1.3.4. Information for Recyclers.................................................................................................................. 9
1.3.5. Digital User Guides............................................................................................................................ 9
3.5. Connecting the Cables .......................................................................................................... 15
3.5.1. Power cable ..................................................................................................................................... 15
3.5.2. LAN cable.........................................................................................................................................15
4.2. System Administration .......................................................................................................... 17
4.2.1. Web interface...................................................................................................................................17
4.2.2. Command line interface..................................................................................................................18
13.5.4. Call screening based on alias.........................................................................................................57
14. Logging 58
14.1. About Logging ....................................................................................................................... 58
14.2. Viewing the event log ............................................................................................................ 58
14.3. Controlling what is Logged .................................................................................................... 58
14.3.1. About Event levels ........................................................................................................................... 58
14.3.2. Setting the log level.........................................................................................................................58
14.4. Event Log Format .................................................................................................................. 59
16.1.7. IP ...................................................................................................................................................... 69
16.2.6. IP ...................................................................................................................................................... 76
16.5.2. Register History ...............................................................................................................................91
16.6. Other Commands .................................................................................................................. 93
16.6.1. about ................................................................................................................................................93
18.1.3. Securing with TLS............................................................................................................................96
18.2.4. Securing with TLS............................................................................................................................98
20.1.1. System Capacity ............................................................................................................................100
20.1.3. System Console Port......................................................................................................................100
20.1.4. ITU Standards ................................................................................................................................100
20.1.10. Power Supply .................................................................................................................................101
Copyright 1993-2006 TANDBERG ASA. All rights reserved.
This document contains information that is proprietary to TANDBERG ASA. No part of this publication
may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means,
electronically, mechanically, by photocopying, or otherwise, without the prior written permission of
TANDBERG ASA. Nationally and internationally recognized trademarks and tradenames are the property
of their respective holders and are hereby acknowledged.
Portions of this software are licensed under 3rd party licenses. See the CD accompanying this product
for details. 3rd party license information may also be obtained from the Gatekeeper itself -- see the
license command in section 16.6.4 for details.
1.2. Disclaimer
The information in this document is furnished for informational purposes only, is subject to change
without prior notice, and should not be construed as a commitment by TANDBERG ASA.
TANDBERG Gatekeeper User Guide
The information in this document is believed to be accurate and reliable, however TANDBERG ASA
assumes no responsibility or liability for any errors or inaccuracies that may appear in this document,
nor for any infringements of patents or other rights of third parties resulting from its use. No license is
granted under any patents or patent rights of TANDBERG ASA.
Thank you for buying a product which contributes to a reduction in pollution, and thereby helps save the
environment. Our products reduce the need for travel and transport and thereby reduce pollution. Our
products have either none or few consumable parts (chemicals, toner, gas, paper). Our products are low
energy consuming products.
1.3.1. TANDBERG's Environmental Policy
Environmental stewardship is important to TANDBERG's culture. As a global company with strong
corporate values, TANDBERG is committed to being an environmental leader and embracing
technologies that help companies, individuals and communities creatively address environmental
challenges.
TANDBERG's environmental objectives are to:
Develop products that reduce energy consumption, CO emissions, and traffic congestion
Provide products and services that improve quality of life for our customers
Produce products that can be recycled or disposed of safely at the end of product life
Comply with all relevant environmental legislation.
Page 8 of 105
TANDBERG Gatekeeper User Guide
1.3.2. European Environmental Directives
As a manufacturer of electrical and electronic equipment TANDBERG is responsible for compliance with
the requirements in the European Directives 2002/96/EC (WEEE) and 2002/95/EC (RoHS).
The primary aim of the WEEE Directive and RoHS Directive is to reduce the impact of disposal of
electrical and electronic equipment at end-of-life. The WEEE Directive aims to reduce the amount of
WEEE sent for disposal to landfill or incineration by requiring producers to arrange for collection and
recycling. The RoHS Directive bans the use of certain heavy metals and brominates flame retardants to
reduce the environmental impact of WEEE which is land filled or incinerated.
TANDBERG has implemented necessary process changes to comply with the European RoHS Directive
(2002/95/EC) and the European WEEE Directive (2002/96/EC).
1.3.3. Waste Handling
In order to avoid the dissemination of hazardous substances in our environment and to diminish the
pressure on natural resources, we encourage you to use the appropriate take-back systems in your area.
Those systems will reuse or recycle most of the materials of your end of life equipment in a
sound way.
TANDBERG products put on the market after August 2005 are marked with a crossed-out
wheelie bin symbol that invites you to use those take-back systems.
Please contact your local supplier, the regional waste administration or
http://www.tandberg.net/recycling if you need more information on the collection and recycling system
in your area.
