Internet Draft
SIP Working Group Fredrik Thernelius
Bertil Engelholm
Internet Draft Ericsson
<draft-thernelius-sip-firewall-solution-00.txt> July 2000
Category: Informational
SIP Firewall Solution
Status of this Memo
This document is an Internet-Draft and is NOT offered in accordance
with Section 10 of RFC2026, and the author does not provide the IETF
with any rights other than to publish as an Internet-Draft
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts. Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet- Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
1. Abstract
This document describes a solution that is able to handle SIP
signaling together with NAT enabled firewalls. The intent is to show
that existing firewalls do not have to be replaced by "SIP enabled"
ones, instead they will only have to be reconfigured slightly.
The main feature of this solution is using MGCP from a session
control proxy to open/close holes in an RTP proxy which then enables
RTP traffic to flow between interconnected networks.
Worth noting is that this solution will not only work for SIP, it
will also work for other protocols, such as H.323 or Real Audio. It
does not even have to be RTP that is passed through the RTP proxy,
though this draft assumes that the RTP stream is accompanied by
RTCP. The solution will work for any protocol that wishes to
open/close ports dynamically in the RTP proxy (maybe it should be
called Forwarding Engine in the general case).
Thernelius, Engelholm [Page 1]
�
SIP Firewall Solution July 2000
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC-2119 [1].
3. Introduction
This draft proposes a simple solution to the problems that NAT
introduces when it's used together with SIP [2]. By terminating all
multimedia sessions in an RTP proxy on the demilitarized zone (DMZ)
and then from that point relay the RTP packets to the final
destination we do not have to bother with NAT even if the internal
network uses private addresses.
It must be noted that packet-filtering rules have to be added in the
firewall in order to allow UDP packets from both the internal and
the external networks if they are destined for the RTP proxy.
Similarly, packets must be allowed to leave the DMZ if they come
from the RTP proxy. The RTP proxy will require a global IP address
for this solution to work as described in this document.
A SIP proxy controls the RTP proxy by using the media gateway
control protocol (MGCP) [3]. MGCP is a client-server protocol,
documented in RFC 2705. The solution requires that an MGCP call
agent is integrated in the SIP proxy.
The draft "draft-huitema-megaco-mgcp-firewall-00.txt" shows the
signaling needed for implementing this solution. Since only a small
subset of MGCP is needed the development time of this solution is
kept to a minimum.
4 SIP
4.1 General
The Session Initiation Protocol (SIP) is used to setup media
sessions between two or more parties. The session can include e.g.
audio and/or video streams.
A SIP message can look like this:
INVITE sip:watson@boston.bell-tel.com SIP/2.0
Via: SIP/2.0/UDP kton.bell-tel.com
From: A. Bell
To: T. Watson
Call-ID: 3298420296@kton.bell-tel.com
CSeq: 1 INVITE
Subject: Mr. Watson, come here.
Content-Type: application/sdp
Content-Length: ...
Thernelius, Engelholm Expires January 2001 [Page 2]
�
SIP Firewall Solution July 2000
v=0
o=bell 53655765 2353687637 IN IP4 128.3.4.5
s=Mr. Watson, come here.
c=IN IP4 kton.bell-tel.com
m=audio 3456 RTP/AVP 0 3 4 5
The SIP message contains two parts. A SIP part and a SDP part.
The SIP part basically describes who you want to contact (in the
example watson@boston.bell-tel.com) and from whom the invitation
come from (A.Bell).
The SDP part describes what kind of media stream you want to setup
and to where you want the B-client to setup the media stream (in the
example the A-client want the B-client to setup an RTP audio stream
towards port 3456 at kton.bell-tel.com).If this kind of message is
sent from a client connected to a company network or an ISP network
a few problem will arise if the network is connected through a
firewall towards the rest of internet.
