Preview only show first 10 pages with watermark. For full document please download

Sipfix: Using Ipfix For Voip Monitoring Analysis

Rating
Date

August 2018
Size

251.2KB
Views

9,747
Categories

Computers & electronics Networking Modems

Transcript

SIPFIX Sven Anderson SIPFIX Using IPFIX for VoIP monitoring Introduction Motivation Challenges Reference Scenario IPFIX Extensions New Information Elements Sven Anderson Institute of Computer Science University of Göttingen in cooperation with NEC Laboratories Europe Heidelberg EMANICS/IRTF-NMRG Workshop on Netflow/IPFIX Usage in Network Management Munich, October 2008 Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Outline SIPFIX Sven Anderson Introduction Introduction Motivation Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Motivation Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Motivation SIPFIX Sven Anderson Introduction Motivation I VoIP deployment increasing fast (long distance calls, "last mile", NGN/IMS, ...) I Increased attack surface I "Best effort" brings unreliablility I Control- and user data plane are decoupled I Routes change and hard to predict Monitoring: I required for QoS, call integrity, attack and abuse detection, ... I must be distributed I must inspect application layer (DPI) Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Challenges of SIP Monitoring SIPFIX Sven Anderson Introduction Motivation I Signalling and media may take different paths I Media detection needs session description (SIP content) Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions I SIP and media probes may not know each others location Existing IPFIX Extensions I Correlation of distributed measurements (e.g. OWD) Use Case Examples Requirements: I Distributed measurements I Application layer inspection (SIP, SDP, Media) I Export of data in appropriate time intervals I Efficient convergence of data Summary SIPFIX Reference Scenario Sven Anderson Introduction Motivation C Challenges Collector Reference Scenario IPFIX Extensions SIP server New Information Elements Flow Types M Device Extensions Existing IPFIX Extensions IP FI X SI P Use Case Examples M media m strea M media gateways SIP Proxy SIP Proxy Summary SIP Proxy SIP Header IEs SIPFIX Sven Anderson Introduction Motivation Challenges Mandatory: I sipFrom ([email protected]) I sipTo ([email protected]) Reference Scenario IPFIX Extensions New Information Elements Flow Types I Device Extensions sipCallId ([email protected]) Existing IPFIX Extensions tuple referred to as "sipDialogId" Use Case Examples Further examples: I sipRequestMethod (INVITE, REGISTER, BYE, ...) I sipRequestURI (sip:[email protected]) I sipResponseStatus (2xx, 4xx, 5xx, ...) Summary Media IEs SIPFIX Sven Anderson Introduction Motivation Challenges Derived from SIP content (SDP): I sipMediaId (mandatory) I Unique identifier for media stream descriptions Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions I sipMediaProtocol (e.g. RTP/AVP) I sipMediaType (audio, video, ...) I sipMediaEncoding (G722, GSM, PCMU, ...) I ... Existing IPFIX Extensions Use Case Examples Summary Derived from SDP or RTP: I rtpPayloadType I ... Performance Metric IEs SIPFIX Sven Anderson Introduction Motivation Challenges I mediaPacketLoss I I I mediaDelayFromTerminal mediaDelayToTerminal I I OWD from ingress to egess media gateway rtpJitter I I OWD from media gateway to the terminal and vice versa mediaDelayMGW I I ratio of lost packets to total packets ... interarrival jitter as defined by the RTP Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Flow Type Definitions SIPFIX Sven Anderson Introduction Motivation I SIP Flow I I I I Media Flow I I I I Flow of SIP packets Must include "sipDialogId" (sipFrom, sipTo, sipCallId) May include other SIP header IEs Flow of media packets No mandatory IEs Can be exported by standard IPFIX device Media Flow Descriptor I I I I Pseudo flow (expected, not observed) Extracted from media descriptors (SIP content) Must contain "sipDialogId" and sipMediaId No counter IEs Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Flow Type Dependencies SIPFIX Sven Anderson Introduction Motivation Challenges Reference Scenario IPFIX Extensions SIP Packet New Information Elements Flow Types Device