Traffic monitoring systems in VoIP networks. Part two - principles of organization
Hello colleagues!
In the previous article we met with such a useful and, as you can see, a rather necessary element of the VoIP infrastructure, such as a traffic monitoring system or, for short, SMT. We learned what it is, what tasks it solves, and also noted the most prominent representatives represented by the developers of the IT world. In this part, we will consider the principles according to which the implementation of an SMT in the IT infrastructure and the monitoring of VoIP traffic by its means is carried out.
')
We built, built and finally built. Hooray!
From the cartoon "Cheburashka and Crocodile Gena".
As noted earlier, there are enough products in the communications and telecommunications industry that fall into the relevant category. However, if you abstract from the name, developer, platform, etc., you can see that they are all more or less the same in terms of their architecture (at least those that the author had to deal with). It should be noted that this is due precisely to the simple absence of any other means of capturing traffic from network elements for its subsequent detailed analysis. At the same time, the latter, according to subjective opinion, is largely determined by the current development of various areas of the subject industry. For a clearer understanding, consider the following analogy.
Since the great Russian scientist Vladimir Alexandrovich Kotelnikov created the sampling theorem, mankind has received a tremendous opportunity to perform analog-digital and digital-analog conversion of speech signals, thanks to which we can fully use such a wonderful kind of communication as IP-telephony. If you look at the development of speech processing mechanisms (aka algorithms, codecs, encoding methods, etc.), you can see how DSP (digital signal processing) made a fundamental step in coding information messages - the realization of the ability to predict the speech signal. That is, instead of simply digitizing and using the a- and u-laws of compression (G.711A / G.711U), it is now possible to transfer only a fraction of the samples and then restore the entire message from them, which saves a lot of bandwidth. Returning to the subject of SMT, we note that at the moment there are no similar qualitative changes in the approach to capturing traffic, besides this or that type of mirroring.
Referring to the figure below and illustrating what was built by the experts of the relevant subject areas.
Figure 1. The general scheme of the SMT architecture.
Virtually any SMT consists of two main components: a server and traffic capture agents (or probes). The server performs reception, processing and storage of VoIP-traffic, which comes from agents, and also provides specialists with the opportunity to work with the received information in different views (graphs, charts, Call Flow, etc). The capture agents receive VoIP traffic from the network core equipment (for example, SBC, softswitch, gateways, ..), convert it to the format used in the applied system server software, and transfer it to the latter for subsequent manipulations.
As in music, composers create variations on the basic melodies of works, and in this case there are various options for the implementation of the above scheme. Their diversity is quite large and is mainly determined by the characteristics of the infrastructure in which the SMT is deployed. The most common option is the one in which the capture agents are not installed and configured. In this case, the analyzed traffic is sent directly to the server or, for example, the server receives the necessary information from the pcap-files generated by the monitoring objects. Such a delivery method is usually chosen if there is no possibility to install probes. The place on the site where the equipment is located, the lack of resources of virtualization tools, flaws in the organization of the IP transport network and, as a result, problems with network connectivity, etc., all this may be the reason for choosing the marked monitoring option.
Having learned and understood how this or that SMT can be implemented in the IT infrastructure from an architectural point of view, we next consider aspects that are more within the competence of system administrators, namely, how to deploy software systems on servers.
In the course of preparing a decision on the implementation of the monitoring network component under consideration, the executives always have many questions. For example, what should be the composition of server hardware, is the installation of all system components on one host sufficient, or should they be separated from each other, how to install software, etc. The above, as well as many other related questions, are very extensive, and the answers to many of them really depend on the specific conditions of operation (or design). However, we will try to summarize the specifics in order to get a general idea and understanding of this side of the CMT deployment.
So, the first thing that specialists are always interested in when implementing an SMT is with which TTX to use the server? Given the wide distribution of free software, this question is asked so many times that its popularity can probably be compared with the question “What to do?” Asked by Nikolai Gavrilovich Chernyshevsky ... The main factor influencing the answer is the number of media sessions that are processed or will be handled by the telephony platform. The numerical and tangible characteristic that gives a specific assessment of the marked factor is the CAPS (Call Attempts Per Second) parameter or the number of calls per second. The need to answer this question is primarily due to the fact that it is the information about the sessions sent to the system that will create a load on its server.
