Embed Size (px)
Citation preview
Rev A Antti Miettinen07.12.2004 1
H.248 Gateway Control Protocol Signaling Traffic Related Protocol Analysis
Antti Miettinen
S-38.310 Thesis Seminar on Networking Technology
Helsinki University of Technology
07.12.2004
Rev A Antti Miettinen07.12.2004 2
Basic Information
• Thesis written at Oy L M Ericsson Ab, Finland• Supervisor: Professor Jorma Jormakka• Instructors: M.Sc. Juha Eloranta
Rev A Antti Miettinen07.12.2004 3
Contents
• Background• Problem Description• Objectives• Scope• UMTS Release 5 Network• H.248 Gateway Control Protocol• H.248 Protocol Traffic Analysis• Protocol Traffic Analyzers• Conclusion and Future Work
Rev A Antti Miettinen07.12.2004 4
Background (1/3)
• The Universal Mobile Telecommunications System (UMTS) is a third generation mobile network standard specified by the 3rd Generation Partnership Project (3GPP)
• UMTS network is developed from the GSM and GPRS• UMTS specifications and features grouped into releases
• Each release contains specific functionalities and advancements
• Releases enable vendors to make interoperable networks
Rev A Antti Miettinen07.12.2004 5
Background (2/3)
• The UMTS Release 4 network architecture introduced the layered network architecture– Call control is separated from the media and bearer control
• H.248 Gateway Control Protocol framework (GCP) is used in the UMTS core network between the Media Gateway Controller (MGC) and the Media Gateway (MGW) and between the Media Resource Function Controller (MRFC) and Media Resource Function Processor (MRFP).
Rev A Antti Miettinen07.12.2004 6
Background (3/3)
• This means:– The MGC and the MRFC handles the call control while the MGW
and the MRFP handles the media and the bearer control. – The MGC and MRFC steer and control the calls through the MGW
and the MRFP with help of the GCP
Rev A Antti Miettinen07.12.2004 7
Problem Description
• The GCP traffic analysis has an essential role in troubleshooting the network anomalies
• By analyzing the GCP traffic, the past status and the prevailing operations of the network node can be revealed
• However, the GCP messages are big and frequent. Thus, the protocol traffic analysis is a heavy process.
• The research problem of this thesis is to find out an efficient method to analyze the GCP protocol traffic to troubleshoot the network nodes
Rev A Antti Miettinen07.12.2004 8
Objectives
• The objective of this study is to find out efficient methods to analyze the H.248 Gateway Control Protocol signaling traffic to be able to troubleshoot the network nodes efficiently.
Rev A Antti Miettinen07.12.2004 9
Scope
• Different methods to efficiently analyze the H.248 protocol traffic are explored. Those methods are mapped to protocol traffic analyzer requirements.
• Only open source analyzers are explored– The source code is available => modifications to the analyzer can
be done to meet the requirements better– No license fees– Commercial products do not distribute fully functional demo
versions => no real evaluation can be done
• An protocol traffic analyzer is selected as a recommendation for the H.248 protocol traffic analysis
Rev A Antti Miettinen07.12.2004 10
UMTSRelease 5Network
AuCBSCBSSBTSCNCSEIRGGSNGMSCHLRMEMGWMSMSCPSPSTNRNCRNSSGSNSIMUSIMVLR
Authentication CentreBase Station ControllerBase Station SystemBase Transceiver StationCore NetworkCircuit SwitchedEquipment Identity RegisterGateway GPRS Support NodeGateway Mobile Switching CentreHome Location RegisterMobile EquipmentMedia GatewayMobile StationMobile Switching CentrePacket SwitchedPublic Switched Telephone NetworkRadio Network ControllerRadio Network SubsystemServing GPRS Support NodeSubscriber Identity ModuleUser Services Identity ModuleVisitor Location Register
Rev A Antti Miettinen07.12.2004 11
H.248 Gateway Control Protocol (1/5)
• Connection model– The most important abstractions are the Contexts, Terminations
and Streams
T1
T2
T3
Context1
T1
T2
T3
Context2
MGW
T1
T2
T3
Context3
= a stream
= the direction of a media flowTx = termination x
Rev A Antti Miettinen07.12.2004 12
H.248 Gateway Control Protocol (2/5)
• Message structure– GCP message has a
modular structureTransaction1
GCP message
Action1 Command1 Command2
Action3 Command1 Command2
Command3 Command4
Action2
Transaction2
Action1 Command1
TopologyDescriptor
MediaDescriptor
Rev A Antti Miettinen07.12.2004 13
H.248 Gateway Control Protocol (3/5)
• Messages– Large when presented in human readable form– Transaction request (easily >100 lines) bigger than
transaction replies• Replies do not usually contain descriptors• Signaling traffic asymmetric
– Treelike hierarchy• Transactions• Actions• Commands• Descriptors
Rev A Antti Miettinen07.12.2004 14
H.248 Gateway Control Protocol (4/5)
• Possible errors situations1. H.248.8 packet defines 60 different error descriptor
• e.g. “Unknown TerminationID”, error code 430 or “insufficient bandwidth”, error code 526.
