Traffic monitoring systems in VoIP networks. Part One - Overview
In this article, we will try to consider such an interesting and useful element of IT infrastructure as a system for monitoring VoIP traffic.
The development of modern telecommunications networks is striking: they have advanced far from signal fires, and what seemed unthinkable earlier is now simple and commonplace. And only professionals know what lies behind the daily routine and wide use of the achievements of the information technology industry. A variety of transmission media, switching methods, protocols of interaction between devices and coding algorithms affects the mind of the average person and can be a real nightmare for anyone who is concerned with their healthy and stable operation: passing tones or voice traffic, not being able to register on the softswitch, testing contact vendor support.
The above-mentioned concept of a protocol is the cornerstone of any communication network, on which its architecture will depend, the composition and complexity of its constituent devices, the list of services it provides and much more. In this case, the obvious, but very important is the pattern that the use of a more flexible signaling protocol improves the scalability of the communication network, which entails a fairly rapid increase in its various network devices.
At the same time, even the necessary and justified increase in the number of interconnected network elements within the framework of the noted pattern entails a number of difficulties associated with maintaining the network and its operation. Many experts have encountered a situation where the dump taken does not allow to unambiguously localize the problem that has arisen, since was obtained on that part of the network, which is not involved in its appearance.
This situation is especially characteristic of VoIP networks, which include a number of devices larger than one PBX and several IP phones. For example, when the solution uses several border session controllers, flexible switches or one softswitch, but the function of determining the user's location is separate from the others and moved to a separate device. Then the engineer has to choose the next section for analysis, guided by his empirical experience or by chance.
This approach is extremely tedious and unproductive, since it forces us to spend time from time to time to fight the same questions: what will we use to collect packages, how to pick up the result and so on. On the one hand, as you know, a person gets used to everything. You can also get used to this, “get a hand” and train patience. However, on the other hand, there is still one more complication with which it is impossible not to reckon with - the correlation of traces taken from different areas. All of the above, as well as many other tasks of the analysis of communication networks, are the subject of many specialists, and traffic monitoring systems are designed to help solve them.
And together we are doing a common thing: you are in your own way, and I am in my own way.
Y. Detochkin
Modern media traffic transmission networks are designed and built through the implementation of various concepts, the foundation of which is a set of telecommunication protocols: CAS, SS7, INAP, H.323, SIP, etc. The traffic monitoring system (SMT) is a tool that is designed to capture the messages listed above (and not only) of the protocols and has a set of convenient, intuitive and informative interfaces for its analysis. The main purpose of the SMT is to make signal traces and dumps for any period of time accessible to specialists at any time (including in real time) without using specialized programs (for example, Wireshark). On the other hand, each qualified specialist pays close attention to issues related, for example, to the security of the IT infrastructure.
At the same time, an important aspect directly related to this issue is the ability of this specialist to “keep abreast”, which can be achieved, including through timely notification of a particular incident. As soon as the alert issues are mentioned, then we are talking about monitoring the communications network. Returning to the above definition, the SMT allows you to monitor those messages, responses and activities that may indicate any abnormal network behavior (for example, 403 or 408 4xx group responses in SIP or a sharp increase in the number of sessions on a trunk), while getting relevant infographics, which clearly illustrates what is happening.
However, it should be noted that the VoIP traffic monitoring system is not originally the classic Fault Monitoring System, which allows you to map networks, control the availability of their elements, resource utilization, peripherals and much more (for example, like Zabbix).
Having dealt with what constitutes a traffic monitoring system, and the tasks that it solves, let us turn to the question of how to apply it for good.
Obvious is the fact that in itself the SMT is not able to collect Call Flow "by the command of magic". To do this, you need to reduce the appropriate traffic from all devices used in one point - Capture Server. Thus, the written determines the characteristic feature of the system, which is expressed in the need to ensure the centralization of the place where the signal traffic is collected and allows you to answer the above question: what does the use of the complex on the operated or implemented network give?
So, as a rule, rarely an engineer can, as they say, go straight ahead to answer the question of what particular location the specified traffic centralization point will or may be located. For a more or less unambiguous answer, specialists need to conduct a series of surveys related to the subject analysis of the VoIP network. For example, re-clarification of the composition of the equipment, a detailed definition of the points of its inclusion, as well as opportunities in the context of sending the appropriate traffic to the collection point. In addition, it is clear that the success of the solution of the issue under consideration directly depends on the way the IP transport network is organized.