5 Firewall Design
|
| +----------+
+--| |
| | |
| +----------+
EXTERNAL INTERNAL |
| :
| :
| :
oooo | :
ooo ooo |
ooo ooo +-----------+ | +----------+
o o | | | | Agent 1 |
o IP Cloud o--------| Firewall |---+--| |
ooo ooo | | | +----------+
/ ooo ooo +-----------+ |
/ oooo | |
/ DMZ |
/ |
/ | +----------+
+--------+ +--|SIP proxy |
| Agent 2| +----------+ | | |
| | |RTP proxy |---+ +----------+
+--------+ | | |
+----------+
Figure 1. Firewall Design View
Thernelius, Engelholm Expires January 2001 [Page 3]
�
SIP Firewall Solution July 2000
The design is based on a firewall/router (FW) with three interfaces.
The internal interface connects to all SIP agents inside the
firewall. The external interface connects to the unprotected
external world. The demilitarized zone (DMZ) is a third separate
interface connecting a number of proxies.
For SIP there are two proxies that are interesting, the SIP proxy
and the RTP proxy. The SIP proxy will transfer all SIP communication
between the internal and the external world. In the same way will
the RTP proxy transfer all RTP communication. This means that no SIP
or RTP traffic is allowed to pass through the firewall without first
passing one of the proxies.
It is noted that the architecture described above is not REQUIRED.
Both the RTP proxy and the SIP proxy MAY just as well be co-located
in the firewall box. For simplicity reasons the architecture in
Figure 1 is discussed in this document.
5.1 SIP Proxy
The SIP proxy will take care of all SIP messages that need to be
transferred between the internal and the external interfaces. When
SIP messages are received, the SIP proxy will use them to control
the RTP proxy so that all RTP ports for a multi media session are
opened/closed as they are needed.
In some cases the SIP proxy also have to modify addresses in the SIP
headers so that internal/private information is not send out on the
external side of the firewall. This draft does not attempt to cover
how this should be done.
The SIP proxy will exchange the SDP part of the message to the one
given by the RTP proxy (see below)
5.2 RTP Proxy
The RTP proxy will analyze the SDP part sent by the SIP proxy and
open/close the corresponding ports and then return a new SDP back to
the SIP proxy containing the addresses and ports used by the RTP
proxy for the current session. This new SDP is copied into the SIP
message by the SIP proxy which then forwards it to the correct
receiver.
The RTP proxy will be configured to use a wide range of ports for
the RTP traffic. The firewall will have to let UDP traffic through
if its destination or source address is the RTP proxy.
5.3 MGCP
The Media Gateway Control Protocol (MGCP) is used as a control
protocol between the SIP proxy and the RTP proxy. The SIP proxy have
Thernelius, Engelholm Expires January 2001 [Page 4]
�
SIP Firewall Solution July 2000
to integrate the client part of the protocol, the Call Agent (CA),
and the RTP proxy will have to implement the server part of the
protocol, the Call Agent Server (CAS). The CAS will use the well-
known MGCP port (2427).
MGCP is convenient to use for this purpose since it also uses SDP as
session description protocol, just as SIP do. In this way the SIP
proxy can just copy the SDP part from SIP messages to the MGCP
commands sent to the RTP proxy.
MGCP is also logical to use due to the fact that the functionality
of the RTP proxy is very similar to that of other media gateways in
the sense that we set up connections through the RTP proxy. In this
case the media gateway happens to have IP on the both sides. The
media gateway will thus work as an IP bridge.
When MGCP is used in the way described in this draft only a subset
of the entire protocol have to be implemented.
MGCP specifies possibility to get traffic statistics from the
gateway (RTP proxy) which means that functionality for charging can
be added.
