Special Issues; Firewall Security - 3Com 3C10402B Administrator's Manual

480 A D: C
PPENDIX ONNE

Special Issues

Firewall Security

X H.323 G
TIONS ATEWAY
The second part of the 802.1(p and q) standards addresses the way LAN
switches prioritize different packets that are competing to enter a
different LAN segment. This scheme is based on a 3-bit priority field
within the Ethernet header.
NBX ConneXtions does not support the Layer 2 (Ethernet) 802.1 (p and q)
priority field. However, it is usually possible for IP routers to use these
priority schemes if they are configured to prioritize H.323 packets.
Layer 3 NBX systems address Layer 3 priority concerns through a
packet priority scheme called "IP/DS" (for differentiated services). Many
routers support this scheme, which replaces an earlier scheme (TOS),
which uses a 6-bit priority field within the IP header of every packet. Most
routers examine this field and base their pass-through priorities on it.
NBX systems are designed to use the default values that come with 3Com
switches. If you use other routers, you might need to reprogram their
diff-serv settings. The 3Com default is 101110xx. This setting must be
consistent at both ends of the connection. Note that some routers
overwrite the TOS field (diff-serv priority field) and eliminate the priority
distinctions between packets.
NBX ConneXtions does not support the Layer 3 (IP) 6-bit TOS/DS priority
field. However, it is usually possible for IP routers to use these priority
schemes if they are configured to prioritize H.323 packets.
This section describes issues related to H.323 telephony in general and to
ConneXtions gateways in particular. These include:
Firewall Security
■
Gateway Load
■
Remote Access
■
PBX Connections
■
Class of Service
■
IP Type of Service and Differentiated Services
■
Alternate Gatekeepers
■
Firewalls determine which packets can cross the boundary between a
protected network (intranet) and the public internet. The network