In this article, we will try to consider such an interesting and useful element of the IT infrastructure as a VoIP traffic monitoring system.
The development of modern telecommunications networks is amazing: they have stepped far ahead from signal fires, and what seemed unthinkable before is now simple and mundane. And only professionals know what is hidden behind everyday life and the widespread use of the achievements of the information technology industry. The variety of transmission media, switching methods, device interaction protocols and coding algorithms amazes the mind of the layman and can become a real nightmare for anyone associated with their proper and stable functioning: the passage of tone signals or voice traffic, the inability to register on softswitch, testing new equipment, compiling contacting vendor support.
The concept of a protocol mentioned above is the cornerstone of any communication network, on which its architecture, the composition and complexity of its constituent devices, the list of services it provides, and much more will depend. At the same time, an obvious but very important pattern is that the use of a more flexible signaling protocol improves the scalability of the communication network, which entails a fairly rapid increase in various network devices in it.
At the same time, even the necessary and justified increase in the number of interconnected network elements within the framework of the noted regularity entails a number of difficulties associated with maintaining the network and its operation. Many specialists have come across a situation where the dump taken does not allow one to unambiguously localize the problem that has arisen, because was received on that part of the network that was not involved in its appearance.
This situation is especially typical for VoIP networks, which include more than one PBX and several IP phones. For example, when the solution uses several session border controllers, flexible switches or one softswitch, but the user location function is separated from the others and placed on a separate device. Then the engineer has to choose the next section for analysis, guided by his empirical experience or by chance.
This approach is extremely tedious and not productive, as it forces you to spend time over and over again fighting the same questions: what can be used to collect packages, how to pick up the result, and so on. On the one hand, as you know, a person gets used to everything. You can also get used to this, βfill your handβ and train patience. However, on the other hand, there is still one more difficulty that cannot be ignored - the correlation of traces taken from different areas. All of the above, as well as many other tasks of analyzing communication networks, is the subject of activity of many specialists, which traffic monitoring systems are designed to help solve.
About communication network traffic monitoring systems
And together we do a common thing: you in your own way, and I in my own way.
Y. Detochkin
Modern media traffic transmission networks are designed and built through the implementation of various concepts, the foundation of which is a variety of telecommunication protocols: CAS, SS7, INAP, H.323, SIP, etc. The traffic monitoring system (SMT) is a tool that is designed to capture messages of the above (and not only) protocols, and has a set of convenient, intuitive and informative interfaces for its analysis. The main purpose of CMT is to make signal traces and dumps for any period of time available to specialists at any time (including in real time) without the use of specialized programs (for example, Wireshark). On the other hand, every qualified specialist pays close attention to issues related, for example, to the security of the IT infrastructure.
At the same time, an important aspect directly related to this issue is the ability of this specialist to "keep abreast", which can be achieved, among other things, by timely notification of a particular incident. As far as warning issues are mentioned, we are talking about monitoring the communication network. Returning to the above definition, CMT allows you to monitor those messages, responses and activities that may indicate some kind of anomalous network behavior (for example, 403 or 408 4xx group responses in SIP or a sharp increase in the number of sessions on the trunk), while receiving relevant infographic that clearly illustrates what is happening.
However, it should be noted that the VoIP traffic monitoring system is not initially the classic Fault Monitoring System, which allows you to map networks, control the availability of their elements, resource utilization, peripherals, and much more (for example, like Zabbix).
Having figured out what a traffic monitoring system is and the tasks it solves, let's move on to the question of how to use it for the benefit of business.
It is obvious that the CMT itself is not capable of collecting Call Flow βat the behest of a pikeβ. To do this, it is necessary to reduce the corresponding traffic from all used devices to one point - Capture Server. Thus, what has been written defines a characteristic feature of the system, which is expressed in the need to ensure the centralization of the signal traffic collection point and allows answering the above question: what does the use of the complex on an operated or implemented network give.
So, as a rule, rarely an engineer can, as they say, immediately answer the question - in what specific place will or can the specified traffic centralization point be located. For a more or less unequivocal answer, specialists need to conduct a number of studies related to the subject analysis of the VoIP network. For example, re-clarification of the composition of the equipment, a detailed definition of the points of its inclusion, as well as opportunities in the context of sending the corresponding traffic to the collection point. In addition, it is clear that the success of solving the issue under consideration directly depends on the way the transport IP network is organized.
Consequently, the first thing that the introduction of CMT gives is the very one that was once planned, but never completed, the audit of the network. Of course, a thoughtful reader will immediately ask the question - what does SMT have to do with it? There is no direct connection here and cannot be, but ... The psychology of most people, including those who are connected with the IT world, usually tends to time such events to some event. The next plus follows from the previous one and lies in the fact that even before the CMT is deployed, Capture Agents are installed and configured, sending RTCP messages is enabled, any problems that require prompt intervention may well be detected. For example, a βbottleneckβ has formed somewhere, and this is clearly visible even without statistics, which, among other things, can be provided by CMT using data provided, for example, by RTCP.
Now let's return to the previously described process of collecting traces that we need so much and smile, remembering the words of the hero in the epigraph of this part. Its important feature, which was not indicated, is that, as a rule, the listed manipulations can be performed by personnel of sufficient qualification, for example, Core Engineers. On the other hand, the range of issues solved with the help of tracing may include so-called routine tasks. For example, determining the reason why the terminal is not registered with the installer or client. At the same time, it becomes obvious that the availability of an exceptional opportunity to remove dumps from the noted specialists imposes on them the need to perform these production tasks. This is not productive because it takes time away from other more important issues.
At the same time, in most companies where it is desirable to use a product such as CMT, there is a special unit whose list of tasks includes performing routine operations in order to unload other specialists - service desk, helpdesk or technical support. Also, I will not make a discovery for the reader if I note that, for reasons of security and network stability, the access of technical support engineers to the most critical nodes is undesirable (although it is quite possible that it is not forbidden), and it is these network elements that contain the most advantageous perspective in terms of dumps. CMT, due to the fact that it is a central place for collecting traffic and has an intuitive and transparent interface, is quite capable of solving a number of identified problems. The only condition is the organization of access to the interface from the workplaces of technical support specialists and, possibly, the writing of a knowledge base article on its use.
In conclusion, we note the most famous and interesting products that one way or another perform the functionality discussed above, including: , , , . Despite the existing general approach to organization and deployment, each has its own nuances, subjective positive and negative sides, and all deserve their separate consideration. This will be the subject of further material. Thank you for your attention!
UPD (23.05.2019/XNUMX/XNUMX): to the list given in the conclusion, it is worth adding one more product, which the author became aware of relatively recently. is a young, developing representative of the world of SIP traffic monitoring systems.
Source: habr.com