6 Signal Flows
6.1 Session Setup (internal -> External)
6.1.1 Flow
agent1 SIP proxy RTP proxy agent2
| | | |
| SIP(INVITE) | | |
|----------------->| | |
| SIP(100 Trying) | | |
|<-----------------| | |
| | MGCP (Create Connection#1) | |
| |----------------------------->| |
| | MGCP (200 OK) | |
| |<-----------------------------| |
| | MGCP (Create Connection#2) | |
| |----------------------------->| |
| | MGCP (200 OK) | |
| |<-----------------------------| |
| | SIP (INVITE) | |
| |--------------------------------------------->|
| | SIP (200 OK) | |
| |<---------------------------------------------|
| | MGCP (Modify connection#2) | |
| |----------------------------->| |
| | MGCP (200 OK) | |
| |<-----------------------------| |
| | MGCP (Modify connection#1) | |
Thernelius, Engelholm Expires January 2001 [Page 5]
�
SIP Firewall Solution July 2000
| |----------------------------->| |
| | MGCP (200 OK) | |
| |<-----------------------------| |
| SIP(200 OK) | | |
|<-----------------| | |
| SIP(ACK) | | |
|----------------->| | |
| | MGCP (Modify connection: sendrecv) |
| |----------------------------->| |
| | MGCP (200 OK) | |
| |<-----------------------------| |
| | SIP (ACK) | |
| |--------------------------------------------->|
| | | |
|<----------------------------------------------->|<------------->|
|<---------- RTP traffic -------------->|<-RTP traffic->|
|<----------------------------------------------->|<------------->|
| | | |
| | | |
Figure 2. SIP and MGCP setup signaling
6.1.2 Description
RTP proxy
+--------+ P1 C1 P2 +---------+ P3 C2 P4 +--------+
| |o---------------o|- - - - -|o-----------------o| |
| agent1 | | R1 | | agent2 |
| |o----- | | -----o| |
+--------+ \ +---------+ / +--------+
\ o /
\ | /
\ | /
\ | /
\ | MGCP /
SIP \ | / SIP
\ | /
\ | /
\ | /
\ | /
\ | /
\ | /
C = Connection o o o
P = Endpoint +---------+
R = Relay | |
|SIP proxy|
| |
+---------+
Figure 3. Signaling between logical entities
Thernelius, Engelholm Expires January 2001 [Page 6]
�
SIP Firewall Solution July 2000
This is a logical view of what should be done for this traffic case.
The SIP proxy shall order the RTP proxy to setup connections (C1 and
C2) towards the two SIP agents where agent1 is inside the firewall
and agent2 is outside.
Everything starts with agent1 sending a SIP INVITE message to the
outbound SIP proxy:
INVITE sip:UserB@fwp1.wcom.com SIP/2.0
Via: SIP/2.0/UDP here.com:5060
From: TheBigGuy
To: TheLittleGuy
Call-Id: 12345600@here.com
CSeq: 1 INVITE
Contact: TheBigGuy
Content-Type: application/sdp
Content-Length:169
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
t=0 0
c=IN IP4 10.11.12.13
m=audio 49170 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 53000 RTP/AVP 32
a=rtpmap:32 MPV/90000
In this example UserA (user agent1) invites UserB (user agent2) to
participate in a session containing one audio stream (on port 49170
at IP address 10.11.12.13) and one MPEG video stream (on port 53000
also at IP address 10.11.12.13).
The SIP proxy will send a MGCP command ordering the RTP proxy to
setup a connection towards agent1 (C1):
CRCX 1432 relay/$@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
M: inactive
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
t=0 0
c=IN IP4 10.11.12.13
m=audio 49170 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 53000 RTP/AVP 32
a=rtpmap:32 MPV/90000
The SIP proxy orders the RTP proxy to create a connection (CRCX) for
this session. The SDP from the SIP message is copied as it is and
will be analyzed by the Call Agent Server in the RTP proxy. The SIP
proxy has also specified a call id (C: ...) and the connection mode
Thernelius, Engelholm Expires January 2001 [Page 7]
�
SIP Firewall Solution July 2000
(M: ...). The mode is set to inactive at this stage because we don't
want the RTP proxy to forward any RTP packages yet (no receiver
yet).
