:: About placing and receiving Internet2 video calls via your CENIC connection ::

Pete Woodworth, CTS
Cal Poly, San Luis Obispo, CA
December, 2005

Trapped inside of the system

Until recently, CSU campus video conferences have been constrained to either ISDN calls, or IP (H.323) calls within the CSU or CCC networks. For the most part, this is due to campus firewalls which restrict IP-IP call operation. The CENIC gatekeepers now installed at each campus allow unrestricted H.323 traffic through the firewalls for all video endpoints which are registered with the gatekeepers. These "gatekeeper calls" are dialed via an alias, rather than an IP address. This is great in terms of quality-of-service (QOS), but the improved QOS is only valid between video endpoints which (were) within that network of CENIC gatekeepers. See this doc for more background regarding aliases.

Set the prisoners free

What Miracle Heather did @ CENIC was to peer the CENIC Root gatekeeper with the Internet2 Root gatekeeper, thus vastly expanding the network of registered gatekeepers worldwide which are accessible from our campuses!

I have recently received some great questions regarding the Internet2 connection available through CENIC, and I am re-posting several here in FAQ style along with my responses.

1. Can a CENIC-approved endpoint be used to join Internet2 sessions?

Any CENIC (CVS) gatekeeper-registered endpoint, including desktop units, already has I2 connectivity and can place outgoing calls to any I2 endpoints via GDS alias. This has been true since around Spring 2005, and was a lot of work--primarily by Heather @ CENIC. I highly encourage the use of desktop video conferencing on your campus! It works great now.

I must make an important distinction here between gatekeeper-registered and CVS-approved. The difference is that endpoints formally approved by CVS (room systems) are allowed to use CENIC's scheduler and MCUs, and are listed in the scheduler address list; PC-based systems are not. At this point, CVS policy does not officially allow desktop endpoints to use their scheduler and MCUs, but it is under discussion.  That is one of the reasons why we pushed for I2 Commons access: to allow access to the Commons' MCU farm for ad-hoc multipoint conferences, streaming, archiving, etc.  

I have created a bootleg CVS-alias address list for CSU endpoints (MS Word doc). I am synthesizing the CCC list as well. Contact me directly for a copy. A couple of notes:
// I am not responsible for typos or corrections to this list.
// DO NOT PLACE TEST CALLS TO THESE CAMPUS SITES WITHOUT FIRST RECEIVING PERMISSION FROM THE RESPECTIVE CAMPUS REPRESENTATIVE. You may interrupt a class or meeting in progress.

2.  Will the CENIC dialing scheme work with Internet2 GDS? (is the address already GDS?)

The CVS dialing scheme is different than the GDS scheme. Bummer. CVS endpoints can dial out to I2 endpoints now, but the existing CVS addresses for your endpoints need to be modified slightly (recommended) to allow for incoming calls from I2 endpoints . 

To enable incoming calls from I2 endpoints, just tell the far end to dial a prefix (0011649) added to (your endpoint's CVS address with the last two digits removed) to convert it to a fully qualified GDS address (15 digits maximum). That still allows every campus 99 CVS endpoint addresses.  I had to change them all to avoid duplicate GDS addresses.

Examine CENIC NOC and My desk address above for examples.  Get it?
I just went through and changed all of our CVS addresses to end in '00' to allow truncating for GDS use, otherwise, no other change is required on the endpoint.  Contact me for more information in that regard.

Check out the international ViDeNet address book. You should be able to dial any of these endpoints. They can dial you if you modify your endpoint's alias as above.


3.  Will the CENIC gatekeeper allow traffic from outside of the CENIC backbone?

Good question, and it has to do with firewalls (can you see my Powerpoint presentation? heh heh). Short version:
Campus firewalls successfully block any incoming IP video traffic to an IP address inside the firewall (DOH!).  The network of CENIC Cisco gatekeepers authorizes video traffic to traverse the firewalls at each end, based on three conditions:
    // Your endpoint is successfully registered with your campus' CENIC gatekeeper;
    // The far-end endpoint is successfully registered with some other CENIC gatekeeper;
    // The endpoint's registered E.164 alias is used to dial the call, and not the IP address.
The gatekeepers chat up each other when the call is originated, exchange authorized IP addresses and ports, and the call goes through, bypassing the firewalls and opening all TCP/UDP ports required for the call.

Again, what Heather did @ CENIC was to peer the CENIC Root gatekeeper with the I2 Root gatekeeper, thus expanding the network of registered gatekeepers accessible from our campuses.

So the answer to your third question is ... yes, when dialed as an alias, not as direct IP.

4. Can I access I2 and CENIC sites from my laptop at Starbucks?

Qualified yes. If you are attempting to place a connection to any I2 or CVS endpoint which is behind a firewall (most are), you will need to register your endpoint with a public I2 gatekeeper. The most commonly known is the "Free Love" gatekeeper hosted by Ohio State University; you can find more information here. (Register your endpoint with the gatekeeper @ 128.146.199.52) Note:

• In order to dial into a CVS-alias endpoint, you will need to use the CENIC prefix of 0011649 as discussed above. To dial an I2 GDS-alias site, just dial their GDS alias directly.
• Registering with a gatekeeper will not benefit you if you are dialing an IP address.