Telecommunications providers continually try to create new markets and to expand existing markets for telecommunication services and equipment. One important way to accomplish this is to improve the performance of telecommunication network equipment while making the equipment cheaper and more reliable. Doing this allows telecommunications providers to reduce infrastructure and operating costs while maintaining or even increasing the capacity of their networks. At the same time, the telecommunication service providers work to improve the quality of service and increase the quantity of services available to the end-user.
One type of telecommunication service that is becoming increasingly popular is voice-over-IP (VoIP). VoIP is an application that enables users to carry voice traffic (e.g., telephone calls, faxes, and other data) over an Internet Protocol (IP) network. A VoIP application segments the voice signals traffic into frames and stores them in voice packets. The voice packets are transported via the network using any conventional multimedia (i.e., voice, video, fax, and data) protocol. The protocols include H.323, IPDC, Media Gateway Control Protocol (MGCP), Session Initiation Protocol (SIP), Megaco, Session Description Protocol (SDP), and Skinny, among others. SIP and H.323 are particularly important for Internet telephones.
Session Initiation Protocol (SIP) is an application layer control signaling protocol for VoIP implementations using Redirect Mode. SIP is a textual client server base protocol that provides the necessary protocol mechanisms so that the end-user system and proxy servers can provide different services, including call forwarding, called and calling number identification, invitations for multicast conference, and basic automatic call distribution (ACD). SIP addresses (e.g., URLs) can be embedded in Web pages to provide simple “click to talk” service.
H.323 is an International Telephone Union (ITU-T) standard that includes a set of standards defining real-time multimedia communications for packet-based networks. H.323 defines a set of call control, channel setup, and codec specifications for transmitting real-time voice and video over networks that do not offer guaranteed service or quality of service. The networks may include packet networks, particularly the Internet, local area networks (LANs), wide area networks (WANs), and intranets.
The main benefits of VoIP are cost savings due to:
1) Voice and data travel across just one line into the home, or a single IP network into businesses;
2) Voice is transformed into digital packets and set directly to the Internet, completely bypassing the circuit switches or the telephone companies and their fees; and
3) IP networks use flexible “soft” switches that are much easier to upgrade with software. An IP telephony gateway takes up much less space than a circuit switch and has considerably lower power and cooling requirements.
Telecommunication soft switches typically employ a Network Address Translation (NAT) node/firewall node (FN) to protect the internal workings of a soft switch. The NAT/Firewall performs a network address translation function that provides a public IP address that is exposed to external packet networks. The NAT function translates the private IP addresses from the internal network to the public address and vice versa. The firewall functions may be one of several types, including packet filter, circuit gateway, application gateway or trusted gateway. A conventional firewall is implemented through a combination of hosts and routers. A router can control traffic at the packet level, allowing or denying packets based on the source or destination address of the port number. This technique is called packet filtering. A host can control traffic at the application level, allowing access control based on a more detailed and protocol-dependent examination of the traffic. The process that examines and forwards packet traffic is known as a proxy.
Unfortunately, conventional firewall systems provide these capabilities based on a pre-assigned work distribution. This relied on a static distribution of the load for calls originating from the IP network. Moreover, conventional firewall systems are limited when the soft switch is scaled to larger or smaller sizes. In the previous methods, scaling often involved statically changing configuration and required a shutdown.
Therefore, there is a need for improved firewall systems for use in telecommunications systems. In particular, there is a need for firewall systems that may be easily scaled to larger or smaller sizes. More particularly, there is a need for network firewalls that do not rely on a static distribution of the traffic load for calls originating from the IP network.