Networks

DHCP (Dynamic Host Configuration Protocol)

DHCP is used by computers for automatically retrieving IP addresses and networking parameters such as subnet mask and default gateway from a network server. The DHCP server dynamically assigns an IP address that is available in the “pool” to a computer, and releases it as the computer leaves. Therefore, the user might get one distinct local IP address whenever it connects to a network via DHCP server.

Subnet Mask
As we mentioned in NAT, there are three classes of public address in IPv4 and each of them corresponds to a net mask address:

Class IP Address Range Private Range Net Mask
A 1.0.0.0 - 126.255.255.255 10.x.x.x 255.0.0.0
B 128.0.0.0 - 191.255.255.255 172.16-32.x.x 255.255.0.0
C 192.0.0.0 - 223.255.255.255 192.168.x.x 255.255.255.0

For instance, if a company owns a public IP address 192.220.36.215 with net mask 255.255.255.0, it means that the private addresses from 192.168.1.0 to 192.168.1.255 are in the same network segment (i.e. same LAN). Devices of these private addresses can communicate without passing through routers or gateways. A net mask can be further divided into several smaller segments called subnet masks if a company doesn’t need that many addresses.

Default Gateway
A default gateway acts as a router or a switch which connects internal and external networks when there is no route to particular destinations on routing table. Every gateway should share the same subnet with devices in LAN, which is 192.168.1.x in the previous case (192.168.1.1 by default).

Firewall and ACL (Access Control List)

Most of the routers or switches today have ACLs which refer to a collection of inbound and outbound traffic rules on port numbers or IP addresses. Similarly, a firewall is a software or hardware-based network security mechanism that blocks unauthorized internet user from accessing its internal network. Furthermore, a firewall provides stateful packet inspection that keeps tracking the connection across it, and dynamic packet filtering that opens port on a request basis.

For your AVer video conferencing systems to receive calls, set up the firewall policy to allow inbound traffic from specified range of external IP addresses (other endpoints). For ACLs on router, open the pinholes on port 1719 (UDP) and port 1720 (TCP) for H.323 while SIP use both UDP and TCP on port 5060. Check the following table for further information.

Port Range
Application Start End Protocol IP Address Enable
H.323 1719 to 1720 Both/Any 192.168.1.x V
SIP 5060 to 5060 Both/Any 192.168.1.x V
HVC 30000 to 30039 Both/Any 192.168.1.x V
EVC 30000 to 30299 Both/Any 192.168.1.x V
VCLink 50000 to 50001 Both/Any 192.168.1.x V
WebTool 80 to 80 Both/Any 192.168.1.x V
UPnP 90 to 90 Both/Any 192.168.1.x V

Set up port forwarding rules for AVer Video Conferencing Systems

IP Ports and Protocols used by H.323 & SIP Devices
Port Type Description H.323 Client H.323 Gatekeeper H.323 MCU SIP Client SIP Registrar
80 Static TCP HTTP Web Interface V V
389 Static TCP LDAP V V
443 Static TCP HTTPS & Port Tunneling V V
1718 Static TCP Gatekeeper Discovery V V
1719 Static TCP Gatekeeper RAS V V
1720 Static TCP H.323 Call Setup V V V
5060 TCP & UDP SIP endpoints V V
5061 TCP SIP TLS V V
8080 Static TCP HTTP Server Push V
30000 - 30039 TCP & UDP AVer HVC Series Endpoints V V
30000 - 30299 TCP & UDP AVer EVC Series Endpoints V V
LAN (Local Area Network), WAN (Wide Area Network) and Internet

Most networks consist of two major domains: LAN and WAN. A LAN is an internal network restricted to smaller physical area such as office, school or house, and is typically owned by a single person or organization. A WAN is a geographically-dispersed collection of LANs which covers relatively larger area such as state, country or cross-country. The Internet is the largest WAN in the world.

A router is used to connect LANs to WAN. The WAN port on router takes in information from the external network. Then the information is filtered through the router’s internal firewall and sent to the proper LAN port.

NAT/Firewall Traversal

NAT/firewall traversal techniques are used to establish and support permanent socket connection between the endpoint behind NAT/firewall and the gatekeeper outside NAT/firewall.

If a H.323 video conferencing system supports H.460, it enables NAT/firewall traversal to communicate across a firewall, while SIP system uses a SIP Registrar to traverse NAT/firewalls.

ALG (Application-Level Gateway)
One common NAT technique is ALG, a security component of a firewall or NAT that allows for configuring traversal filters. In such a telephony system, the H.323 gatekeeper manages VoIP call registration, admission and status (RAS). Many network devices (e.g. routers) use NAT/firewall to manage ports automatically while the H.323 or SIP ALGs perform the same function. If a firewall or NAT is already configured, you must disable H.323 or SIP ALG in order to avoid incompatibility.

STUN (Session Traversal Utilities for NAT)
STUN is used as a tool for other protocols to deal with NAT traversal. It allows an end user behind NAT to find out its mapped public IP address and port number allocated by NAT. Besides, STUN can also check the connection between two endpoints and keep the NAT bindings alive.

NAT (Network Address Translation)

NAT is a process where a network device, usually a firewall or a router, assigns a public address to a computer inside a private network. This service helps protect the intranet from exposure to unwanted traffic by providing remote users an external address to call the local user without knowing its actual address. It also helps reduce the required number of public IPv4 addresses which the company needs to maintain. The most common form of network translation involves a private network using IPv4 addresses in a certain private range as following.

  • Class A: 10.0.0.0 - 10.255.255.255
  • Class B: 172.16.0.0 - 172.31.255.255
  • Class C: 192.168.0.0 - 192.168.255.255

Be aware that these local IP addresses cannot be recognized by users outside LAN. They need to be remapped to public addresses via NAT in order to communicate others.

Static NAT maps one private IP address to one public static address permanently which allows remote hosts to initiate connections to the device. The problem is that you need to maintain an equal amount of real addresses as internal devices.

Dynamic NAT, in contrast with static NAT, assigns public address dynamically based on availability. It is suitable for company with limited public IP addresses or occasional internet access from LAN.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)

TCP is one of the major transport protocols in Internet Protocol Suite (IPS) which is also known as TCP/IP model. TCP is a connection-oriented protocol that provides reliable data transmission by ordering data streams, discarding duplicate data and resending lost packets. The other option of transferring data is a connectionless protocol called UDP. It is commonly used in live audio and video streaming such as Voice-over-IP (VoIP) and video conferencing where on-time arrival is preferred over error correctness.

For AVer EZMeetup software, make sure you choose the same transport protocol as your SIP server in order to connect correctly.

VPN (Virtual Private Network)

A VPN extends an intranet over the internet through tunneling protocols, encrypted connection and key authentication. It enables employees to access their company’s private network remotely and allows branch offices to share the resources within the company. Using VPN in video conferencing within company can significantly reduce the efforts in setting up network environment.