VoIP scheme gets big backers

Cisco, which sells the most IP telephony gear, and Microsoft , which seeks a greater corporate VoIP role, recently agreed to work together to add capabilities in software that lets IP voice traffic more easily run across firewall-protected networks.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cisco, which sells the most IP telephony gear, and Microsoft , which seeks a greater corporate VoIP role, recently agreed to work together to add capabilities in software that lets IP voice traffic more easily run across firewall-protected networks.

The two companies will support and implement Interactive Connectivity Establishment (ICE) technology, which is a proposed IETF standard for allowing VoIP calls to traverse firewalls without compromising security. At issue is network address translation (NAT ), which is one of the most basic methods for protecting client and other network-based devices behind a firewall. NAT distributes internal IP addresses to nodes and then translates the addresses to publicly routable IP addresses when traffic traverses the Internet. This can prevent a VoIP call from being set up because NAT makes each IP endpoint in a VoIP connection handshake seem unreachable to the other.

Many companies have worked around NAT/VoIP compatibility issues by tunneling IP voice traffic through VPN connections. This is common for remote users with softphone clients and laptops, who connect to a corporate IP PBX through a home firewall or a hotel broadband connection with a VPN link. Site-to-site VoIP setups also use tunneling, virtual LAN (VLAN ) segments over VPNs or point-to-point links to connect VoIP calls to offices protected via NAT firewalls.

But some observers and standards crafters say such methods are stopgaps, and that VoIP connectivity should work as seamlessly across the Internet as browsing a Web site, sending e-mail or as in instant-messaging sessions.

This is where ICE comes in. The technology works by discovering the internal IP address schemes of networks that the two VoIP endpoints are attached to, behind NAT firewalls. To do this, ICE uses existing protocols and IP address discovery mechanisms, such as Simple Traversal of UDP through NAT (STUN), Traversal Using Relay NAT (TURN) and Realm Specific IP. This requires servers that can accept STUN and TURN requests and broker these connections for VoIP devices, which are called initiators in the ICE model.

STUN and TURN "by nature of their design, are difficult to operate through NAT," according to Jonathan Rosenberg, a Cisco engineer and author of the IETF Internet draft for ICE.

"ICE makes use of STUN and TURN, but uses them in a specific methodology, which avoids many of the pitfalls of using any one alone," Rosenberg writes in the ICE IETF draft proposal.

The potential for any-to-any VoIP connectivity without impediment from NAT firewalls has strong promise for consumer VoIP technology, according to Don Proctor, senior vice president of the Voice Technology Group at Cisco. "Microsoft's and Cisco's endorsement of ICE standards bodes well for our mutual customers," he said in a statement. This is especially true considering that most home networks with broadband have Microsoft operating systems, are protected by broadband router/NAT firewalls and connect to carrier networks with Cisco gear.