1、 International Telecommunication Union ITU-T H.248.43TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (06/2008) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMSInfrastructure of audiovisual services Communication procedures Gateway control protocol: Packages for gate management and gate control Recommend
2、ation ITU-T H.248.43 ITU-T H-SERIES RECOMMENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization H.220H.229 Systems aspects H.230H.239 Communication pr
3、ocedures H.240H.259 Coding of moving video H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiovisual and multimedia services H.350H.359 Quality of service architecture for audiovisual and multimedi
4、a services H.360H.369 Supplementary services for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobility for H-Series multimedia systems and services H.510H.519 Mobile multimedia collaboration appli
5、cations and services H.520H.529 Security for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 Mobility interworking procedures H.550H.559Mobile multimedia collaboration inter-working procedures H.560H.569 BROADBAND AN
6、D TRIPLE-PLAY MULTIMEDIA SERVICES Broadband multimedia services over VDSL H.610H.619 Advanced multimedia services and applications H.620H.629 IPTV MULTIMEDIA SERVICES AND APPLICATIONS FOR IPTV General aspects H.700H.719 IPTV terminal devices H.720H.729 For further details, please refer to the list o
7、f ITU-T Recommendations. Rec. ITU-T H.248.43 (06/2008) i Recommendation ITU-T H.248.43 Gateway control protocol: Packages for gate management and gate control Summary Recommendation ITU-T H.248.43 contains several packages to support gate management/control at the boundary of IP domains. These packa
8、ges allow a media gateway to be configured to filter packets based on rules for different criteria such as source address/port, destination address/port and protocol type. These rules are logically combined and admit/discard the packets matching any or all of them according to the behaviour specific
9、ation. These filtering policies may be applied on an individual termination or the root termination by the media gateway controller or management action. Source Recommendation ITU-T H.248.43 was approved on 13 June 2008 by ITU-T Study Group 16 (2005-2008) under Recommendation ITU-T A.8 procedure. ii
10、 Rec. ITU-T H.248.43 (06/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU
11、. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics fo
12、r study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared
13、on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may con
14、tain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express
15、requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property
16、 Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of int
17、ellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All r
18、ights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T H.248.43 (06/2008) iii CONTENTS Page 1 Scope 1 1.1 Typical applications for gate control/management 1 2 Reference 1 3 Definitions 2 3.1 Terms defined elsewh
19、ere:. 2 3.2 Terms defined in this Recommendation. 2 4 Abbreviations and acronyms 3 5 Conventions 3 6 Model for IP-to-IP interworking. 3 6.1 General model for IP-to-IP interworking . 4 6.2 Relation of general model to the H.248 model for “IP-to-IP“ context. 4 6.3 Interaction of different filtering pr
20、operties. 5 6.4 Session-dependent versus session-independent gate management/control 5 6.5 Filtering rule interaction between root and individual terminations 6 6.6 Interaction with IP address latching ITU-T H.248.37 . 7 6.7 Interaction with IP domains/realms b-ITU-T H.248.41 8 7 Gate management Sou
21、rce address/port filtering package 8 7.1 Properties 8 7.2 Events . 11 7.3 Signals 11 7.4 Statistics 11 7.5 Error codes 12 7.6 Procedures 12 8 Gate management Outgoing destination address/port filtering package . 13 8.1 Properties 13 8.2 Events . 15 8.3 Signals 15 8.4 Statistics 15 8.5 Error codes 15
22、 8.6 Procedures 15 9 Gate management Incoming protocol filtering package 16 9.1 Properties 16 9.2 Events . 17 9.3 Signals 17 9.4 Statistics 18 9.5 Error Codes. 18 9.6 Procedures 18 iv Rec. ITU-T H.248.43 (06/2008) Page 10 Gate management Outgoing protocol filtering package 20 10.1 Properties 20 10.2
23、 Events . 20 10.3 Signals 20 10.4 Statistics 20 10.5 Error Codes. 21 10.6 Procedures 21 11 Gate management Incoming filtering behavior package. 21 11.1 Properties 21 11.2 Events . 22 11.3 Signals 22 11.4 Statistics 22 11.5 Error Codes. 22 11.6 Procedures 22 12 Gate management Outgoing filtering beha
24、vior package . 23 12.1 Properties 23 12.2 Events . 24 12.3 Signals 24 12.4 Statistics 24 12.5 Error Codes. 24 12.6 Procedures 24 Appendix I TISPAN gate management packages. 25 I.1 Gate management package. 25 Appendix II Survey of packages for gate management and gate control . 29 Appendix III Exampl
25、e policy control commands. 30 III.1 Examples 30 Bibliography. 34 Rec. ITU-T H.248.43 (06/2008) 1 Recommendation ITU-T H.248.43 Gateway control protocol: Packages for gate management and gate control 1 Scope The gate management and gate control packages define a number of properties to support gate m
26、anagement procedures at the boundary between two Internet protocol (IP) transport domains. The packages in this Recommendation allow a media gateway (MG) to be configured to filter packets based on rules for different criteria such as source address/port, destination address/port, incoming protocol
27、and/or outgoing protocol. The protocol filtering may be at the IP layer, transport protocol layer, i.e., UDP/TCP or on a higher layer, i.e., HTTP. Once a packet is matched to any or all of the filter rules then the packet may be admitted (received and/or forwarded) or discarded according to the beha
28、viour specification. These filtering rules have been placed in different packages to allow for different MG configurations to be deployed according to the gate management/control or firewall situation needed. The filtering rules may be placed on an individual termination or the root termination, thu
