[AG-TECH] Direction of communication with a Virtual Venue Server

Mon Sep 29 04:13:10 CDT 2003

On Fri, 26 Sep 2003, Brian Corrie wrote:

> Another comment along these lines... vic and rat are not very firewall
> friendly. With AG 1.2 we could get around that because port numbers were
> static and one could open up a select number of ports. With the dynamic
> allocation of port numbers in the AG 2.1.x software methinks this is somewhat
> more problematic. Am I missing something? We are mostly concerned with
> providing bridging to people behind firewalls at the moment but I think the
> issue is the same with venues on multicast as well. Dynamic port allocation
> for Vic and Rat cause big problems with firewalls...

There are several problem with firewalling RTP sessions (RTP is the
underlying  protocol used by both VIC and RAT) 
1) RTP uses UDP packets so you can't follow session state like you do with
   TCP.
2) RTP uses a pair of UDP ports, one for data and one for control
   messages.
    Some firewalls can be configured to open a port for return traffic
    for a short period if a host behind the firewall sends a packet out on
    that port (this is for request/reply time setups). This won't work 
    for RTP as unless you are actually transmitting you only send packets
    on the contol port

Quickbridge uses different ports of unicast and multicast traffic. If you
want to connect to a quickbridge outside your firewall you only need to
open a small part range to the bridge host and ensure that the bridge
always uses unicast ports within that range.

Our AG has its own subnet outside the firewall and I use quickbridge in
this mode I I want to monitor a session from my desktop.

				Stephen

======================================================================
|epcc| Dr Stephen P Booth             Project Manager           |epcc|
|epcc| s.booth at epcc.ed.ac.uk          Phone 0131 650 5746       |epcc|
======================================================================