In this section:
The SBC Core, which continuously captures SIP signaling packets at layer 2, streams TLS encrypted signaling packets as decrypted signaling packets to a downstream monitoring system.
The SIP PDUs (Protocol Data Units) are captured at the application layer and continuously streamed to the monitoring server. Configurable Headers are included in SIP PDUs to enable the monitoring server to decode SIP signaling properly. Headers have source and destination IP address/Port information along with additional information which is configurable – this information is needed by the monitoring server in order to correlate the stream received.
The packet is captured at ingress leg without SMM applied and with SMM applied on egress leg, which is essentially what is being sent on the wire. To lessen performance impact, all socket-management activities to the monitoring server use a separate SIPSM (SIP Signaling Monitor ) process receives all signaling packets from the SIP Signaling Gateway (SIPSG) and streams to the configurable external monitoring server either over UDP or TCP.
A profile attached to the signaling port is a trigger for this feature. All feature-related configuration can be set in this profile.
An enhanced monitoring interface on the SIP Load Balancer (SLB) is available on the SBC Cloud-Native Edition (CNe) and SBC SWe. The SLB is enhanced to stream TLS encrypted signaling packets as decrypted signaling packets to a downstream monitoring system.
On the SBC CNe, decrypted signals are sent by the SLB pod using only the PKT port. The MGMT port is not supported by the SBC CNe. As well, the monitoring profile for the SBC CNe only allows the "ip" type. The "mgmt" monitoring profile type is not configurable in the SBC CNe. Lastly, only the "IpInterfaceGroup" interface type is supported by the SBC CNe. The "MgmtInterfaceGroup" interface type is not supported by the SBC CNe.
On the SBC SWe, the enhanced monitoring interface is not affected by the limitations listed in the previous paragraph.
The following terminology and acronyms are used in this documentation:
TLS | Transport Layer Security |
---|---|
SIP | Session Initiation Protocol |
UNI | User Network Interface |
NNI | Network-Network Interface |
TCP | Transmission Control Protocol |
The command syntax to configure a Monitoring Profile is shown here:
% set profiles services monitoringProfile <monitoring profile name> additionalInformation <string> filter <transport | trunkgroup> transport <tcp | udp | sctp | tls-tcp> headerPresence <disabled | enabled> mgmtInterfaceGroup <ip | mgmtGroup> monitoringIpAddress <Ip address> monitoringIpPort <int | 0 .. 65535> signalingPackets <all | none | tls> state <disabled | enabled> transport <tcp | udp> type <ip | mgmt>
The command syntax to set a Monitoring Profile Name per SigPort is shown here:
set addressContext <address_context> zone <zone_name> sipSigPort 1 monitoringProfileName <monitoring_profile_name> commit
In general, you can configure monitoringProfile
as shown below:
set profiles services monitoringProfile test_monitoring_profile monitoringIpAddress 10.54.21.25 monitoringIpPort 80 headerPresence enabled header 1 headerName To sourceIpPort enabled destinationIpPort enabled additionalInformation enabled date enabled timestamp enabled vlanTag enabled commit