KR20020083887A - Method for communicating audio and video data in multimedia communication system using h.323 protocol - Google Patents

Abstract

In the present invention, when performing multimedia communication using the H.323 protocol, in the H.225 call setup, the H.225 call is established according to the currently connected H.225 channel information, not the user address information in the H.225 message. In establishing an H.245 channel, the H.245 message is transmitted according to the address and port information of the currently connected H.245 channel, not the user address and port information in the H.245 message, even if the user is located inside the NAT. Set the call to 323.

Also, the transmission of video and audio data does not use the video and audio reception channel information received in the H.245 message, but instead obtains port information from the channel to which the video and audio data is transmitted, thereby transmitting the video and audio data. Thereby, the present invention relates to an apparatus and method for allowing a user inside a firewall to receive audio and video data.

Description

METHOOD FOR COMMUNICATING AUDIO AND VIDEO DATA IN MULTIMEDIA COMMUNICATION SYSTEM USING H.323 PROTOCOL}

The present invention relates to a multimedia communication method, and more particularly, to a multimedia communication method using a firewall.

Among the ITU-T standards, the H.32x Recommendations refer to multimedia communications over various networks. H.323, one of them, defines the components, protocols, and procedures necessary to provide real-time audio / video / data services over packet networks, including IP-based networks.

H.323 consists of various protocols. H.225 and H.245 are protocols related to call and channel setup, respectively. In addition, G.711, G.722, G.723, G.728, G.729 and audio codecs related to audio codecs. 261 and H.263. H.225 and H.245 are transmitted over TCP, but video and audio related data is transmitted over UDP.

In general, a firewall is one of the network components for protecting an internal network. It is a policy to protect internal information assets from external intrusion and prevent harmful information from inflow, and supports H / W and S. Generic / W. The main function of the firewall is the only window interworking with the external network. In order to protect the internal network from the outside, the external function is blocked or the user authentication is blocked by using the IP address and port number of the system that requested the service for each service. Block external access based on It also monitors and records traffic to interconnected internal and external networks. At this time, the communication network inside the firewall is called a private network, and the communication network outside the firewall is called an external network. In addition, within the private network, each private user device must use a private address, and use a public address to communicate with a network outside the firewall.

When the multimedia communication is performed using the H.323 protocol as described above, a user inside the firewall using a network address translator (NAT) may not receive data.

1 illustrates a typical H.323 based multimedia communication environment. In FIG. 1, the first user device 11 may be a system or a terminal using a private address, and may also be a system or a terminal using a public address or a private address mapped to a public address. The first user device 11 may be a PC or a server as an external device connected to the Internet. The second user device 40 may also be located inside the firewall. When the second user device 40 is located inside the firewall and uses a private address mapped with a public address, the H.225 channel, the H.245 channel, and the port through which audio and video are transmitted and received in order to use H.323 It must be open for access.

In the multimedia communication environment as shown in FIG. 1, the first user device 11 located in the private network 10 uses a private address, and NAT21 of the firewall 20 recognizes the address of a message generated from the user device of the private network 10 and transmitted to the outside. Perform the function of converting to an address. Here, it is assumed that the private address of the private network 10 uses 192.168.x.x, and NAT21 changes it to the public address 203.236.114.x.

FIG. 2 is a view for explaining that when a subscriber of a user device having a private address of NAT21 having an address translation function as described above is used in the communication network of FIG. Drawing.

Referring to FIG. 2, first, the first user device 11 is located inside the firewall 20 having NAT21 having an address translation function, uses 192.168.51.50 as a private address, and is mapped to 203.236.114.179 transmitted to the outside. Assume that it is sent. In order to perform multimedia communication using the H.323, the first user device 11 first generates a SETUP message as shown in FIG. 11A and transmits it to the firewall 20 in step 111. Herein, the SETUP message includes an IP header including a source address and a destination address of a destination device as shown in FIGS. 11A and 11B, and a port for communication. TCP header including a desination port, and an H.323 SETUP message including address and port information for executing the H.323 protocol. Therefore, in the case of the SETUP message having the structure as shown in FIG. 11A generated by the first user device 11, a port to be used for setting its own private address 192.168.51.50 and H.225 in the sourceCallSignalAddress field (optionally among unused ports). Allocation: In the embodiment of the present invention, it is assumed to be 1024). In operation 113, the firewall 20 transmits the SETUP message through the IP network 30. In operation 113, the second user device 40 receives a SETUP message from the first user device 11 through the IP network 30. Upon receiving the SETUP message, the second user device 40 can know from this that the address of the first user device 11 is 192.168.51.50, and the first user device 11 uses port 1024 for H.225 setting. . According to the H.323 standard protocol, the second user device 40 uses the address and port of the first user device 11 of the sourceCallSignalAddress field obtained from the SETUP message transmitted by the first user device 11 in step 115 to configure the structure as shown in FIG. 11C. Branches generate and send CONNECT messages. The structure of the CONNECT message also has an IP header and a TCP header like the structure of the SETUP message, and also includes an H.323 CONNECT message. In this case, the Internet network 30 does not have a routing table for determining where to route the private address 192.168.51.50 of the first user device 11 to. This is because 192.168.51.50 is a private address. Therefore, when a private address user of NAT21 in Firewall20 uses H.323, a call routing problem occurs that cannot be set.

3 is a diagram illustrating a firewall blocking data transmission from an external node to an internal node when transmitting audio / video data using port information transmitted in an H.245 message.

Referring to FIG. 3, the H.323 protocol uses a H.245 channel related message called OpenLogicalChannel to transmit / receive audio and video data by each communication device (the first user device 11 transmitting audio / video data). A source port, which is a destination port used by the second user device 40 to transmit audio and video. In FIG. 4, information about the transmission / reception port is assumed to be 49000. The OpenLogicalChannel message transmitted from the first user device 11 is transmitted to the second user device 40 through steps 211 and 213, and the second user device 40 generates and transmits an OpenLogicalChannelAck message, which is a response message to the received message. do. The OpenLogicalChannelAck message is then transmitted to the first user device 11 through steps 215 and 217.