1.3.4. Information for Recyclers
As part of compliance with the European WEEE Directive, TANDBERG provides recycling information on
request for all types of new equipment put on the market in Europe after August 13th 2005.
Please contact TANDBERG at recycling@tandberg.net and provide the following details for the product
for which you would like to receive recycling information:
Model number of TANDBERG product
Your company's name
Contact name
Address
Telephone number
E-mail address
1.3.5. Digital User Guides
TANDBERG is pleased to announce that we have replaced the printed versions of our User Guides with a
digital CD version. Instead of a range of different user manuals, there is now one CD -- which can be
used with all TANDBERG products -- in a variety of languages. The environmental benefits of this are
significant. The CDs are recyclable and the savings on paper are huge. A simple web-based search
feature helps you directly access the information you need. In addition, the TANDBERG video systems
now have an intuitive on-screen help function, which provides a range of useful features and tips. The
contents of the CD can still be printed locally, whenever needed.
Page 9 of 105
1.4. Operator Safety Summary
For your protection please read these safety instructions completely before you connect the equipment
to the power source. Carefully observe all warnings, precautions and instructions both on the apparatus
and in these operating instructions.
Keep this manual for future reference.
1.4.1. Water and Moisture
Do not operate the apparatus under or near water - for example near a bathtub, kitchen sink, or
laundry tub, in a wet basement, near a swimming pool or in other areas with high humidity.
Never install jacks for communication cables in wet locations unless the jack is specifically
designed for wet locations.
Do not touch the product with wet hands.
1.4.2. Cleaning
Unplug the apparatus from communication lines, mains power-outlet or any power source before
cleaning or polishing. Do not use liquid cleaners or aerosol cleaners. Use a lint-free cloth lightly
moistened with water for cleaning the exterior of the apparatus.
TANDBERG Gatekeeper User Guide
Unplug the apparatus from communication lines before cleaning or polishing. Do not use liquid
cleaners or aerosol cleaners. Use a lint-free cloth lightly moistened with water for cleaning the
exterior of the apparatus.
1.4.3. Ventilation
Do not block any of the ventilation openings of the apparatus. Never cover the slots and
openings with a cloth or other material. Never install the apparatus near heat sources such as
radiators, heat registers, stoves, or other apparatus (including amplifiers) that produce heat.
Do not place the product in direct sunlight or close to a surface directly heated by the sun.
1.4.4. Lightning
Never use this apparatus, or connect/disconnect communication cables or power cables during
lightning storms.
1.4.5. Dust
Do not operate the apparatus in areas with high concentration of dust.
1.4.6. Vibration
Do not operate the apparatus in areas with vibration or place it on an unstable surface.
Page 10 of 105
TANDBERG Gatekeeper User Guide
1.4.7. Power connection and Hazardous voltage
The product may have hazardous voltage inside. Never attempt to open this product, or any
peripherals connected to the product, where this action requires a tool.
This product should always be powered from an earthed power outlet.
Never connect attached power supply cord to other products.
In case any parts of the product has visual damage never attempt to connect mains power, or
any other power source, before consulting service personnel
The plug connecting the power cord to the product/power supply serves as the main disconnect
device for this equipment. The power cord must always be easily accessible.
Route the power cord so as to avoid it being walked on or pinched by items placed upon or
against it. Pay particular attention to the plugs, receptacles and the point where the cord exits
from the apparatus.
Do not tug the power cord
If the provided plug does not fit into your outlet, consult an electrician. Never install cables, or
any peripherals, without first unplugging the device from its power source.
1.4.8. Servicing
Do not attempt to service the apparatus yourself as opening or removing covers may expose you
to dangerous voltages or other hazards, and will void the warranty. Refer all servicing to qualified
service personnel.
Unplug the apparatus from its power source and refer servicing to qualified personnel under the
following conditions:
o If the power cord or plug is damaged or frayed.
o If liquid has been spilled into the apparatus.
o If objects have fallen into the apparatus.
o If the apparatus has been exposed to rain or moisture
o If the apparatus has been subjected to excessive shock by being dropped.
o If the cabinet has been damaged.
o If the apparatus seems to be overheated.
o If the apparatus emits smoke or abnormal odor.
o If the apparatus fails to operate in accordance with the operating instructions.
1.4.9. Accessories
Use only accessories specified by the manufacturer, or sold with the apparatus.
1.4.10. Communication lines
Never touch uninstalled communication wires or terminals unless the telephone line has been
disconnected at the network interface.
Do not use communication equipment to report a gas leak in the vicinity of the leak.
To reduce the risk of fire, use only No. 26 AWG or larger telecommunication line cord (ISDN
cables).
Page 11 of 105
2. Introduction
This User Manual is provided to help you make the best use of your TANDBERG Gatekeeper.
