Monitoring SBC SWe in AWS Using VoIPmonitor

Feature Overview

You can deploy SBC SWe on Amazon Web Services (AWS) with the network monitoring tool, VoIPmonitor, to enable real-time debugging of network and call quality issues. VoIPmonitor is an open-source packet analyzer (or sniffer) which can monitor SIP signaling on SBC SWe and, when necessary, media packets. For detailed information on VoIPmonitor, refer to their website.

VoIPmonitor server software is installed in its own instance which creates a centralized monitoring server for an availability zone. The VoIPmonitor server must be installed in the same private management virtual private cloud (VPC) as the SBC so that the SBC can send packets to it over a non-public IP. Sniffer software must be installed on each SBC instance that will send IP packets to the VoIPmonitor server. This includes both active and standby instances in high-availability (HA) deployments.

VoIPmonitor System Requirements

The system requirements for VoIPmonitor differ depending on your network environment and on how you plan to use the tool. Use the following link to obtain information on VoIPmonitor system requirements such as CPU and RAM: http://www.voipmonitor.org/doc/Scaling.   

During installation a VoIPmonitor license key must be provided. You must register with VoIPmonitor and obtain a license from them. Refer to their website for license information.

Complete the following steps to install the VoIPmonitor server instance. In step 4 of the procedure, an installation script automatically invokes a series of commands to install the VoIPmonitor server software. As an alternative, the full series of commands is provided to use in cases where the steps might need to be modified. For example, this might be needed for cases where VoIPmonitor was previously installed and the instance has access to the VoIPmonitor repository.   

1. Create an Ubuntu instance on AWS and assign an elastic IP address to it. Use an elastic IP to avoid having the public IP change every time you restart the instance.
2. SSH into the instance. For example:
   ssh -i my_key.pem -p 22 ubuntu@IP
   where IP is the elastic IP of the instance.
3. Change to the root user account on the new instance. 

4. Copy the following script file to the instance and run it to install VoIPmonitor: 
   install_voip_monitor.sh  
   Edit the VoIPmonitor configuration file: /etc/voipmonitor.conf. See Configuring the VoIPmonitor Server.
   
   

   Or, click here to expand the command-by-command procedure to install and configure VoIPmonitor.
   1. Enter the following commands to add the VoIPmonitor repository:
      >> apt-get install software-properties-common
>> add-apt-repository ppa:ondrej/php
>> add-apt-repository ppa:ondrej/php
>> apt-get update
   2. Enter the following commands to install apache2 php7.1 and ioncube:
      >> wget http://voipmonitor.org/ioncube/x86_64/ioncube_loader_lin_7.1.so -O /usr/lib/php/20160303/ioncube_loader_lin_7.1.so
>> echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/apache2/conf.d/01-ioncube.ini
>> echo "zend_extension = /usr/lib/php/20160303/ioncube_loader_lin_7.1.so" > /etc/php/7.1/cli/conf.d/01-ioncube.ini
>> service apache2 restart
      During this process, you will be prompted to create a password for mySQL. Be sure to record the password because you will need to provide it within VoIPmonitor configuration.
   3. Enter the following command to install packages needed by VoIPmonitor:
      >> apt-get -y install tshark mtr librsvg2-bin gsfonts mysql-server
      When asked if a non-superuser can capture traffic, answer No.
   4. Enter the following commands to install the latest VoIPmonitor sensor binary: 
      >> cd /usr/src/ 
>> wget --content-disposition http://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz
>> tar xzf voipmonitor*.tar.gz 
>> cd voipmonitor*
>> ./install-script.sh
   5. Edit the VoIPmonitor configuration file: /etc/voipmonitor.conf. See Configuring the VoIPmonitor Server.
   6. Enter the following commands to enable and start VoIPmonitor:
      >> systemctl enable voipmonitor
>> systemctl start voipmonitor
   7. Enter the following commands to install the latest VoIPmonitor GUI:
      >> cd /var/www/html
>> wget "http://www.voipmonitor.org/download-gui?version=latest&major=5&phpver=71&festry" -O w.tar.gz
>> tar xzf w.tar.gz
>> mv voipmonitor-gui*/* ./
>> rm -f index.html
>> mkdir /var/spool/voipmonitor/
>> chown www-data /var/spool/voipmonitor/
>> wget http://sourceforge.net/projects/voipmonitor/files/wkhtml/0.10.0_rc2/wkhtmltoimage-x86_64 -O "/var/www/html/bin/wkhtmltoimage-x86_64"
>> chmod +x "/var/www/html/bin/wkhtmltoimage-x86_64"
>> wget http://sourceforge.net/projects/voipmonitor/files/wkhtml/0.10.0_rc2/wkhtmltopdf-x86_64 -O "/var/www/html/bin/wkhtmltopdf-x86_64"
>> chmod +x "/var/www/html/bin/wkhtmltopdf-x86_64"
>> chown -R www-data /var/www
   8. Enter the following commands to set up a cron job for VoIPmonitor alerts/reports and its configuration reload:
      >> echo "***** root php /var/www/html/php/run.php cron" >> /etc/crontab 
>> kill -HUP `pgrep cron`