Thereafter, the second user device 40 is a port for transmitting / receiving audio and video data (the source port of the second user device 40 and the destination port of the first user device 11). Information). The OpenLogicalChannel message transmitted from the second user device 40 is transmitted to the first user device 11 through steps 219 and 221, and the first user device 11 generates and transmits an OpenLogicalChannelAck message, which is a response message to the received message. do. The OpenLogicalChannelAck message is then transmitted to the second user device 40 in steps 223 and 225.

When the above process is performed, ports for transmitting / receiving audio / video data are set between the first user device 11 and the second user device 40. That is, as shown in FIG. 3, the public address (DA: 172.16.3.4) and port (DP: 49100) of the second user device 40 for transmitting the audio / video data by the first user device 11 are determined. In addition, the public address (DA: 203.236.114.179) and port (DP: 49000) of the first user device 11 for transmitting the audio / video data by the second user device 40 are determined. Accordingly, the first user device 11 transmits a message of audio / video data having a message structure as shown in FIG. 12A to the firewall 20 in step 227, and the firewall 20 outputs it to the Internet network 30 in step 229. The audio / video data is then transmitted to the second user device 40 through the internet network 30. The second user device 40 generates a message of audio / video data having a structure as shown in FIG. 12C according to the address and port information of the received message of audio / video data and outputs the message to the Internet network 30 again. However, at this time, the audio / video data transmitted from the second user device 40 is blocked in the firewall NAT21, so that the problem cannot be delivered to the first user device 11. That is, when the second user device 40 outside the firewall NAT21 transmits the audio / video data using the message port information transmitted in the H.245 message as shown in FIG. 12C, the firewall NAT21 is external from the inside. Block data transfer to the node. This is because the firewall 20 generally applies filtering rules to receive only data considered safe without receiving all data received from the outside. Accordingly, the firewall 20 blocks audio / video data transmitted through UDP from the outside.

As described above, when multimedia communication is performed using the H.323 protocol, a user inside a firewall using a network address translator (NAT) may not receive data. The above causes can be largely divided into two.

One of the causes is that the H.323 protocol first establishes an H.225 connection using an H.225 message (a connection request with a SETUP message, a CALL PROCEEDING, ALERTING, or CONNECT message). The receiver receiving the SETUP message in this process responds with a CALL PROCEEDING, ALERTING, or CONNECT message to the address of the sourceCallSignalAddress field in the SETUP message. In this case, since the address loaded in the sourceCallSignalAddress is a private address used in a private network, a private address routing problem that cannot be routed through the Internet occurs.

In addition, one of the causes is that the firewall 20 receives only the data that the firewall 20 decides to allow in the filtering rule set by the firewall 20. Most of the firewall 20 is connected to a server other than the server in the internal network of the firewall 20. It does not allow access to internal nodes, nor does it allow access to data received on ports that are not open in its filtering rules. This raises the blocking problem of the firewall 20.

Due to the two reasons described above, a user inside the firewall 20 having an address translation function may not perform multimedia communication using the H.323 protocol.

Accordingly, an object of the present invention is to provide a method for routing a user device using a private address inside a firewall and a user device outside the firewall through an internet network in a multimedia communication environment.

Another object of the present invention is to provide a method for communicating an H.323 message between a user device using a private address inside a firewall and a user device outside the firewall in a multimedia environment.

It is still another object of the present invention to change data through a firewall from a connected channel without using a private address of a user device loaded in an H.323 message to transmit data to a user device using a private address inside a firewall in a multimedia communication environment. The present invention provides a method for identifying a public address and a port and transmitting data through the same, so that a user device inside a firewall can receive data transmitted from another user device through an internet network.

H.225 call setup method of the multimedia communication system using the H.323 protocol according to an embodiment of the present invention for achieving the above object, the user device in the private network H.225 set-up including a private address and port number Generating and transmitting a message; converting a public address and a port number into an IP header of the H.225 setup message by the firewall of the private network; outputting it to the Internet network; and a called party receiving the setup message; Generating and transmitting a connect message with an address and a port number obtained from the H.225 channel to which the user device is currently connected; and the private address and port number corresponding to the address and port number of the received connect message by the firewall. And converting the data into a private network and transmitting the same to a user device of the private network.

In addition, a channel for transmitting / receiving data during channel setting is provided, and in the multimedia communication system using the H.323 protocol, an audio / video data communication method includes: a user device of the private network having its own private address and port; Transmitting the audio / video data to the number; and converting the IP header address and port number of the audio / video data transmitted from the user equipment of the private network into a public address and a port number, After the transmission to the Internet network, the address of the user device connected to the Internet network to transmit the audio / video data from the IP header of the channel through which the current audio / video data is transmitted and received when the audio / video data is received After setting the and channel number, set the audio / video data to the set address and channel number. And converting the received audio / video data into an address and a port number of a user device of the private network corresponding to the address and channel number received when the firewall receives the audio / video data through the Internet network. Characterized in that the process is made to output.

In addition, in a multimedia communication system using the H.323 protocol, a method in which a user device in a private network in a firewall communicates data with a subscriber connected to an Internet network, includes an H.225 set in which a user device in a private network includes a private address and a port number. Generates an up message, and the firewall converts the public address and port number into an IP header of the H.225 setup message and outputs it to the Internet network, from the H.225 channel to which the user device connected to the Internet network is currently connected. Setting an H.225 channel with the obtained address and port number, transmitting and receiving a logical channel message between a user device and a counterpart user device of a private network in order to set a port for transmitting and receiving data during channel setting, and the private network A user device of the device transmits audio / video data to its own private address and port number, and the firewall Converts the address and port number of the IP header of the audio / video data to be transmitted into a public address and a port number, and transmits it to the Internet network, and when the called user device connected to the Internet network receives the audio / video data. Audio / video data transmission / reception process of setting the address and channel number for transmitting the audio / video data from the IP header of the channel through which current audio / video data is transmitted / received, and then transmitting the audio / video data to the set address and channel number. Characterized in that made.