2.1. Main Features
The main features of the TANDBERG Gatekeeper are:
IPv4 and IPv6 support.
Supports up to 2500 registered endpoints.
Supports up to 100 neighboring zones.
Flexible zone configuration with prefix and suffix support.
URI and ENUM dialing with DNS enabling global connectivity.
Secure firewall traversal of any firewall or NAT when used in conjunction with a TANDBERG
Border Controller.
TANDBERG Gatekeeper User Guide
Up to 500 concurrent calls.
Up to 100 traversal calls in conjunction with a TANDBERG Border Controller.
Can be used to control the amount of bandwidth used both within the Gatekeeper zone and to
neighboring Border Controllers and Gatekeepers.
Can limit total bandwidth usage and set maximum per call bandwidth usage with automatic
downspeeding if call exceeds per-call maximum.
Can be managed with TANDBERG Management Suite 11.0 or newer, or as a standalone system
with RS-232, Telnet, SSH, HTTP and HTTPS.
Embedded setup wizard on serial port for initial configuration.
Note: features may vary depending on software package.
2.2. Hardware Overview
On the front of the Gatekeeper (see Figure 1) there are:
three LAN interfaces
a serial port (Data 1)
a Light Emitting Diode (LED) showing the power status of the system.
The LAN 1 interface is used for connecting the system to your network. LAN interface 2 and 3 are
disabled.
The serial port (Data 1) is for connection to a PC.
The LED, when lit, indicates that power is on.
Page 12 of 105
Figure 1: Front panel of Gatekeeper
On the back of the Gatekeeper (see Figure 2) there are:
a power connector
a power switch
a serial port (Data 2) for connecting to a PC.
TANDBERG Gatekeeper User Guide
Figure 2: Rear panel of Gatekeeper
Page 13 of 105
3. Installation
3.1. Precautions
Never install communication equipment during a lightning storm.
Never install jacks for communication cables in wet locations unless the jack is specifically
designed for wet locations.
Never touch uninstalled communication wires or terminals unless the communication line has
been disconnected at the network interface.
Use caution when installing or modifying communication lines.
Avoid using communication equipment (other than a cordless type) during an electrical storm.
There may be a remote risk of electrical shock from lightning.
Do not use communication equipment to report a gas leak in the vicinity of the leak.
The socket outlet shall be installed near to the equipment and shall be easily accessible.
TANDBERG Gatekeeper User Guide
Never install cables without first switching the power OFF.
This product complies with directives: LVD 73/23/EC and EMC 89/366/EEC.
Power must be switched off before power supplies can be removed from or installed into the
unit.
3.2. Preparing the Installation Site
Make sure that the Gatekeeper is accessible and that all cables can be easily connected.
For ventilation: Leave a space of at least 10cm (4 inches) behind the Gatekeeper's rear and 5cm
(2 inches) on the sides.
The room in which you install the Gatekeeper should have an ambient temperature between 0C
and 35C (32F and 95F) and between 10% and 90% non-condensing relative humidity.
Do not place hot objects directly on top of or directly beneath the Gatekeeper.
Use a grounded AC power outlet for the Gatekeeper.
Page 14 of 105
3.3. Unpacking
The TANDBERG Gatekeeper is delivered in a special shipping box which should contain the following
components:
Gatekeeper unit
Installation sheet
User manual and other documentation on CD
Rack-ears and screws
Kit with 4 rubber feet
Cables:
o Power cables
o One Ethernet cable
o One null-modem RS-232 cable
3.4. Mounting
TANDBERG Gatekeeper User Guide
The Gatekeeper comes with brackets for mounting in standard 19" racks.
Before starting the rack mounting, please make sure the TANDBERG Gatekeeper is placed securely on a
hard, flat surface.
1. Disconnect the AC power cable.
2. Make sure that the mounting space is according to the Installation site preparations in section
3.2.
3. Attach the brackets to the chassis on both sides of the unit.
4. Insert the unit into a 19" rack, and secure it with screws.
3.5. Connecting the Cables
3.5.1. Power cable
Connect the system power cable to an electrical distribution socket.
3.5.2. LAN cable
Connect a LAN cable from the LAN 1 connector on the front of the unit to your network.
3.5.3. Null-modem RS-232 cable
Connect the supplied null-modem RS-232 cable between the Border Controller's Data 1 connector and
the COM port on a PC.
3.6. Switching on the System
To start the TANDBERG Gatekeeper:
1. Ensure the power cable is connected.
2. Ensure the LAN cable is connected.
3. Switch the power switch button on the back of the unit to '1'.
On the front of the chassis you will see the Power LED being lit.
