H.323 Gatekeepers, Endpoints and Multipoint Control Units (MCU)


The purpose of this paper is to explain in greater detail the functions of the three main H.323 network components; H.323 Gatekeepers, H.323 Endpoints and Multipoint Control Units (MCUs) when used in conjunction with H.323 standards based Video Conferencing systems. It is intended to provide an overview of these products and broaden their understanding by giving brief examples of their usage. However, the key to a successful implementation of a Video over IP installation is the effective management of the network resources.

It is assumed that the reader has a general knowledge of Video Conferencing systems and the standards involved. However, the following technical papers are available to provide more information on these topics:

H.323 Endpoint (Terminal):

H.323 Endpoint (or Terminal) is the term given to the actual device used on the LAN that provides real-time two way communications. The H.323 standard states that all H.323 Endpoints must support voice, with video and data being optional. Hence the basic form of an H.323 Endpoint is the IP Phone; however most H.323 Endpoints are Video Conferencing Systems. The H.323 standard specifies what modes must be supported so that all these endpoints can work together. H.323 Endpoints must support H.245 protocol to control channel usage and capabilities; Q.931 protocol for call setup and signalling; RAS (Registration/Admission/Status) protocol to communicate with the H.323 Gatekeeper and RTP/RTCP protocol to sequence audio and video packets.

The minimum setup for a single H.323 Endpoint would be to use an ADSL Router (with DHCP and NAT capability) that has been allocated a static public IP address. This Router is then configured to assign a fixed internal IP address to the H.323 Endpoint. This is typically configured as a DHCP reservation assigned against the endpoints MAC address. Once the H.323 Endpoints internal IP address is known, the Router is configured to use NAT (Network Address Translation) to map this internal IP address to the Routers public IP address. Router rules must be defined to direct inbound video conferencing traffic on IP port 1720 TCP to this internal IP address. Other Router rules must also be defined to open the specific TCP & UDP port range used by the endpoint as defined in the endpoints setup. Typically, basic Routers allow outbound traffic, so only inbound rules need defining. Some Routers have a pre-definfed H.323 Rule, but if you use this rule, be careful that it only assigns IP port 1720 TCP and not other TCP and/or UDP ports. 

When initiating an H.323 Video Conference, we need some means of identifying the User or H.323 Endpoint that we wish to conference with. This is why you need a public IP address. But there are practical issues depending on how many H.323 Endpoints there are within the organisation. As the H.323 standard defines that all calls are initiated on IP port 1720 TCP, you can only NAT one internal IP address to one public IP address, so the above example is only suitable for one or two endpoints as you effectively would need a public IP address for every H.323 Endpoint.

H.323 Gatekeepers:

The thought of having to remember IP addresses is daunting enough; but the use of DHCP to dynamically allocate the IP address of an endpoint means that this method is also impractical. Hence the concept of a Dial Plan and the use of an H.323 User Number registered to a H.323 Gatekeeper.

A Dial Plan is simply a method of allocating a unique number to an H.323 Endpoint. This number is referred to as the H.323 User Number and when registered with a H.323 Gatekeeper, we have a means of translating this User Number into an IP address.

The H.323 User Number is often loosely referred to as the E.164 Number.

Although the H.323 standard describes the Gatekeeper, as an optional component, it is in practice an essential tool for defining and controlling how video communications are managed over the IP network. H.323 Gatekeepers are responsible for providing address translation between an endpoints current IP address and its various H.323 aliases, call control and routing services to H.323 endpoints, system management and security policies. Services provided by the Gatekeeper in communicating between H.323 endpoints are defined in RAS.

When you use register an H.323 endpoint with a Gatekeeper, you DO NOT enable or configure it to use NAT.

In the above diagram, the Edgewater Networks EdgeProtect 4550 provides an H.323 Gatekeeper function and is ideally suited for a small office, home office or when there are only a small number of video conferencing endpoints that need protecting.

Only one H.323 Gatekeeper can manage an H.323 zone, but this zone could include several Gateways and Multipoint Control Units - MCU's. Since a zone is defined and managed by only one H.323 Gatekeeper, endpoints such as Gateways and MCU's that also have a built-in Gatekeeper must provide a means for disabling this functionality. This ensures that multiple H.323 endpoints that contain an H.323 Gatekeeper can all be configured into the same zone.

