Traffic monitoring systems in VoIP networks. Part One - Overview
In this article we will try to consider such an interesting and useful element of IT infrastructure as a system for monitoring VoIP traffic.
The development of modern telecommunication networks is striking: they have advanced far from signal fires, and what seemed unthinkable earlier is now simple and commonplace. And only professionals know what lies behind everyday life and the wide use of the achievements of the information technology industry. A variety of transmission media, switching methods, protocols of interaction between devices and coding algorithms affects the mind of the average person and can become a real nightmare for anyone who is concerned with their healthy and stable operation: passing tones or voice traffic, not being able to register on the softswitch, testing the new equipment, composing contact vendor support.
The above-mentioned concept of a protocol is the cornerstone of any communication network, on which its architecture, the composition and complexity of its constituent devices, the list of services it provides, and much more, will depend. In this case, the obvious, but very important is the pattern that the use of a more flexible signaling protocol improves the scalability of the communication network, which entails a fairly rapid increase in its various network devices.
')
At the same time, even the necessary and justifiable increase in the number of interconnected network elements within the framework of the noted pattern entails a number of difficulties associated with maintaining the network and its operation. Many experts have encountered a situation where a captured dump does not allow to unambiguously localize the problem that has arisen, since was obtained on that part of the network, which is not involved in its appearance.
This situation is especially characteristic of VoIP networks, which include a number of devices larger than one PBX and several IP phones. For example, when the solution uses several border session controllers, flexible switches or one softswitch, but the function of determining the user's location is separate from the others and moved to a separate device. Then the engineer has to choose the following section for analysis, guided by his empirical experience or by chance.
Such an approach is extremely tedious and unproductive, as it forces us to spend time from time to time to fight the same questions: what will we use to collect packages, how to pick up the result and so on. On the one hand, as you know, a person gets used to everything. You can also get used to this, “get a hand” and train patience. However, on the other hand, there is still one more complication with which it is impossible not to reckon with - the correlation of the traces taken from different areas. All of the above, as well as many other tasks of the analysis of communication networks, are the subject of many specialists, and traffic monitoring systems are designed to help solve them.
And together we are doing a common thing: you are in your own way, and I am in my own way.
Y. Detochkin
Modern media traffic transmission networks are designed and built through the implementation of various concepts, the foundation of which is a set of telecommunication protocols: CAS, SS7, INAP, H.323, SIP, etc. The traffic monitoring system (SMT) is a tool that is designed to capture the messages listed above (and not only) of the protocols and has a set of convenient, intuitive and informative interfaces for its analysis. The main purpose of the SMT is to make signal traces and dumps for any period of time accessible to specialists at any time (including in real time) without using specialized programs (for example, Wireshark). On the other hand, each qualified specialist pays close attention to issues related, for example, to the security of the IT infrastructure.
At the same time, an important aspect directly related to this issue is the ability of the specialist to “keep abreast”, which can be achieved, including through timely notification of a particular incident. If the alert issues are mentioned, then we are talking about monitoring the communications network. Returning to the above definition, the SMT allows monitoring of messages, responses and activities that may indicate any abnormal network behavior (for example, 403 or 408 4xx group responses in SIP or a sharp increase in the number of sessions on the trunk), while getting relevant infographics, which clearly illustrates what is happening.
However, it should be noted that the VoIP traffic monitoring system is not originally the classic Fault Monitoring System, which allows mapping networks, controlling the availability of their elements, resource utilization, peripherals, and much more (for example, like Zabbix).
Having dealt with what constitutes a traffic monitoring system, and the tasks that it solves, let us turn to the question of how to apply it for business.
Obvious is the fact that the SMT itself is not able to collect Call Flow "by the command of a magician." To do this, you need to reduce the appropriate traffic from all the devices used in one point - Capture Server. Thus, the written defines a characteristic feature of the system, which is expressed in the need to ensure the centralization of the place where the signal traffic is collected and allows you to answer the above question: what does the use of the complex on the operated or implemented network give?
So, as a rule, rarely an engineer can, as they say, go straight ahead to answer the question of what particular location the specified traffic centralization point will or may be located. For a more or less unambiguous answer, specialists need to conduct a series of surveys related to the subject analysis of the VoIP network. For example, re-clarification of the composition of the equipment, a detailed definition of the points of its inclusion, as well as opportunities in the context of sending appropriate traffic to the collection point. In addition, it is clear that the success of the solution of the issue under consideration directly depends on the method of organizing the IP transport network.