Page 15 of 105
4. Getting started
4.1. Initial Configuration
The TANDBERG Gatekeeper requires some configuration before it can be used. This must be done using
a PC connected to the serial port (Data 1) or by connecting to the system's default IP address:
192.168.0.100.
The IP address, subnet mask and gateway must be configured before use. The Gatekeeper has to be
configured with a static IP address. Consult your network administrator for information on which
addresses to use.
To set the initial configuration:
1. Connect the supplied null-modem RS-232 cable from Data 1 to a PC running a terminal program.
2. Start a terminal program and configure it to use the serial port with baud rate 115200, 8 data
bits, no parity, 1 stop bit, no flow control.
3. Power on the unit if it is not already on.
You should see the unit display start up information.
After approximately 2 minutes you will get a login prompt:
(none) login: admin
Password:
TANDBERG Gatekeeper User Guide
4. Enter the username admin and your password. The default password is TANDBERG.
You will be prompted if you want to run the install wizard:
Run install wizard [n]: y
5. Type y and press Enter.
6. Specify the following:
a. The password you want to use for your system. See Administrator Account (section 4.2.4)
for account details.
b. The IP address of the system.
c. The IP subnet mask of the system.
d. The IP default gateway of the system.
e. The Ethernet speed.
f. The local zone prefix, if any, you want to use for the zone controlled by this system. (You
should use a local zone prefix if you have a structured dial plan using E.164 aliases. See
Neighboring and dial plans (section 4.6.1) for more information.
g. Whether you want to use SSH to administer the system.
h. Whether you want to use Telnet to administer the system.
7. You will be prompted to log in again. You should see a welcome message like this:
Welcome to
TANDBERG Gatekeeper Release N5.1
SW Release Date: 2006-11-20
OK
8. Login with the username admin and your password.
Page 16 of 105
TANDBERG Gatekeeper User Guide
9. Review other system settings. You may want to set the following:
a. The name of the Gatekeeper. This is used by the TANDBERG Management Suite (TMS) to
identify the Gatekeeper. See the xConfiguration SystemUnit command (section
16.2.18) for more information on setting the name.
b. Automatic discovery. If you have multiple Gatekeepers in the same network you may want
to disable automatic discovery on some of them. See the xConfiguration Gatekeeper AutoDiscovery command (section 16.2.4).
c. The DNS server address and the domain name (if the Gatekeeper will be configured with
hostnames instead of IP address or if URI dialing is required). See the
xConfiguration IP DNS Server Address command (16.2.6) for more
information.
10. To make your new settings take effect, reboot the Gatekeeper by typing the command
xCommand boot.
11. Disconnect the serial cable.
Note: To securely manage the Gatekeeper you should disable HTTP and Telnet, using the encrypted
HTTPS and SSH protocols instead. For increased security, disable HTTPS and SSH as well, using
the serial port to manage the system.
Note: If you do not have an IP gateway, configure the Gatekeeper with an unused IP address that is
valid in your subnet.
4.2. System Administration
To configure and monitor the TANDBERG Gatekeeper you can either use the web interface or a
command line interface.
4.2.1. Web interface
To use the web interface, open a browser window and in the address line type either:
the IP address of the system
the system name.
You will be presented with the following screen:
Enter the User Nameadmin and your system password and select OK.
Page 17 of 105
You will be presented with the Overview screen:
TANDBERG Gatekeeper User Guide
Note: HTTP and HTTPS must be enabled in order to use the web interface. This is done using the
Note: If web access is required, you are recommended to enable HTTPS and disable HTTP for improved
security.
4.2.2. Command line interface
The command line interface is available over SSH, Telnet and through the serial port.
To use the command line interface, start a session and login with user name admin and your password.
The interface groups information in different commands:
xstatus
Provides a read only interface to determine the current status of the system. Information such as current
calls and registrations is available through this command group.
xconfiguration
A read/write interface to set system configuration data such as IP address and subnet.
xcommand
A miscellaneous group of commands for setting information or obtaining it.
xhistory
Provides historical information about calls and registrations.
xfeedback
An event interface, providing information about calls and registrations.
See the Command Reference (section 16) for a full list of commands.
Page 18 of 105
TANDBERG Gatekeeper User Guide
Note: SSH and/or Telnet access must be enabled in order to use the command line interface. This is
Note: For secure operation you should use SSH in preference to Telnet.
4.2.3. Session timeout
By default, administration sessions remain active until you logout. Session timeouts may be enabled
using the command:
xConfiguration Session TimeOut
or using the web interface via System Configuration > System and in the Services section entering a
value in the Session time out (minutes) field.
4.2.4. Administrator Account
All administration requires you to log in to the administration account with the user name admin and a
password. The default password is TANDBERG, which you are recommended to change as soon as
possible. Choose a strong password, particularly if administration over IP is enabled.