1 is a typical H.323-based multimedia communication environment that can be applied to the present invention

2 is a flow chart illustrating that a call is not connected to a user using a private address.

3 is a diagram illustrating a form in which UDP data is blocked at a firewall.

4 is a flow chart illustrating a method for solving a routing problem to a user using a private address.

FIG. 5 shows that the firewall remembers the Outgoing UDP packet sent by the firewall and passes it into the firewall when an incoming UDP deemed to be a response is received.

6 is a flow chart illustrating how UDP data solves the blocking problem of a firewall.

FIG. 7A is a diagram showing a configuration of a firewall system, and FIG. 7B is a diagram showing a software structure of NAT of a firewall.

FIG. 8A is a diagram showing an example of the configuration of an address translation table of NAT, and FIG. 8B is a diagram showing an example of the syntax of filtering rules of NAT.

9 illustrates a software structure of a user device and an external device.

FIG. 10A is a diagram showing a partial configuration of a SETUP message (H.225 message), FIG. 10B is a diagram showing a part of a CONNECT message (H.225 message), and FIG. 10C is a diagram of an OpenLogicalChannel (H.245 message). Drawing showing a part

FIG. 11A is a diagram illustrating a structure of a SETUP message generated by a private user device inside a firewall, and FIG. 11B is a diagram illustrating a structure of a SETUP message generated by a firewall, and FIG. 11C is a diagram of a conventional connection through an internet network. 11 is a diagram illustrating a structure of a CONNECT message generated in response to the SETUP message in an external device, and FIG. 11D is a CONNECT message generated in response to the SETUP message in an external device according to an embodiment of the present invention connected through an Internet network. Drawing showing the structure of

FIG. 12A illustrates a message structure of audio / video data output from a private user device inside a firewall, FIG. 12B illustrates a message structure of audio / video data generated by a firewall, and FIG. 12C illustrates an Internet network. FIG. 12D is a view illustrating a message structure of audio / video data generated by a conventional external device connected through a connection. FIG. 12D illustrates audio / video data generated by an external device according to an embodiment of the present invention connected through an Internet network. Drawing showing the message structure

FIG. 13 is a flowchart illustrating a procedure for transmitting / receiving audio / video data by a private user device inside a firewall in a multimedia communication system according to an embodiment of the present invention.

FIG. 14 is a diagram illustrating a procedure of transmitting / receiving audio / video data with a private user device connected to an inside of a firewall by an external device connected to an Internet network in a multimedia communication system according to an embodiment of the present invention.

15 is a flowchart for performing a function of H.323 call setup and audio / video data transmission through a H.323 based multimedia communication protocol through a firewall;

DETAILED DESCRIPTION Hereinafter, detailed description of preferred embodiments of the present invention will be described with reference to the accompanying drawings. It should be noted that the same components in the figures represent the same numerals wherever possible.

In the following description, specific details such as private and public address, transmit / receive port, etc. of user devices are shown to provide a more general understanding of the present invention. It will be apparent to those skilled in the art that the present invention may be readily practiced without these specific details and by modifications thereof.

When the multimedia communication device supporting the H.323 protocol according to the embodiment of the present invention receives the SETUP message from the user device, and compares the source address in the SETUP message with the address of the currently connected channel, and has a different address value, The user who sent the current setup is regarded as using the private address inside the firewall (using the NAT function), and the data transmission solves the private address routing problem by transmitting data using the address information obtained from the channel.

The firewall also has dynamic packet filtering. In this case, the dynamic packet filtering stores outgoing UDP packets transmitted by itself, and the source address of the outgoing UDP, which is regarded as a response thereto, becomes the destination address of the incoming UDP, and the outgoing UDP Is the source address of Incoming UDP). This capability solves the firewall blocking problem by sending audio / video data over UDP to the firewall.

Hereinafter, the configuration and operation of the present invention will be described with reference to the accompanying drawings.

The environment of a multimedia communication system according to an embodiment of the present invention is the same as that of FIG. 1 illustrates a typical H.323 based multimedia communication environment to which an embodiment of the present invention can be applied. As described above, the second user device 40 in FIG. 1 is a device connected to the firewall 20 and the Internet network 30 to which the first user device 11 is connected. The second user device 40 is a system or a terminal using a private address, and also uses a public address. Or a system or terminal using a private address mapped with a public address. In addition, when the second user device 40 is a server or a PC in the private communication network, the second user device 40 may be located inside a firewall of the corresponding private communication network. In this case, when the second user device 40 is located inside the firewall and uses a private address mapped with a public address, an H.225 channel, an H.245 channel, and a port through which audio and video are transmitted and received in order to use H.323 are external. It must be open for access by.

4 is a view illustrating a method of solving a private address routing problem in which call setup is not performed when a first user device 11 using a private address located inside a firewall 20 having an address translation function uses H.323. Drawing. That is, FIG. 4 is a diagram illustrating a method for solving the private address routing problem, which is the first problem of the prior art in the embodiment of the present invention.

Fig. 5 shows the outgoing UDP packet transmitted by NAT21 of the firewall 20. Incoming UDP (the source address of the outgoing UDP becomes the destination address of the incoming UDP, and the destination address of the outgoing UDP is regarded as a response). Incoming UDP source address) shows the characteristics of the firewall that passes it inside the firewall.

Figure 6 solves the firewall blocking problem by using the function of the NAT of the firewall 20 to store the address and port information of the Outgoing UDP packet sent by it, and then pass it into the firewall when an incoming UDP that is considered as a response is received. It is a figure which shows the process to do.

7A is a diagram illustrating the configuration of the firewall device 20.

