Traffic monitoring systems in VoIP networks. Part Two - Organization Principles
Hello colleagues!
In the previous article, we met with such a useful and, as you can see, a rather necessary element of the VoIP infrastructure, such as a traffic monitoring system or, for short, SMT. We learned what it is, what tasks it solves, and also noted the most prominent representatives presented by developers to the IT world. In this part, we consider the principles according to which the implementation of SMT in the IT infrastructure and monitoring of VoIP traffic by its means is carried out.
We built, built, and finally built. Hurrah!
From the animated film "Cheburashka and the Crocodile Gene."
As noted earlier, in the communications and telecommunications industry there are enough products that belong to the corresponding category. However, if we ignore the name, developer, platform, etc., we can see that they are all more or less the same in terms of their architecture (at least those that the author had to deal with). It is worth noting that this is due precisely to the simple absence of any other means of collecting traffic from network elements for its subsequent detailed analysis. Moreover, the latter, in the subjective opinion, is largely determined by the current development of various areas of the subject industry. For a clearer understanding, consider the following analogy.
From the moment that the great Russian scientist Vladimir A. Kotelnikov created the sampling theorem, mankind has received a tremendous opportunity to perform analog-to-digital and digital-to-analogue conversions of speech signals, thanks to which, we can fully use such a wonderful form of communication as IP-telephony. If you look at the development of mechanisms for processing speech signals (aka algorithms, codecs, coding methods etc.), you can see how DSP (digital signal processing) took a fundamental step in the encoding of information messages - the realization of the possibility of predicting a speech signal. That is, instead of simply digitizing and using the a- and u-compression laws (G.711A / G.711U), it is now possible to transmit only a part of the samples and then recover the entire message from them, which significantly saves the bandwidth.
Let us turn to the figure below and illustrate what was built by specialists in the respective subject areas.
Figure 1. General outline of the architecture of SMT.
Almost any CMT consists of two main components: a server and traffic capture agents (or probes). The server receives, processes and stores VoIP traffic that comes from agents, and also provides specialists with the opportunity to work with the information received in various representations (graphs, charts, Call Flow, etc). Capturing agents receive VoIP traffic from the network core equipment (for example, SBC, softswitch, gateways, ..), convert it to the format used in the applied system server software, and transfer it to the latter for subsequent manipulations.
Just as in music composers create variations on the main melodies of works, so in this case, various options for implementing the above scheme are possible. Their diversity is quite large and is mainly determined by the characteristics of the infrastructure in which the SMT is deployed. The most common option is one in which capture agents are not installed or configured. In this case, the analyzed traffic is sent directly to the server or, for example, the server receives the necessary information from pcap-files generated by the monitoring objects. This delivery method is usually selected if there is no possibility of installing probes. A place at the equipment placement site, lack of resources of virtualization tools, flaws in the organization of the IP transport network and, as a result,
Having learned and figured out how this or that SMT can be implemented in the IT infrastructure from an architectural point of view, then we will consider aspects that are more in the competence of system administrators, namely, how to deploy software systems on servers.
In preparing the decision to implement the considered component of the monitoring network, performers always have many questions. For example, what should be the composition of the server hardware, is it sufficient to install all the system components on one host, or should they be separated from each other, how to install the software, etc. The above, as well as many other related questions, are very extensive, and the answers to many of them really depend on the specific operating conditions (or design). However, we will try to generalize the specifics in order to get a general idea and understanding of this side of the deployment of SMT.
So, the first thing that experts are always interested in when implementing SMT is with which performance characteristics should the server be used? Given the widespread distribution of free software, this question is asked so many times that its popularity can probably be compared to the question “What to do?” Asked by Nikolai Gavrilovich Chernyshevsky ... The main factor affecting the answer is the number of media sessions that are processed or will be handled by the telephony platform. A numerical and tangible characteristic that gives a specific assessment of the noted factor is the CAPS (Call Attempts Per Second) parameter or the number of calls per second. The need to answer this question is primarily due to the fact that it is the information about the sessions sent to the system that will create a load on its server.
The second issue that arises during the decision about the characteristics of the hardware components of the server is the composition of the software (operating environments, databases, etc.) that will operate on it. Signal (or media) traffic arrives at the server, where it is processed (analysis of signal messages) by an application (for example, Kamailio), and then the information generated in a certain way is placed in the database. For various SMTs, both applications that defragment signal units and applications that provide storage can be different. However, they are all united by the same nature of multithreading. At the same time, due to the features of such an element of infrastructure as SMT, in this paragraph it should be noted
And finally ... "How much in this word": server, virtualization, containerization ... The last, but very important aspect, touched upon in this part of the article, is the possible ways of installing the components of SMT when it is deployed. Listed next to a quote from the immortal work of A.S. Pushkin’s technology is widely distributed in various infrastructures and projects. On the one hand, they are closely interconnected with each other, and on the other, they are strikingly different in many criteria. However, all of them, in one form or another, are presented by developers as available options for installing their products. Summarizing for the systems listed in the first part of the article, we note the following ways to deploy them to a physical server or virtual machine:
The listed installation tools have their own advantages and disadvantages, and specialists have their own preferences, limitations, and specific conditions in which the infrastructure they operate or implement is in order to voice any recommendations. On the other hand, the above description of the ways to deploy SIP-traffic monitoring systems is quite transparent, and at the current stage it does not require a more detailed consideration.
This turned out another article devoted to an important and interesting element of the VoIP network - the SIP traffic monitoring system. As always, I thank readers for their attention to this material! In the next part, we will try to delve deeper into the specifics and consider the products HOMER SIP Capture and SIP3.
