https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/source-port-labeling.html

Identify each packet's entry point

The Source Port Labeling feature of the GigaSMART® engine provides context to packets and allows tools to properly assess network behavior and threats based on where they are happening in the network. When a packet arrives into the Gigamon® Visibility Platform, it could have come from one of dozens or hundreds of network access points.

Before forwarding the packet to a monitoring or security tool, Source Port Labeling adds a trailer to the packet that identifies on which port the packet arrived. The tool can query the Gigamon Visibility Platform using the Rest API and look up the Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) information associated with the packet’s source port to know exactly where in the network problems or threats reside.

Benefits of the Source Port Labeling feature

• Accurately analyze traffic aggregated from multiple collection points.
• Correlate traffic with CDP/LLDP information on the network.
• Identify incorrect cabling of taps and SPAN ports and verify accuracy of flow maps.

Regular GigaStream Configuration
To configure a regular tool GigaStream, refer to the following example:

Step

Description

Command

1.    
Configure ports using type tool for a regular tool GigaStream.
(config) # port 1/3/q2..q3 type tool

2.  
Configure a regular GigaStream.
(config) # gigastream alias stream1 port-list 1/3/q1..q4

3.  
Configure a comment for the GigaStream.
(config) # gigastream alias stream1 comment “regular gigastream”

4.  
Assign hash weights in percentage or ratio to the ports in the GigaStream
(config gigastream alias stream1) # port-list 1/3/q1..q4 hash-weight 30,30,20,20
(config gigastream alias stream1) # port-list 1/3/q1..q4 hash-weight 3,3,2,2

5.  
Assign drop weight for the GigaStream
(config gigastream alias stream1) # drop-weight 2

6.  
Display the configuration for this example.
(config) # show gigastream

Insert VLAN Tag

# port 1/1/x2 type network
# port 1/1/x6 type tool
# gsgroup alias GS1 port-list 1/5/e1
# gsop alias addVLAN add-header lan 101 port-list GS1
# map alias add_VLAN_example
    # use gsop addVLAN
    # rule add pass Ipver 4
    # from 1/1/x2
    # to 1/1/x6
    # exit
# write memory