Referring to FIG. 7A, a CPU 611 for controlling the overall operation of the firewall device, a ROM 613 used as a program memory, a RAM 615 used as a memory for temporarily storing data generated during program execution, Non Volatile Memory (NVM) 617 for permanently storing data, and one or more hard discs 619 for storing long periods of information. In addition to the above recording media, various storage media including magnetic tape and CD-ROM drive may be used. Removable storage media may also be provided for storing data or computer process instructions.

In addition, the user interface 621 may interface a communication function between the user and the computer system, and a keyboard, a mouse, a speaker, and a printer may be connected to the user interface 621. The display unit interface 621 processes data for displaying information processed in the computer system. A display unit (eg, a CRT) 633 is connected to the display unit interface 631. The communication interface 641 is responsible for the communication function between the computer system and external devices. The communication interface 641 may be a modem, a LAN card, or the like.

FIG. 7B is a diagram illustrating a functional block of NAT having an address translation function for performing an embodiment of the present invention in the firewall device 20. As shown in FIG.

Referring to FIG. 7B, the address translation table 655 is a table that stores information for converting a private IP address and a port into a public IP address and a port or inversely converting them. The filtering rule table 661 is a table storing filtering rule information for transmitting and receiving a message with the Internet network 30 according to the converted address information after performing the address translation function.

When receiving a message generated by the first user device 11 in the private network, the private network message processing unit 651 creates a conversion table between the private IP address and the public IP address in the address translation table 655, and uses the created address translation table to generate the private network IP address. And convert the port into a public IP address and port.

When receiving a message generated by the second user device 40, which is an external device, through the Internet network 30, the Internet message processing unit 653 uses the address conversion table 655 to convert the public IP address and port of the received message into an IP address and a private network. It converts to a port, and applies the received message to the filtering rule table 661 to control the transmission of the received message into the private network if appropriate, and to delete the received message if it is not (if inappropriate).

The private network message processor 651, the internet network message processor 653, and the address translation table 655 may be configured as NAT21.

The private network message transmission / reception unit 657 receives messages generated from the first user device 11 in the private network and outputs the messages to the private network message processing unit 651. The private network message transmission / reception unit 657 processes the messages of the first user device 11 processed by the public IP address from the private network message processing unit 651. A function of outputting to the Internet network 30 is performed.

The Internet network message transmission / reception unit 659 receives a message generated from the second user device 40 of the external device connected through the Internet network 30 and outputs the message to the Internet network message processing unit 653, and the private IP address in the Internet network message processing unit 653. Transmits the processed message to the first user device 11 side in the private network.

FIG. 8A is a diagram showing a configuration example of the address conversion table 655, and FIG. 8B is a diagram showing a configuration example of the filtering rule table 661. FIG.

The second user device 40, which is an external device connected to the first user device 11 and the Internet network 30 in the private network, may be implemented as a computer system having the configuration as shown in FIG. 7A.

The user device having the structure as described above has the structure as shown in FIG. 9 to perform a multimedia communication function according to an embodiment of the present invention. That is, in the embodiment of the present invention, the user device having the configuration as shown in FIG. 7A includes tasks having the software processing function as shown in FIG. In the embodiment of the present invention, it is assumed that the user device is a PC.

Referring to FIG. 9, the user device PC includes a user interface unit 602, an H.225 processor 604, an H.245 processor 606, an RTP / RTCP processor 608 that processes audio / video data, and a message transceiver 610. The user interface unit 602 performs a call connection request for Internet communication, captures or plays a video screen, transmits audio data, or plays received audio data on a sound card. The H.225 processor 604 processes an H.225 message related to call establishment among H.323 messages. The H.245 processor 606 processes an H.245 message related to channel setting. The RTP / RTCP processor 608 processes audio and video data transmitted through UDP.

10A-10C illustrate the structure of messages communicated in embodiments of the present invention.

10A is a diagram illustrating a partial configuration of a SETUP message. The SETUP message includes a DestinationIPAddress-IP and a DestinationIPAddress-port indicating a called party IP address and a port number, and a SourceIPAddress-IP and a SourceIPAddress-port indicating a caller side IP address and a port number. When the user equipment uses NAT21 inside the firewall 20, SourceIPAddress-IP and port in the SETUP message indicate a private IP address and a port number.

FIG. 10B is a diagram illustrating a part of a CONNECT message which is a response message to the SETUP message. The CONNECT message has to set up an H.245 channel to receive an H.245 message, which has an H.245 channel address, a port number H245Address-ip, and a H245Address-port field. Like the SETUP message, when the user uses NAT 21 inside the firewall 20, H245Address-ip and port in the CONNECT message indicate a private IP address and a port number.

FIG. 10C is a diagram illustrating a part of an OpenLogicalChannel message transmitted and received to establish a media channel for transmitting and receiving audio and video data. The OpenLogicalChannel message has a LogicalChannelType field indicating whether a corresponding channel is audio or video, and a MediaControlChannel-ip and MediaControlChannel-port field indicating an IP address and a port number of a media channel for transmitting and receiving real audio and video data. Like the SETUP message and the CONNECT message, when the user uses NAT21 inside the firewall 20, MediaControlChannel-ip and port in the OpenLogicalChanne message indicate a private IP address and a port number.

11A, 11B, and 11D illustrate a structure of a SETUP message generated by the first user device and the firewall 20 and a structure of a CONNECT message generated by the second user device 40 in the process of performing the operation as shown in FIG. 4. Drawing.

12A, 12B, and 12D are diagrams illustrating a message structure of audio / video data transmitted and received between the first user device 11 and the second user device 40 in the process of performing the operation as shown in FIG. 6.

First, a method of solving a private address routing problem, which is a first problem of the related art, according to an embodiment of the present invention. As described above, FIG. 4 solves a problem of routing a private address that is not set up when a first user device 11 using a private address located inside a firewall 20 having an address translation function uses H.323. It is a figure for demonstrating the method.