The password can be changed on the web interface via System Configuration > System or through the
command line interface using the command:
xconfiguration systemunit password: new_password
If you forget your password, it is possible to set a new password using the following procedure:
1. Reboot the Gatekeeper.
2. Connect to the Gatekeeper over the serial interface once it has restarted.
3. Login with the user name pwrec. No password is required.
You will be prompted for a new password.
Note: The pwrec account is only active for one minute following a restart. Beyond that time you will
have to restart the system again to change the password. Because access to the serial port
allows the password to be reset, it is recommended that you install the Gatekeeper in a
physically secure environment.
4.2.5. Root Account
The Gatekeeper provides a root account with the same password as the admin account. This account
should not be used in normal operation, and in particular system configuration should not be conducted
using this account. Use the admin account instead.
4.3. Backups
You are recommended to maintain a backup of your Gatekeeper configuration. Using the command line
interface, log on to the Gatekeeper as admin and type xConfiguration. Save the resulting output to
a file, using cut-and-paste or some other means provided by your terminal emulator. Pasting this
information back in to the command line shell will restore your configuration.
Page 19 of 105
4.4. IP Configuration
The Gatekeeper may be configured to use IPv4, IPv6 or both protocols. If using both protocols, the
Gatekeeper will act as a gateway if necessary, allowing calls to be made between an IPv4-only endpoint
and an IPv6-only endpoint. This behavior will use a traversal license for each call gatewayed between
IPv4 and IPv6.
IPv4 and IPv6 dual stack behavior is controlled by the command:
xConfiguration IPProtocol: <Both/IPv4/IPv6>
or using the web interface via System Configuration > IP Configuration shown in Figure 3 below:
TANDBERG Gatekeeper User Guide
Figure 3: Selecting IP Protocol
4.5. Endpoint Registration
Before an endpoint can use the Gatekeeper it must first register with it.
There are two ways an endpoint can register:
Automatically
Manually by specifying the IP address of the Gatekeeper.
Note: You can disable automatic registration on the Gatekeeper. See the Auto Discovery command
(section 16.2.4) for more information.
Page 20 of 105
TANDBERG Gatekeeper User Guide
When registering, the endpoint registers with one or more of the following:
One or more H.323 IDs
One or more E.164 aliases.
Users of other registered endpoints can then call the endpoint by using either the H.323 ID, a URI, an
E.164 alias, or one of the services.
It is recommended that you do not use aliases that reveal sensitive information. Due to the nature of
H.323, call setup information is exchanged in an unencrypted form.
By default, if you attempt to register an alias which has already been registered with the system, your
registration will be rejected. This helps you to identify when two users have a conflicting alias.
In some deployments an endpoint may frequently receive a new IP address, causing unwanted
registration rejections. When it tries to register, it may be rejected because the Gatekeeper still has a
registration from its old IP address. The Gatekeeper may be configured to allow an endpoint to overwrite
the old IP address. To do this, either issue the command:
or go to Gatekeeper Configuration > Restrictions and in the Policy section, from the Registration conflict
policy drop-down menu select Overwrite.
Consult the endpoint documentation for information on how to configure it with a Gatekeeper.
Note: When URI dialing is used to discover an endpoint, the URI used is based on either the H.323 ID
or the E.164 alias that the endpoint registered with. The local domain is then added to this. For
more information see URI Dialing (section 9).
4.6. Neighbor Gatekeepers
4.6.1. Neighboring and dial plans
As you start deploying more than one Gatekeeper or Border Controller, it is useful to neighbor the
systems together so that they can exchange information about registered endpoints. Each Gatekeeper
or Border Controller forms an H.323 zone and is responsible for the endpoints within that zone. There
are a number of ways this can be done, depending on the complexity of your system.
Flat dial plan
The simplest approach is to assign each endpoint a unique alias and divide the endpoint registrations
between the Gatekeepers and Border Controllers. Each Gatekeeper or Border Controller is then
configured with the addresses of all other Gatekeepers and Border Controllers. When a system receives
a call for an endpoint which is not registered with it, it will send out a Location Request to all the other
Gatekeepers and Border Controllers on the system. Whilst conceptually simple, this sort of flat dial plan
does not scale very well: adding or moving a Gatekeeper requires changing the configuration of every
Gatekeeper and Border Controller; one call attempt can result in a large number of location requests.
Structured dial plan
An alternative deployment would use a structured dial plan whereby endpoints are assigned an alias
based on the system they are registering with. Using E.164 aliases, each Gatekeeper or Border
Controller would be assigned an area code. When the Gatekeepers and Border Controllers are
neighbored together, each neighbor is configured with its corresponding area code as a prefix. That
neighbor will now only be queried for calls to numbers which begin with its prefix. In a URI based dial
plan, similar behavior may be obtained by configuring neighbors with a suffix to match the desired
domain name.