The second question that arises in the course of making decisions about the characteristics of the server hardware components is the composition of the software (operating environments, databases, etc.) that will function on it. Signal (or media) traffic arrives at the server, where it is processed (parsing signal messages) by some application (for example, Kamailio), and then the information generated in a certain way is placed in the database. For different CMTs, both the applications that defragment signaling units and the applications that provide storage may be different. However, they are all united by the same nature of multithreading. At the same time, due to the peculiarities of such an element of the infrastructure as the SMT, in this paragraph it should be noted that the number of write operations to disk significantly exceeds the number of read operations from it.
And finally ... "How much is in this word": server, virtualization, containerization ... The last but very important aspect touched upon in this part of the article is possible ways to install SMT components when it is deployed. Listed next to the quote from the immortal work of A.S. Pushkin technology, widely distributed in various infrastructures and projects. On the one hand, they are closely interrelated with each other, and on the other, they differ dramatically in many criteria. Nevertheless, all of them, in one form or another, are presented by developers as available options for installing their products. Summarizing for the systems listed in the first part of the article, we note the following methods for deploying them to a physical server or virtual machine:
The listed installation tools have their advantages and disadvantages, and specialists have their own preferences, limitations, and specific conditions in which the infrastructure is being used or implemented by them in order to voice any recommendations. On the other hand, the given description of the ways to deploy SIP traffic monitoring systems is quite transparent, and at the current stage does not require its more detailed consideration.
This was another article devoted to an important and interesting element of a VoIP network - the SIP traffic monitoring system. As always, I thank readers for their attention to this material! In the next part, we will try to further delve into the specifics and consider the products of HOMER SIP Capture and SIP3.
In the previous article we met with such a useful and, as you can see, a rather necessary element of the VoIP infrastructure, such as a traffic monitoring system or, for short, SMT. We learned what it is, what tasks it solves, and also noted the most prominent representatives represented by the developers of the IT world. In this part, we will consider the principles according to which the implementation of an SMT in the IT infrastructure and the monitoring of VoIP traffic by its means is carried out.
')
VoIP traffic monitoring systems architecture
We built, built and finally built. Hooray!
From the cartoon "Cheburashka and Crocodile Gena".
As noted earlier, there are enough products in the communications and telecommunications industry that fall into the relevant category. However, if you abstract from the name, developer, platform, etc., you can see that they are all more or less the same in terms of their architecture (at least those that the author had to deal with). It should be noted that this is due precisely to the simple absence of any other means of capturing traffic from network elements for its subsequent detailed analysis. At the same time, the latter, according to subjective opinion, is largely determined by the current development of various areas of the subject industry. For a clearer understanding, consider the following analogy.
Since the great Russian scientist Vladimir Alexandrovich Kotelnikov created the sampling theorem, mankind has received a tremendous opportunity to perform analog-digital and digital-analog conversion of speech signals, thanks to which we can fully use such a wonderful kind of communication as IP-telephony. If you look at the development of speech processing mechanisms (aka algorithms, codecs, encoding methods, etc.), you can see how DSP (digital signal processing) made a fundamental step in coding information messages - the realization of the ability to predict the speech signal. That is, instead of simply digitizing and using the a- and u-laws of compression (G.711A / G.711U), it is now possible to transfer only a fraction of the samples and then restore the entire message from them, which saves a lot of bandwidth. Returning to the subject of SMT, we note that at the moment there are no similar qualitative changes in the approach to capturing traffic, besides this or that type of mirroring.
Referring to the figure below and illustrating what was built by the experts of the relevant subject areas.
Figure 1. The general scheme of the SMT architecture.