Referring to FIGS. 8A through 8B, 11A, 11B, and 11D, the operation of FIG. 4 is performed. In operation 311, the first user device 11 first generates a SETUP message as shown in FIG. Output At this time, the sourceCallSignalAddress field of the SETUP message carries its own private address (assuming 192.168.51.50 in FIG. 4) and a port for setting H.225 (assuming 1024 in FIG. 4). Then, when NAT21 of the firewall 20 receives the SETUP message of the first user device 11 received in the structure as shown in FIG. 11A in step 313, it converts the private IP address into a public IP address using the address conversion table as shown in FIG. 8A. To generate a SETUP message having a structure as shown in FIG. That is, NAT21 of the firewall 20 converts address information in the IP header (not a message address in SETUP), and converts 192.168.51.50, which is a private address of the first user device 11, to a public address (203.236.114.179 in FIG. 4). Change the port number from 1024 to the authorized port (assuming 10500 in FIG. 4) and transmit the port number. At this time, NAT21 of the firewall 20 has an address translation table for converting the private address and port into a public address and port. In addition, the NAT21 dynamically generates a filtering rule as shown in FIG. 8B and stores it in the filtering rule table, and filters a message received through the Internet network 30. Subsequently, NAT21 of the firewall 20 uses the address translation table information to change the message received at IP 203.236.114.179 and port number 10500 to IP 192.168.51.50 and port number to 1024, thereby sending a message to the first user device 11. send.

In this case, the second user device 40 receiving the same needs to know the public address that is changed and transmitted from the NAT21, which can be obtained from the information of the currently connected H.225 channel (the channel through which the SETUP is currently transmitted and received). Accordingly, when the second user device 40 receives the SETUP message as shown in FIG. 11B, the second user device 40 sets H.225. In this case, the information obtained from the SETUP message includes SA: 192.168.51.50, SP: 1024, and DA: 172.16.3.4. And DP: 1720, the second user device 40 checks SA: 203.236.114.179 and SP: 10500 from the currently connected H.225 channel, and sends a CONNECT message having a structure as shown in FIG. After creation, it is transmitted to the Internet network 30 in step 315.

As described above, the second user device 40 may include source address information included in the SETUP message (assuming that the address included in the message is a message address / message port number) and address information of the currently connected channel (channel address / channel port). If the numbers are different from each other, the sender determines that the sender is located in the firewall 20 using NAT21 having a private address and has address translation function, and transmits the message to the private address obtained from the SETUP message. Solving the private address routing problem by sending a message to the public address (channel address) obtained from the

Secondly, the method of solving the blocking problem of the firewall, which is the second problem of the prior art, will be described.

As described above, FIG. 5 illustrates an Outcoming UDP packet transmitted by NAT21 of the firewall 20, and an Incoming UDP (source address of Outgoing UDP becomes a destination address of Incoming UDP is regarded as a response), and Outgoing UDP Is a source address of Incoming UDP).

Referring to FIG. 5, the NAT21 indicates that the first user device 11 sends a UDP message to the public address DP: 172.16.3.4 and port DP: 1525 of the second user device 40 at the private address SA: 192.168.51.50 and the port SP: 3264. If a message is sent to the server, a table such as 422 having an address and a port information thereof is provided. NAT21 then forwards UDP messages sent to public address 172.16.3.4 and private address 192.168.51.50 and port 3264 from port 1525, such as 424, into the firewall 20, as shown in 426, and addresses 192.168. UDP messages that are not considered responses, such as 51.50 and port 2049, are not sent into the firewall.

As described above, FIG. 6 illustrates a firewall using NAT21 to store address and port information of an Outgoing UDP packet transmitted by NAT21, and to pass it into a firewall when an incoming UDP, which is considered to be a response thereto, is received. A diagram illustrating a process of solving the blocking problem. FIG. 12A illustrates a message structure of audio / video data transmitted from the first user device 11 to the firewall 20. FIG. 12B illustrates a NAT of the firewall 20 receiving the message as shown in FIG. 12A. FIG. 12D is a view illustrating a message structure of audio / video data generated by changing port information to authorized port information. FIG. 12D is a message of audio / video data transmitted by a second user device 40 receiving the message shown in FIG. 12B. It is a figure which shows a structure.

Referring to FIGS. 12A, 12B, and 12C, the communication procedure of FIG. 6 will be described. The H.323 protocol uses an H.245 channel-related message called OpenLogicalChannel to allow each communication device to transmit and receive audio and video data. Information about the 49000 of FIG. 6 is transmitted. The OpenLogicalChannel message transmitted from the first user device 11 is transmitted to the second user device 40 in steps 451 and 453, and the second user device 40 generates and transmits an OpenLogicalChannelAck message, which is a response message to the received message. do. The OpenLogicalChannelAck message is then transmitted to the first user device 11 in steps 455 and 457.

Thereafter, the second user device 40 transmits information on a port (49100 of FIG. 6) for transmitting and receiving audio and video data. The OpenLogicalChannel message transmitted from the second user device 40 is transmitted to the first user device 11 through steps 459 and 461, and the first user device 11 generates and transmits an OpenLogicalChannelAck message, which is a response message to the received message. do. The OpenLogicalChannelAck message is then transmitted to the second user device 40 in steps 463 and 465.