The RTP proxy will now analyze the SDP part and create the
corresponding ports, which will be returned as a new SDP part in a
OK message:
200 1432 OK
Z: relay/42@rtpproxy.here.com
I: 32C789
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
t=0 0
c=IN IP4 200.3.4.5
m=audio 10126 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 10128 RTP/AVP 32
a=rtpmap:32 MPV/90000
The RTP proxy has generated a new IP address (200.3.4.5) and two new
port numbers (10126 and 10128). The RTP proxy actually allocates
four port numbers since each RTP port has a corresponding RTCP port
(10127 and 10129). A connection identity (I: ...) has also been
returned so the SIP proxy can direct orders directly to this
connection later on. The RTP proxy has also return a relay address
(Z: ...) for this connection so the SIP proxy can order the RTP
proxy to relay packages (R1 in the picture) between different
connections.
The SIP proxy will now order the RTP proxy to setup a new connection
(C2) towards agent2:
CRCX 1433 relay/42@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
M: inactive
Since the SIP proxy has no information yet about agent2 it cannot
send any SDP information. Since the SIP proxy uses the same call id
and specifies the relay code (42) it received in the last response
from the RTP proxy the RTP proxy will create the corresponding ports
and setup the relay between these ports (R1 between P2 and P3). The
RTP proxy will then return an OK message with the new ports:
200 1433 OK
I: 32C78A
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
t=0 0
c=IN IP4 200.3.4.5
Thernelius, Engelholm Expires January 2001 [Page 8]
�
SIP Firewall Solution July 2000
m=audio 10130 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 10132 RTP/AVP 32
a=rtpmap:32 MPV/90000
The SIP proxy can know take the received SDP part and copy it into a
SIP INVITE message and send it to UserB at agent2:
INVITE sip:UserB@there.com SIP/2.0
Via: SIP/2.0/UDP fwp1.wcom.com:5060
Via: SIP/2.0/UDP here.com:5060
Record-Route:
From: TheBigGuy
To: TheLittleGuy
Call-Id: 12345600@here.com
CSeq: 1 INVITE
Contact: TheBigGuy
Content-Type: application/sdp
Content-Length:167
v=0
o=UserA 2890844526 2890844526 IN IP4 here.com
t=0 0
c=IN IP4 200.3.4.5
m=audio 10130 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 10132 RTP/AVP 32
a=rtpmap:32 MPV/90000
Agent2 can now setup communication towards the address and ports
pointed out the RTP proxy. When UserB has decided which media
streams he can/wants to participate in he respond with an OK
message:
SIP/2.0 200 OK
Via: SIP/2.0/UDP fwp1.wcom.com:5060
Via: SIP/2.0/UDP here.com:5060
Record-Route:
From: TheBigGuy
To: TheLittleGuy ;tag=314159
Call-Id: 12345600@here.com
CSeq: 1 INVITE
Contact: TheLittleGuy
Content-Type: application/sdp
Content-Length: 147
v=0
o=UserB 2890844527 2890844527 IN IP4 there.com
t=0 0
c=IN IP4 110.111.112.113
m=audio 3456 RTP/AVP 0
a=rtpmap:0 PCMU/8000
Thernelius, Engelholm Expires January 2001 [Page 9]
�
SIP Firewall Solution July 2000
m=video 0 RTP/AVP 32
In this message agent2 (UserB) says that the audio stream will be
received at port 3456 at IP address 110.111.112.113 but denies the
video stream by setting the port to zero.