Virtually any SMT consists of two main components: a server and traffic capture agents (or probes). The server performs reception, processing and storage of VoIP-traffic, which comes from agents, and also provides specialists with the opportunity to work with the received information in different views (graphs, charts, Call Flow, etc). The capture agents receive VoIP traffic from the network core equipment (for example, SBC, softswitch, gateways, ..), convert it to the format used in the applied system server software, and transfer it to the latter for subsequent manipulations.
As in music, composers create variations on the basic melodies of works, and in this case there are various options for the implementation of the above scheme. Their diversity is quite large and is mainly determined by the characteristics of the infrastructure in which the SMT is deployed. The most common option is the one in which the capture agents are not installed and configured. In this case, the analyzed traffic is sent directly to the server or, for example, the server receives the necessary information from the pcap-files generated by the monitoring objects. Such a delivery method is usually chosen if there is no possibility to install probes. The place on the site where the equipment is located, the lack of resources of virtualization tools, flaws in the organization of the IP transport network and, as a result, problems with network connectivity, etc., all this may be the reason for choosing the marked monitoring option.
Having learned and understood how this or that SMT can be implemented in the IT infrastructure from an architectural point of view, we next consider aspects that are more within the competence of system administrators, namely, how to deploy software systems on servers.
In the course of preparing a decision on the implementation of the monitoring network component under consideration, the executives always have many questions. For example, what should be the composition of server hardware, is the installation of all system components on one host sufficient, or should they be separated from each other, how to install software, etc. The above, as well as many other related questions, are very extensive, and the answers to many of them really depend on the specific conditions of operation (or design). However, we will try to summarize the specifics in order to get a general idea and understanding of this side of the CMT deployment.
So, the first thing that specialists are always interested in when implementing an SMT is with which TTX to use the server? Given the wide distribution of free software, this question is asked so many times that its popularity can probably be compared with the question “What to do?” Asked by Nikolai Gavrilovich Chernyshevsky ... The main factor influencing the answer is the number of media sessions that are processed or will be handled by the telephony platform. The numerical and tangible characteristic that gives a specific assessment of the marked factor is the CAPS (Call Attempts Per Second) parameter or the number of calls per second. The need to answer this question is primarily due to the fact that it is the information about the sessions sent to the system that will create a load on its server.
The second question that arises in the course of making decisions about the characteristics of the server hardware components is the composition of the software (operating environments, databases, etc.) that will function on it. Signal (or media) traffic arrives at the server, where it is processed (parsing signal messages) by some application (for example, Kamailio), and then the information generated in a certain way is placed in the database. For different CMTs, both the applications that defragment signaling units and the applications that provide storage may be different. However, they are all united by the same nature of multithreading. At the same time, due to the peculiarities of such an element of the infrastructure as the SMT, in this paragraph it should be noted that the number of write operations to disk significantly exceeds the number of read operations from it.
And finally ... "How much is in this word": server, virtualization, containerization ... The last but very important aspect touched upon in this part of the article is possible ways to install SMT components when it is deployed. Listed next to the quote from the immortal work of A.S. Pushkin technology, widely distributed in various infrastructures and projects. On the one hand, they are closely interrelated with each other, and on the other, they differ dramatically in many criteria. Nevertheless, all of them, in one form or another, are presented by developers as available options for installing their products. Summarizing for the systems listed in the first part of the article, we note the following methods for deploying them to a physical server or virtual machine:
- using unattended installation scripts or self-installation and subsequent configuration of the corresponding software,
- use of the finished OS image with the pre-installed software and / or agent,
- use of containerization technology (Docker).
The listed installation tools have their advantages and disadvantages, and specialists have their own preferences, limitations, and specific conditions in which the infrastructure is being used or implemented by them in order to voice any recommendations. On the other hand, the given description of the ways to deploy SIP traffic monitoring systems is quite transparent, and at the current stage does not require its more detailed consideration.
This was another article devoted to an important and interesting element of a VoIP network - the SIP traffic monitoring system. As always, I thank readers for their attention to this material! In the next part, we will try to further delve into the specifics and consider the products of HOMER SIP Capture and SIP3.
Source: https://habr.com/ru/post/453216/
All Articles