When the above process is performed, ports for transmitting / receiving audio / video data are set between the first user device 11 and the second user device 40. That is, as shown in FIG. 6, the first user device 11 generates a message of audio / video data having the structure as shown in FIG. 12A with the second user device 40 as a destination in step 467 and transmits the message to the firewall 20. At this time, the addresses and ports of the first user equipment (source) and the second user equipment (destination) of the destination are SA: 192.168.51.50, SP: 49000, DA: 172.16.3.4, and DP: 49100. Then, NAT21 of the firewall 20 that receives the message as shown in FIG. 12A changes the private address and port of the first user device 11 to a public address and port to generate a message of audio / video data as shown in FIG. Outputs this to the Internet network 30. Accordingly, NAT21 of the firewall 20 performs an address and port conversion function on the information of the first user device 11, where the private address and port information of the first user device 11 as shown in FIG. Change to the port. That is, the SA: 192.168.51.50 is changed to SA: 203.236.114.179 and the SP: 49000 is changed to SP: 10507. Accordingly, the channel information transmitted in NAT21 is SA: 203.236.114.179, SP: 10507, DA: 172.16.3.4, and DP: 49100. The NAT21 prepares an address translation table for transmitting the audio / video data received through the Internet network 30 to the first user device 11. That is, the address maps 192.168.51.50 and 203.236.114.179, and the port creates a table that maps 49000 and 10507.

The second user device 40 that receives the video / audio data obtains and transmits port information from a channel that transmits audio / video data that is currently connected instead of a port that is to be transmitted and received when the H.245 channel is set. That is, when the second user device 40 receives the message of the audio / video data as shown in FIG. 12B through the Internet network 30, the DA and DP of the audio / video data to be transmitted from the SA and SP of the currently received channel information. After determining, generate a message of audio / video data as shown in FIG. 12D. Therefore, when the second user device 40 establishes a channel for communicating audio and video data, the transmission / reception port is set to '49100', but the actual transmission is obtained from the channel information when the audio / video data is received. The port for transmitting data is 10507. Accordingly, the message of the audio / video data generated and transmitted in step 531 becomes SA: 172.16.3.4, SP: 49100, DA: 203.236.114.179, and DP: 10507 as shown in FIG. 12D. .

The audio / video data transmitted from the second user device 40 is received by NAT21 through the Internet network 30. Then, the NAT21 checks the DA and DP of the received audio / video data and converts the address and port of the user equipment of the corresponding private network in the address translation table. Accordingly, the NAT21 converts the DA of the received audio / video data from 203.236,114,179 to 172.16.3.4 in step 533 and converts DP from 10507 to 49000 and outputs the converted data. Therefore, the audio / video data transmitted from the second user device 40 is transmitted to the first user device 11, which is a subscriber of the private network inside the firewall 20, via the Internet network 30.

As described above, when communicating audio / video data through the Internet network 30, the second user device 40 connected to the Internet network 30 transmits the audio / video data using the port information transmitted in the H.245 message. Rather, it sends a message to the port number of the channel on which the current connection is established and where audio and video are sent. The audio and video data received through the Internet network 30 confirms that NAT21 is a response to the Outgoing UDP packet transmitted through the address translation table, and then transmits the received information into the firewall.

FIG. 13 is a diagram illustrating a procedure for communicating audio / video data by requesting a call connection by a user device of a private network located in NAT21 of the firewall 20. FIG. The user device may be the first user device 11 in FIG. 1. In this case, the first user device 11 may have a configuration as shown in FIGS. 7A and 9.

Referring to FIG. 13, when a call connection request is received from the user interface unit 602, the H.225 processing unit 604 of the first user device 11 detects this in step 701, and generates a SETUP message in step 703 to NAT21 of the firewall 20. Send to the side. At this time, the SETUP message includes its own address (SourceIPAddress-ip: SA) and port number (SourceIPAddress-port: SP), an address to request call connection (DestinationIPAddress-ip: DA), and a 1720 port number (DestinationIPAddress-port). DP: as defined in the H.323 standard.) At this time, since the address SP of the first user device 11 is a private address, the firewall NAT converts it to a public address and transmits it to the Internet network 30. After transmitting the SETUP message, the first user device 11 receives a CALL PROCEEDING, ALERTING, or CONNECT message. When the CONNECT message is received, the H.225 processing unit 604 of the first user device 11 detects this in step 705, and determines the H.225 channel address therefrom in step 705. The CONNECT message has a structure as shown in FIG. 10B, and the received CONNECT message includes H.245 message address (H.245 address-ip) and message port number (H.245 address-port) information. From the currently connected channel, the peer's H.225 channel address (if the partner is a private address user in NAT21), can know the peer's public address changed via NAT21. After receiving the CONNECT message, the H.245 processor 606 of the first user device 11 transmits an OpenLogicalChannel (H.245 message) message to the H.225 channel address and the H.245 message port number in step 709. The OpenLogicalChannel message is transmitted to an audio and video address (MediaControlChannel-ip) and a port number (MediaControlChannel-port) to which it listens to receive audio and video data as shown in FIG. 10C. It is also sent in the OpenLogicalChannel message. Then, the counterpart user device transmits an OpenLogicalChannelAck message, which is a response message according to the OpenLogicalChannel message of the first user device 11. Send OpenLogicalChannel message including audio and video address and port number information of counterpart user equipment. In operation 711 and 713, the H.245 processor 606 of the first user device 11 detects reception of an OpenLogicalChannelAck message and an OpenLogicalChannel message. In step 715, the H.245 processor 606 of the first user device 11 sets an address and a port number of an audio and video message to which the other party is listening to receive audio and video from the received OpenLogicalChannel message. In step 715, the OpenLogicalChannelAck message is transmitted in response to the received OpenLogicalChannel message.

Thereafter, the RTP / RTCP processing unit 608 of the first user device 11 detects the audio and video data to be transmitted in step 717, captures the audio / video data to be transmitted, and then, in step 719, the RTP / RTCP processing unit 608 Send audio and video data to audio and video message port numbers. After receiving audio and video data from the other party, it detects it in step 721 and plays it on the sound card and the screen in step 723, and the captured audio and video data is stored in the relative H.225 channel address and the relative audio and video message port. Send to the number. Such communication of audio / video data is performed until the end.

FIG. 14 illustrates a procedure in which a user device connected to an Internet network communicates audio / video data with a user device requesting the call when a user device of a private network located in the firewall 20 wants to communicate by audio call. It is a figure which shows. Here, the user device may be the second user device 40 in FIG. 1. In this case, the second user device 40 may have a configuration as shown in FIGS. 7A and 9.