Consequently, the first thing that gives the introduction of SMT - this is the same, once planned, but never performed a network audit. Of course, a thoughtful reader will immediately ask the question - what is the CMT? There is no direct connection here and there cannot be, but ... The psychology of most people, including those connected with the IT world, is usually inclined to coincide with such events for an event. The next plus stems from the previous one and is that even before the SMT is deployed, Capture Agents are installed and configured, RTCP messages are sent, any problems that require surgery can be detected. For example, somewhere a “bottleneck” has formed and this is clearly visible without statistics, which, among other things, the SMT can provide, using data provided by, for example, RTCP.
Now let's return to the previously described process of collecting the necessary traces and smile, remembering the words of the hero in the epigraph of this part. An important feature of it, which was not specified, is that, as a rule, the above-mentioned manipulations can be performed by personnel with sufficient qualifications, for example, Core Engineers. On the other hand, the range of issues solved with the help of traces may include so-called routine tasks. For example, determining the reason why the terminal is not registered with the installer or client. At the same time, it becomes obvious that the presence of an exceptional possibility of taking dumps from the noted specialists imposes on them the need to perform these production tasks. This is not productive due to the fact that it takes time away from solving other more important issues.
At the same time, in most companies where it is desirable to use a product such as SMT, there is a special unit, whose task list just includes performing routine operations, with the aim of unloading other specialists - service desk, helpdesk or technical support. Also, I will not make a discovery for the reader, if I note that the access of technical support engineers for security and network stability reasons to the most critical nodes is undesirable (although it is quite possible that it is not forbidden), and it is precisely these network elements that contain the most favorable view. in terms of dumps. SMT, in view of the fact that it is the central place for gathering traffic and has an intuitive and transparent interface, is fully capable of solving a number of the problems indicated.
In conclusion, we note the most famous and interesting products that in one way or another perform the above functionality, including: Voipmonitor, HOMER SIP Capture, Oracle Communications Monitor, SPIDER. Despite the general approach to organization and deployment, each has its own nuances, subjective positive and negative sides, and all deserve their separate consideration. What will be the subject of further materials. Thank you for your attention!
The development of modern telecommunications networks is striking: they have advanced far from signal fires, and what seemed unthinkable earlier is now simple and commonplace. And only professionals know what lies behind the daily routine and wide use of the achievements of the information technology industry. A variety of transmission media, switching methods, protocols of interaction between devices and coding algorithms affects the mind of the average person and can be a real nightmare for anyone who is concerned with their healthy and stable operation: passing tones or voice traffic, not being able to register on the softswitch, testing contact vendor support.
The above-mentioned concept of a protocol is the cornerstone of any communication network, on which its architecture will depend, the composition and complexity of its constituent devices, the list of services it provides and much more. In this case, the obvious, but very important is the pattern that the use of a more flexible signaling protocol improves the scalability of the communication network, which entails a fairly rapid increase in its various network devices.
At the same time, even the necessary and justified increase in the number of interconnected network elements within the framework of the noted pattern entails a number of difficulties associated with maintaining the network and its operation. Many experts have encountered a situation where the dump taken does not allow to unambiguously localize the problem that has arisen, since was obtained on that part of the network, which is not involved in its appearance.
This situation is especially characteristic of VoIP networks, which include a number of devices larger than one PBX and several IP phones. For example, when the solution uses several border session controllers, flexible switches or one softswitch, but the function of determining the user's location is separate from the others and moved to a separate device. Then the engineer has to choose the next section for analysis, guided by his empirical experience or by chance.
This approach is extremely tedious and unproductive, since it forces us to spend time from time to time to fight the same questions: what will we use to collect packages, how to pick up the result and so on. On the one hand, as you know, a person gets used to everything. You can also get used to this, “get a hand” and train patience. However, on the other hand, there is still one more complication with which it is impossible not to reckon with - the correlation of traces taken from different areas. All of the above, as well as many other tasks of the analysis of communication networks, are the subject of many specialists, and traffic monitoring systems are designed to help solve them.
About communication network traffic monitoring systems
And together we are doing a common thing: you are in your own way, and I am in my own way.
