Couple of day’s back one of our customer wants to know the best practice to monitor the VOIP/IP Phone traffic using NetFlow Analyzer. I felt this deserves a blog really.
By default NetFlow Analyzer identifies SKINNY & SIP (port numbers 2000 & 5060) applications and show the usage with the IP address or phone involved on each and every interface. But to monitor the voice traffic as a separate entity or for a specific phone, you have two ways. Either by using the application mapping using voice gateway IP or individual IP network/range of phones with IP group.
Let’s see the options in detail.
1. Application mapping using voice gateway IP
ManageEngine NetFlow Analyzer detects applications based on the port and protocol values available in the flow records. And it is possible to add, modify and delete the port – protocol mappings from the user interface. As an added advantage NetFlow Analyzer also provides an ability to associate the IP addresses into this application mapping for precise classification. So if you create an application mapping “MyAPP” with an IP address – port – protocol match, NetFlow Analyzer starts classifying the all conversations/calls originated or designated to the mapped IP address with the defined port & protocol as “MyApp”.
Using this functionality one can create a new application mapping using the “Application Mapping” link with the voice gateway IP and port & protocol used for IP phone traffic. If you are not sure about the port and protocol, you can also use 0-65535 as a port range in the application mapping. Since this is going to be your voice gateway, mostly it deals with VOIP traffic.
This new VOIP tracking application will be shown under the application tab with the respective traffic volume and further drills down to conversation/call information.
2. Using IP groups
As a second option, it is also possible to monitor the IP phone traffic by creating an IP group. The IP groups feature lets you monitor departmental, intranet or application specific traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol. You can even choose to monitor traffic from specific interfaces across different routers. After creating an IP group, you can view the top applications, top protocols, top hosts, and top conversations in this IP group alone.
Now create an IP group with a VOIP gateway or VOIP IP network or VOIP phone range. You can create as many IP groups based on your requirement. The possibility of associating the port, protocol and interface information with IP groups helps to make the classification to be more precise.
Each IP group gives you the complete traffic, application and conversation information pertained to the IP addresses or port-protocol mapping involved in the group.
Note: In both the options, ensure that the desired IP address (voice gateway IP or IP address of IP phone(s)) is visible to your router or L3 switch. So that it can be exported through the NetFlow packet.
Please write your questions to support@netflowanalyzer.com. You can download our 30 days all feature trial software from the following link.
Download:
http://www.manageengine.com/products/netflow/download.html?ab
Features:
http://www.manageengine.com/products/netflow/netflow-features.html
Live Demo:
http://demo.netflowanalyzer.com
Thanks
Raj
Pingback: Monitoring VOIP/IP Phone Traffic using ManageEngine NetFlow … | shoretel1.com
Pingback: Monitoring VOIP/IP Phone Traffic using ManageEngine NetFlow … | shoretel1.com