Gigamon-HC1 (config) # show running-config
##
## Running database "initial"
## Generated at 2023/03/09 22:37:25 +0000
## Software version on which this output was taken: GigaVUE-OS 5.13.03.04 347192 2022-08-29 17:34:04
## Hostname: Gigamon-HC1
##
## Note: If you are not an admin user some command invocations may be omitted
## because you do not have permissions to see them.
##
##
## Network interface configuration
##
interface eth0
  no dhcp
  ip address 10.10.10.125 /24
  exit
##
## Routing configuration
##
ip default-gateway 10.10.10.254 eth0
##
## Other IP configuration
##
hostname Gigamon-HC1
ip name-server 8.8.8.8
##
## Local user account configuration
##
username admin password 7 $1$Awce0nPW$l7aLonymvDzWfArYQcLAs.
##
## AAA remote server configuration
##
# ldap bind-password ********
# radius-server shared-secret ********
# tacacs-server shared-secret ********
##
## Chassis level configurations
##
chassis box-id 1 serial-num H013C type hc1 gdp disable
##
## Card level configurations
##
card slot 1/1 product-code 132-00D7
card slot 1/2 product-code 132-00D9
card slot 1/3 product-code 132-00D8
card slot 1/cc1 product-code 132-00D6
##
## Port level configurations
##
port 1/1/g1 type network
port 1/1/g2 type network
port 1/1/g3 type network
port 1/1/g4 type network
port 1/1/x1 type inline-tool
port 1/1/x1 params admin enable
port 1/1/x2 type inline-tool
port 1/1/x2 params admin enable
port 1/1/x3 type inline-tool
port 1/1/x3 params admin enable
port 1/1/x4 type inline-tool
port 1/1/x4 params admin enable
port 1/1/x5 type inline-tool
port 1/1/x5 params admin enable
port 1/1/x6 type inline-tool
port 1/1/x6 params admin enable
port 1/1/x7 type inline-tool
port 1/1/x7 params admin enable
port 1/1/x8 type inline-tool
port 1/1/x8 params admin enable
port 1/1/x9 type network
port 1/1/x10 type network
port 1/1/x11 type network
port 1/1/x12 type network
port 1/2/x1 type network
port 1/2/x2 type network
port 1/2/x3 type network
port 1/2/x4 type network
port 1/2/x5 type inline-net
port 1/2/x5 params admin enable speed 1000
port 1/2/x6 type inline-net
port 1/2/x6 params admin enable speed 1000
port 1/2/x7 type inline-net
port 1/2/x7 params admin enable speed 1000
port 1/2/x8 type inline-net
port 1/2/x8 params admin enable speed 1000
port 1/3/g1 type network
port 1/3/g1 params taptx passive
port 1/3/g2 type network
port 1/3/g2 params taptx passive
port 1/3/g3 type network
port 1/3/g3 params taptx passive
port 1/3/g4 type network
port 1/3/g4 params taptx passive
port 1/3/g5 type network
port 1/3/g5 params taptx passive
port 1/3/g6 type network
port 1/3/g6 params taptx passive
port 1/3/g7 type network
port 1/3/g7 params taptx passive
port 1/3/g8 type network
port 1/3/g8 params taptx passive
##
## Gigastream hash configurations
##
gigastream advanced-hash slot 1/cc1 default
##
## Apps SSL configuration
##
apps inline-ssl profile alias iSSL-Profile
  certificate expired drop
  certificate invalid drop
  certificate revocation crl disable
  certificate revocation ocsp disable
  certificate self-signed drop
  certificate unknown-ca drop
  decrypt tcp inactive-timeout 5
  decrypt tcp portmap default-out-port disable
  decrypt tool-bypass disable
  default-action decrypt
  ha active-standby disable
  monitor inline
  network-group multiple-entry disable
  no-decrypt tool-bypass disable
  non-ssl-tcp tool-bypass disable
  one-arm disable
  ria disable
  split-proxy disable
  split-proxy server non-pfs-ciphers disable
  tcp delayed-ack disable
  tcp syn-retries 3
  tool early-engage disable
  tool fail-action bypass-tool
  url-cache miss action no-decrypt
  exit
apps inline-ssl signing for primary key ucontech
##
## Gsgroup configurations
##
gsgroup alias iSSL-GS port-list 1/1/e1 hash advanced
##
## Gs params configurations
##
gsparams gsgroup iSSL-GS
  3gpp-node-role disable
  5g-flow timeout 48
  apptcp-lb application broadcast
  apptcp-lb control broadcast
  apptcp-lb disable
  cpu utilization type total rising 80
  dedup-action drop
  dedup-ip-tclass include
  dedup-ip-tos include
  dedup-tcp-seq include
  dedup-timer 50000
  dedup-vlan ignore
  diameter-packet timeout 2
  diameter-s6a-session limit 10000
  diameter-s6a-session timeout 30
  eng-watchdog-timer 60
  erspan3-timestamp format none
  flow-mask disable
  flow-sampling-rate 5
  flow-sampling-timeout 1
  flow-sampling-type device-ip
  generic-session-timeout 5
  gtp-control-sample enable
  gtp-flow timeout 48
  gtp-persistence disable
  gtp-persistence file-age-timeout 30
  gtp-persistence interval 10
  gtp-persistence restart-age-time 30
  gtp-randomsample disable
  gtp-randomsample interval 12
  ip-frag forward enable
  ip-frag frag-timeout 10
  ip-frag head-session-timeout 30
  lb failover disable
  lb failover-thres lt-bw 80
  lb failover-thres lt-pkt-rate 1000
  lb replicate-gtp-c disable
  lb use-link-spd-wt disable
  mobility-sam disable
  resource buffer-asf disable
  resource cpu overload-threshold 90
  resource hsm-ssl buffer disable
  resource hsm-ssl packet-buffer 1000
  resource inline-ssl standalone enable
  resource metadata disable
  resource packet-buffer overload-threshold 80
  resource xpkt-pmatch num-flows 0
  session logging level none
  sip-media timeout 30
  sip-nat disable
  sip-session timeout 30
  sip-tcp-idle-timeout 20
  ssl-decrypt decrypt-fail-action drop
  ssl-decrypt enable
  ssl-decrypt hsm-pkcs11 dynamic-object enable
  ssl-decrypt hsm-pkcs11 load-sharing enable
  ssl-decrypt hsm-timeout 1000
  ssl-decrypt key-cache-timeout 10800
  ssl-decrypt non-ssl-traffic drop
  ssl-decrypt pending-session-timeout 60
  ssl-decrypt session-timeout 300
  ssl-decrypt tcp-syn-timeout 20
  ssl-decrypt ticket-cache-timeout 10800
  tunnel-health-check action pass
  tunnel-health-check disable
  tunnel-health-check dstport 54321
  tunnel-health-check interval 600
  tunnel-health-check protocol icmp
  tunnel-health-check rcvport 54321
  tunnel-health-check retries 5
  tunnel-health-check roundtriptime 1
  tunnel-health-check srcport 54321
  xpkt-pmatch disable
  exit
##
## Gsop configurations
##
gsop alias iSSL-GSOP inline-ssl iSSL-Profile port-list iSSL-GS
##
## Vport configurations
##
vport alias VP1 gsgroup iSSL-GS
vport alias VP1 failover-action vport-bypass
vport alias VP1 outer-traffic-path to-inline-tool
vport alias VP1 inner-traffic-path to-inline-tool
vport alias VP1 deferred-binding disable
vport alias VP1 mmon disable
vport alias VP1 insight-sensor disable
vport alias VP2 gsgroup iSSL-GS
vport alias VP2 failover-action vport-bypass
vport alias VP2 outer-traffic-path to-inline-tool
vport alias VP2 inner-traffic-path to-inline-tool
vport alias VP2 deferred-binding disable
vport alias VP2 mmon disable
vport alias VP2 insight-sensor disable
##
## Inline-network configurations
##
inline-network alias default_inline_net_1_2_1
  pair net-a 1/2/x5 and net-b 1/2/x6
  physical-bypass disable
  traffic-path to-inline-tool
  exit
inline-network alias default_inline_net_1_2_2
  pair net-a 1/2/x7 and net-b 1/2/x8
  physical-bypass disable
  traffic-path to-inline-tool
  exit
##
## Inline-tool configurations
##
inline-tool alias DEC1
  pair tool-a 1/1/x1 and tool-b 1/1/x2
  enable
  exit
inline-tool alias DEC2
  pair tool-a 1/1/x5 and tool-b 1/1/x6
  enable
  exit
inline-tool alias ENC1
  pair tool-a 1/1/x3 and tool-b 1/1/x4
  enable
  exit
inline-tool alias ENC2
  pair tool-a 1/1/x7 and tool-b 1/1/x8
  enable
  exit
##
## Traffic map connection configurations
##
map alias map11
  roles replace admin to owner_roles
  rule add pass portdst 443 bidir
  to VP1
  from default_inline_net_1_2_1
  exit
map alias map21
  roles replace admin to owner_roles
  rule add pass portdst 443 bidir
  to VP2
  from default_inline_net_1_2_2
  exit
map alias map12
  roles replace admin to owner_roles
  use gsop iSSL-GSOP
  to DEC1
  from VP1
  exit
map alias map22
  roles replace admin to owner_roles
  use gsop iSSL-GSOP
  to DEC2
  from VP2
  exit
map-scollector alias map33
  roles replace admin to owner_roles
  from default_inline_net_1_2_2
  collector ENC2
  exit
map-scollector alias map13
  roles replace admin to owner_roles
  from default_inline_net_1_2_1
  collector ENC1
  exit
##
## X.509 certificates configuration
##
#
# Certificate name system-self-signed, ID 6e7c2be346db77d241a438646adbe073ff1e1ab8
# (public-cert config omitted since private-key config is hidden)
##
## Web configuration
##
# web proxy auth basic password ********
##
## E-mail configuration
##
# email auth password ********
# email autosupport auth password ********
Gigamon-HC1 (config) #

