Architecture: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
= Architecture =  
= Architecture =  


VoIPmonitor architecture allows running multiple sensors (linux) and central MySQL and GUI server. Call detail records (CDR) are send over MySQL TCP protocol to local or remote database and pcap files (SIP and RTP packets) are saved to local sensor storage. WEB GUI reads CDR from database and reads pcap files from local disk (in all in one setup) or directly from the sniffer over TCP manager interface (TCP port 5029).  
The VoIPmonitor product contains WEB presentation layer (WEB GUI), Database server (currently only MySQL supported) and Sniffers (called also sensors).
 
== WEB GUI ==
The WEB GUI is PHP encoded application with some C++ binaries and can run independently on sniffers and database although it is common to run the GUI alongside with MySQL server and sniffer.
 
== Database MySQL server ==
The MySQL server can run independently on WEB GUI or Sniffer on dedicated server. The GUI and Sniffer communicates with MySQL TCP interface. It is common to run GUI database and sniffer on one server.
 
== Sniffers (sensors) ==
The sniffer (sensor) is passive network sniffer (like tcpdump or wireshark). The sniffer analyses packets in realtime and transforms all SIP calls with associated RTP streams into database CDR record which is sent over the TCP to MySQL server (remote or local). If enabled saving SIP / RTP packets the sniffer stores each VoIP call into separate files in native pcap format (to local storage).
 
The sniffer can run only on Linux (or FreeBSD) OS either under virtual server or dedicated native hardware. Currently x86 and >armv5 are supported and tested. Other hardware platforms were not yet tested although it should be compatible with any hardware running Linux OS.  


[[File:architecture.png]]
[[File:architecture.png]]


== All in one ==
= single / multiple setup =
If the sensor is installed on the same server as MySQL and GUI you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database.  
 
== Single server ==
The most common setup is running GUI, MySQL and Sniffer on a single server but it is often split into dedicated GUI + MySQL server having multiple remote sniffers.
 
== Central Database with GUI and 1..N remote sniffers (or local sniffer + 1.N remote) ==
 
Remote sniffers can be configured in two ways - local processing or packet mirroring.
 
=== Local processing ===
 
The sniffer is processing packets and analyses all SIP / RTP packets. The result is database CDR and saved pcap files. This uses CPU and I/O resources accordingly to concurrent calls but keeps network throughput between sniffer and database/GUI at minimal. For more details how to configure it please see this: [[Sniffing_modes#Multiple_remote_sensors_one_DB.2FGUI_server]]


== Multiple remote sensors one DB/GUI server ==
=== packet mirroring ===
Sensors can be configured in two ways - mirroring all packets by the remote sniffer to central sniffer or the remote sniffer is processing VoIP directly and only sends CDR to remote database keeping pcap files on local storage.


=== Standard remote sniffer ===
Remote sensor in standard mode processes all packets and stores CDR to central (remote) database keeping pcap files on local disk. This setup generates minimal traffic between sensor and remote database (it sends only CDR). Not: you do not need to install mysql on sensor. For more details how to configure it please see this: [[Sniffing_modes#Multiple_remote_sensors_one_DB.2FGUI_server]]


=== Mirroring sniffer ===
Packet mirroring mode (do not confuse it with HW switch packet mirroring or TAP) is special mode where the sniffer is sending every single packet without any processing over TCP compressed stream to another VoIPmonitor sniffer located on another server. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs and you do not have enough CPU or I/O or storage resources to process all packets there - the sender sensor uses minimal CPU / memory resources with trade off for higher network throughput. The receiving sniffer can process multiple sniffer senders. The receiver is the same sniffer binary and can be located on the same server with GUI / Database but it can be also dedicated server. For more details please see this [[Sniffing_modes#Mirroring_sniffer]]
Since version 8 remote sensor can be configured as packet sender (mirrorer) to  remote sensor which runs on different server. In this mode the sender sends all packets via compressed TCP stream to remote sniffer like it is sniffing directly on network interface. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs and you do not have to enough CPU or storage resources to process all packets there - the sender sensor uses minimal CPU / memory resources. For more details please see this [[Sniffing_modes#Mirroring_sniffer]]


= Hardware mirroring =
= Hardware mirroring =


If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. Common approach is to do it in hardware switch. This feature is called spanning / mirroring / taping ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring packets using IP in IP protocol which voipmonitor supports natively (enabled by default).
If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. Common approach is to do it in hardware switch. This feature is called spanning / mirroring / taping ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring packets using IP in IP protocol which voipmonitor supports natively (enabled by default).

Latest revision as of 12:45, 11 September 2014

Architecture

The VoIPmonitor product contains WEB presentation layer (WEB GUI), Database server (currently only MySQL supported) and Sniffers (called also sensors).

WEB GUI

The WEB GUI is PHP encoded application with some C++ binaries and can run independently on sniffers and database although it is common to run the GUI alongside with MySQL server and sniffer.

Database MySQL server

The MySQL server can run independently on WEB GUI or Sniffer on dedicated server. The GUI and Sniffer communicates with MySQL TCP interface. It is common to run GUI database and sniffer on one server.

Sniffers (sensors)

The sniffer (sensor) is passive network sniffer (like tcpdump or wireshark). The sniffer analyses packets in realtime and transforms all SIP calls with associated RTP streams into database CDR record which is sent over the TCP to MySQL server (remote or local). If enabled saving SIP / RTP packets the sniffer stores each VoIP call into separate files in native pcap format (to local storage).

The sniffer can run only on Linux (or FreeBSD) OS either under virtual server or dedicated native hardware. Currently x86 and >armv5 are supported and tested. Other hardware platforms were not yet tested although it should be compatible with any hardware running Linux OS.

single / multiple setup

Single server

The most common setup is running GUI, MySQL and Sniffer on a single server but it is often split into dedicated GUI + MySQL server having multiple remote sniffers.

Central Database with GUI and 1..N remote sniffers (or local sniffer + 1.N remote)

Remote sniffers can be configured in two ways - local processing or packet mirroring.

Local processing

The sniffer is processing packets and analyses all SIP / RTP packets. The result is database CDR and saved pcap files. This uses CPU and I/O resources accordingly to concurrent calls but keeps network throughput between sniffer and database/GUI at minimal. For more details how to configure it please see this: Sniffing_modes#Multiple_remote_sensors_one_DB.2FGUI_server

packet mirroring

Packet mirroring mode (do not confuse it with HW switch packet mirroring or TAP) is special mode where the sniffer is sending every single packet without any processing over TCP compressed stream to another VoIPmonitor sniffer located on another server. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs and you do not have enough CPU or I/O or storage resources to process all packets there - the sender sensor uses minimal CPU / memory resources with trade off for higher network throughput. The receiving sniffer can process multiple sniffer senders. The receiver is the same sniffer binary and can be located on the same server with GUI / Database but it can be also dedicated server. For more details please see this Sniffing_modes#Mirroring_sniffer

Hardware mirroring

If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. Common approach is to do it in hardware switch. This feature is called spanning / mirroring / taping ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring packets using IP in IP protocol which voipmonitor supports natively (enabled by default).