It may be desirable to have endpoints register with just the subscriber number -- the last part of the
E.164 number. In that case, the Gatekeeper should be configured to strip prefixes before placing the
Location Request.
A structured dial plan will minimize the number of location requests issued when a call is attempted,
but, as described above, still requires a fully connected mesh of all Gatekeepers and Border Controllers
in your deployment. A hierarchical dial plan (see below) can simplify this.
Page 21 of 105
TANDBERG Gatekeeper User Guide
Hierarchical dial plan
One Gatekeeper is nominated as the directory gatekeeper for the deployment. All Border Controllers and
public Gatekeepers are neighbored with it and vice versa. There is no need to neighbor the Border
Controllers and public Gatekeepers with each other. Adding a new Border Controller or public
Gatekeeper now only requires changing configuration on that system and the Directory Gatekeeper.
Failure of the directory gatekeeper could cause significant disruption to communications. Consideration
should be given to the use of Alternate Gatekeepers (see section 4.7) for increased resilience.
4.6.2. Adding Neighbors and configuring zones
Neighbors are added and zones configured through the command line interface using the
xconfiguration zones family of commands and xCommand ZoneAdd or through the web
interface via Gatekeeper Configuration > Zones - either select Add New Zone, or highlight an existing
zone and select Edit, to access the screen shown in Figure 4.
The prefixes and suffixes described above are formed using patterns: each zone may have up to 5
patterns assigned, each of which may be defined as a prefix or a suffix.
Patterns are not used, and not displayed on the web interface, if the pattern match mode is set to
always or disabled.
Figure 4: Adding a new zone
4.6.3. Search Order
If a called alias matches a prefix or suffix zone a strong match is achieved. A weak match is achieved if a
zone is to be queried only because it has no pattern matching configured.
When an incoming call request is received a Gatekeeper will first search all of its registered endpoints. If
no match is found, all strongly matching neighbor and traversal zones will be queried concurrently. If the
target is not found in any of the strongly matching zones, all weakly matching neighbor zones will be
queried, then all weakly matching traversal zones. Finally, if a match has still not been found, a DNS
query may be attempted (see section 9).
Page 22 of 105
4.7. Alternates
Alternate Gatekeeper support is provided to increase the reliability of your deployment. If one
Gatekeeper becomes unavailable, perhaps due to a network or power outage, another will be used as an
Alternate. Alternates share responsibility for their endpoint community: an individual endpoint may be
registered with any one of the Alternates. You should configure Alternates identically for all registration
and call features such as authentication, bandwidth control and policy. If you do not do this, endpoint
behavior will vary unpredictably depending on which Alternate it is currently registered with. Alternates
should also be deployed on the same LAN as each other so that they may be configured with the same
routing information such as local domain names and local domain subnet masks.
Each Gatekeeper may be configured with the IP addresses of up to five Alternates. When an endpoint
registers with the Gatekeeper, it is presented with the IP addresses of all the Alternates. If the endpoint
loses contact with its initial Gatekeeper, it will seek to register with one of the Alternates. This may result
in your endpoint community's registrations being spread over all the Alternates.
When a Gatekeeper receives a Location Request, if it cannot respond from its own registration
database, it will query all of its Alternates before responding. This allows the pool of registrations to be
treated as if they were registered with a single Gatekeeper.
The Alternate Gatekeepers can be configured within the web interface via Gatekeeper Configuration >
Gatekeeper within the Alternate Gatekeepers section (see Figure 5).
TANDBERG Gatekeeper User Guide
Figure 5: Alternate Gatekeeper configuration
Page 23 of 105
4.8. Call Processing Overview
Figure 6 illustrates the process the Gatekeeper performs when receiving call requests.
Receive Request
from Endpoint
(ARQ) or other
gatekeeper (LRQ)
Apply Transforms
Locally
Yes
registered
endpoint?
No
Locally
Yes
registered
service?
No
IP address
Yes
Yes
literal?
No
Off
Indirect
Alternates
configured?
Yes
Direct
On local
network?
IPAddress
mode?
TANDBERG Gatekeeper User Guide
Search Algorithm
Yes
Success: return LCF or ACF
Failure: return LRJ or ARJ
No
Feed URIs back in
priority order to
Location Search
algorithm
No
Yes
Found
address(es)?
Attempt to locate Call
Signaling port using
DNS A/AAAA
No
No
Call signaling
Yes
port located?
Attempt to locate Call
Signaling port using
DNS SRV
No
No
Received
LCF?
LRQ foreign
gatekeeper
LRQ all Alternates
with hopcount = 1
No
Received
Yes
LCF?
