H.323 IOS Configuration And Packet Analysis
Let’s examine the packets between two H.323 nodes. The network setting is as follows:
x5002 — Mongi Shop router — PSTN router — x4001 and x4002.
Dial peer configuration
The signaling protocol for these dial peers is left to the default value, which is H.323. Actually, when you do a “show dial-peer voice 4000” for example, you’ll see “cisco” as the protocol:
It’s not a new protocol. This is just the Cisco version of H.323.
In the rest of the article, user at x5002 calls user at x4001.
H.323 Fast Connect: Call Setup And Teardown
In the H.323 Fast Connect mode, the media channel capabilities are negotiated in the same TCP session as the H.225 call establishment. So we have only one TCP session, over which there will be a Call Setup message and Open Logical Channel exchange messages.
First, the originating gateway sends a TCP Open request on port 1720, which is the H.323 default port on which a gateway listens for incoming H323 Call Setup messages. If the TCP Three-way handshake is made successfully, we can proceed to H.225 operations.
We use the filter h225 to see H225 messages in Wireshark. The originating gateway sends a H225 Call Setup message that contains also a Open Logical Channel OLC packet. The terminating gateway replies with Call Proceeding that also contains an Open Logical Channel packet. This demonstrates that H.323 is operating in Fast Connect mode. This is the default operation mode for H.323 on Cisco voice gateways.
The terminating gateway replies with the Call Alerting message, which is translated into a ringback tone.
Once the called party phone is off hook, the terminating gateway sends a Connect message. At this point, RTP packets are exchanged.
The user at x4002 ended the commmunication fist. So the terminating gateway is the one who sends the releaseComplete message first.
The originating gateway replies with a releaseComplete message:
To examine H.323 statistics on a voice gateway: show h323 gateway. Initially the counters were null on both voice gateways. Then, we made the call and here is how the counters went:
On the originating gateway:
On the terminating gateway:
H.323 Slow Start: Call Setup and Teardown
I’m going to change the H.323 operating mode on one voice gateway to slow start, and leave the default on the other gateway:
One TCP session is negotiated first. This is for the H.225 session:
After sending Call Setup and Call Proceeding messages, a second TCP session is negotiated; this is the transport channel for the H.245 Terminal Capabilities negotiation.
Then comes the H.245 signaling where we have :
- Terminal Capabilities packet exchange
- Master/Slave determination
- Open Logical Channel
Once H.245 signaling is agreed, both gateways are ready for the Connect message. Once the called party phone is hooked off, RTP streams are exchanged.
Like in H.323 Fast Connect, when a phone is hooked on, its attached gateway sends a releaseComplete. This triggers a TCP FIN message to the other party, to signal the end of the TCP session (remember the second TCP session established for H.245 signaling).
And the other gateway follows with a releaseComplete too, and a TCP FIN segment to end the H.245 TCP session
H.323 Source Interface
The command that sets a source interface for H.323 traffic is “h323-gateway voip bind srcaddr …”. However, unlike what it is said in the Cisco CIPT1 Foundation Learning Guide, this command does not set all H.323 traffic to be sourced from the specified interface. And I tried that in Wireshark.
On my PSTN router, I set the H323 interface to the loopback interface:
I then make a call from an attached phone (x4001) to the other phone extension x5002.
What I notice is: when a call is initiated from the attached phone, the source IP address of H.225 signaling and H.245 signaling is the egress interface and NOT the loopback interface. The loopback interface is only used for RTP traffic:
However, when the call is initiated from the other gateway (the one not with the H323 interface binding command), the loopback interface is indeed used for both signaling and media streams.
Notice below that Call Setup, CallProceeding, Alerting, Notify and Connect use the WAN IP addresses and not the H323 bound interface. I still don’t know why but I may need to figure it out.