• Network node might end up to an unspecified state (the failed command remains half executed)
• Must be taken into account when searching reasons for network node anomalies
Rev A Antti Miettinen07.12.2004 15
H.248 Gateway Control Protocol (5/5)
• Possible errors situations (cont.)2. Unclosed transactions
• May realize in case of unreliable signaling connection• GCP specifies the three timers to prevent this but they are not
100% sure
Rev A Antti Miettinen07.12.2004 16
H.248 Protocol Traffic Analysis (1/3)
• Data Presentation Format– “Overview first, zoom and filter, then details-on-demand”, Ben
Shneiderman– The call related parameters should be shown in their own columns
in the overview part: • transactionId, contextId, command type, terminationID and
wildcard– Scroll bars, colored messages (e.g. error messages), colored
barplots and tool tips
Rev A Antti Miettinen07.12.2004 17
H.248 Protocol Traffic Analysis (2/3)
• Filtering Functions– One of the most important features needed in troubleshooting
• Sorting Functions– Basic function– Implemented in every analyzer
• Monitoring Functions– Error descriptors in messages– Unclosed transactions
Rev A Antti Miettinen07.12.2004 18
H.248 Protocol Traffic Analysis (3/3)
• Summary Function– Shows the key information about the traffic, e.g.
• The number of transaction requests, replies and pendings• The number of errored messages• The number of completed and uncompleted transactions
Rev A Antti Miettinen07.12.2004 19
H.248 Protocol Traffic Analyzers (1/2)
• Only open source analyzers explored• Examined analyzers:
– TcpDump & WinDump– Ethereal– Analyzer– Packetyzer
Rev A Antti Miettinen07.12.2004 20
H.248 Protocol Traffic Analyzers (2/2)
• Recommendation:– Ethereal
• Meets the requirements of the H.248 protocol traffic analysis best
• Actively developed• Missing features: H.248 specific columns, monitoring functions,
summary function, colored barplots
Rev A Antti Miettinen07.12.2004 21
Rev A Antti Miettinen07.12.2004 22
Conclusion and Future Work
• Topics for future work:– Implement the missing requirements to Ethereal– Explore the commercial analyzers if they are even more
suitable for the H.248 traffic analysis
Rev A Antti Miettinen07.12.2004 23
Thank you!
Questions or comments?
![Esther Galbrun & Pauli Miettinen INTERACTIVE REDESCRIPTION ...€¦ · [2] E. Galbrun & P. Miettinen. From black and white to full color: extending redescription mining outside the](https://img.pdfslide.us/doc/110x75/5f5bfbb8960c6619ba426d91/esther-galbrun-pauli-miettinen-interactive-redescription-2-e-galbrun.jpg)
![Antti Kiviluoto [email protected]](https://img.pdfslide.us/doc/110x75/61fc8a868d33c02b785e5fd1/antti-kiviluoto-emailprotected.jpg)