The SIP proxy will now order the RTP proxy to modify the connection
towards agent2 using the SDP part received in the SIP message from
agent2:
MDCX 1434 relay/42@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
I: 32C78A
M: inactive
v=0
o=UserB 2890844527 2890844527 IN IP4 there.com
t=0 0
c=IN IP4 110.111.112.113
m=audio 3456 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 0 RTP/AVP 32
The RTP proxy will remove the ports allocated for the video stream
since it will not be used. After that the RTP proxy respond with an
OK message:
200 1434 OK
The SIP proxy now orders the RTP proxy to modify the connection
towards agent1 (UserA):
MDCX 1435 relay/42@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
I: 32C789
M: inactive
v=0
o=UserB 2890844527 2890844527 IN IP4 there.com
t=0 0
c=IN IP4 110.111.112.113
m=audio 3456 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 0 RTP/AVP 32
The RTP proxy modifies this connection according to the new SDP and
responds with an OK message:
200 1435 OK
Thernelius, Engelholm Expires January 2001 [Page 10]
�
SIP Firewall Solution July 2000
v=0
o=UserB 2890844527 2890844527 IN IP4 there.com
t=0 0
c=IN IP4 200.3.4.5
m=audio 10126 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 0 RTP/AVP 32
This SDP information is copied into the SIP OK message by the SIP
proxy and sent to UserA at agent1:
SIP/2.0 200 OK
Via: SIP/2.0/UDP here.com:5060
From: TheBigGuy
To: TheLittleGuy ;tag=314159
Call-Id: 12345600@here.com
CSeq: 1 INVITE
Contact: TheLittleGuy
Content-Type: application/sdp
Content-Length: 147
v=0
o=UserB 2890844527 2890844527 IN IP4 there.com
t=0 0
c=IN IP4 200.3.4.5
m=audio 10126 RTP/AVP 0
a=rtpmap:0 PCMU/8000
m=video 0 RTP/AVP 32
Agent1 can now configure its RTP ports to communicate with the RTP
proxy and after that send an ACK message back to agent2 via the SIP
proxy:
ACK sip:UserB@fwp1.wcom.com SIP/2.0
Via: SIP/2.0/UDP here.com:5060
Route:
From: TheBigGuy
To: TheLittleGuy ;tag=314159
Call-Id: 12345600@here.com
CSeq: 1 ACK
Content-Length: 0
The SIP proxy now has to order the RTP proxy to open up the RTP
traffic by issuing a new modify command (this could already have
been done when the SIP OK message arrived):
MDCX 1436 relay/42@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
M: sendrecv
Thernelius, Engelholm Expires January 2001 [Page 11]
�
SIP Firewall Solution July 2000
The RTP proxy respond with an OK message after the mode have been
changed:
200 1436 OK
The SIP proxy now forwards the ACK message to agent2:
ACK sip: UserB@there.com SIP/2.0
Via: SIP/2.0/UDP fwp1.wcom.com:5060
Via: SIP/2.0/UDP here.com:5060
From: TheBigGuy
To: TheLittleGuy ;tag=314159
Call-Id: 12345600@here.com
CSeq: 1 ACK
Content-Length: 0
UserA and UserB can now send audio streams to each other through the
RTP proxy. Since all RTP traffic is passing the RTP proxy it means
that the RTP proxy can keep track on how much traffic is passing it
which can be used for e.g. charging. The RTP proxy can also check if
the packages passing is correct and throw away packages that has
some fault in them.
6.2 Session Disconnection (internal -> External)
6.2.1 Flow
agent1 SIP proxy RTP proxy agent2
| | | |
| SIP(BYE) | | |
|----------------->| | |
| | SIP (BYE) | |
| |------------------------------------------->|
| | SIP (200 OK) | |
| |<-------------------------------------------|
| | MGCP (Delete Connection#1) | |
| |----------------------------->| |
| | MGCP (250 OK) | |
| |<-----------------------------| |
| | MGCP (Delete Connection#2) | |
| |----------------------------->| |
| | MGCP (250 OK) | |
| |<-----------------------------| |
| SIP(200 OK) | | |
|<-----------------| | |
| | | |
Figure 4. SIP and MGCP setup signaling
6.2.2 Description
Thernelius, Engelholm Expires January 2001 [Page 12]
�
SIP Firewall Solution July 2000
RTP proxy
+--------+ P1 C1 P2 +---------+ P3 C2 P4 +--------+
| |o---------------o|- - - - -|o-----------------o| |
| agent1 | | R1 | | agent2 |
| |o----- | | -----o| |
+--------+ \ +---------+ / +--------+
\ o /
\ | /
\ | /
\ | /
\ | MGCP /
SIP \ | / SIP
\ | /
\ | /
\ | /
\ | /
\ | /
\ | /
C = Connection o o o
P = Endpoint +---------+
R = Relay | |
|SIP proxy|
| |
+---------+
Figure 5. Signaling between logical entities
This is a logical view of what should be done for this traffic case.