Y. Detochkin
Modern media traffic transmission networks are designed and built through the implementation of various concepts, the foundation of which is a set of telecommunication protocols: CAS, SS7, INAP, H.323, SIP, etc. The traffic monitoring system (SMT) is a tool that is designed to capture the messages listed above (and not only) of the protocols and has a set of convenient, intuitive and informative interfaces for its analysis. The main purpose of the SMT is to make signal traces and dumps for any period of time accessible to specialists at any time (including in real time) without using specialized programs (for example, Wireshark). On the other hand, each qualified specialist pays close attention to issues related, for example, to the security of the IT infrastructure.
At the same time, an important aspect directly related to this issue is the ability of this specialist to “keep abreast”, which can be achieved, including through timely notification of a particular incident. As soon as the alert issues are mentioned, then we are talking about monitoring the communications network. Returning to the above definition, the SMT allows you to monitor those messages, responses and activities that may indicate any abnormal network behavior (for example, 403 or 408 4xx group responses in SIP or a sharp increase in the number of sessions on a trunk), while getting relevant infographics, which clearly illustrates what is happening.
However, it should be noted that the VoIP traffic monitoring system is not originally the classic Fault Monitoring System, which allows you to map networks, control the availability of their elements, resource utilization, peripherals and much more (for example, like Zabbix).
Having dealt with what constitutes a traffic monitoring system, and the tasks that it solves, let us turn to the question of how to apply it for good.
Obvious is the fact that in itself the SMT is not able to collect Call Flow "by the command of magic". To do this, you need to reduce the appropriate traffic from all devices used in one point - Capture Server. Thus, the written determines the characteristic feature of the system, which is expressed in the need to ensure the centralization of the place where the signal traffic is collected and allows you to answer the above question: what does the use of the complex on the operated or implemented network give?
So, as a rule, rarely an engineer can, as they say, go straight ahead to answer the question of what particular location the specified traffic centralization point will or may be located. For a more or less unambiguous answer, specialists need to conduct a series of surveys related to the subject analysis of the VoIP network. For example, re-clarification of the composition of the equipment, a detailed definition of the points of its inclusion, as well as opportunities in the context of sending the appropriate traffic to the collection point. In addition, it is clear that the success of the solution of the issue under consideration directly depends on the way the IP transport network is organized.
Consequently, the first thing that gives the introduction of SMT - this is the same, once planned, but never performed a network audit. Of course, a thoughtful reader will immediately ask the question - what is the CMT? There is no direct connection here and there cannot be, but ... The psychology of most people, including those connected with the IT world, is usually inclined to coincide with such events for an event. The next plus stems from the previous one and is that even before the SMT is deployed, Capture Agents are installed and configured, RTCP messages are sent, any problems that require surgery can be detected. For example, somewhere a “bottleneck” has formed and this is clearly visible without statistics, which, among other things, the SMT can provide, using data provided by, for example, RTCP.
Now let's return to the previously described process of collecting the necessary traces and smile, remembering the words of the hero in the epigraph of this part. An important feature of it, which was not specified, is that, as a rule, the above-mentioned manipulations can be performed by personnel with sufficient qualifications, for example, Core Engineers. On the other hand, the range of issues solved with the help of traces may include so-called routine tasks. For example, determining the reason why the terminal is not registered with the installer or client. At the same time, it becomes obvious that the presence of an exceptional possibility of taking dumps from the noted specialists imposes on them the need to perform these production tasks. This is not productive due to the fact that it takes time away from solving other more important issues.
At the same time, in most companies where it is desirable to use a product such as SMT, there is a special unit, whose task list just includes performing routine operations, with the aim of unloading other specialists - service desk, helpdesk or technical support. Also, I will not make a discovery for the reader, if I note that the access of technical support engineers for security and network stability reasons to the most critical nodes is undesirable (although it is quite possible that it is not forbidden), and it is precisely these network elements that contain the most favorable view. in terms of dumps. SMT, in view of the fact that it is the central place for gathering traffic and has an intuitive and transparent interface, is fully capable of solving a number of the problems indicated.
In conclusion, we note the most famous and interesting products that in one way or another perform the above functionality, including: Voipmonitor, HOMER SIP Capture, Oracle Communications Monitor, SPIDER. Despite the general approach to organization and deployment, each has its own nuances, subjective positive and negative sides, and all deserve their separate consideration. What will be the subject of further materials. Thank you for your attention!