ملخص المحتوى في الصفحة رقم 1
Configuring H.323 Gatekeepers and Proxies
This chapter describes how to configure the Cisco Multimedia Conference Manager. The Multimedia
Conference Manager provides gatekeeper and proxy capabilities required for service provisioning and
management of H.323-compliant networks.
This chapter includes the following sections:
• Multimedia Conference Manager Overview, page 289
� H.323 Gatekeeper Features, page 290
� H.323 Proxy Features, page 297
� H.323 Prerequisite Tasks and Restrictions, page 3
ملخص المحتوى في الصفحة رقم 2
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Multimedia Conference Manager provides a rich list of networking capabilities, including the following: � A means to implement quality of service (QoS), which is required for the successful deployment of H.323 applications. � Interzone routing in the E.164 address space. When using H.323-identification (H.323-ID) format addresses, interzone routing is accomplished by using domain names. Multimedia Conference Manager allows you
ملخص المحتوى في الصفحة رقم 3
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features � Interzone Routing Using E.164 Addresses, page 294 � HSRP Support, page 296 Zone and Subnet Configuration A zone is defined as the set of H.323 nodes controlled by a single gatekeeper. Gatekeepers that coexist on a network may be configured so that they register endpoints from different subnets. Endpoints attempt to discover a gatekeeper and consequently the zone of which they are members by using the Registration, Admission
ملخص المحتوى في الصفحة رقم 4
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features For example, the local gatekeeper can be configured with the knowledge that zone prefix “212......” (that is, any address beginning “212” and followed by 7 arbitrary digits) is handled by the gatekeeper gatekeeper_2. Then, when the local gatekeeper is asked to admit a call to destination address 2125551111, it knows to send the LRQ to gatekeeper_2. When gatekeeper_2 receives the request, the gatekeeper must resolve the addres
ملخص المحتوى في الصفحة رقم 5
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Terminal Name Registration Gatekeepers recognize one of two types of terminal aliases, or terminal names: � H.323 IDs, which are arbitrary, case-sensitive text strings � E.164 addresses, which are telephone numbers If an H.323 network deploys interzone communication, each terminal should at least have a fully qualified e-mail name as its H.323 identification (ID), for example, bob@cisco.com. The domain name of the e-mail ID sh
ملخص المحتوى في الصفحة رقم 6
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Interzone Routing Using E.164 Addresses Interzone routing may be configured using E.164 addresses. Two types of address destinations are used in H.323 calls. The destination can be specified using either an H.323-ID address (a character string) or an E.164 address (a string that contains telephone keypad characters). The way interzone calls are routed depends on the type of address being used. When using H.323-ID addresses, in
ملخص المحتوى في الصفحة رقم 7
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features To enable the gatekeeper to select the appropriate hop-off gateway, use the gw-type-prefix command to configure technology or gateway-type prefixes. Select technology prefixes to denote different types or classes of gateways. The gateways are then configured to register with their gatekeepers using these technology prefixes. For example, voice gateways might register with technology prefix 1#, and H.320 gateways might regist
ملخص المحتوى في الصفحة رقم 8
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Note For ease of maintenance, the same prefix type should be used to denote the same gateway type in all zones under your administration. No more than 50 different technology prefixes should be registered per zone. Also, with the gw-type-prefix command, a hop off can be forced to a particular zone. When an endpoint or gateway makes a call-admission request to its gatekeeper, the gatekeeper determines the destination address
ملخص المحتوى في الصفحة رقم 9
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Note Gatekeeper failover will not be completely transparent to endpoints and gatekeepers. When the standby gatekeeper takes over, it does not have the state of the failed gatekeeper. If an endpoint that had registered with the failed gatekeeper now makes a request to the new gatekeeper, the gatekeeper responds with a reject, indicating that it does not recognize the endpoint. The endpoint must reregister with the new gatekeeper b
ملخص المحتوى في الصفحة رقم 10
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Proxy Inside the Firewall H.323 is a complex, dynamic protocol that consists of several interrelated subprotocols. During H.323 call setup, the ports and addresses released with this protocol require a detailed inspection as the setup progresses. If the firewall does not support this dynamic access control based on the inspection, a proxy can be used just inside the firewall. The proxy provides a simple access control scheme, as i
