Routing VOIP calls through multiple security zones
a security zone and routing technology, applied in the field of packet transmission, can solve problems such as preventing successful establishment of voip sessions, affecting the success of packet transmission, and difficulties in firewall and network address translation (nat) implementation
Inactive Publication Date: 2012-08-23
JUMIPER NETWORKS INC
View PDF2 Cites 7 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Benefits of technology
The invention relates to a method and network device for routing voice packets across multiple security zones. The technical effect of the invention is to enable secure communication between users located in different security zones, while ensuring that sensitive information is not compromised. The network device dynamically routes call invitation messages between users, proxies, and devices in different security zones, ensuring that the communication is always secure.
Problems solved by technology
The existence of addressing information in packet payloads has caused difficulties with respect to both firewall and network address translation (NAT) implementation.
Unfortunately, it is the rigorous and strict nature of most conventional firewalls themselves that typically prevents successful establishment of VoIP sessions.
This information is dynamically assigned upon generation of the each message and cannot be adequately predicted by the firewall.
Accordingly, when media from either party is received at the firewall, its passage is denied because no enabling policy is identified.
Clearly, this is untenable from a security standpoint.
In addition to problems posed by the restrictive nature of firewalls alone, many firewalls also implement NAT.
Unfortunately, as discussed above, addressing information for VoIP traffic may be contained within the payload information as well as the header of outgoing packets.
Accordingly, conventional NATs fail to accurately translate all outgoing traffic, resulting in dropped or discarded failed connections.
Unfortunately, current ALGs fail to support scenarios involving more than two distinct security zones where call messages are routed through multiple zones between calling parties.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0026]The following detailed description of embodiments of the principles of the invention refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. Also, the following detailed description does not limit the invention. Instead, the scope of the invention is defined by the appended claims and equivalents.
[0027]As described herein, a firewall or other interface device dynamically identifies VoIP messages passing through multiple security zones and modifies firewall pinholes so as to facilitate efficient exchange of messages between the parties.
System Overview
[0028]FIG. 2 illustrates an exemplary system 200 in which embodiments of systems and methods consistent with the principles of the invention may be implemented. As illustrated, system 200 may include three distinct security zones: a TRUST zone 202, an UNTRUST zone 204, and a demilitarized zone (DMZ) 206. Additionally, system 200 may include a group of user dev...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
Call setup signaling is performed across at least a first security zone, a second security zone, and a third security zone to set up a call. At least one gate is then established between the first security zone and the third security zone to enable traffic flow for the call between the first security zone and the third security zone.
Description
BACKGROUND OF THE INVENTION[0001]A. Field of the Invention[0002]The principles of the invention relate generally to packet transmission, and more particularly, to transmission of multimedia related packets across multiple security zones.[0003]B. Description of Related Art[0004]With the increasing ubiquity of the Internet and Internet availability, there has been an increasing desire to leverage its robust and inexpensive architecture for voice telephony services, commonly referred to as voice over IP (internet protocol), or VoIP. Toward this end, standards for internet telephony have been promulgated by the both the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) in the form of H.323 rev 5 (2003), “Packet based multimedia communications systems” as well as the Internet Engineering Task Force (IETF) in the form of RFC 3261 (2002), “Session Initiation Protocol (SIP)” to enable set-up and teardown of the media sessions.[0005]Under each of these st...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(United States)
IPC IPC(8): G06F21/00
CPCH04L63/0281H04L63/029H04M7/006H04L65/1076H04L65/1006H04L65/105H04L65/1053H04L65/1069H04L65/1009H04L65/1106H04L65/1045H04L65/1104
Inventor HUNYADY, ATTILA J.BOLLINENI, ANIL KUMAR
Owner JUMIPER NETWORKS INC