A few conversations I've had recently show that there is a lot of confusion about the differences and similarities between firewalls and routing SIP and H.323. I thought I'd provide some information (as opposed to opinion) on this topic to assist everyone in understanding the the myths and realties.
One common myth is that SIP has better NAT firewall support than H.323, and that moving from H.323 to SIP will remove the problem of "one-way audio" caused by the NAT firewalls. The reality is that this problem occurs just as easily in both H.323 or SIP networks, which is obvious because both use the exact same protocol (RTP) for transferring audio. It is possible to get around these problems in both protocols, and most soft-phones (but few hard-phones) of both flavours implement a variety of anti-NAT technologies to help prevent one-way audio calls from occuring. In this regard, this is no real difference between SIP and H.323.
The one clear advantage that SIP has when using a NAT firewall relates to receiving incoming calls. A SIP endpoint using UDP signalling (the most popular SIP signalling mode) can receive incoming calls from a behind a NAT firewall very easily if used with a proxy that knows how to stretch the rules a bit. However, a standard H.323 endpoint finds this impossible without non-standard protocol extensions as it uses TCP signalling which cannot pierce the NAT barrier. Interestingly, H.323 as a standard for using UDP transport that would solve this problem (H.323 Annex E) but this has never become popular.
There is also a lot of confusion regarding the roles of a SIP outbound proxy and SIP registrar, and how they compare to a H.323 gatekeeper. This confusion stems from the very different way that SIP and H.323 process the routing of incoming and outgoing calls
H.323 combines the functions of routing outbound calls and advertising inbound call readiness into a single entity called an gatekeeper. An endpoint registers with a gatekeeper using an authentication system to indicate it is ready to accept incoming calls, and the gatekeeper then propagates that routing information as required. Incoming calls go directly to the endpoint, which then asks the gatekeeper for confirmation before answering the call. When the endpoint needs to make an outgoing call, it asks the gatekeeper for routing information and then places the call directly to the destination.
A gatekeeper can also be combined with a proxy, which allows the gatekeeper to modify the routing information it provides (both to registered endpoints and to the outside world) in order to ensure that all outgoing and incoming calls go through the proxy. This is an optional feature - and is not required for a gatekeeper to perform its primary functions of routing.
SIP provides a different approach to solving the same problems. If a SIP network requires centralized routing for outbound calls, then endpoints are configured to use an "outbound proxy" for outgoing calls. Unlike a H.323 gatekeeper, no prior registration with the proxy is required , although authentication may be required on a per-call basis to restrict access.
Advertising readiness for incoming calls is performed by registering with a SIP registrar, which then propagates the routing as required. A registrar can be a stand-alone entity or, if control of incoming calls is required, it can be combined with an incoming proxy. This is the only way that incoming calls can be controlled, as a SIP endpoint is not required to verify incoming calls with the registrar in the same way that a H.323 endpoint has to check incoming calls with a gatekeeper.
The outbound proxy and SIP registrar can be co-resident, or they can be completely seperate entities with no knowledge of each other. This means that it is very possible for an outbound proxy and registrar to require completely different authentication credentials.
My feeling is that SIP places a lot more emphasis on the endpoint to make routing decisions, while H.323 provide more opportunities for centralised control. I'm sure that many people see this as reflection of the differing philosophies of the telco-dominated ITU standards for H.323 versus the Internet driven IETF standards for SIP, and they may even be right. I've also heard people talk about how this philosophical difference is actually a result of the differences between "socialist" Europe (home of the ITU) and the "democratic" US (home of the IETF), but I live in Australia and try and stay out of those kinds of arguments.
Either way, we're going to be living with both protocols for a long time so it's good have an understanding of the way in which both work.
本文地址:http://com.8s8s.com/it/it27257.htm