Provided by Colasoft Co., Ltd.
Home | Protocols | Packet Samples | Tools | RFCs | Glossary | Resource

H.225 ( H.225 )

Home > Protocols > H.225 Update: 2005-11-16 17:30:25    I have words to say about this protocol
On this page
SUMMARY
Protocol : H.225
Protocol suite : VoIP
Layer : Transport Layer
Related protocols : RTSP,
SIP,
RTP,
RTCP,
SDP,
Megaco/H.248,
Q.931,
H.323,
H.245
DESCRIPTION
The H.225 call signaling protocol consists of many subprotocols and is part of the H.323 suite. H.225 is used for connection establishment and termination between endpoints. The H.225 call signaling protocol also supports status inquiry, ad hoc multipoint call expansion, and limited call forwarding and transfer. H.225 call signaling messages are exchanged over Q.931. The Q.931 messages are exchanged over a TCP stream demarcated by Transport Protocol Data Unit Packet (TPKT) encapsulations. The H.225 call signaling message is transported as part of the user information element of the Q.931 protocol. The ASN.1 representation of the H.225 message is encoded using the Packed Encoding Rules.

H.225.0 v2 is a standard which covers narrow-band visual telephone services defined in H.200/AV.120-Series Recommendations. It specifically deals with those situations where the transmission path includes one or more packet based networks, each of which is configured and managed to provide a non-guaranteed Quality of Service (QoS) which is not equivalent to that of N-ISDN such that additional protection or recovery mechanisms beyond those mandated by Rec. H.320 is necessary in the terminals. H.225.0 describes how audio, video, data, and control information on a packet based network can be managed to provide conversational services in H.323 equipment.

Figure 1 represents a basic message sequence and the constituents of an H.323 call. The general approach to starting a call is to send a mandatory admission request on the RAS channel, followed by an initial setup message on a reliable channel transport address (this address may have been returned in the admission confirmation message, or may have been known to the calling terminal). As a result of this initial message, a call setup sequence commences based on H.225 call signaling operations. The sequence is complete when in the Connect message, the terminal receives a reliable transport address on which to send H.245 control messages.


Figure 1

Note: A reliable transport address is used for call setup for the terminal-to-terminal case, and also for the gatekeeper-mediated case. The reliable call signaling connection is kept active until a "Release Complete" message is received for all active calls signaled over the call-signaling channel.

Figures 2 and 3 depict the message sequence of a normal inter- and intra-zone call-message sequence.


Figure 2


Figure 3

H.225 Registration, Admission, and Status
H.225 call signaling is used to set up connections between H.323 endpoints (terminals and gateways), over which the real-time data can be transported. Call signaling involves the exchange of H.225 protocol messages over a reliable call-signaling channel. For example, H.225 protocol messages are carried over TCP in an IP based H.323 network.

H.225 messages are exchanged between the endpoints if there is no gatekeeper in the H.323 network. When a gatekeeper exists in the network, the H.225 messages are exchanged either directly between the endpoints or between the endpoints after being routed through the gatekeeper. The first case is direct call signaling. The second case is called gatekeeper-routed call signaling. The method chosen is decided by the gatekeeper during RAS admission message exchange.

  • Gatekeeper-Routed Call Signaling
    The admission messages are exchanged between endpoints and the gatekeeper on RAS channels. The gatekeeper receives the call-signaling messages on the call-signaling channel from one endpoint and routes them to the other endpoint on the call-signaling channel of the other endpoint.


  • Direct Call Signaling
    During the admission confirmation, the gatekeeper indicates that the endpoints can exchange call-signaling messages directly. The endpoints exchange the call signaling on the call-signaling channel.


Protocol Structure
H.225.0: Call Signaling and RAS in H.323 VOIP Architecture

1

2

3

4

8 bit

Protocol Discriminator

0

0

0

0

Length of call reference bits

Call reference value

0

Message type

Information Elements


  • Protocol discriminator
    Distinguishes messages for user-network call control from other messages.


  • Length of call ref
    The length of the call reference value.


  • Call reference value
    Identifies the call or facility registration/cancellation request at the local user-network interface to which the particular message applies. May be up to 2 octets in length.


