In this section:
Feature Overview
You can deploy SBC SWe on Amazon Web Services (AWS) with the network monitoring tool, VoIPmonitor, to enable real-time debugging of network and call quality issues. VoIPmonitor is an open-source packet analyzer (or sniffer) which can monitor SIP signaling on SBC SWe and, when necessary, media packets. For detailed information on VoIPmonitor, refer to their website.
VoIPmonitor server software is installed in its own instance which creates a centralized monitoring server for an availability zone. The VoIPmonitor server must be installed in the same private management virtual private cloud (VPC) as the SBC so that the SBC can send packets to it over a non-public IP. Sniffer software must be installed on each SBC instance that will send IP packets to the VoIPmonitor server. This includes both active and standby instances in high-availability (HA) deployments.
Running a packet sniffer impacts both SBC performance and capacity. Ribbon recommends enabling the sniffer for SIP signaling only, except when you are debugging a specific problem that requires temporarily enabling the monitoring of media packets.
VoIPmonitor System Requirements
The system requirements for VoIPmonitor differ depending on your network environment and on how you plan to use the tool. Use the following link to obtain information on VoIPmonitor system requirements such as CPU and RAM: http://www.voipmonitor.org/doc/Scaling.
During installation a VoIPmonitor license key must be provided. You must register with VoIPmonitor and obtain a license from them. Refer to their website for license information.
The VoIPmonitor server and sniffer software should be installed after upgrading SBC SWe software. The VoIPmonitor software is not retained through an SBC upgrade and must be re-installed following an SBC upgrade.
Complete the following steps to install the VoIPmonitor server instance. In step 4 of the procedure, an installation script automatically invokes a series of commands to install the VoIPmonitor server software. As an alternative, the full series of commands is provided to use in cases where the steps might need to be modified. For example, this might be needed for cases where VoIPmonitor was previously installed and the instance has access to the VoIPmonitor repository.
- Create an Ubuntu instance on AWS and assign an elastic IP address to it. Use an elastic IP to avoid having the public IP change every time you restart the instance.
- SSH into the instance. For example:
ssh -i my_key.pem -p 22 ubuntu@IP
whereIP
is the elastic IP of the instance.- Change to the root user account on the new instance.
Copy the following script file to the instance and run it to install VoIPmonitor:
install_voip_monitor.sh
Edit the VoIPmonitor configuration file:/etc/voipmonitor.conf
. See Configuring the VoIPmonitor Server.After VoIPmonitor is installed, enter the elastic IP address of the VoIPmonitor instance into a browser to access a VoIPmonitor Installation summary page, which is similar to the excerpt shown in the following figure. Enter the license key information. The license can be obtained from http://www.voipmonitor.org/download-gui?version=license.
Figure 1: VoIPmonitor Installation PageCorrect or enter any other information requested on the Installation page. Verify that the spool directory value is correct; this value is set by the command
>> mkdir /var/spool/voipmonitor/
during the installation. The following figure shows an example of the Configuration section of the page.
Figure 2: Configuration Section of the VoIPmonitor Installation Page- After completing the page, click Submit.
- If prompted to do so, rerun the following command:
>> echo "***** root php /var/www/html/php/run.php cron" >> /etc/crontab
- Create a new user with admin privileges. You will continue to be prompted to do so until you create such a user.
Installing the Sniffer Software on the SBC
The sniffer sensor software must be installed on both the active and standby SBC instances by doing the following:
- SSH into the active instance and change to the root user account.
- Enter the following commands to install the sniffer:
>> wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz --content-disposition --no-check-certificate
>> tar xzf voipmonitor-*-static.tar.gz
>> cd voipmonitor-*-static
>> ./install-script.sh
- Edit the VoIPmonitor configuration file:
/etc/voipmonitor.conf
. See Configuring the Sniffer on the SBC. - Start the sniffer with the command below:
>> systemctl start voipmonitor
Repeat the sniffer installation procedure on the standby SBC instance.