AFP, ASF Sample

gigamon-2c013c (config) # sh running-config
##

Running database "initial"

Generated at 2019/12/23 05:23:44 +0000

Software version on which this output was taken: GigaVUE-OS 5.7.01 142718 2019-09-23 23:20:06

##

Port level configurations

##
port 1/1/g1 type network
port 1/1/g2 type network
port 1/1/g3 type network
port 1/1/g4 type network
port 1/1/x1 type hybrid
port 1/1/x1 params admin enable
port 1/1/x2 type network
port 1/1/x2 params admin enable
port 1/1/x3 type tool
port 1/1/x3 params admin enable
port 1/1/x4 type network
port 1/1/x4 params admin enable
port 1/1/x5 type network
port 1/1/x6 type tool
port 1/1/x6 params admin enable
port 1/1/x7 type tool
port 1/1/x7 params admin enable
port 1/1/x8 type tool
port 1/1/x8 params admin enable
port 1/1/x9 type network
port 1/1/x10 type tool
port 1/1/x10 params admin enable
port 1/1/x11 type network
port 1/1/x12 type tool
port 1/1/x12 params admin enable
port 1/2/x1 type network
port 1/2/x2 type network
port 1/2/x3 type network
port 1/2/x4 type network
port 1/2/x5 type inline-net
port 1/2/x5 params admin enable speed 1000
port 1/2/x6 type inline-net
port 1/2/x6 params admin enable speed 1000
port 1/2/x7 type inline-net
port 1/2/x8 type inline-net
port 1/3/g1 type network
port 1/3/g1 params taptx passive
port 1/3/g2 type network
port 1/3/g2 params taptx passive
port 1/3/g3 type network
port 1/3/g3 params taptx passive
port 1/3/g4 type network
port 1/3/g4 params taptx passive
port 1/3/g5 type network
port 1/3/g5 params taptx passive
port 1/3/g6 type network
port 1/3/g6 params taptx passive
port 1/3/g7 type network
port 1/3/g7 params taptx passive
port 1/3/g8 type network
port 1/3/g8 params taptx passive