ملخص المحتوى في الصفحة رقم 11
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Proxy in Co-Edge Mode If H.323 terminals exist in an area with local interior addresses that must be translated to valid exterior addresses, the firewall must be capable of decoding and translating all addresses passed in the various H.323 protocols. If the firewall is not capable of this translation task, a proxy may be placed next to the firewall in a co-edge mode. In this configuration, interfaces lead to both inside and outsid
ملخص المحتوى في الصفحة رقم 12
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Proxy Outside the Firewall To place the proxy and gatekeeper outside the firewall, two conditions must exist. First, the firewall must support H.323 dynamic access control. Second, Network Address Translation (NAT) must not be in use. If NAT is in use, each endpoint must register with the gatekeeper for the duration of the time it is online. This will quickly overwhelm the firewall because a large number of relatively static, inter
ملخص المحتوى في الصفحة رقم 13
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Table 25 Guidelines for Networks That Do Not Use NAT For Networks Not Using NAT Firewall with H.323. NAT Firewall Without H.323 NAT Firewall with Dynamic Access Gatekeeper and proxy inside the Gatekeeper and proxy inside the Control firewall firewall Gatekeeper and proxy outside Gatekeeper and proxy outside the the firewall firewall Firewall Without Dynamic Gatekeeper and proxy inside the Gatekeeper and proxy inside the Access Con
ملخص المحتوى في الصفحة رقم 14
Configuring H.323 Gatekeepers and Proxies H.323 Prerequisite Tasks and Restrictions Application-specific routing is simple. When the proxy receives outbound traffic, it directs traffic to an interface that is connected directly to the QoS network. The proxy does not send the traffic using an interface that is specified for the regular routing protocol. Similarly, inbound traffic from other proxies is received on the interface that is connected to the QoS network. This is true if all these oth
ملخص المحتوى في الصفحة رقم 15
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List � The number of remote gatekeepers multiplied by the delay per LRQ cannot exceed the Routing Information Protocol (RIP) timeout. Therefore, we recommend that you limit your list of remote gatekeepers to two or three. � If LRQ forwarding is enabled on the directory gatekeeper, the sequential setting for LRQs is ignored. � Only E.164 address resolution is supported. � Using redundant H.323 zone support in the “di
ملخص المحتوى في الصفحة رقم 16
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Starting a Gatekeeper To enter gatekeeper configuration mode and to start the gatekeeper, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# gatekeeper Enters gatekeeper configuration mode. Router(config-gk)# zone local gatekeeper-name Step 2 Specifies a zone controlled by a gatekeeper. domain-name [ras-IP-address] The arguments are as follows: � gatekeeper-
ملخص المحتوى في الصفحة رقم 17
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose Router(config-gk)# zone prefix gatekeeper-name Step 3 Adds a prefix to the gatekeeper zone list. e164-prefix [blast | seq] [gw-priority priority The keywords and arguments are as follows: gw-alias [gw-alias, ...]] � gatekeeper-name—Specifies the name of a local or remote gatekeeper, which must have been defined by using the zone local or zone remote command. � e164-prefix—Specifies an E.164 pr
ملخص المحتوى في الصفحة رقم 18
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose Router(config-gk)# zone subnet local-gatekeeper-name Step 4 Defines a set of subnets that constitute the gatekeeper [default | subnet-address {/bits-in-mask | zone. Enables the gatekeeper for each of these mask-address} enable] subnets and disables it for all other subnets. (Repeat for all subnets.) The keywords and arguments are as follows: � local-gatekeeper-name—Specifies the name of the l
ملخص المحتوى في الصفحة رقم 19
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Note To explicitly enable or disable a particular endpoint, specify its host address using a 32-bit subnet mask. Configuring Intergatekeeper Communication This section describes two ways to configure intergatekeeper communication: � Via DNS, page 307 � Manual Configuration, page 308 Via DNS To configure intergatekeeper communication using DNS, use the following commands in global configuration mode: Command Purp
ملخص المحتوى في الصفحة رقم 20
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List zone3.comintxt“ras gk.3@gk.zone3.com:1725” zone4.comintxt“ras gk4@gk.zone4.com:1725 123” zone5.comintxt“ras gk5@101.0.0.1:1725” Manual Configuration If you choose not to use DNS or if DNS is not available, configure intergatekeeper communication manually. To configure intergatekeeper manual communication, use the following command in gatekeeper configuration mode for every other gatekeeper in the network: Comman
