H.323 Global Network

Step-by-Step Guide: Connecting to the H.323 Global Network

This guide will explain how to get your domain connected to the H.323 Global Network. This guide focuses on Model 1, Model 2, and Model 3 as described in the more general "Configuration Guide". The main difference between those models is where you place the gatekeeper.

You can also ask the H.323 community for help. Just visit the H.323 discussion forum and post your question.

Step 1 - Downloading GnuGk

Download and install the GnuGk. You can download the executable software already compiled, or you can compile it yourself.

Step 2 - Configuring GnuGk

To make it as simple as possible, we provide a recommended configuration here with an explanation down below. This example utilizes MySQL to retrieve usernames and passwords, but we will show how to use SQLite further down.

Gatekeeper Configuration

;;
;; Example Gatekeeper Configuration
;;

[Gatekeeper::Main]
Fortytwo=42
TimeToLive=600
Home=192.168.1.10
ExternalIP=172.10.14.24
StatusPort=7000

[RoutedMode]
GKRouted=1
CallSignalPort=11720
H245Routed=1
H245TunnelingTranslation=1
H245PortRange=56000-56999
AcceptUnregisteredCalls=1
SupportNATedEndpoints=1
EnableH46018=1
H46018NoNat=0
EnableH46023=1
H46023STUN=stun.h323.net
ENUMservers=enum.h323.net,nrenum.net,e164.arpa
RDSservers=rds.h323.net

[RoutingPolicy]
default=explicit,internal,enum,srv,rds,dns

[Proxy]
Enable=1
RTPPortRange=55000-55999
RTPMultiplexing=1
RTPMultiplexPort=2776
RTCPMultiplexPort=2777

[GkStatus::Auth]
rule=explicit
127.0.0.1=allow
default=forbid

[RasSrv::RRQFeatures]
SupportDynamicIP=1
OverwriteEPOnSameAddress=1

[RasSrv::LRQFeatures]
AcceptNonNeighborLCF=1
AcceptNonNeighborLRQ=1

[Gatekeeper::Auth]
SQLPasswordAuth=required;RRQ

[SQLPasswordAuth]
Driver=MySQL
Host=localhost
Database=gatekeeper
Username=gnugk
Password=<password>
Query=SELECT password FROM users WHERE username = '%u'
CacheTimeout=300
MinPoolSize=5

[AssignedAliases::SQL]
Driver=MySQL
Host=localhost
Database=gatekeeper
Username=gnugk
Password=<password>
Query=SELECT alias FROM aliases, users WHERE aliases.username = users.username AND users.username = '%u';
CacheTimeout=300
MinPoolSize=5

The first thing we want to discuss is the IP addresses used by GnuGk. If your machine has a single, public interface, you can remove the "Home" and "ExernalIP" address lines from the [Gatekeeper::Main] section. The Gatekeeper will automatically use the single address is sees when it starts.

If you operate the Gatekeeper in a NATed network, such as a DMZ or Amazon's EC2, you will need both the "Home" and "ExternalIP" lines. The "Home" line indicates the IP address of the network interface. In the case of Amazon EC2, this is the private address Amazon provides for each instance. The "ExternalIP" is what the rest of the world should consider as the public IP address of your Gatekeeper.

The line "CallSignalPort=11720" specifies the port number used for H.225.0 call signaling. GnuGk uses port 1721 by default to allow H.323 clients on the machine to use the H.323 default port 1720. We are suggesting port 11720, since that port was registered with IANA for this purpose. You may specify any port you wish, but make sure it's reachable through any firewall.

Note the lines "H245PortRange" and "RTPPortRange". If you operate the gatekeeper on the public Internet where there is no firewall blocking traffic to the Gatekeeper, you may remove these lines. However, if you have a firewall that blocks access to the machine or you otherwise wish to limit the port ranges of H.245 and RTP/RTCP traffic, you should configure these lines with values appropriate for your environment. Don't forget to open the firewall for those ports!

The "RTPMultiplexPort" and "RTCPMultiplexPort" ports also need to be open and accessible from the Internet. You may change these values to anything you like. These ports are used by clients that support multiplexing media flows when proxied by the Gatekeeper.

There are four other ports that MUST be open for the firewall. You need to ensure that UDP ports 1718 and 1719 are open. You must also ensure that TCP ports 1720 and 1721 are open. Those are the RAS and H.323 call signaling ports, the ports used for basic H.323 communications. (Technically, port 1718 does not need to be open, but some older devices did not follow the standard properly and try to register to that port.)

In the database configuration areas, you will need to adjust the name of the database server, database user, password, and SQL select statement according to your environment. We'll discuss the database in the next step.