Yes
LRQ all alive strongmatching Neighbour
and Traversal Zones
Yes
No
Received LRQ as
a GK and
Forwarding is
Off?
No
that match the Alias
Received
LCF?
No
LRQ all weakmatching non-
Traversal Zones
Figure 6: Location decision flow diagram
No
Received
LCF?
Yes
Foreign
gatekeeper
located?
Attempt to locate
foreign gatekeeper
using DNS SRV
Yes
DNS Resolution
mode on?
YesNo
No
No
LRQ from Known
GK received by
this GK?
Received
LCF?
LRQ all weak-
matching Traversal
Zones
Yes
Does alias
resemble E.164
address?
NoNo
Yes
YesYes
ARQ from
registered EP
and alias does
not contain local
domain?
Empty candidate
set of URIs?
Perform E.164-URI
resolution using
ENUM algorithm
Yes
Page 24 of 105
TANDBERG Gatekeeper User Guide
When an endpoint wants to call another endpoint it presents the address it wants to call to the
Gatekeeper using a protocol knows as RAS. The Gatekeeper applies any transforms (see section 5), tries
to resolve the address, and if successful supplies the calling endpoint with information about the called
endpoint.
The destination address can take several forms: IP address, H.323 ID, E.164 alias or a full H.323 URI.
When an H.323 ID or E.164 alias is used, the Gatekeeper looks for a match between the dialed address
and the aliases registered by its endpoints. If no match is found, it may query other Gatekeepers and
Border Controllers.
When dialing by H.323 URI, the destination address resembles an email address. The Gatekeeper first
follows the procedure for matching H.323 IDs. If that fails it looks for a Gatekeeper or Border Controller
responsible for the domain (the part of the URI following the @ symbol) and queries that device.
Dialing by IP address is necessary when the destination endpoint is not registered with a Gatekeeper or
Border Controller. If it is registered, then one of the other addressing schemes should be used instead
as they are more flexible. From your registered endpoint, dial the IP address of the endpoint you wish to
call. This requires that the Gatekeeper has xConfiguration Gatekeeper CallsToUnknownIPAddresses correctly configured (see section 16.2.4).
When one endpoint calls another, the Gatekeeper is involved in locating the called endpoint. By default,
once the endpoint is located, the Gatekeeper takes no further part in the call signaling. By enabling call
routed mode, all call signaling will be routed through the Gatekeeper. This is useful if you need accurate
information about call start and stop times. Call Detail Records (CDRs) may be extracted from the
Gatekeeper event log.
Note: Traversal calls are always call routed, regardless of the setting of Call Routed Mode.
Page 25 of 105
5. Transforming Destination Aliases
5.1. Alias Transforms
The Alias Transforms function takes any aliases present in ARQ and LRQ messages and runs a set of
transformations on them. The resulting aliases will then be used in the normal Gatekeeper logic, exactly
as if those aliases were unchanged. Alias transforms will be applied prior to possible CPL modification
and Zone transforms. The Alias transforms will not have any effect on aliases presented in GRQ or RRQ
messages.
Alias transform rules are created either:
using the xconfiguration Gatekeeper Transform commands, or
using the web interface via Gatekeeper Configuration > Transforms and selecting Add New
Transform.
Alias transforms support the use of Regular Expressions. See Appendix C for further information.
Example
TANDBERG Gatekeeper User Guide
We have two gateways registered with the Gatekeeper with prefixes of 7 and 8 respectively.
We want to allow the users to dial 9 for an “outside line”, but use GW1 for local calls, and GW2 for
international calls. We should allow an alias manipulation that takes a destination alias of 90047… and
replaces it with 80047… and an alias of 90118… with 70118…. This is achieved by configuring alias
transforms as shown in Figure 7:
Figure 7: Example configuration of alias transforms
Page 26 of 105
5.2. Zone Transforms
It is possible to direct an incoming location request to a different alias by replacing either the prefix or
the suffix of the alias with a new string.
Zone transform rules are created either:
using the xconfiguration zones set of commands, or
using the web interface when adding or editing a zone via Gatekeeper Configuration > Zones.
You must first select from the Match 1, Match 2, etc. sections a Mode of PatternMatch in order
to access the options (see Figure 4).
Zone transforms support the use of Regular Expressions. See Appendix C for more information.
Example
Endpoints might be registered to a Gatekeeper with aliases of the form user@example.com. If someone
were to dial user@exampleusa.com we might want to try and find that user as user@example.com,
hence we need a rule that replaces the suffix exampleusa.com with example.com before searching off
the box. This can be achieved by configuring the zone transforms as shown in Figure 8:
TANDBERG Gatekeeper User Guide
Figure 8: Example configuration of zone transforms
Page 27 of 105
6. Unregistered Endpoints
Although most calls are made between endpoints registered with a Gatekeeper or Border Controller, it is
sometimes necessary to place a call to or from an unregistered endpoint.
