H.323 Gatekeeper
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
H.323 Gatekeeper works together with the H.323 protocol filter to provide full communications capabilities to H.323 registered clients using applications that are compliant with H.323 Gatekeeper, such as NetMeeting 3.0 or later. H.323 Gatekeeper provides registered clients with call routing and directory services and enables others to reach them using their well-known alias. (A well-known alias can be an e-mail address, such as someone@microsoft.com.) Clients registered with H.323 Gatekeeper can use H.323 Gatekeeper to participate in video, audio, and data conferences in local and wide area networks, across multiple firewalls and over the Internet.
You must use H.323 Gatekeeper for all inbound calls through ISA Server to a well-known alias. Any client who wants to be available through a well-known alias must register with H.323 Gatekeeper. In addition, clients must register with H.323 Gatekeeper if they use translation services when placing outbound calls, such as when using NetMeeting 3.0 or later to place a call to a Plain Old Telephone System (POTS) device. Outbound calls that do not require translation services may be placed without H.323 Gatekeeper.
H.323 RAS Registration Admission and Status
Every H.323 transaction has two endpoints—an origination endpoint, and a destination endpoint, usually clients. You usually register endpoints with H.323 Gatekeeper using H.323 Registration, Admission, and Status (H.323 RAS) protocol. You can use H.323 Gatekeeper to add a static registration to endpoints that do not support H.323 RAS registration. Static registrations are permanent, always active, and cannot receive inbound calls.
H.323 Gatekeeper supports three types of H.323 RAS addressing:
E164 phone number addressing, which uses characters 0-9.
H.323 ID addressing, which uses anything similar to e-mail addresses or DNS strings, including account names and machine names. No syntax is defined.
E-mail ID type addressing.
You can use the H.323 protocol filter to create PBX-style dial plans to route calls intelligently, based on the called party's address. You specify the rules which the H.323 Gatekeeper uses to govern which portion of an E164, H.323 RAS or H.323 ID alias address will be used to resolve an address request.
Inbound calls
When H.323 Gatekeeper receives an inbound query, it identifies the type of alias request, whether it is E164, H.323-ID, or e-mail ID. H.323 Gatekeeper then compares the alias to the list of rules. it then adds rules with patterns that match the query to an ordered rule list. Then it sorts the matching rules placing those with the lowest metric value highest on the list. It then goes through the list of rules, in order, until either the requested address is resolved, or the search fails. H.323 Gatekeeper then sends a confirmation or rejection to the originating client, depending upon whether or not the address is found.
Outbound Calls
When a registered client places an outbound call, an admission request is sent to the H.323 Gatekeeper. In the request, the H.323 client specifies the destination alias. If H.323 Gatekeeper finds the address for the destination alias, it returns an admission confirm, and the requested destination address to the originating client. If the destination address is not found, it continues to process the rule list to resolve the request.
For example, an e-mail namespace request would be processed in this manner. Suppose you are working at Microsoft and want to use NetMeeting 3.0 to call a person who also works at Microsoft and uses the e-mail alias someone@microsoft.com.
An admission request is sent to H.323 Gatekeeper for someone@microsoft.com. H.323 Gatekeeper will search the rules list, which could consist of the following rules:
Main list of rules
Domain |
Matching |
Rule name |
Weighted metric value |
|---|---|---|---|
microsoft.com |
Suffix |
Registration database |
1 |
microsoft.com |
Suffix |
Gatekeeper otherzone |
2 |
microsoft.com |
Suffix |
ILS Server named "Bogus" |
3 |
microsoft.com |
Suffix |
Active Directory |
4 |
microsoft.com |
Suffix |
None (cannot be resolved) |
6 |
(empty) |
Suffix |
Gateway/Proxy named "Bogus2" |
10 |
(empty) |
Exact |
Registration database |
2 |
(empty) |
Exact |
None (cannot be resolved) |
10 |
The H.323 Gatekeeper rule engine sorts the matching rules for the domain part microsoft.com and the resulting rule list is:
Domain |
Matching |
Rule name |
Weighted metric value |
|---|---|---|---|
microsoft.com |
Suffix |
Registration database |
1 |
microsoft.com |
Suffix |
Gatekeeper "otherzone" |
2 |
microsoft.com |
Suffix |
ILS Server named "Bogus" |
3 |
microsoft.com |
Suffix |
Active Directory |
4 |
microsoft.com |
Suffix |
None (cannot be resolved) |
6 |
(empty) |
Suffix |
Gateway/Proxy named "Bogus2" |
10 |
H.323 Gatekeeper will use the first rule to try to find someone@microsoft.com in the Registration Database. If the registration exists, H.323 Gatekeeper returns a confirmation along with the address to the origination client. If no address is returned H.323 Gatekeeper continues looking, going to the second rule, Gatekeeper "otherzone," for resolving the request. H.323 Gatekeeper works its way down the rule list until an address is returned or until it gets to the None Rule. When the None Rule is encountered, the query fails and a "Cannot be resolved" message is sent. Once the None Rule has been reached, no other rules are processed, regardless of their weighted metric value.
An outbound request to another domain will be forwarded to the ISA Server and resolved in the following way:
A NetMeeting 3.0 client at given company calls someone@microsoft.com. Using the main list of rules, from the previous example, the H.323 Gatekeeper rule engine sorts the matching rules for the domain part of the given company's URL and returns the resulting sorted list of rules.
Sorted list of rules
Domain |
Matching |
Rule Name |
Weighted Metric Value |
|---|---|---|---|
(empty) |
Suffix |
Gateway/Proxy named "Bogus2" |
10 |
H.323 Gatekeeper informs the ISA Server the address is external to the network. The ISA Server initiates the DNS lookup sequence.
If the query returns a fully-qualified DNS computer name, H.323 Gatekeeper performs an additional DNS query to find the IP address.
H.323 Gatekeeper considerations
H.323 Gatekeeper does not provide any security.
If you are managing ISA Server of H.323 Gatekeeper remotely on a computer running Windows 2000 Professional, you cannot access all of the tools and Help topics unless you have installed the Windows 2000 Administration Tools.
H.323 Gatekeeper does not enforce uniqueness of aliases for registration. However, each Q931 address must be unique. The H.323 Gatekeeper uses only the most recently registered active terminal for any one alias. This allows a user to register under one alias from multiple locations.
The H.323 application filter does not support H.225 signaling across ISA Server. For example, a NetMeeting 3.0 user who is located on an internal network cannot register with a gatekeeper that is located on the Internet. Also, an H.323 Gatekeeper that is running on the internal network cannot exchange location messages with a gatekeeper running on the Internet.
ISA Server provides support for fast kernel-mode data pumping of RTP audio and video media while making calls across ISA Serve using NetMeeting 3.0 or later. For more information, see Enable fast kernel-mode data pumping..