The SBC, which continuously captures encrypted signaling packets of SIP over TLS at layer 2, has been enhanced to to capture decrypted signaling packets as well.
The SIP PDUs (Protocol Data Units) are captured at the application layer and continuously streamed to the monitoring server. Configurable Headers are included in SIP PDUs to enable the monitoring server to decode SIP signaling properly. Headers have source and destination IP address/Port information along with additional information which is configurable – this information is needed by the monitoring server in order to correlate the stream received.
The packet is captured at ingress leg without SMM applied and with SMM applied on egress leg, which is essentially what is being sent on the wire. To lessen performance impact, all socket-management activities to the monitoring server use a separate SIPSM (SIP Signaling Monitor ) process receives all signaling packets from the SIP Signaling Gateway (SIPSG) and streams to the configurable external monitoring server either over UDP or TCP.
A profile attached to the signaling port is a trigger for this feature. All feature-related configuration can be set in this profile.
Terminology
The following terminology and acronyms are used in this documentation:
| TLS | Transport Layer Security |
|---|
| SIP | Session Initiation Protocol |
|---|
| UNI | User Network Interface |
|---|
| NNI | Network-Network Interface |
|---|
| TCP | Transmission Control Protocol |
|---|
Command Syntax
The command syntax to configure a Monitoring Profile is shown here:
| Code Block |
|---|
|
%set profiles services monitoringProfile <monitoring profile name>
additionalInformation <string>
filter <transport | trunkgroup>
header
headerPresence <disabled | enabled>
mgmtInterfaceGroup <ip | mgmtGroup>
monitoringIpAddress (IP address>
monitoringIpPort <int | 0 .. 65535>
signalingPackets <all | none | tls>
state <disabled | enabled>
transport <tcp | udp>
type <IP | mgmt> |
Command Parameters
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Command Parameters for monitoringProfile |
|---|
|
| Parameter | Length/Range | Default | Description | M/O |
|---|
additionalInformation | string: 256 characters | Additional information in the header | sent to send towards the monitoring server. | O | date
| Date in YYYY-MM-DDThh:mm:ss+offset formatThis parameter is available when headerPresence is "enabled". | O | destinationIpPortfilter
| Destination Ip/Port of the SIP PDU. | N/A | displayLevel | Depth to show. | O | filter
| This table contains filters for the profile. Filter The filter parameter is displayed only when no signalingPackets are selected signalingPackets is set to "none". transport – Transport type used to filter the packets.trunkgroup – IP TG filter used to filter the packets.
| O | header
| Identifies headers which need to be encapsulated with SIP PDUs. | headerName
| Specifies name of the header sent towards the monitoring server. | headerPresence
disabled | N/A | Specifies if X header presence towards monitoring server is enabled or not. | O | mgmtInterfaceGroup
mgmtGroup | N/A | The Management Interface Group to use for communicating with monitoring server. | O | monitoringIpAddress
| <IP address format> | IP address of the monitoring server. | M | monitoringIpPort
| 0-65535 | TCP/UDP port for the monitoring server. int –0 .. 65535 | M | monitoringProfileName | 24 | Name of Monitoring Profile used for this SIP Signaling Port. | O | monitoringProfile | 1-23 characters | The name of the Monitoring Profile. | M | signalingPackets
| N/A | signalingPackets | Specifies if all signaling packets, or only decrypted TLS packets, are sent towards monitoring server from all TGs. | O | sourceIpPortstate
| Source Ip/Port of the SIP PDU. | N/A | state
| disabled | Administrative state of this Monitoring Profile. | timeStamp
| Timestamp as seconds.microseconds since 1.1.1970 UTC. | O |
| transport
udp | N/A | Select Choose the transport type for protocol to use for sending packets to the monitoring server. tcp – Transmission Control Protocoludp – (default) User Datagram Protocol
| O | type
mgmt | N/A | Interface type supported by monitoring server. ip – When selected, two fields are - supported:
addressContext and ipInterfaceGroup. mgmtGroup mgmt – (default) When selected, mgmtInterfaceGroup is supported.
| O | vlanTag | disabled | Adds VLAN ID of the interface on which the monitored message is sent/received. When this parameter is enabled, the "vlanTag" field of the LIFs on which the SIP message are received/sent, is added to X-header. The enhancement helps in better segregation of signaling traffic.
disabled (default)
enabled
| O |
|
The command syntax to set a Monitoring Profile Name per SigPort is shown here:
| Code Block |
|---|
|
% set addressContext <address_context> zone <zone_name> sipSigPort 1 monitoringProfileName <monitoring_profile_name> |
In general, you can configure monitoringProfile as shown below:
| Code Block |
|---|
% set profiles services monitoringProfile test_monitoring_profile monitoringIpAddress 10.54.21.25 monitoringIpPort 80 headerPresence enabled header 1 headerName To sourceIpPort enabled destinationIpPort enabled additionalInformation enabled date enabled timestamp enabled vlanTag enabled |
294013471
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Command Parameters for monitoringProfile |
|---|
|
| Parameter | Length/Range | Default | Description | M/O |
|---|
monitoringProfileName | 24 |
| Name of Monitoring Profile used for this SIP Signaling Port. | O |
|