H.248 Gateway Control Protocol Signaling Traffic Related Protocol Analysis

1
H.248 Gateway Control Protocol Signaling Traffic
Related Protocol Analysis

• Antti Miettinen
• S-38.310 Thesis Seminar on Networking Technology
• Helsinki University of Technology
• 07.12.2004

2
Basic Information

• Thesis written at Oy L M Ericsson Ab, Finland
• Supervisor Professor Jorma Jormakka
• Instructors M.Sc. Juha Eloranta

3
Contents

• Background
• Problem Description
• Objectives
• Scope
• UMTS Release 5 Network
• H.248 Gateway Control Protocol
• H.248 Protocol Traffic Analysis
• Protocol Traffic Analyzers
• Conclusion and Future Work

4
Background (1/3)

• The Universal Mobile Telecommunications System
  (UMTS) is a third generation mobile network
  standard specified by the 3rd Generation
  Partnership Project (3GPP)
• UMTS network is developed from the GSM and GPRS
• UMTS specifications and features grouped into
  releases
• Each release contains specific functionalities
  and advancements
• Releases enable vendors to make interoperable
  networks

5
Background (2/3)

• The UMTS Release 4 network architecture
  introduced the layered network architecture
• Call control is separated from the media and
  bearer control
• H.248 Gateway Control Protocol framework (GCP) is
  used in the UMTS core network between the Media
  Gateway Controller (MGC) and the Media Gateway
  (MGW) and between the Media Resource Function
  Controller (MRFC) and Media Resource Function
  Processor (MRFP).

6
Background (3/3)

• This means
• The MGC and the MRFC handles the call control
  while the MGW and the MRFP handles the media and
  the bearer control.
• The MGC and MRFC steer and control the calls
  through the MGW and the MRFP with help of the GCP

7
Problem Description

• The GCP traffic analysis has an essential role in
  troubleshooting the network anomalies
• By analyzing the GCP traffic, the past status and
  the prevailing operations of the network node can
  be revealed
• However, the GCP messages are big and frequent.
  Thus, the protocol traffic analysis is a heavy
  process.
• The research problem of this thesis is to find
  out an efficient method to analyze the GCP
  protocol traffic to troubleshoot the network
  nodes

8
Objectives

• The objective of this study is to find out
  efficient methods to analyze the H.248 Gateway
  Control Protocol signaling traffic to be able to
  troubleshoot the network nodes efficiently.

9
Scope

• Different methods to efficiently analyze the
  H.248 protocol traffic are explored. Those
  methods are mapped to protocol traffic analyzer
  requirements.
• Only open source analyzers are explored
• The source code is available gt modifications to
  the analyzer can be done to meet the requirements
  better
• No license fees
• Commercial products do not distribute fully
  functional demo versions gt no real evaluation
  can be done
• An protocol traffic analyzer is selected as a
  recommendation for the H.248 protocol traffic
  analysis

10
UMTSRelease 5Network
11
H.248 Gateway Control Protocol (1/5)

• Connection model
• The most important abstractions are the Contexts,
  Terminations and Streams

the direction of a media flow
Tx
termination x
a stream
MGW
Context1
Context2
Context3
T2
T2
T2
T1
T3
T1
T3
T1
T3
12
H.248 Gateway Control Protocol (2/5)

• Message structure
• GCP message has a modular structure

13
H.248 Gateway Control Protocol (3/5)

• Messages
• Large when presented in human readable form
• Transaction request (easily gt100 lines) bigger
  than transaction replies
• Replies do not usually contain descriptors
• Signaling traffic asymmetric
• Treelike hierarchy
• Transactions
• Actions
• Commands
• Descriptors

14
H.248 Gateway Control Protocol (4/5)

• Possible errors situations
• H.248.8 packet defines 60 different error
  descriptor
• e.g. Unknown TerminationID, error code 430 or
  insufficient bandwidth, error code 526.
• Network node might end up to an unspecified state
  (the failed command remains half executed)
• Must be taken into account when searching reasons
  for network node anomalies

15
H.248 Gateway Control Protocol (5/5)

• Possible errors situations (cont.)
• Unclosed transactions
• May realize in case of unreliable signaling
  connection
• GCP specifies the three timers to prevent this
  but they are not 100 sure

16
H.248 Protocol Traffic Analysis (1/3)

• Data Presentation Format
• Overview first, zoom and filter, then
  details-on-demand, Ben Shneiderman
• The call related parameters should be shown in
  their own columns in the overview part
• transactionId, contextId, command type,
  terminationID and wildcard
• Scroll bars, colored messages (e.g. error
  messages), colored barplots and tool tips

17
H.248 Protocol Traffic Analysis (2/3)

• Filtering Functions
• One of the most important features needed in
  troubleshooting
• Sorting Functions
• Basic function
• Implemented in every analyzer
• Monitoring Functions
• Error descriptors in messages
• Unclosed transactions

18
H.248 Protocol Traffic Analysis (3/3)

• Summary Function
• Shows the key information about the traffic, e.g.
• The number of transaction requests, replies and
  pendings
• The number of errored messages
• The number of completed and uncompleted
  transactions

19
H.248 Protocol Traffic Analyzers (1/2)

• Only open source analyzers explored
• Examined analyzers
• TcpDump WinDump
• Ethereal
• Analyzer
• Packetyzer

20
H.248 Protocol Traffic Analyzers (2/2)

• Recommendation
• Ethereal
• Meets the requirements of the H.248 protocol
  traffic analysis best
• Actively developed
• Missing features H.248 specific columns,
  monitoring functions, summary function, colored
  barplots

21
(No Transcript)
22
Conclusion and Future Work

• Topics for future work
• Implement the missing requirements to Ethereal
• Explore the commercial analyzers if they are
  even more suitable for the H.248 traffic analysis

23
Thank you!
Questions or comments?