Architecture: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
= Architecture = | = Architecture = | ||
VoIPmonitor | The VoIPmonitor product contains WEB presentation layer (WEB GUI), Database server (currently only MySQL supported) and Sniffers (called also sensors). | ||
== WEB GUI == | |||
The WEB GUI is PHP encoded application with some C++ binaries and can run independently on sniffers and database although it is common to run the GUI alongside with MySQL server and sniffer. | |||
== Database MySQL server == | |||
The MySQL server can run independently on WEB GUI or Sniffer on dedicated server. The GUI and Sniffer communicates with MySQL TCP interface. It is common to run GUI database and sniffer on one server. | |||
== Sniffers (sensors) == | |||
The sniffer (sensor) is passive network sniffer (like tcpdump or wireshark). The sniffer analyses packets in realtime and transforms all SIP calls with associated RTP streams into database CDR record which is sent over the TCP to MySQL server (remote or local). If enabled saving SIP / RTP packets the sniffer stores each VoIP call into separate files in native pcap format (to local storage). | |||
The sniffer can run only on Linux (or FreeBSD) OS either under virtual server or dedicated native hardware. Currently x86 and >armv5 are supported and tested. Other hardware platforms were not yet tested although it should be compatible with any hardware running Linux OS. | |||
[[File:architecture.png]] | [[File:architecture.png]] | ||
== | = single / multiple setup = | ||
== Single server == | |||
The most common setup is running GUI, MySQL and Sniffer on a single server but it is often split into dedicated GUI + MySQL server having multiple remote sniffers. | |||
== Central Database with GUI and 1..N remote sniffers (or local sniffer + 1.N remote) == | |||
Remote sniffers can be configured in two ways - local processing or packet mirroring. | |||
=== Local processing === | |||
The sniffer is processing packets and analyses all SIP / RTP packets. The result is database CDR and saved pcap files. This uses CPU and I/O resources accordingly to concurrent calls but keeps network throughput between sniffer and database/GUI at minimal. For more details how to configure it please see this: [[Sniffing_modes#Multiple_remote_sensors_one_DB.2FGUI_server]] | |||
== | === packet mirroring === | ||
Packet mirroring mode (do not confuse it with HW switch packet mirroring or TAP) is special mode where the sniffer is sending every single packet without any processing over TCP compressed stream to another VoIPmonitor sniffer located on another server. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs and you do not have enough CPU or I/O or storage resources to process all packets there - the sender sensor uses minimal CPU / memory resources with trade off for higher network throughput. The receiving sniffer can process multiple sniffer senders. The receiver is the same sniffer binary and can be located on the same server with GUI / Database but it can be also dedicated server. For more details please see this [[Sniffing_modes#Mirroring_sniffer]] | |||
= Hardware mirroring = | = Hardware mirroring = | ||
If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. Common approach is to do it in hardware switch. This feature is called spanning / mirroring / taping ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring packets using IP in IP protocol which voipmonitor supports natively (enabled by default). | If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. Common approach is to do it in hardware switch. This feature is called spanning / mirroring / taping ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring packets using IP in IP protocol which voipmonitor supports natively (enabled by default). |
Latest revision as of 12:45, 11 September 2014
Architecture
The VoIPmonitor product contains WEB presentation layer (WEB GUI), Database server (currently only MySQL supported) and Sniffers (called also sensors).
WEB GUI
The WEB GUI is PHP encoded application with some C++ binaries and can run independently on sniffers and database although it is common to run the GUI alongside with MySQL server and sniffer.
Database MySQL server
The MySQL server can run independently on WEB GUI or Sniffer on dedicated server. The GUI and Sniffer communicates with MySQL TCP interface. It is common to run GUI database and sniffer on one server.
Sniffers (sensors)
The sniffer (sensor) is passive network sniffer (like tcpdump or wireshark). The sniffer analyses packets in realtime and transforms all SIP calls with associated RTP streams into database CDR record which is sent over the TCP to MySQL server (remote or local). If enabled saving SIP / RTP packets the sniffer stores each VoIP call into separate files in native pcap format (to local storage).
The sniffer can run only on Linux (or FreeBSD) OS either under virtual server or dedicated native hardware. Currently x86 and >armv5 are supported and tested. Other hardware platforms were not yet tested although it should be compatible with any hardware running Linux OS.
single / multiple setup
Single server
The most common setup is running GUI, MySQL and Sniffer on a single server but it is often split into dedicated GUI + MySQL server having multiple remote sniffers.
Central Database with GUI and 1..N remote sniffers (or local sniffer + 1.N remote)
Remote sniffers can be configured in two ways - local processing or packet mirroring.
Local processing
The sniffer is processing packets and analyses all SIP / RTP packets. The result is database CDR and saved pcap files. This uses CPU and I/O resources accordingly to concurrent calls but keeps network throughput between sniffer and database/GUI at minimal. For more details how to configure it please see this: Sniffing_modes#Multiple_remote_sensors_one_DB.2FGUI_server
packet mirroring
Packet mirroring mode (do not confuse it with HW switch packet mirroring or TAP) is special mode where the sniffer is sending every single packet without any processing over TCP compressed stream to another VoIPmonitor sniffer located on another server. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs and you do not have enough CPU or I/O or storage resources to process all packets there - the sender sensor uses minimal CPU / memory resources with trade off for higher network throughput. The receiving sniffer can process multiple sniffer senders. The receiver is the same sniffer binary and can be located on the same server with GUI / Database but it can be also dedicated server. For more details please see this Sniffing_modes#Mirroring_sniffer
Hardware mirroring
If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. Common approach is to do it in hardware switch. This feature is called spanning / mirroring / taping ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring packets using IP in IP protocol which voipmonitor supports natively (enabled by default).