29、s allowing the filtering policy to be set on a per call/stream basis or on a media gateway as a whole. This policy may be set by the media gateway controller (MGC) or by management action. 1.1 Typical applications for gate control/management Filtering capabilities for IP network infrastructure is a
30、wide topic. This Recommendation supports the flexible definition of many different filter types and combinations of these filters. Such filters may be applied in order to satisfy similar (operational security) requirements for IP traffic as, e.g., outlined by b-IETF RFC 3871, or to address similar p
31、rotocol-specific attacks as, e.g., identified by b-IETF RFC 4778, or to build similar filter structures, e.g., as are being considered by the OPSEC working group of the IETF b-IETF opsec. 2 Reference The following ITU-T Recommendations and other references contain provisions which, through reference
32、 in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most rece
33、nt edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T H.248.1 Recommend
34、ation ITU-T H.248.1 (2005), Gateway control protocol: Version 3. ITU-T H.248.37 Recommendation ITU-T H.248.37 (2008), Gateway control protocol: IP NAPT traversal package. ITU-T H.248.57 Recommendation ITU-T H.248.57 (2008), Gateway control protocol: RTP control protocol package. ITU-T Q.3303.2 Recom
35、mendation ITU-T Q.3303.2 (2007), Resource control protocol No. 3 Protocol at the interface between a Policy Decision Physical Entity (PD-PE) and a Policy Enforcement Physical Entity (PE-PE) (Rw interface): H.248 alternative. 2 Rec. ITU-T H.248.43 (06/2008) IETF RFC 3198 IETF RFC 3198 (2001), Termino
36、logy for Policy-Based Management. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 policy: IETF RFC 3198. 3.1.2 private/local (internal) network b-IETF RFC 2663: A private network is an address realm independent of external network addre
37、sses. A private network may also be referred to as a local network. Transparent routing between hosts in private realm and external realm is facilitated by a NAT router. 3.1.3 public/global/external network b-IETF RFC 2663: A global or public network is an address realm with unique network addresses
38、 assigned by Internet Assigned Numbers Authority (IANA) or an equivalent address registry. This network is also referred to as an external network during NAT discussions. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 discarded: In the context of pack
39、et handling, “discarded“ refers to the packet not being processed further. No indication will be sent that this has occurred. However, the packet may be counted in certain statistics. 3.2.2 filter: In general IETF RFC 3198: A set of terms and/or criteria used for the purpose of separating or categor
40、izing. This is accomplished via single- or multi-field matching of traffic header and/or payload data. “Filters“ are often manipulated and used in network operation and policy. A filter rule is a specific policy rule. In an H.248 framework: Packet filters specify the criteria for matching a pattern
41、to distinguish separable classes of traffic. Filters are only related to ephemeral terminations. Filter rules are defined on the basis of H.248 properties. 3.2.3 filter/policy rules: In general IETF RFC 3198: A basic building block of a policy-based system. It is the binding of a set of actions to a
42、 set of conditions, where the conditions are evaluated to determine whether the actions are performed. In an H.248 framework: The conditions are defined on the basis of H.248 properties, associated to a H.248 termination or/and stream; and the set of actions always contains just a single element per
43、 rule, either action “packet forward“ or action “packet drop“, with or without statistics recording. NOTE Definition based on IETF RFC 3198 and b-IETF RFC 3060. 3.2.4 gate: Gating is implemented through the use of a filter. NOTE 1 The ITU-T RFC 3198 term “policy enforcement point“ (PEP) could be ass
44、ociated with the H.248 term “gate“. In the user plane, policy enforcement is defined in terms of a “gate“. A gate is a policy enforcement function (PEF) that interacts with a policy decision function (PDF). Gate operations are to control and manage media flows based on policy, and are under the cont
45、rol of the PDF. A gate operates on a unidirectional flow of packets, i.e., in either the upstream or downstream direction. NOTE 2 A gate may also be referred to as a “pinhole“. Rec. ITU-T H.248.43 (06/2008) 3 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acron
46、yms: CPU Central Processing Unit DP Destination Port number IP Internet Protocol HTTP Hyper Text Transfer Protocol L3 Layer 3 L4 Layer 4 MG Media Gateway MGC Media Gateway Controller MIB Management Information Base NAT Network Address Translator PCI Protocol Control Information PDF Policy Decision F
47、unction PEF Policy Enforcement Function PEP Policy Enforcement Point SNMP Simple Network Management Protocol RTCP Real-time Transport Control Protocol RTP Real-time Transport Protocol SP Source Port number TCP Transmission Control Protocol TISPAN Telecommunication and Internet converged Services and
48、 Protocols for Advanced Networking TLS Transport Layer Security UDP User Datagram Protocol UDPTL Facsimile user Datagram Protocol Transport Layer (protocol) 5 Conventions None. 6 Model for IP-to-IP interworking This Recommendation defines several H.248 packages focused on IP-to-IP connection models
49、(H.248 context type), though they may be used in support of non-IP-to-IP connection models as well (for example, ingress filtering). Definition of a connection model typically goes beyond the scope of a package definition (which considers primarily H.248 streams and terminations; connection models are specified in profile specifications). However, the purpose of this clause is to illustrate one possible IP-to-IP model. 4 Rec. ITU-T H.248.43 (06/2008) 6.1 General model for IP-to-IP interworking The general