Consequently, the first thing that gives the introduction of SMT - this is the same, once planned, but not performed audit of the network. Of course, the thoughtful reader will immediately ask the question - what is the CMT? There is no direct connection here and there cannot be, but ... The psychology of most people, including those connected with the IT world, is usually inclined to coincide with such events for an event. The next plus stems from the previous one and is that even before the SMT is deployed, Capture Agents are installed and configured, RTCP messages are enabled, any problems that require surgery can be detected. For example, somewhere a “bottleneck” was formed and this is clearly visible without statistics, which, among other things, SMT can provide, using data provided by, for example, RTCP.
Now let's return to the previously described process of collecting the necessary traces and smile, remembering the words of the hero in the epigraph of this part. An important feature of it, which was not specified, is that, as a rule, the above-mentioned manipulations can be performed by personnel with sufficient qualifications, for example, Core Engineers. On the other hand, the range of issues solved by traces may include so-called routine tasks. For example, determining the reason why the terminal does not register with the installer or client. At the same time, it becomes obvious that the presence of an exceptional possibility of taking dumps from the noted specialists imposes on them the need to perform these production tasks. This is not productive due to the fact that it takes time away from solving other more important issues.
At the same time, in most companies where it is desirable to use a product such as SMT, there is a special unit, whose task list just includes performing routine operations in order to offload other specialists - service desk, helpdesk or technical support. Also, I will not make a discovery for the reader if I note that the access of technical support engineers for security and network stability reasons to the most critical nodes is undesirable (although it is quite possible that it is not forbidden), and it’s exactly these network elements that contain the most favorable view in terms of dumps. SMT, in view of the fact that it is the central place for gathering traffic and has an intuitive and transparent interface, is fully capable of solving a number of the problems indicated. The only condition is the organization of access to the interface from the workplaces of technical support specialists and, possibly, the writing of the knowledge base of the article on its use.
In conclusion, we note the most famous and interesting products that in one way or another perform the above functionality, including: Voipmonitor, HOMER SIP Capture, Oracle Communications Monitor, SPIDER. Despite the general approach to organization and deployment, each has its own nuances, subjective positive and negative sides, and all deserve their separate consideration. What will be the subject of further materials. Thank you for your attention!
The development of modern telecommunication networks is striking: they have advanced far from signal fires, and what seemed unthinkable earlier is now simple and commonplace. And only professionals know what lies behind everyday life and the wide use of the achievements of the information technology industry. A variety of transmission media, switching methods, protocols of interaction between devices and coding algorithms affects the mind of the average person and can become a real nightmare for anyone who is concerned with their healthy and stable operation: passing tones or voice traffic, not being able to register on the softswitch, testing the new equipment, composing contact vendor support.
The above-mentioned concept of a protocol is the cornerstone of any communication network, on which its architecture, the composition and complexity of its constituent devices, the list of services it provides, and much more, will depend. In this case, the obvious, but very important is the pattern that the use of a more flexible signaling protocol improves the scalability of the communication network, which entails a fairly rapid increase in its various network devices.
')
At the same time, even the necessary and justifiable increase in the number of interconnected network elements within the framework of the noted pattern entails a number of difficulties associated with maintaining the network and its operation. Many experts have encountered a situation where a captured dump does not allow to unambiguously localize the problem that has arisen, since was obtained on that part of the network, which is not involved in its appearance.
This situation is especially characteristic of VoIP networks, which include a number of devices larger than one PBX and several IP phones. For example, when the solution uses several border session controllers, flexible switches or one softswitch, but the function of determining the user's location is separate from the others and moved to a separate device. Then the engineer has to choose the following section for analysis, guided by his empirical experience or by chance.
Such an approach is extremely tedious and unproductive, as it forces us to spend time from time to time to fight the same questions: what will we use to collect packages, how to pick up the result and so on. On the one hand, as you know, a person gets used to everything. You can also get used to this, “get a hand” and train patience. However, on the other hand, there is still one more complication with which it is impossible not to reckon with - the correlation of the traces taken from different areas. All of the above, as well as many other tasks of the analysis of communication networks, are the subject of many specialists, and traffic monitoring systems are designed to help solve them.
About communication network traffic monitoring systems
And together we are doing a common thing: you are in your own way, and I am in my own way.