Extensions SIP Header SIP Content (SDP) Existing IPFIX Extensions Use Case Examples Summary SIP Flow Media Flow Descriptor IPFIX Probe Extensions SIPFIX Sven Anderson Introduction Motivation Challenges Reference Scenario I Efficient deep packet inspection I SIP Flows: SIP header parser I Media Flow Descriptors: SIP & SDP parser I I Media Flow: no requirements in general Media Flow identification: I I I RTP detection if feasible, or import of Media Flow Descriptors Optional: I I SIP metric measurement Media metric measurement IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Mediator/Collector Extensions SIPFIX Sven Anderson Introduction Motivation Challenges Processing of SIP related data, for example: I Calculation of metrics deriving from different probes (e.g. timestamps for OWD) Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions I Correlation of Media Flows and Media FLow Descriptors Existing IPFIX Extensions I Correlation of SIP Flows and Media Flow Descriptors by "sipDialogId" Summary I Forwarding of uncorrelatable data to next Mediator I Creation of "call records" I Real-time display of current calls (Collector frontend) Use Case Examples Use Of Existing IPFIX Extensions SIPFIX Sven Anderson Introduction Motivation I Bidirectional Flows I I I I Directional information of SIP Flows can be kept Normal counters refer to SIP requests Reverse counters refer to SIP responses Common Properties I I I I "sipDialogId" can be represented by a commonPropertiesId with the template often exported status updates can be "attached" to SIP Flows performance metrics can be "attached" to Media Flows several possible codecs "attached" to a Media Flow Descriptor Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary Use Case Examples I SIPFIX Sven Anderson I Seperate SIP and Media Flows I I Asymmetric Routing I I Mediator correlates Media and SIP by Media Flow Descriptors Mediator correlates SIP requests and responses by "sipDialogID" Security Inspections I Spoofed Media Sender I I Stateful Cross-Protocol IDS I I SIP Flows contain multi-layer information DoS Detection and Prevention I I I Detection of multiple Media Flows fitting to one Media Flow Descriptor Detection close to source DDoS can be detected by flow aggregates Realtime Status Display Introduction Motivation Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary SIPFIX Use Case Examples II Sven Anderson Introduction Motivation I Challenges Quality-of-Service Monitoring Reference Scenario IPFIX Extensions SIP probe New Information Elements rtpPayloadType, sipMediaEncoding Flow Types Device Extensions rtpPayloadType ingress media gw mediaDelayFromTerminal codec Use Case Examples digestHashValue, observationTimeMiliseconds mediaDelayMGW egress media gw Existing IPFIX Extensions digestHashValue, observationTimeMiliseconds mediaDelayToTerminal mediaPacketLoss Summary OWD MOS Summary SIPFIX Sven Anderson I Key ideas of SIPFIX: I I I I I I Probes inspect and export application layer info Media description (SDP) is exported as Media Flow Descriptors "sipDialogId" ties SIP Flows and Media Flow Descriptors Media Flow Descriptors tie SIP Flows and Media Flows Correlation and processing by distributed Mediators Many open detail questions, like: I I What data types for which IEs? (string, integers...) Use of Option Templates for Media Flow Descriptors? Introduction Motivation Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary SIPFIX Summary Sven Anderson I Key ideas of SIPFIX: I I I I I I Probes inspect and export application layer info Media description (SDP) is exported as Media Flow Descriptors "sipDialogId" ties SIP Flows and Media Flow Descriptors Media Flow Descriptors tie SIP Flows and Media Flows Correlation and processing by distributed Mediators Many open detail questions, like: I I What data types for which IEs? (string, integers...) Use of Option Templates for Media Flow Descriptors? Thank you! Sven Anderson University of Göttingen / NEC Labs Introduction Motivation Challenges Reference Scenario IPFIX Extensions New Information Elements Flow Types Device Extensions Existing IPFIX Extensions Use Case Examples Summary

Sipfix: Using Ipfix For Voip Monitoring Analysis

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.