In the previous article, we met with such a useful and, as you can see, a rather necessary element of the VoIP infrastructure, such as a traffic monitoring system or, for short, SMT. We learned what it is, what tasks it solves, and also noted the most prominent representatives presented by developers to the IT world. In this part, we consider the principles according to which the implementation of SMT in the IT infrastructure and monitoring of VoIP traffic by its means is carried out.
Architecture of VoIP traffic monitoring systems
We built, built, and finally built. Hurrah!
From the animated film "Cheburashka and the Crocodile Gene."
As noted earlier, in the communications and telecommunications industry there are enough products that belong to the corresponding category. However, if we ignore the name, developer, platform, etc., we can see that they are all more or less the same in terms of their architecture (at least those that the author had to deal with). It is worth noting that this is due precisely to the simple absence of any other means of collecting traffic from network elements for its subsequent detailed analysis. Moreover, the latter, in the subjective opinion, is largely determined by the current development of various areas of the subject industry. For a clearer understanding, consider the following analogy.
From the moment that the great Russian scientist Vladimir A. Kotelnikov created the sampling theorem, mankind has received a tremendous opportunity to perform analog-to-digital and digital-to-analogue conversions of speech signals, thanks to which, we can fully use such a wonderful form of communication as IP-telephony. If you look at the development of mechanisms for processing speech signals (aka algorithms, codecs, coding methods etc.), you can see how DSP (digital signal processing) took a fundamental step in the encoding of information messages - the realization of the possibility of predicting a speech signal. That is, instead of simply digitizing and using the a- and u-compression laws (G.711A / G.711U), it is now possible to transmit only a part of the samples and then recover the entire message from them, which significantly saves the bandwidth.
Let us turn to the figure below and illustrate what was built by specialists in the respective subject areas.
Figure 1. General outline of the architecture of SMT.
Almost any CMT consists of two main components: a server and traffic capture agents (or probes). The server receives, processes and stores VoIP traffic that comes from agents, and also provides specialists with the opportunity to work with the information received in various representations (graphs, charts, Call Flow, etc). Capturing agents receive VoIP traffic from the network core equipment (for example, SBC, softswitch, gateways, ..), convert it to the format used in the applied system server software, and transfer it to the latter for subsequent manipulations.
Just as in music composers create variations on the main melodies of works, so in this case, various options for implementing the above scheme are possible. Their diversity is quite large and is mainly determined by the characteristics of the infrastructure in which the SMT is deployed. The most common option is one in which capture agents are not installed or configured. In this case, the analyzed traffic is sent directly to the server or, for example, the server receives the necessary information from pcap-files generated by the monitoring objects. This delivery method is usually selected if there is no possibility of installing probes. A place at the equipment placement site, lack of resources of virtualization tools, flaws in the organization of the IP transport network and, as a result,
Having learned and figured out how this or that SMT can be implemented in the IT infrastructure from an architectural point of view, then we will consider aspects that are more in the competence of system administrators, namely, how to deploy software systems on servers.
In preparing the decision to implement the considered component of the monitoring network, performers always have many questions. For example, what should be the composition of the server hardware, is it sufficient to install all the system components on one host, or should they be separated from each other, how to install the software, etc. The above, as well as many other related questions, are very extensive, and the answers to many of them really depend on the specific operating conditions (or design). However, we will try to generalize the specifics in order to get a general idea and understanding of this side of the deployment of SMT.
So, the first thing that experts are always interested in when implementing SMT is with which performance characteristics should the server be used? Given the widespread distribution of free software, this question is asked so many times that its popularity can probably be compared to the question “What to do?” Asked by Nikolai Gavrilovich Chernyshevsky ... The main factor affecting the answer is the number of media sessions that are processed or will be handled by the telephony platform. A numerical and tangible characteristic that gives a specific assessment of the noted factor is the CAPS (Call Attempts Per Second) parameter or the number of calls per second. The need to answer this question is primarily due to the fact that it is the information about the sessions sent to the system that will create a load on its server.
The second issue that arises during the decision about the characteristics of the hardware components of the server is the composition of the software (operating environments, databases, etc.) that will operate on it. Signal (or media) traffic arrives at the server, where it is processed (analysis of signal messages) by an application (for example, Kamailio), and then the information generated in a certain way is placed in the database. For various SMTs, both applications that defragment signal units and applications that provide storage can be different. However, they are all united by the same nature of multithreading. At the same time, due to the features of such an element of infrastructure as SMT, in this paragraph it should be noted
And finally ... "How much in this word": server, virtualization, containerization ... The last, but very important aspect, touched upon in this part of the article, is the possible ways of installing the components of SMT when it is deployed. Listed next to a quote from the immortal work of A.S. Pushkin’s technology is widely distributed in various infrastructures and projects. On the one hand, they are closely interconnected with each other, and on the other, they are strikingly different in many criteria. However, all of them, in one form or another, are presented by developers as available options for installing their products. Summarizing for the systems listed in the first part of the article, we note the following ways to deploy them to a physical server or virtual machine:
- use of automatic installation scripts or self-installation and subsequent configuration of the corresponding software,
- using a ready-made OS image with pre-installed SMT software and / or agent,
- use of containerization technology (Docker).
The listed installation tools have their own advantages and disadvantages, and specialists have their own preferences, limitations, and specific conditions in which the infrastructure they operate or implement is in order to voice any recommendations. On the other hand, the above description of the ways to deploy SIP-traffic monitoring systems is quite transparent, and at the current stage it does not require a more detailed consideration.
This turned out another article devoted to an important and interesting element of the VoIP network - the SIP traffic monitoring system. As always, I thank readers for their attention to this material! In the next part, we will try to delve deeper into the specifics and consider the products HOMER SIP Capture and SIP3.