Does anyone have documentation concerning H.460 standard?
Thank you in advance.

Does anyone have documentation concerning H.460 standard?
Thank you in advance.

If you are looking for a copy of the ITU standard, you will have to purchase it from www.itu.org (http://www.itu.org). If you are looking for an explanation on how it works, ask your question and we can try to help you.

Sean

Dear Sean,

I will have an access on itu only at the end of September therefore I asked.

Dear Sean,

I will have an access on itu only at the end of September therefore I asked.

Great! We have a technical white paper called 'TANDBERG and H323' found at http://www.tandberg.net/support/documentation.php?p=White_Papers . This paper details our H.323 implementation in all our products. Today it talks about Expressway, but H.460 is very close. This document has been updated to show H.460 and is going through final editing before being posted. Keep an eye out for it.

Sean

Dear Sean,

It is very strange that STANDARD is very close. It will be logically for proprietary protocol …

Sean,
Can you disclose any information regarding inter-opt testing or other companies that have licensed the technology?

Dear Sean,

It is very strange that STANDARD is very close. It will be logically for proprietary protocol …

Not sure I understand. H.460 is now a standard and available for anyone to implement towards.

Sean

Sean,
Can you disclose any information regarding inter-opt testing or other companies that have licensed the technology?

There is no public information on that today. All interoperability on something this new would have happened at last week's SuperOp but the results are confidential under NDA. As other vendor's produce devices that comply, we will be sure to test interop and put the info in our release notes.

Sean

Sean,
Totally understandable, just curious if anything was public yet. Honestly I was very surprised to see the standard come out as it did since there was talk from a couple of other companies about having a standards compliant way to traverse firewalls. In either case this is definitely an area that should be standardized and I’m happy to see that things are moving in this direction. Now I only hope the interoperability is better with H.460 than it was with H.239 :)

Anyone know if Polycom is going to charg for this update? Also will both ends need the protocol?


I bet Sony will be the last company to utilize the standard...Or they will come out with an entirely new product line that uses the standard instead of just patching the pcs-1/11.

Sean,
Totally understandable, just curious if anything was public yet. Honestly I was very surprised to see the standard come out as it did since there was talk from a couple of other companies about having a standards compliant way to traverse firewalls. In either case this is definitely an area that should be standardized and I’m happy to see that things are moving in this direction. Now I only hope the interoperability is better with H.460 than it was with H.239 :)

We hope so too. But then again, when 'they' claim they invented H.239, H.264, T.120 and everything else in the VTC world, you would expect it to work better. ;)

We will see.

Sean

Actually, everyone is allowed to 3 ITU free standards per year. Unfortunately, I already downloaded 3 this year already. Is it true that Tandberg is the only manufacter to have a H.460 compliant solution?

Thx

Does anyone have documentation concerning H.460 standard?
Thank you in advance.

no one is explained what is the use of H.460 in VC?.

Senthil

no one is explained what is the use of H.460 in VC?.

Senthil

Firewall Traversal.

Actually, everyone is allowed to 3 ITU free standards per year. Unfortunately, I already downloaded 3 this year already. Is it true that Tandberg is the only manufacter to have a H.460 compliant solution?

Thx

Correct, TANDBERG is the only capable of delivering a H.460.18/19 compliant firewall traversal solution on the market today.

Sean

no one is explained what is the use of H.460 in VC?.

Senthil

Be careful of the generic use of H.460, its actually a long list of standards. The specific ones for firewall traversal are H.460.18 and H.460.19.

A good reference site http://comm.disa.mil/itu/

Sean

sean can u explian more how this technology works in two different firewall networks?.I gone through the document which is available in tandberg website some little confusion.

Senthil

Hey Senthil,

This might help.