  • Message type
    Identifies the function of the message sent. The following message types are used:


    • 000
    xxxxxCall establishment messages:
    00001ALERTING
    00010CALL PROCEEDING
    00111CONNECT
    01111CONNECT KNOWLEDGE
    00011PROGRESS
    00101SETUP
    01101SETUP ACKNOWLEDGE
    001
    xxxxxCall information phase messages:
    00110RESUME
    01110RESUME ACKNOWLEDGE
    00010RESUME REJECT
    00101SUSPEND
    01101SUSPEND ACKNOWLEDGE
    00001SUSPEND REJECT
    00000USER INFORMATION
    010
    xxxxxCall clearing messages:
    00101DISCONNECT
    01101RELEASE
    11010RELEASE COMPLETE
    00110RESTART
    01110RESTART ACKNOWLEDGE
    011
    xxxxxMiscellaneous messages:
    00000SEGMENT
    11001CONGESTION CONTROL
    11011INFORMATION
    01110NOTIFY
    11101STATUS
    10101STATUS ENQUIRY


  • Information elements
    Two categories of information elements are defined: single octet information elements and variable length information elements, as shown in the following illustrations.


Key RAS messages

MessageFunction
RegistrationRequest (RRQ)Request from a terminal or gateway to register with a gatekeeper. Gatekeeper either confirms or rejects (RCF or RRJ).
AdmissionRequest (ARQ)Request for access to packet network from terminal to gatekeeper. Gatekeeper either confirms or rejects (ACF or ARJ).
BandwidthRequest (BRQ)Request for changed bandwidth allocation, from terminal to gatekeeper. Gatekeeper either confirms or rejects (BCF or BRJ).
DisengageRequest (DRQ)If sent from endpoint to gatekeeper, DRQ informs gatekeeper that endpoint is being dropped; if sent from gatekeeper to endpoint, DRQ forces call to be dropped. Gatekeeper either confirms or rejects (DCF or DRJ). If DRQ sent by gatekeeper, endpoint must reply with DCF.
InfoRequest (IRQ)Request for status information from gatekeeper to terminal.
InfoRequestResponse (IRR)Response to IRQ. May be sent unsolicited by terminal to gatekeeper at predetermined intervals.
RAS timers and Request in Progress (RIP)Recommended default timeout values for response to RAS messages and subsequent retry counts if response is not received.


H.225 security considerations
H.225 call signaling and status messages form an inherent part of the H.323 call setup. Various H.323 entities in the network like the gatekeeper, gateways, and endpoint terminals run implementations of the H.225 protocol stack. In scenarios like this, it becomes increasingly important to have robust implementations of these protocols and to have proper security checks to avoid protocol misuse and allow attackers to use bugs in these implementations as attack vectors. Attackers can try and compromise the H.225 protocol implementations; it is possible to adversely affect the VoIP network, hijack calls, or lead to misuse of the VoIP network.

  • Buffer Overflow Attacks
    Since H.225 messages are PER encoded, the attacker can misencode the PER encoding lengths and try and cause buffer overflow at the receiving endpoint. The ASN.1 representation of the H.225 protocol lays down some specific bounds on the lengths of the fields, and protocol modules may be susceptible to attacks based on these fields.


  • DoS Attacks
    Attackers can try and send huge messages by specifying out-of-bound and large messages or fields. This leads to excessive memory usage at the endpoints and gateways and can lead to a DoS attack. The attackers can try to use PER encoding coupled with the ASN.1 representation to encode excessive recursive fields and lead to huge processing and memory overhead at the endpoint.


  • Invalid Protocol Fields/Misuse
    Attackers may use vulnerability in the endpoint implementation by sending invalid protocol fields, or may misuse the misinterpretation of endpoint software. This can lead to inadvertent leakage of sensitive network topology information, call hijacking, or a DoS attack.


  • Attacks Using Bad Patterns in String Fields
    Attackers may use certain string fields in the Q.931 and H.225 protocols to insert specific patterns and compromise the endpoint implementation to run specific attack code, like opening a back door for further attacks.
Top of Page
EXAMPLES

Top of Page
PROTOCOL RELATIONS
Parent layer
Child layer
TCP/UDP
H.225
Top of Page
GLOSSARY
ASN.1
ASN.1 (Abstract Syntax Notation One) is a language that defines the way data is sent across dissimilar communication systems. ASN.1 ensures that the data received is the same as the data transmitted by providing a common syntax for specifying Application layer (program-to-program communications) protocols.