6.1. Calling from an Unregistered Endpoint
An unregistered endpoint can call an endpoint registered with the Gatekeeper. If there are no firewalls
between the unregistered endpoint and the called endpoint, it is possible (though not recommended) to
place the call by dialing the target endpoint's IP address. A better way of placing the call from an
unregistered endpoint is to pass the alias of the called endpoint to the Gatekeeper. The Gatekeeper will
then resolve the alias and place the call as normal.
Not all endpoints allow you to enter an alias and an IP address to which the call should be placed. In that
case you can simply place the call to the IP address of the Gatekeeper, with no alias information. The
Gatekeeper may be configured to associate all such anonymous calls with a single destination alias. This
is achieved with the command:
or using the web interface via Gatekeeper Configuration> Gatekeeper Configurationand entering the
alias in the Fallback alias for unregistered caller destination field.
TANDBERG Gatekeeper User Guide
6.2. Calling to an Unregistered Endpoint
Calls can be placed to an unregistered endpoint by dialing its IP address or (if the DNS system has been
appropriately configured) using an H.323 URI.
If URI dialing is used, DNS is queried for a call signaling address and, if found, the call is placed to that
address. See URI Dialing (section 9) for details of how to configure the Call Signaling SRV Record.
It is sometimes undesirable for a system to place a call to an IP address directly. Instead, you may want
a neighbor to place the call on behalf of the Gatekeeper. You can configure this on the Gatekeeper using
the command:
or using the web interface via Gatekeeper Configuration > Gatekeeperand from within the Configuration
section selecting the desired option from the Calls to unknown IP addresses drop-down menu.
There are three possible settings:
Direct
This setting will allow the endpoint to make the call to the unknown IP address without querying any
neighbors. The call setup would occur just as it would if the far end were registered directly to the local
system.
Indirect
Upon receiving the call the Gatekeeper will check to see if the address belongs to one of its local
subzones. If so, it will allow the call. If not, it will query its neighbors for the remote address, relying on
the response from the neighbor to allow the ability for the call to be completed; connecting through the
routing rules as it would through the neighbor relationship.
Off
This will not allow any endpoint registered directly to the Gatekeeper to call an IP address of any system
not also registered directly to that Gatekeeper.
The default is Indirect.
Page 28 of 105
TANDBERG Gatekeeper User Guide
When the Gatekeeper is used with a Border Controller for firewall traversal, you will typically set
CallsToUnknownIPAddresses to Indirect on the Gatekeeper and Direct on the Border
Controller. This will allow calls originating inside the firewall to use the Gatekeeper and Border Controller
to successfully traverse the firewall. This is described in more detail in Dialing Public IP Addresses
(section 11.3).
Page 29 of 105
7. Bandwidth Control
7.1. About Bandwidth Control
The TANDBERG Gatekeeper allows you to control endpoints' use of bandwidth on your network.
Figure 9 shows a typical network deployment: a broadband LAN, where high bandwidth calls are
acceptable; a pipe to the internet with restricted bandwidth; and two satellite offices, each with their own
restricted pipes.
In order to utilize the available bandwidth efficiently, the TANDBERG Gatekeeper allows you to model
your network, and bandwidth controls on individual components of the network. Bandwidth controls may
be set on a call-by-call basis and on a total concurrent usage basis.
TANDBERG Gatekeeper User Guide
Figure 9: Typical network deployment
7.2. Subzones
All endpoints registered with your Gatekeeper are part of its local zone. As shown in Figure 9, the local
zone can contain two or more different networks with different bandwidth limitations. In order to model
this, the local zone is made up of one or more subzones. When an endpoint registers with the
Gatekeeper it is assigned to a subzone, based on its IP address.
By default all endpoints registering with the Gatekeeper are assigned to the default subzone. This is
suitable if you have uniform bandwidth available between all your endpoints. When you have differing
bandwidth provision, as in Figure 9, you should create a new subzone for each pool of endpoints. Each
subzone you create can include up to 5 subnets (based on a specified range of IP addresses).
Subzones are added and configured using the web interface via Gatekeeper Configuration >. SubZones,
and the either selecting Add New SubZone, or highlighting an existing subzone and selecting Edit. This
will take you to the screen shown in Figure 10. You can also add and configure subzones using the
following commands:
xConfiguration SubZones SubZone [1..100] Name
xConfiguration SubZones SubZone [1..100] Subnet [1..5] IP Prefixlength
xConfiguration SubZones SubZone [1..100] Subnet [1..5] IP Address
Page 30 of 105
Loading...
+ 75 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.