The SIP proxy shall order the RTP proxy to delete the two
connections (C1 and C2) towards the SIP agents where agent1 is
inside the firewall and agent2 is outside.
Agent1 initiates the disconnection by sending a SIP BYE message to
the SIP proxy:
BYE sip:UserB@fwp1.wcom.com SIP/2.0
Via: SIP/2.0/UDP here.com:5060
Route:
From: TheBigGuy
To: TheLittleGuy
Call-Id: 12345600@here.com
CSeq: 2 BYE
Content-Length:0
The SIP proxy forwards the BYE message to agent2:
BYE sip: UserB@there.com SIP/2.0
Via: SIP/2.0/UDP fwp1.wcom.com:5060
Via: SIP/2.0/UDP here.com:5060
From: TheBigGuy
To: TheLittleGuy ;tag=314159
Thernelius, Engelholm Expires January 2001 [Page 13]
�
SIP Firewall Solution July 2000
Call-Id: 12345600@here.com
CSeq: 2 BYE
Content-Length: 0
Agent2 confirms the disconnection by returning a OK message to the
SIP proxy:
SIP/2.0 200 OK
Via: SIP/2.0/UDP fwp1.wcom.com:5060
Via: SIP/2.0/UDP here.com:5060
From: TheBigGuy
To: TheLittleGuy ;tag=314159
Call-Id: 12345600@here.com
CSeq: 2 BYE
Content-Length: 0
The SIP proxy now orders the RTP proxy to delete the two connections
used by this session:
DLCX 1437 relay/42@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
I: 32C789
DLCX 1438 relay/42@rtpproxy.here.com MGCP 1.0
C: A3F41278B7065249
I: 32C78A
After deleting each connection the RTP proxy respond with an OK
message for each delete command:
250 1437 OK
P: PS=1459, OS=34560, PR=1434, OR=33780, PL=2, JI=7, LA=26
250 1438 OK
P: PS=1434, OS=33780, PR=1459, OR=34560, PL=5, JI=5, LA=26
MGCP specifies a possibility for the gateway (RTP proxy in our case)
to return connection parameters (P: ...) when a connection is
deleted. These parameters basically says how many packets was sent
(PS) and received (PR) and how many octets that was sent (OS) and
received (OR). It is also specified how many packets were lost (PL)
the jitter (JI) and estimated network latency (LA).
8. Security Considerations
Strong authentication and encryption algorithms SHOULD protect the
communication between the SIP proxy and the RTP proxy.
Thernelius, Engelholm Expires January 2001 [Page 14]
�
SIP Firewall Solution July 2000
RTP proxy: This entity should have all services turned off except
those needed for management.
SIP proxy: This entity should have all services turned off except
those needed for management.
The firewall SHOULD allow communication to and from the RTP proxy
and SIP proxy, which both reside on the DMZ.
The SIP proxy MUST know if a certain SIP message came from the
"inside" or from the "outside". Otherwise it is possible for a user
to be able to open ports through the RTP proxy by answering his/her
own INVITE message with a 200 OK.
9. References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997
[2] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg,
"SIP:session initiation protocol," Request for Comments
(Proposed Standard) 2543, Internet Engineering Task Force,
Mar. 1999.
[3] M. Arango, A. Dugan, I. Elliott, C. Huitema, S. Pickett, "Media
Gateway Control Protocol Version 1.0", RFC 2705, October 1999.
10. Author's Addresses
Fredrik Thernelius
G÷talandsv„gen 230
Box 1505
125 25 ýlvsj÷
Stockholm, Sweden
Phone: +46-8-727 49 96
Email: fredrik.thernelius@uab.ericsson.se
Bertil Engelholm
G÷talandsv„gen 230
Box 1505
125 25 ýlvsj÷
Stockholm, Sweden
Phone: +46-8-727 3499
Email: bertil.engelholm@uab.ericsson.se
Thernelius, Engelholm Expires January 2001 [Page 15]
�
SIP Firewall Solution July 2000
11. Full Copyright Statement
"Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Thernelius, Engelholm Expires January 2001 [Page 16]