Address
A location of data, usually in main memory or on a disk. You can think of computer memory as an array of storage boxes, each of which is one byte in length. Each box has an address (a unique number) assigned to it. By specifying a memory address, programmers can access a particular byte of data. Disks are divided into tracks and sectors, each of which has a unique address. Usually, you do not need to worry about addresses unless you are a programmer.

A name or token that identifies a network component. In local area networks (LANs), for example, every node has a unique address. On the Internet, every file has a unique address called a URL.

Buffer
Buffer is a temporary storage area, usually in RAM. The purpose of most buffers is to act as a holding area, enabling the CPU to manipulate data before transferring it to a device. Because the processes of reading and writing data to a disk are relatively slow, many programs keep track of data changes in a buffer and then copy the buffer to a disk.

Data
* Distinct pieces of information, usually formatted in a special way. All software is divided into two general categories: data and programs. Programs are collections of instructions for manipulating data. Data can exist in a variety of forms -- as numbers or text on pieces of paper, as bits and bytes stored in electronic memory, or as facts stored in a person's mind. Strictly speaking, data is the plural of datum, a single piece of information. In practice, however, people use data as both the singular and plural form of the word.

* The term data is often used to distinguish binary machine-readable information from textual human-readable information. For example, some applications make a distinction between data files (files that contain binary data) and text files (files that contain ASCII data).

* In database management systems, data files are the files that store the database information, whereas other files, such as index files and data dictionaries, store administrative information, known as metadata.

DoS
DoS (Disk Operating System) can refer to any operating system, but it is most often used as a shorthand for MS-DOS (Microsoft disk operating system). Originally developed by Microsoft for IBM, MS-DOS was the standard operating system for IBM-compatible personal computers.

Endpoint
SIP or H.323 terminal or gateway. An endpoint can call and be called. It generates and terminates the information stream.

Gateway
A network device used to translate between two different protocols. Used to interconnect two networks that use incompatible protocols. It is a node on a network that serves as an entrance to another network. In enterprises, the gateway is the computer that routes the traffic from a workstation to the outside network that is serving the Web pages. In homes, the gateway is the ISP that connects the user to the internet.

In enterprises, the gateway node often acts as a proxy server and a firewall. The gateway is also associated with both a router, which use headers and forwarding tables to determine where packets are sent, and a switch, which provides the actual path for the packet in and out of the gateway.

It is also a computer system located on earth that switches data signals and voice signals between satellites and terrestrial networks and an earlier term for router, though now obsolete in this sense as router is commonly used.

H.225
H.225.0 is a key protocol in the H.323 VoIP architecture defined by ITU-T. H.225.0 describes how audio, video, data and control information on a packet based network can be managed to provide conversational services in H.323 equipment. H.225.0 has two major parts: Call signaling and RAS (Registration, Admission and Status).

H.245
H.245 is an H.323 protocol for capability negotiation, messages for opening and closing channels for media streams; for example - media signaling.

H.323
H.323 is an umbrella recommendation from the ITU-T, that defines the protocols to provide audio-visual communication sessions on any packet network. It is currently implemented by various Internet real-time applications such as NetMeeting and GnomeMeeting. It is a part of the H.32x series of protocols which also address communications over ISDN, PSTN or SS7. H.323 is commonly used in Voice over IP (VoIP) and IP-based videoconferencing.

Network
Network is a group of two or more computer systems linked together. There are many types of computer networks, including:
LANs (local-area networks), WANs (wide-area networks), CANs (campus-area networks), MANs (metropolitan-area networks) and HANs (home-area networks).

In addition to these types, the following characteristics are also used to categorize different types of networks: Topology, protocol and architecture.

Packet
A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (e-mail message, HTML file, Graphics Interchange Format file, Uniform Resource Locator request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end).

Q.931
Q.931 is an ISDN connection control protocol, roughly comparable to TCP in the Internet protocol stack. Q.931 doesn't provide flow control or perform retransmission, because the underlying layers are assumed to be reliable and the circuit-oriented nature of ISDN allocates bandwidth in fixed increments of 64 kbps. Q.931 does manage connection setup and breakdown. In H.323 scenario, this protocol is encapsulated in TCP and sent to port 1720.

RAS
RAS (Registration, Admission and Status) is a management protocol between endpoints (terminals and gateways) and gatekeepers. The RAS is used to perform registration, admission control, bandwidth changes, status, and disengage procedures between endpoints and gatekeepers.

Stream
Stream is a uni-directional logical channel established from one to another associated SCTP endpoint, within which all user messages are delivered in sequence except for those submitted to the unordered delivery service.