5. After VoIPmonitor is installed, enter the elastic IP address of the VoIPmonitor instance into a browser to access a VoIPmonitor Installation summary page, which is similar to the excerpt shown in the following figure. Enter the license key information. The license can be obtained from http://www.voipmonitor.org/download-gui?version=license.
   Figure 1: VoIPmonitor Installation Page

   
   

6. Correct or enter any other information requested on the Installation page. Verify that the spool directory value is correct; this value is set by the command  >> mkdir /var/spool/voipmonitor/ during the installation. The following figure shows an example of the Configuration section of the page.
   Figure 2: Configuration Section of the VoIPmonitor Installation Page

   
   
7. After completing the page, click Submit.
8. If prompted to do so, rerun the following command:
   >> echo "***** root php /var/www/html/php/run.php cron" >> /etc/crontab
9. Create a new user with admin privileges. You will continue to be prompted to do so until you create such a user.


Installing the Sniffer Software on the SBC

The sniffer sensor software must be installed on both the active and standby SBC instances by doing the following:

1. SSH into the active instance and change to the root user account.
2. Enter the following commands to install the sniffer:
   >> wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz --content-disposition --no-check-certificate
>> tar xzf voipmonitor-*-static.tar.gz
>> cd voipmonitor-*-static
>> ./install-script.sh
3. Edit the VoIPmonitor configuration file: /etc/voipmonitor.conf. See Configuring the Sniffer on the SBC.
4. Start the sniffer with the command below:
   >> systemctl start voipmonitor

Repeat the sniffer installation procedure on the standby SBC instance.

Configuring the VoIPmonitor Server

On the VoIPmonitor server instance, the configuration file /etc/voipmonitor.conf includes a variety of processing options. Edit this file to customize the server behavior. At a minimum the following two options must be updated:

• mysqlpassword - the password of the MySQL database.
• server_password: - the password used to set up the VoIPmonitor instance.

In the configuration file, also ensure that the following options are not commented out and that the value of each is set to "yes." 

• sip-register-compare-sipcallerip
• sip-register-compare-sipcalledip
• sip-register-compare-to_domain
• sip-register-state-compare-from_domain
• sip-register-state-compare-digest_realm

The following sample configuration file can be used as an example of how the VoIPmonitor server can be configured to work with the SBC.

• voipmonitor_conf_GUI.txt

Configuring the Sniffer on the SBC

On each SBC instance where the sniffer was installed, the configuration file /etc/voipmonitor.conf includes a variety of processing options. Edit the configuration file on each SBC instance to customize the sniffer behavior. At a minimum the following options must be updated:

• interface - the interface through which packets are transmitted. Usually, tap_dpdk. 
• server_destination - the elastic IP address of the VoIPmonitor instance.
• server_password - the password used to set up the VoIPmonitor instance.

In the configuration file for each instance, ensure that the following options are not commented out and that the value of each is set to "yes." 

• sip-register-compare-sipcallerip
• sip-register-compare-sipcalledip
• sip-register-compare-to_domain
• sip-register-state-compare-from_domain
• sip-register-state-compare-digest_realm

The following sample configuration files can be used as examples of how the sniffer software on two SBC instances can be configured.

• voipmonitor_conf_SBCA.txt
• voipmonitor_conf_SBCB.txt

Adding Security Group Rules for VoIPmonitor

Add security group rules to the VoIPmonitor instance and the SBC instances:

• to allow all traffic (all protocols, all ports) from the elastic IP address of the VoIPmonitor instance to MGT0 (eth0) of each SBC instance (both active and standby if configured as an HA pair).
• to allow all traffic from the elastic IP addresses of the SBC instances (both active and standby if configured as an HA pair) to the MGT0 (eth0) of the VoIPmonitor instance.

For information on creating or adding security groups in AWS, refer to Create Security Groups for SBC SWe.

Adding ACL Rules for VoIPmonitor

Add an ACL rule to each SBC instance so that the VoIPmonitor server can access it, such as the following:

admin@vsbc1% set addressContext default ipAccessControlList rule voipmonitorallow sourcePort any sourceIpAddress <VoIPmonitor elastic IP> sourceAddressPrefixLength 32 state enabled action accept protocol any bucketSize unlimited fillRate unlimited

where <VoIPmonitor elastic IP> is the elastic IP address of the VoIPmonitor server instance.

VoIPmonitor Operation Commands

When the Voipmonitor software is installed and configured, you can take steps to enable or disable VoIPmonitor monitoring on the SBC.

Enabling Monitoring 

Complete the following steps to enable the monitoring feature on the SBC instances:

1. Open the file /opt/sonus/conf/swe/.port_config.txt in an editor.
2. Add the line: pkt_tap_enable=1 and save the file.
3. Reboot. When the system comes up you should see that a new tap_dpdk interface is present.
4. Ensure that the sniffer installation and configuration are completed then issue the following commands:
>> systemctl stop voipmonitor
>> systemctl start voipmonitor
>> systemctl status voipmonitor

Disabling Monitoring 

To disable the monitoring feature on the SBC instances, complete the following steps:

1. Open the file /opt/sonus/conf/swe/.port_config.txt in an editor.
2. Remove the line: pkt_tap_enable=1 and save the file.
3. Reboot. When the system comes up you should no longer see the tap_dpdk interface.