Some H.323 Gatekeepers offer more than just the basic functions. Some provide the intelligence for delivering new IP services and applications. They allow network administrators to configure, monitor and manage the activities of registered endpoints, set policies and control network resources such as bandwidth usage within their H.323 zone. Registered devices can be H.323 Endpoints, Gateways & H.323 Multipoint Control Units - MCU.

With media networks becoming more and more complex, the ability for the administrator to effectively manage and control their usage becomes crucial. To address these issues, Emblaze-VCON (now part of ClearOne) introduced Media Xchange Manager - MXM or Collaborate Central as it is now known. From a remote console, the administrator can now perform centralised management functions such as configure endpoints, monitor the status and availability of endpoints, control and limit bandwidth usage and more. Collaborate Central automatically generates Call Detail Reports, CDR; which can be used for network planning or billing purposes. With video telephony services such as Call Forward, Call Transfer and Call Pickup, Collaborate Central provides the functions that make Video Conferencing as simple as making a telephone call.

Interconnected H.323 Gatekeeper Zones:

As stated earlier, the H.323 Gatekeeper defines the zone and manages the registered endpoints within. To call an endpoint within the same zone, we simply dial that endpoints H.323 User Number. But what happens when we want to call an endpoint that is located in another zone? Well, we then also need to know the zone where that endpoint is registered. Each H.323 Gatekeeper on the same network is identified by a unique number, its Zone Number. To call an endpoint in a different zone, we prefix that endpoints H.323 User Number with its Zone Number and dial this extended number.

The telephone analogy to the H.323 Gatekeeper Zone Number is the STD code for the local exchange. If we want to telephone a person locally, we just dial their local number, but if we want to telephone somebody further afield, we need to prefix their local number with their STD code.

Behind the scenes, all the H.323 Gatekeepers on the network must know how they are related to each other. The diagram below shows the two different relationships in which H.323 Gatekeepers can be networked and interoperate together.

When H.323 Gatekeepers are arranged in a single tier 'Peer-to-Peer' manner with no particular hierarchical structure, they are termed as being Neighbour Gatekeepers. This would typically be on a corporate network within a multi-site company who has an H.323 Gatekeeper at each site. Each H.323 Gatekeeper manages its own site (Zone), with inter-zone communications routed directly between zones and controlled on an individual basis specifically defined by the direct relationship between each Gatekeeper.

When the H.323 Gatekeepers are arranged in a multi-tier manner with a hierarchical structure, they are termed as being Directory Gatekeepers (DGK). This would typically be within a large scale deployment such as the national schools network. Whilst each H.323 Gatekeeper still manages its own zone, inter-zone communications are routed indirectly on a Parent-Child basis between zones.

A Directory Gatekeeper only knows its Parent and Child Gatekeepers. If the Gatekeeper does not know the Zone of the dialled number, it routes the call to its Parent DGK, which then searches its database to see if the Zone known. If not known, this Parent routes the call to its Parent and so on until it eventually reaches a Parent DGK that has a Child DGK that matches the Zone. The call is then routed down through each Child DGK tier until it reaches the specific endpoint.

Endpoints with an Embedded MCU option:

An alternative to using a dedicated MCU for small conferences (6-8 participants) is to equip one of the endpoints with an embedded multipoint capability. The Polycom RealPresence Group 500 has an embedded 6-way multipoint option that supports itself and the other sites in either a Voice-Activated or Continuous Presence session.

In general, dedicated MCU's can support several simultaneous sessions, more participants, higher bitrates, more screen layout options and more features than embedded MCU's found in some endpoints.

Dedicated Multipoint Control Units (MCUs):

To allow three or more participants into a conference, most H.323 systems usually require an H.323 Multipoint Control Unit (H.323 MCU). This is not the same as an H.320 MCU; hence it is important to be clear about what you mean when using the term MCU.

The H.323 MCU's basic function is to maintain all the audio, video, data and control streams between all the participants in the conference and hence most H.323 MCU's use propriety or dedicated hardware. ClearOne's Video Conference Bridge, Collaborate VCB, is an all-in-one solution that includes an embedded ClearOne Collaborate Central Gatekeeper and a high-definition MCU capable of allowing Ad-Hoc Conferencing in both Continuous Presence or Voice-Activated Switching modes.