Referring to FIG. 14, a user receiving a call connection request can receive an H.225 message from an external TCP channel having a port number of 1720, any one TCP channel capable of receiving an H.245 message, and Two UDP channels (one RTP and one RTCP) should be opened for receiving audio and video data. When the SETUP message is received through the 1720 port opened to receive the H.225 message, the H.225 processing unit 604 of the second user device 40 detects this in step 761 and receives the received SETUP message in step 763. After checking the partner's H.225 channel address and channel port number from one channel, in step 765, a CONNECT message is generated and transmitted.

If the OpenLogicalChannel message is received after transmitting the CONNECT message, the H.245 processing unit 606 of the second user device 40 detects this in step 767. The second user device 40 can know the port number of the other H.245 channel from the channel through which the current OpenLogicalChannel message is transmitted. After receiving the OpenLogicalChannel message, the H.245 processing unit 608 of the second user device 40 transmits an OpenLogicalChannelAck in step 771, and in step 773, the audio to be listened to for listening to audio and video data and Send the video port number to the open H.245 channel address and H.245 channel port number in the OpenLogicalChannel message. After transmitting the OpenLogicalChannel message, if an OpenLogicalChannelAck message is received, the H.245 processing unit 606 of the second user device 40 detects this in step 775.

After receiving the audio and video data from the other party (first user device 11), the RTP / RTCP processing unit 608 of the second user device 40 detects this in step 777. At this time, the second user device 40 can know the audio and video channel port number of the other party (first user device 11) from the transmitted channel information. Therefore, when receiving the audio and video data from the opponent, the second user device 40 plays the sound card and the screen in step 779, respectively, and in step 781, the second audio device and the video channel address from the channel of the received audio and video data. And the relative audio and video channel port numbers. In case of transmitting audio / video data, the RTP / TRCP processing unit 608 of the second user device 40 detects this in step 783, and in step 785, sets the relative audio and video channel address and the audio and video channel port number. Transfer audio / video data. The above operation is repeated until the end of the communication operation.

FIG. 15 illustrates a function of performing H.323 call setup and channel setup through a firewall including NAT21 and transmitting audio / video data even when using the H.323-based multimedia communication protocol as shown in FIGS. 13 and 14. A flow chart is shown. Herein, it is assumed that the user device requesting a call connection is the first user device 11, which is a private network subscriber in the firewall 20, and the corresponding subscriber is the second user device 40 connected to the Internet network 30.

First, when the first user device 11 receives a call connection request from the user interface in step 811, in step 813, its own address SA and port number SP, and an address DP and 1720 port number (defined in the H.323 standard) requesting the call connection. The SETUP message including the DP is generated as shown in FIG. 10A and transmitted to the firewall 20. At this time, the address SA is a private address and the SP is a private port number. Then, NAT21 of the firewall 20 changes the address information in the IP header of the SETUP message to the public address, changes the port number to the public port number, and then transmits the SETUP message to the Internet network. The NAT21 stores a translation table of the converted address and port number. In operation 853, the second user device 40 receives the SETUP message through the Internet network 30. At this time, the second user device 40 receiving the call connection request has a TCP channel having a port number of 1720 to receive an H.225 message from the outside, any one TCP channel capable of receiving an H.245 message, and audio. And two UDP channels (one RTP and one RTCP) each capable of receiving video data. When the SETUP message is received through the 1720 port opened to receive the H.225 message, the H.225 channel address and the channel port number of the partner can be known through the channel where the message is transmitted. That is, if the second user device 40 compares the address information included in the SETUP message with the address information of the currently connected channel, the second user device 40 knows that the first user device 11 is a user device of a private network located inside the firewall 20. Can be. In this case, the second user device 40 sets the H.225 channel address and the port number of the counterpart user device using the address information of the IP header of the SETUP message without using the address information in the SETUP message. In operation 855, the second user device 40 generates and transmits a CONNECT message having the structure as illustrated in FIG. 10B. At this time, DA and DP of the CONNECT message are the public address and port number changed in NAT21 of the firewall 20.

The CONNECT message transmitted from the second user device 40 is transmitted to the firewall 20 through the internet network 30. Then, NAT21 of the firewall 20 checks the private address of the conversion table corresponding to the DA and DP of the received CONNECT message, and then changes the DA and DP of the received message to the private address and port of the first user device. In operation 811, the first user device 11 that transmits the SETUP message receives the CONNECT message. In this case, the received CONNECT message contains the H.245 message address and the message port number. The H.225 channel address of the other party from the currently connected channel (if the partner is a private address user in NAT21, the H.225 channel address is NAT21). Means the public address of the other party).

The above operation is performed by the H. 225 processing unit 604 of the first user device 11 and the second user device 40.

After receiving the CONNECT message, the first user device 11 generates an OpenLogicalChannel (H.245 message) message having the structure as shown in FIG. 10C using the H.225 channel address and the H.245 message port number in step 817. send. The OpenLogicalChannel message is then transmitted to the audio and video port number that it is listening to to receive audio and video data, which is also carried in the OpenLogicalChannel message.

Then, the OpenLogicalChannel message is transmitted to the second user device 40 through the firewall 20 and the internet network 30. After transmitting the CONNECT message, the second user device 40 receives the OpenLogicalChannel message in step 857, and can recognize the other party's audio and video message address and message port number through the received OpenLogicalChannel message. Also, the port number of the partner's H.245 channel can be known from the channel through which the OpenLogicalChannel message is transmitted. Upon receiving the OpenLogicalChannel, the second user device 40 transmits an OpenLogicalChannelAck in step 859, and loads an audio and video port number on which it is waiting to receive audio and video data on the OpenLogicalChannel in step 861. Transmit to H.245 channel address and H.245 channel port number. Then, the first user device 11 receives the OpenLogicalChannelAck transmitted from the second user device 40 in step 819, and receives the OpenLogicalChannel in step 821. At this time, from the data loaded on the OpenLogicalChannel, it is possible to know an audio and video message port number that a partner is listening to receive audio and video. When the OpenLogicalChannel is received, the first user device 11 transmits an OpenLogicalChannelAck in response thereto, and the second user device 40 receives it in step 863.