Configuring the VoIPmonitor Server
On the VoIPmonitor server instance, the configuration file /etc/voipmonitor.conf
includes a variety of processing options. Edit this file to customize the server behavior. At a minimum the following two options must be updated:
mysqlpassword
- the password of the MySQL database.server_password
: - the password used to set up the VoIPmonitor instance.
In the configuration file, also ensure that the following options are not commented out and that the value of each is set to "yes."
sip-register-compare-sipcallerip
sip-register-compare-sipcalledip
sip-register-compare-to_domain
sip-register-state-compare-from_domain
sip-register-state-compare-digest_realm
The following sample configuration file can be used as an example of how the VoIPmonitor server can be configured to work with the SBC.
Configuring the Sniffer on the SBC
On each SBC instance where the sniffer was installed, the configuration file /etc/voipmonitor.conf
includes a variety of processing options. Edit the configuration file on each SBC instance to customize the sniffer behavior. At a minimum the following options must be updated:
interface
- the interface through which packets are transmitted. Usually,tap_dpdk
.server_destination
- the elastic IP address of the VoIPmonitor instance.server_password
- the password used to set up the VoIPmonitor instance.
In the configuration file for each instance, ensure that the following options are not commented out and that the value of each is set to "yes."
sip-register-compare-sipcallerip
sip-register-compare-sipcalledip
sip-register-compare-to_domain
sip-register-state-compare-from_domain
sip-register-state-compare-digest_realm
The following sample configuration files can be used as examples of how the sniffer software on two SBC instances can be configured.
Adding Security Group Rules for VoIPmonitor
Add security group rules to the VoIPmonitor instance and the SBC instances:
- to allow all traffic (all protocols, all ports) from the elastic IP address of the VoIPmonitor instance to MGT0 (eth0) of each SBC instance (both active and standby if configured as an HA pair).
- to allow all traffic from the elastic IP addresses of the SBC instances (both active and standby if configured as an HA pair) to the MGT0 (eth0) of the VoIPmonitor instance.
For information on creating or adding security groups in AWS, refer to Create Security Groups for SBC SWe.
Adding ACL Rules for VoIPmonitor
Add an ACL rule to each SBC instance so that the VoIPmonitor server can access it, such as the following:
The Bucket Size value is insignificant if the Fill Rate value is unlimited. If the ACL rules with action = discard, the Fill Rate and the Bucket Size values are irrelevant, and the packets are dropped based on the Type, IP address, or Port. The Fill Rate and the Bucket Size parameters do not play any role since the policer portion of an ACL is only applicable for the "accept" action and is ignored with the "discard" action since all the packets are already discarded by the criteria.admin@vsbc1% set addressContext default ipAccessControlList rule voipmonitorallow sourcePort any sourceIpAddress <VoIPmonitor elastic IP> sourceAddressPrefixLength 32 state enabled action accept protocol any bucketSize unlimited fillRate unlimited
where <
VoIPmonitor elastic IP>
is the elastic IP address of the VoIPmonitor server instance.
VoIPmonitor Operation Commands
When the Voipmonitor software is installed and configured, you can take steps to enable or disable VoIPmonitor monitoring on the SBC.
Enabling Monitoring
Complete the following steps to enable the monitoring feature on the SBC instances:
- Open the file
/opt/sonus/conf/swe/.port_config.txt
in an editor. - Add the line:
pkt_tap_enable=1
and save the file. - Reboot. When the system comes up you should see that a new
tap_dpdk
interface is present. - Ensure that the sniffer installation and configuration are completed then issue the following commands:
>> systemctl stop voipmonitor
>> systemctl start voipmonitor
>> systemctl status voipmonitor
Disabling Monitoring
To disable the monitoring feature on the SBC instances, complete the following steps:
- Open the file
/opt/sonus/conf/swe/.port_config.txt
in an editor. - Remove the line:
pkt_tap_enable=1
and save the file. - Reboot. When the system comes up you should no longer see the
tap_dpdk
interface.