Evaluation of gatekeeper proxies for firewall traversal in secure videoconferencing systems

It is common today to have H.323 and SIP videoconferencing equipment deployed behind firewalls/NATs in campus and enterprise networks. A major challenge faced by network planners is to configure firewalls and gatekeeper proxies to allow voice-and-video traffic in-and-out of the internal-network’s ports while limiting malicious access of internal-network data by intruders through the same open ports. In this paper, we first describe the strategies used with gatekeeper proxies to solve the firewall traversal challenges in securing distributed videoconferencing systems. Next, we empirically evaluate the load-handling of gatekeeper proxies for firewall traversal under low, medium and high cross-traffic loads using subjective and objective measurements. Following this, we describe the signalling-and-multimedia flow architectures and identify caveats that arise due to heterogeneous adoption of these strategies. Lastly, based on our empirical results, caveats identification and vast operations experience, we list best-practices for deploying gatekeeper proxies in small-to-large scale secure videoconferencing systems.