Say Hello to H.460
The ITU (International Telecommunications Union – a United Nations Agency) has ratified a new set of recommendations (standards to most people) that promises to make NAT-firewall traversal between vendors’ videoconferencing equipment and different end user organizations much easier in the future. The new recommendations are H.460.18 (edited by TANDBERG) that enables H.323 video endpoints to exchange signaling information, and H.460.19 (edited by RADVISION) that defines the NAT-firewall mechanism for media. The two standards obviously work together closely, but by keeping them separate, the architecture will enable cleaner upgrades and enhancements in the future, perhaps similar to the ISO 7-layer stack model for network protocols. (Don’t ask us whatever happened to H.460.1 through H.460.17, which like MPEG 3, 5, and 6 shall forever remain a mystery.)
H.460 takes NAT-firewall traversal into the area of the service provider or network cloud as well as the enterprise. Until now, any organization could implement its own method or solution for NAT-firewall traversal, but when it came time for inter-enterprise H.323-based voice/video communications, there was no standard to handle the situation. Now, this barrier disappears, providing a MAJOR capability for IP communications between organizations. Yes, things are getting better. Easier that is, when people understand how to register to session border controllers, and when session border controllers know how to neighbor.
Where the rubber meets the road, in terms of actual deployment, H.460 will require two things. The first is client software running behind the firewall - typically inside the videoconferencing endpoints themselves, or a gatekeeper substitute for non-compliant endpoints (see below). The second implementation element is a device (session border controller) in the network cloud, typically provided by the network service provider.
If this sounds familiar to you, it may be because you remember TANDBERG’s announcement of its Expressway product line (WRB Vol 6 #05, Feb 7), a product based on technology the company acquired with its Ridgeway acquisition. In fact, H.460 is based on Expressway, but has some minor modifications in the registration packet handling protocol (not minor if you are a registration packet protocol software engineer perhaps).



l8tes
Robert

sean can u explian more how this technology works in two different firewall networks?.I gone through the document which is available in tandberg website some little confusion.

Senthil

the border controller will let you traverse your firewall.. or multiple firewalls between it and your endpoint... I've done this in our setup and it works quite well.. no configuration needed. I went through 3 firewalls (2 using NAT!) without any configuration. quite impressive

it doesn't do anything for the far end unless you let them register to your border controller. If you do, then it works for them the same way it works for you.. and then you can traverse firewalls on both sides of the connection

hi

Thanks for the repyl and as you know the videoconferencing takes lots of dynamic ports for a conference in any network, but how the H.460 stardart is compramise the technology and allow to packets travels in secure network.

Trapehzoid can you pls give some info. what are the firewalls you are using in your network.

Senthil

hi

Thanks for the repyl and as you know the videoconferencing takes lots of dynamic ports for a conference in any network, but how the H.460 stardart is compramise the technology and allow to packets travels in secure network.

Trapehzoid can you pls give some info. what are the firewalls you are using in your network.

Senthil

I can't disclose the firewalls we use, but I've also tested it for a remote user using a linksys cable router without any issue as well.

It gets around firewalls by using outgoing connections only. As long as your firewall allows return traffic to the same port, and allowed the outgoing connection to start with.. you're all set. All but only the most paranoid firewalls will let that through. And for the paranoid ones, it only uses like 4 fixed ports, so you can avoid the dynamic port issue of H323.

When using the h.460 based solution, there are no more dynamic ports to worry about... but even that is secondary to the 'outgoing only' connections. That's the magic behind it.

Yep the technology is good, Only I think I wanted to feel technology I need to use it. I am waiting for to test(or) feel the technology.

Thanks

Senthil

OK, i finally had a chance to see a Tandberg with the 460 standard and i ws not too happy with it.


I mean it connected perfectly where other systems would have taken longer to open ports and reconfigure network settings. This did connect right away...but the picture was crap.... Then i put the same system on a T1 straight to net with no firewall and it looked alot better.

I was not the one installing it though, so i can not account for the settings. We had a Tandberg rep in our office showing us this equipment.

you had some other issue, not the technology. It doesn't affect the video image or quality at all. Maybe you had bad ethernet port settings or something. The system doesn't mess with the media at all.

but the picture was crap.... Then i put the same system on a T1 straight to net with no firewall and it looked alot better..

I assure you there was another issue. The Expressway products do not process media in any way so its not possible for it to directly degrade the video or audio. I would look for duplex mismatches or something else causing the problem.

Sean

Could it be that the firewall was causing additional delay/jitter that affected the picture quality?

Hello VPresti,

By chance, any luck with the Expressway? Tandberg fixed the issue?

Could it be that the firewall was causing additional delay/jitter that affected the picture quality?

Mismatch errors?

Also, anyone happen to be demoing/using the Polycom V2IU?

Thanks,

Onlai76 :)

OK, i finally had a chance to see a Tandberg with the 460 standard and i ws not too happy with it.


I mean it connected perfectly where other systems would have taken longer to open ports and reconfigure network settings. This did connect right away...but the picture was crap.... Then i put the same system on a T1 straight to net with no firewall and it looked alot better.

