

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 18

The Intertex IX66 Internet Gate

A closer look

Firewall & NAT/PAT SIP Proxy and Registrar DHCP Server WEB Server for configuration SIP Appliance Control, LAC via expansion port

SELECT

SET ALT CFG E T 1

A I

R

U S B

E T 2

W A N

T X D

R X D

ADR CFG DHP RST LQ

TX RX

SC

© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 19

The Intertex IX66 Internet Gate

Goodies

Two Ethernet and one USB port Expansion port, e.g. for appliance control Smart Card Reader Upgradeable

ON DC USB ET2 ET1 EXP LINE PHONE

Optional ADSL Built-in