Y. Detochkin
Modern media traffic transmission networks are designed and built through the implementation of various concepts, the foundation of which is a set of telecommunication protocols: CAS, SS7, INAP, H.323, SIP, etc. The traffic monitoring system (SMT) is a tool that is designed to capture the messages listed above (and not only) of the protocols and has a set of convenient, intuitive and informative interfaces for its analysis. The main purpose of the SMT is to make signal traces and dumps for any period of time accessible to specialists at any time (including in real time) without using specialized programs (for example, Wireshark). On the other hand, each qualified specialist pays close attention to issues related, for example, to the security of the IT infrastructure.
At the same time, an important aspect directly related to this issue is the ability of the specialist to “keep abreast”, which can be achieved, including through timely notification of a particular incident. If the alert issues are mentioned, then we are talking about monitoring the communications network. Returning to the above definition, the SMT allows monitoring of messages, responses and activities that may indicate any abnormal network behavior (for example, 403 or 408 4xx group responses in SIP or a sharp increase in the number of sessions on the trunk), while getting relevant infographics, which clearly illustrates what is happening.
However, it should be noted that the VoIP traffic monitoring system is not originally the classic Fault Monitoring System, which allows mapping networks, controlling the availability of their elements, resource utilization, peripherals, and much more (for example, like Zabbix).
Having dealt with what constitutes a traffic monitoring system, and the tasks that it solves, let us turn to the question of how to apply it for business.
Obvious is the fact that the SMT itself is not able to collect Call Flow "by the command of a magician." To do this, you need to reduce the appropriate traffic from all the devices used in one point - Capture Server. Thus, the written defines a characteristic feature of the system, which is expressed in the need to ensure the centralization of the place where the signal traffic is collected and allows you to answer the above question: what does the use of the complex on the operated or implemented network give?
So, as a rule, rarely an engineer can, as they say, go straight ahead to answer the question of what particular location the specified traffic centralization point will or may be located. For a more or less unambiguous answer, specialists need to conduct a series of surveys related to the subject analysis of the VoIP network. For example, re-clarification of the composition of the equipment, a detailed definition of the points of its inclusion, as well as opportunities in the context of sending appropriate traffic to the collection point. In addition, it is clear that the success of the solution of the issue under consideration directly depends on the method of organizing the IP transport network.
Consequently, the first thing that gives the introduction of SMT - this is the same, once planned, but not performed audit of the network. Of course, the thoughtful reader will immediately ask the question - what is the CMT? There is no direct connection here and there cannot be, but ... The psychology of most people, including those connected with the IT world, is usually inclined to coincide with such events for an event. The next plus stems from the previous one and is that even before the SMT is deployed, Capture Agents are installed and configured, RTCP messages are enabled, any problems that require surgery can be detected. For example, somewhere a “bottleneck” was formed and this is clearly visible without statistics, which, among other things, SMT can provide, using data provided by, for example, RTCP.
Now let's return to the previously described process of collecting the necessary traces and smile, remembering the words of the hero in the epigraph of this part. An important feature of it, which was not specified, is that, as a rule, the above-mentioned manipulations can be performed by personnel with sufficient qualifications, for example, Core Engineers. On the other hand, the range of issues solved by traces may include so-called routine tasks. For example, determining the reason why the terminal does not register with the installer or client. At the same time, it becomes obvious that the presence of an exceptional possibility of taking dumps from the noted specialists imposes on them the need to perform these production tasks. This is not productive due to the fact that it takes time away from solving other more important issues.
At the same time, in most companies where it is desirable to use a product such as SMT, there is a special unit, whose task list just includes performing routine operations in order to offload other specialists - service desk, helpdesk or technical support. Also, I will not make a discovery for the reader if I note that the access of technical support engineers for security and network stability reasons to the most critical nodes is undesirable (although it is quite possible that it is not forbidden), and it’s exactly these network elements that contain the most favorable view in terms of dumps. SMT, in view of the fact that it is the central place for gathering traffic and has an intuitive and transparent interface, is fully capable of solving a number of the problems indicated. The only condition is the organization of access to the interface from the workplaces of technical support specialists and, possibly, the writing of the knowledge base of the article on its use.
In conclusion, we note the most famous and interesting products that in one way or another perform the above functionality, including: Voipmonitor, HOMER SIP Capture, Oracle Communications Monitor, SPIDER. Despite the general approach to organization and deployment, each has its own nuances, subjective positive and negative sides, and all deserve their separate consideration. What will be the subject of further materials. Thank you for your attention!
Source: https://habr.com/ru/post/434002/
All Articles