In this section:

Overview

The SBC Core, which continuously captures SIP signaling packets at layer 2, streams TLS encrypted signaling packets as decrypted signaling packets to a downstream monitoring system.

The SIP PDUs (Protocol Data Units) are captured at the application layer and continuously streamed to the monitoring server. Configurable Headers are included in SIP PDUs to enable the monitoring server to decode SIP signaling properly. Headers have source and destination IP address/Port information along with additional information which is configurable – this information is needed by the monitoring server in order to correlate the stream received.

The packet is captured at ingress leg without SMM applied and with SMM applied on egress leg, which is essentially what is being sent on the wire.  To lessen performance impact, all socket-management activities to the monitoring server use a separate SIPSM (SIP Signaling Monitor ) process receives all signaling packets from the SIP Signaling Gateway (SIPSG) and streams to the configurable external monitoring server either over UDP or TCP.

A profile attached to the signaling port is a trigger for this feature. All feature-related configuration can be set in this profile.

SIP Load Balancer (SLB) Enhanced Monitoring Interface

An enhanced monitoring interface on the SIP Load Balancer (SLB) is available on the SBC Cloud-Native Edition (CNe) and SBC SWe. The SLB is enhanced to stream TLS encrypted signaling packets as decrypted signaling packets to a downstream monitoring system.

SBC Cloud-Native Edition (CNe) specific configuration

On the SBC CNe, decrypted signals are sent by the SLB pod using only the PKT port. The MGMT port is not supported by the SBC CNe. As well, the monitoring profile for the SBC CNe only allows the "ip" type. The "mgmt" monitoring profile type is not configurable in the SBC CNe. Lastly, only the "IpInterfaceGroup" interface type is supported by the SBC CNe. The "MgmtInterfaceGroup" interface type is not supported by the SBC CNe.

On the SBC SWe, the enhanced monitoring interface is not affected by the limitations listed in the previous paragraph. 

Terminology

The following terminology and acronyms are used in this documentation:

TLSTransport Layer Security
 SIPSession Initiation Protocol
 UNIUser Network Interface 
 NNINetwork-Network Interface 
 TCPTransmission Control Protocol

Command Syntax

The command syntax to configure a Monitoring Profile is shown here:

% set profiles services monitoringProfile <monitoring profile name> 
    additionalInformation <string>
    filter <transport | trunkgroup>
		transport <tcp | udp | sctp | tls-tcp>
    headerPresence <disabled | enabled>
    mgmtInterfaceGroup <ip | mgmtGroup>
    monitoringIpAddress <Ip address>
    monitoringIpPort <int | 0 .. 65535>
    signalingPackets <all | none | tls>
    state <disabled | enabled>
    transport <tcp | udp>
    type <ip | mgmt>


Command Parameters


Command Parameters for monitoringProfile

ParameterLength/RangeDescriptionM/O
additionalInformationstring: 256 characters

Additional information in the header to send towards the monitoring server.

This parameter is available when headerPresence is "enabled".

O

filter

N/A

This table contains filters for the profile. The filter parameter is displayed only when signalingPackets is set to "none".

  • transport – Transport type used to filter the packets.
    • tcp – Transmission Control Protocol
    • udp – (default) User Datagram Protocol
    • sctp – Stream Control Transmission Protocol
    • tls-tcp – Transport Layer Security running on top of TCP
  • trunkgroup – IP TG filter used to filter the packets.
O

headerPresence

N/A

Specifies if X header presence towards monitoring server is enabled or not.

  • disabled (default)
  • enabled
O

mgmtInterfaceGroup

N/A

Choose the Management Interface Group to use for communicating with monitoring server.

  • mgmtGroup (default)
O

monitoringIpAddress

IP address format

IP address of the monitoring server.

M

monitoringIpPort

0-65535

<TCP/UDP port> – Specify the TCP/UDP port for the monitoring server.

M
monitoringProfile1-23 charactersThe name of the Monitoring Profile.M

signalingPackets

N/A

Use this object to define the types of signaling packets to send to the monitoring server. 

  • all - All signaling packet types are monitored.
  • none (default) - No signaling packets are monitored.
  • tls - Only decrypted TLS signaling packets are monitored.
O

state

N/A

Administrative state of this Monitoring Profile.

  • disabled (default)
  • enabled

transport

N/A

Choose the transport protocol to use for sending packets to the monitoring server.

  • tcp – Transmission Control Protocol
  • udp – (default) User Datagram Protocol


To learn more about the various methods of controlling transport protocols for SIP signaling and how these work together, refer to Controlling SBC Core Transport Protocols for SIP Signaling.


Note

The maximum size of SIP PDUs sent to the monitoring server over UDP protocol is 4096 bytes. SIP PDUs exceeding 4096 bytes will get dropped. Ribbon recommends using the TCP protocol if PDUs of a size greater than 4096 bytes are sent to the monitoring server.

O

type

N/A

Use this object to define the interface type to use when sending the monitoring data to the monitoring server.

  • ip – Note that when you choose this object, two additional parameters are available to configure: addressContext and ipInterfaceGroup.
  • mgmt – (default) Note that when you choose this object, the mgmtInterfaceGroup parameter is available to configure.
O

 


The command syntax to set a Monitoring Profile Name per SigPort is shown here:

Example
set addressContext <address_context> zone <zone_name> sipSigPort 1 monitoringProfileName <monitoring_profile_name>
commit

In general, you can configure monitoringProfile as shown below:

set profiles services monitoringProfile test_monitoring_profile monitoringIpAddress 10.54.21.25 monitoringIpPort 80 headerPresence enabled header 1 headerName To sourceIpPort enabled destinationIpPort enabled additionalInformation enabled date enabled timestamp enabled vlanTag enabled
commit