When the first user device 11 captures the audio and video data to be transmitted, the first user device 11 transmits the audio and video data to the relative H.225 channel address and the relative audio and video message port number in step 825. The NAT 21 of the firewall 20 converts the private address and the port number of the first user device 11 into a public address and a port number, and transmits them to the Internet network 30 and stores them in a table. In addition, when the second user device 40 receives the audio and video data transmitted from the first user device 11 in operation 865, the second user device 40 may know the audio and video channel port number of the first user device 11 from the received channel information. have. Thereafter, when receiving audio and video data from the other party, the audio and video data is played on the sound card and the screen, respectively. In step 869, the captured audio and video data is transmitted to the relative audio and video channel address and the relative audio and video channel port number. That is, the address and port number of the audio and video data transmitted in step 869 are transmitted to the port number identified from the currently transmitted channel, not the port number to be transmitted and received when the H.245 channel is set. That is, it transmits the port number converted by NAT21 of the firewall 20, not the port number of the first user device 11. Then, the firewall NAT21 checks the address and channel number of the received audio and video data in the conversion table, converts it into a corresponding private address and port number, and outputs the same to the inside of the firewall 20. In operation 829, the first user device 11 receives the audio and video data transmitted from the second user device 40 by translating the address and port number of the NAT 21 of the firewall 20. Then, the first user device 11 plays the received audio / video data on the sound card and the screen, respectively, and the captured audio and video data are transferred to the relative H.225 channel address and the relative audio and video message port number in step 827. send.

Multimedia communication using the H.323 protocol results in a private address routing issue that prevents H.323 call setup when the user is located inside a network address translation (NAT) and audio / video connection from the outside when the user is located inside a firewall. There is a blocking problem that does not receive UDP data. In order to solve the above-mentioned private address routing problem, in the embodiment of the present invention, when performing multimedia communication using the H.323 protocol, the user address information in the H.225 message is not present in the H.225 call setup. Set H.225 according to the connected H.225 channel information, and set H.245 channel according to H.245 channel's address and port information, not H.245 message. By sending a .245 message, the H.323 call setup is established even if the user is located inside the NAT. In addition, in order to solve the blocking problem, the embodiment of the present invention also transmits the video and audio data rather than using the video and audio reception channel information received in the H.245 message, but actually transmits the video and audio data. It obtains port information from and transmits video and audio data so that users inside the firewall can also receive audio and video data.

Claims (7)

In the H.225 call setup method of the multimedia communication system using the H.323 protocol, Generating and transmitting an H.225 setup message including a private address and a port number by a user device of a private network in the private network; The firewall of the private network converts the public address and port number into the IP header of the H.225 setup message and outputs it to the Internet network; Generating and transmitting a connect message to an address and a port number obtained from the H.225 channel to which the called user device receiving the setup message is currently connected; And the firewall converts the address and port number of the received connect message into a corresponding private address and port number and transmits the same to a user device of the private network. 2. The apparatus of claim 1, wherein the called user device compares the calling device user address and port number in the setup message with the calling device user address and port number of the IP header of the setup message. And when the two address informations are different from each other, transmitting the connect message to a user device address of the calling party of the IP header. The method of claim 2, wherein the firewall converts a private address and a port number of a user device of the private network into a public address and a port number, and stores the address information in a conversion table, and the destination of the connect message when the connect message is received. And retrieving an address from the conversion table, converting the address into an address of a user device of the private network, and outputting the address into the private network. In the audio communication method of the multimedia communication system using the H.323 protocol, comprising the steps of setting a port for transmitting and receiving data when the channel is set, Transmitting audio / video data by the user device of the private network to the private address and the port number of the private network; Converting, by the firewall, the IP header address and port number of the audio / video data transmitted from the user equipment of the private network into a public address and a port number, converting the IP header into the IP header, and then transmitting the IP header to the Internet network; After setting the address and channel number for transmitting the audio / video data from the IP header of the current audio / video data by the user equipment of the called party connected to the Internet network, the received audio / video data is set. Transferring audio / video data to The firewall converts the address and port number of the user equipment of the private network corresponding to the address and channel number received when the audio / video data is received through the internet network to output the received audio / video data. Said audio / video data communication method. 5. The apparatus of claim 4, wherein the called user device compares the calling device user address and port number in the setup message with the calling device user address and port number of the IP header of the setup message. And transmitting the audio / video data to a user device address of a calling party of the IP header when two address informations are different from each other. The method of claim 5, wherein the firewall converts the private address and the port number of the user device of the private network into a public address and a port number, and stores the address information in a conversion table, and the destination of the connect message when the connect message is received. And converting the address into an address of a user device of the private network and outputting the audio / video data into the private network. In a multimedia communication system using the H.323 protocol, a user device of a private network in a firewall communicates data with a user device connected to an Internet network. A user device in a private network generates an H.225 setup message including a private address and a port number, and the firewall converts the public address and port number into an IP header of the H.225 setup message and outputs it to the Internet network. Setting an H.225 channel with an address and a port number obtained from the H.225 channel to which a user device connected to the Internet network is currently connected; Transmitting and receiving logical channel messages between a user device and a counterpart user device of a private network in order to set a port for transmitting and receiving data when setting a channel; A user device of the private network transmits audio / video data to its own private address and port number, and the firewall converts the address and port number of the transmitted audio / video data into a public address and a port number to the Internet network. The user device of the called party connected to the Internet network sets an address and a channel number for transmitting the audio / video data from the channel of the current audio / video data when the audio / video data is received. And transmitting / receiving audio / video data for transmitting audio / video data by channel number.