I was not the one installing it though, so i can not account for the settings. We had a Tandberg rep in our office showing us this equipment.

In spite you are presenting the h.460 as a good solution, I am trying to implement a h323 based client, based in the Onpenh323 project, and using the h.460 approach. However I am having a great deal of difficulties in creating a video channel associated with a new capability created by me.

If someone code give me a hint, I would very grateful! :)

Thanks in advance

Anyone had any luck?

Did anyone try to demo the Pathfinder? If I even try this out, I have to resort to using this since the off-network endpoint does not have encryption capability and/or we are not certain if they will enable encryption.

Thanks for any feedback you can provide.

Along the same lines as this thread, I'm getting a lot of requests from home users who want to communicate to our offices via videoconferencing. I'm just curious as to how people ae handling that type of requests. I realize I could constantly punch holes in the firewall for each user--but that seems like a rather sloppy solution. Is anyone using a firewall traversal device for home users? We're a Polycom/Sony shop.

I've seen the V2IU work pretty well in these sorts of deployments.

Can anybody tell what port numbers should I open in the FW in order to use that? Thanks.

Can anybody tell what port numbers should I open in the FW in order to use that? Thanks.

Depends on whether or not the devices support multiplexed media. If so, the port range is just a handful of ports (4 ports). You can find the ports for TANDBERG's gear in our TANDBERG and H.323 document found on our web page at http://www.tandberg.com/collateral/documentation/White_Papers/TANDBERG%20and%20H323.pdf

Polycom does not support multiplexed media so their port range is quite large, from the HDX admin manual (page 2-15):
To use this traversal, Polycom HDX systems and firewalls must be configured
as follows:
• Enable firewall traversal on the Polycom HDX system.
• Register the Polycom HDX system to an external V2IU Traversal Server
Gateway that supports the H.460.18 and H.460.19 standards.
• Make sure that firewalls being traversed allow Polycom HDX systems
behind them to open outbound TCP and UDP connections.
—Firewalls with a stricter rule set should allow Polycom HDX systems
to open at least the following outbound TCP and UDP ports: 1720
(TCP), 14085-15084 (TCP) and 1719(UDP), 16386-25386 (UDP).
—Firewalls should permit inbound traffic to TCP and UDP ports that
have been opened earlier in the outbound direction.
• For best interoperability, make sure that H.323 protocol-aware features are
disabled on firewalls being traversed.


We see multiplexed media support (optional in the standard) as an advantage and the reason why you wanted firewall traversal in the first place -- to minimize the opened ports on your firewall! Polycom apparently doesn't. But to be fair, when you OEM something instead of make it yourself you don't always get to control the roadmap of features.

Sean

Thank you, Sean. Your advice is very useful, as usual.

Polycom does not support multiplexed media so their port range is quite large, from the HDX admin manual (page 2-15):
Sean


Sean,

I'm using a BORDER CONTROLLER and want to connect POLYCOM VSX and HDX to it and as you say, they do not support Multiplexed Media.

BUT the only way for us to get this to work is to disable Multiplexed Media on the BC?!

This sounds quite strange to me, that we have to disable a function that is not even used by the Polycoms to have it working!?

Do you know the deal with this!?

//Robert

Sean,

I'm using a BORDER CONTROLLER and want to connect POLYCOM VSX and HDX to it and as you say, they do not support Multiplexed Media.

BUT the only way for us to get this to work is to disable Multiplexed Media on the BC?!

This sounds quite strange to me, that we have to disable a function that is not even used by the Polycoms to have it working!?

Do you know the deal with this!?

//Robert

Hi Robert,

The challenge is there is no way to signal if you support multiplexed media or not, so its an all or nothing setting today. To make sure it works will all endpoints including those that do not support multiplexed media, you have to turn it off. The best option for everyone is for Polycom to support multiplexed media, but I am not sure they see the same value in the firewall traversal technology as we do.

Sean

Along the same lines as this thread, I'm getting a lot of requests from home users who want to communicate to our offices via videoconferencing. I'm just curious as to how people ae handling that type of requests. I realize I could constantly punch holes in the firewall for each user--but that seems like a rather sloppy solution. Is anyone using a firewall traversal device for home users? We're a Polycom/Sony shop.

We run a Tandberg Expressway solution, and as long as the distant endpoint is a Tandberg MXP system it seems to work well.

Regards,

Wes