TCP
TCP (Transmission Control Protocol) is one of the main protocols in TCP/IP networks. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.

Terminal
Terminal is a device that enables you to communicate with a computer. Generally, a terminal is a combination of keyboard and display screen. In networking, a terminal is a personal computer or workstation connected to a mainframe. The personal computer usually runs terminal emulation software that makes the mainframe think it is like any other mainframe terminal.

VoIP
Voice over Internet Protocol, a category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls by sending voice data in packets using IP rather than by traditional circuit transmissions of the PSTN. One advantage of VoIP is that the telephone calls over the Internet do not incur a surcharge beyond what the user is paying for Internet access, much in the same way that the user doesn't pay for sending individual e-mails over the Internet.
Top of Page
REFERENCES


Top of Page
OTHER PROTOCOLS OF TCP/IP SUITE
AARP   RRP   RTP Video   RTP Audio   RTP   COPS   Gopher   HSRP   ICP   MPLS   IEEE 802.2   CIP   FTP - Data   FTP - Ctrl   IMAPS   IP Fragment   LDAPS   PUP   MSSQL   RSH   SQL   POP3s   RTELNET   RSVP   STP   VLAN   MSN   H.323   MSRDP   HTTPS   WINS   LPD   GTP   ICMPv6   POP   TELNET   H.225   VRRP   PIM   RARP   SAP   OSPF   RLOGIN   SCTP   SIP   RTCP   PPPoE   Mobile IP   IMAP3   WhoIs   SLP   NCP   PPTP   MGCP   LDAP   L2TP   Kerberos   IPv6   GRE   Ethernet SNAP   AFP   CIFS   IEEE 802.3   Finger   NBDGM   NetBEUI   NBSSN   ESP   EIGRP   EGP   DHCP   CGMP   CDP   BOOTP   AH   NBNS   EthernetII   ICQ   PPP   ARP   RIP   IPX   IGRP   IGMP   SSH   RPC   NetBIOS   TFTP   SNMP   SNA   SMB   RADIUS   NTP   NNTP   UDP   TCP   BGP   DNS   SOCKS   IMAP   RTSP   NFS   ICMP   IP   FTP   Telnet   POP3   SMTP   HTTP  
Search RFCs:

Advanced Search
Search Glossary:
Exact search
Fuzzy search


All Protocols
Submit a Request
Recommend an Article
 Layer 7 Application Layer
  AFP
  BOOTP
  CIFS
  CIP
  COPS
  DHCP
  DNS
  Finger
  FTP
  FTP - Ctrl
  FTP - Data
  Gopher
  HSRP
  HTTP
  HTTPS
  ICP
  ICQ
  IMAP
  IMAP3
  IMAPS
  Kerberos
  LPD
  MGCP
  MSN
  MSRDP
  MSSQL
  NCP
  NFS
  NNTP
  NTP
  POP
  POP3
  POP3s
  RADIUS
  RLOGIN
  RRP
  RSH
  RTCP
  RTELNET
  RTP
  RTP Audio
  RTP Video
  RTSP
  SAP
  SIP
  SLP
  SMB
  SMTP
  SNA
  SNMP
  SOCKS
  SSH
  Telnet
  TELNET
  TFTP
  WhoIs
  WINS
 Layer 6 Presentation Layer
  NBNS
  NBSSN
  NCP
  NetBIOS
 Layer 5 Session Layer
  LDAP
  LDAPS
  NCP
  NetBEUI
  RPC
 Layer 4 Transport Layer
  H.225
  H.323
  NBDGM
  NetBEUI
  PUP
  SCTP
  TCP
  UDP
 Layer 3 Network Layer
  AARP
  AH
  BGP
  EGP
  EIGRP
  ESP
  GRE
  GTP
  ICMP
  ICMPv6
  IGMP
  IGRP
  IP
  IP Fragment
  IPv6
  IPX
  Mobile IP
  MPLS
  OSPF
  PIM
  PPPoE
  RIP
  RSVP
  STP
  VRRP
 Layer 2 Data Link Layer
  ARP
  CDP
  CGMP
  Ethernet SNAP
  EthernetII
  IEEE 802.2
  IEEE 802.3
  L2TP
  PPP
  PPTP
  RARP
  SQL
  VLAN
 Layer 1 Physical Layer
© 2006 - 2007 Colasoft Co., Ltd. All rights reserved.