Summary of Ports to Open
Port Description
1719 (UDP) RAS signaling port, specified in DNS and also the default port for H.323 clients
11720 (TCP) Call signaling port, specified in [RoutedMode]->CallSignalPort
56000-56999 (TCP) Dynamic H.245 signaling ports, specified in [RoutedMode]->H245PortRange
55000-55999 (UDP) RTP/RTCP ports for proxied media, specified in [Proxy]->RTPPortRange
2776 (UDP) RTP multiplexing port, specified in [Proxy]->RTPMultiplexPort
2777 (UDP) RTCP multiplexing port, specified in [Proxy]->RTCPMultiplexPort

Step 3 - Database Setup

As noted, the above example uses MySQL to allow GnuGk to authenticate users and to assign alias addresses. You can use any existing MySQL database or create a new one. Perhaps just as a very simple database, you might create one that contains these two tables:

Source Code

CREATE TABLE `users` (
  `username` char(30) COLLATE utf8_bin NOT NULL,
  `password` char(30) COLLATE utf8_bin NOT NULL,
  UNIQUE KEY `username` (`username`)
);

CREATE TABLE `aliases` (
  `username` char(30) COLLATE utf8_bin NOT NULL,
  `alias` varchar(256) COLLATE utf8_bin NOT NULL,
  KEY `username` (`username`)
);

This creates two tables, one called "users" and one called "aliases". The aliases table holds one or more aliases (e.g., phone numbers or URIs) for a user in the user table. The aliases table is joined to users table via the relationship users.username == aliases.username.

Let's assume you have a user named "bob" in the domain "example.com". Let's assume Bob's phone number is "123". You would insert a row into "users" where "username" is "bob" and "password" is Bob's password. You should then insert two rows into the "aliases" table, one for the example.com domain and one for the phone number. So, you would insert these two rows:
  username=bob, alias=123
  username=bob, alias=bob@example.com

Note in the above GnuGk configuration example where we show the SQL statements to get the user's password and aliases. You can see it matches the data structures we defined. You can change those in any way you wish, so long as GnuGk can access the database, issue the queries, and get the desired result.

If you don't use MySQL and would prefer to use SQLite, the replace the "Driver" and "Database" lines with "SQLite" and the pathname of the SQLite database file.

Step 4 - Configure DNS

In order for users to call from one domain to another or for some clients to determine the location to register, SRV records are needed in DNS. The "registration" service is advertised as "h323ls" and the "location service" is advertised as "h323ls".

DNS Configuration

_h323ls._udp            IN      SRV     0 0 1719 gk.example.com.
_h323rs._udp            IN      SRV     0 0 1719 gk.example.com.

The name "gk.example.com" is the hostname of your Gatekeeper server.

Since not all videoconferencing administrators have the ability to access or change their own domain's DNS, the H.323 Global Network provides a service called "Resolver Discovery System" (RDS). For technical details, you can look at this explanation of RDS. GnuGk (as shown in the configuration above) will utilize RDS services under rds.h323.net. If you are unable to install SRV records for your domain, contact us and we will insert appropriate RDS records for your domain.

Step 5 - Acquiring Phone Numbers

While the H.323 Global Network makes every effort to move away from phone numbers to URI / URL dialing (e.g., h323:bob@example.com), some people still have devices that only support phone numbers.

The H.323 Global Network uses enum.h323.net to translate telephone numbers into H.323 URLs. Actually, you can see in the config above under "ENUMservers" that we use three different ENUM registries. NRENUM handles numbers for universities around the world. Finally e164.arpa is the "official" E.164 registry that a very few organizations use due to politics, costs, etc.

You can get a free block of numbers for your domain. Just contact us and request a number assignment. Just indicate your domain name (e.g., example.com) and how many consecutive numbers you need. If you think you might need double the number in a year or two, go ahead and ask for the extra. Numbers are plentiful, but updating the ENUM database requires human intervention. So, it's best to ask for as many as you need at the outset. Also, provide an email address to serve as the point of contact.

Note that all phone numbers allocated as a part of the H.323 Global Network start with +87840. Usually, that is followed by 10 additional digits. Yes, that does make for a long phone number, but it also ensures that there will be enough numbers for everyone.

Step 6 - Start Your Gatekeeper

If you haven't already, you can now start your Gatekeeper. Users should be able to register and be assigned phone numbers and H.323 URLs. Users should be able to call each other on the same domain and should be able to call other domains.

Congratulations! You are now connected to the H.323 Global Network! Depending on your clients capabilities, you should be able to call users either using friendly user identifiers (e.g., "bob@example.com") or phone numbers (e.g., "123").