1 / 7

Application-Layer Policy Enforcement at SIP Firewalls ( draft-jfp-sipfw-policy-00.txt)

Application-Layer Policy Enforcement at SIP Firewalls ( draft-jfp-sipfw-policy-00.txt). SIP WG 48th IETF Jon Peterson <jon.peterson@level3.com> Level(3) Communications. One-Edged Network. Public Internet. Enterprise Network (w/ SIP). PS. FW. Public Internet. FW. PS. Carrier

dale
Download Presentation

Application-Layer Policy Enforcement at SIP Firewalls ( draft-jfp-sipfw-policy-00.txt)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application-Layer Policy Enforcement at SIP Firewalls(draft-jfp-sipfw-policy-00.txt) SIP WG 48th IETF Jon Peterson <jon.peterson@level3.com> Level(3) Communications

  2. One-Edged Network Public Internet Enterprise Network (w/ SIP) PS FW SIP WG - 48th IETF - JFP L3

  3. Public Internet FW PS Carrier Network (w/ SIP) Peer Carrier A Peer Carrier B FW FW PS FW ASP AS Multi-edge Network SIP WG - 48th IETF - JFP L3

  4. Typical Firewall with ALG “Inside” Network “Outside” Network PS ALG Signaling Media FW see: draft-rosenberg-sip-firewalls-00.txt SIP WG - 48th IETF - JFP L3

  5. Policies might intervene (logically) between the PS and the ALG PS Policy 1 Policy 2 ALG FW Inbound Signaling SIP WG - 48th IETF - JFP L3

  6. A simple policy example: One-way edge Blocked! “Inside” Network “Outside” Network POL PS ALG FW INVITE Calls allowed in this direction SIP WG - 48th IETF - JFP L3

  7. In Summary • There may be reasons why it would be important for a SIP session to traverse a particular network edge on its way to its final destination • Some application-layer policies are best enforced at an edge • Know of any other examples? SIP WG - 48th IETF - JFP L3

More Related