##

Gigastream hash configurations

##
gigastream advanced-hash slot 1/cc1 default

##

Gigastream configurations

##
gigastream alias T-LB-1
port-list 1/1/x6,1/1/x8 params hash advanced
exit
gigastream alias T-LB-2
port-list 1/1/x10,1/1/x12 params hash advanced
exit

##

SAPF configurations

##
apps asf alias youtube-asf
bi-directional enable
buffer enable
buffer-count-before-match 6
packet-count disable
protocol tcp-udp
sess-field add ipv4-5tuple outer
timeout 15
exit

##

Gsgroup configurations

##
gsgroup alias GS1 port-list 1/1/e1

##

Gs params configurations

##
gsparams gsgroup GS1
cpu utilization type total rising 80
dedup-action drop
dedup-ip-tclass include
dedup-ip-tos include
dedup-tcp-seq include
dedup-timer 50000
dedup-vlan ignore
diameter-packet timeout 2
diameter-s6a-session limit 10000
diameter-s6a-session timeout 30
eng-watchdog-timer 60
erspan3-timestamp format none
flow-mask disable
flow-sampling-rate 5
flow-sampling-timeout 1
flow-sampling-type device-ip
generic-session-timeout 5
gtp-control-sample enable
gtp-flow timeout 48
gtp-persistence disable
gtp-persistence file-age-timeout 30
gtp-persistence interval 10
gtp-persistence restart-age-time 30
gtp-randomsample disable
gtp-randomsample interval 12
ip-frag forward enable
ip-frag frag-timeout 10
ip-frag head-session-timeout 30
lb failover disable
lb failover-thres lt-bw 80
lb failover-thres lt-pkt-rate 1000
lb replicate-gtp-c disable
lb use-link-spd-wt disable
node-role disable
resource buffer-asf 2
resource cpu overload-threshold 90
resource hsm-ssl buffer disable
resource hsm-ssl packet-buffer 1000
resource inline-ssl standalone enable
resource metadata disable
resource packet-buffer overload-threshold 80
resource xpkt-pmatch num-flows 0
session logging level none
sip-media timeout 30
sip-nat disable
sip-session timeout 30
sip-tcp-idle-timeout 20
ssl-decrypt decrypt-fail-action drop
ssl-decrypt enable
ssl-decrypt hsm-pkcs11 dynamic-object enable
ssl-decrypt hsm-pkcs11 load-sharing enable
ssl-decrypt hsm-timeout 1000
ssl-decrypt key-cache-timeout 10800
ssl-decrypt non-ssl-traffic drop
ssl-decrypt pending-session-timeout 60
ssl-decrypt session-timeout 300
ssl-decrypt tcp-syn-timeout 20
ssl-decrypt ticket-cache-timeout 10800
tunnel-health-check action pass
tunnel-health-check disable
tunnel-health-check dstport 54321
tunnel-health-check interval 600
tunnel-health-check protocol icmp
tunnel-health-check rcvport 54321
tunnel-health-check retries 5
tunnel-health-check roundtriptime 1
tunnel-health-check srcport 54321
xpkt-pmatch disable
exit

Gsop configurations

gsop alias youtube-gsop apf set asf set port-list GS1

Vport configurations

vport alias vp1 gsgroup GS1
vport alias vp1 failover-action vport-bypass
vport alias vp1 outer-traffic-path to-inline-tool
vport alias vp1 inner-traffic-path to-inline-tool
vport alias vp1 deferred-binding disable
vport alias vp1 asf profile youtube-asf
vport alias vp1 mmon disable

Inline-network configurations

inline-network alias default_inline_net_1_2_1
pair net-a 1/2/x5 and net-b 1/2/x6
physical-bypass disable
traffic-path bypass
exit

##

Traffic map connection configurations

인라인네트워크에서 특정 포트로 미러패킷을 전달(전체 패킷-rx)

map-passall alias N1-map-source-packet-rx
roles replace admin to owner_roles
to 1/1/x1
from 1/2/x5
exit

인라인네트워크에서 특정 포트로 미러패킷을 전달(전체 패킷-tx)

map-passall alias N1-map-source-packet-tx
roles replace admin to owner_roles
to 1/1/x1
from 1/2/x6
exit

인라인네트워크에서 받은 미러패킷을 버철포트로 전달

map alias All-traffic
type firstLevel byRule
roles replace admin to owner_roles
comment " "
rule add pass macsrc 00:00:00:00:00:00 00:00:00:00:00:00 bidir
to vp1
from 1/1/x1
exit

유투브사이트에서 비디오 플레이 될때 탐지함.

map alias traffic-sapf-youtube
type secondLevel byRule
roles replace admin to owner_roles
use gsop youtube-gsop
gsrule add pass pmatch RegEx youtube|ytimg|yt3.ggpht|tubeMogul|tmogul|googlevideo|tmogulyoutu 0..1460
to 1/1/x3
from vp1
exit

PC에서 시만텍서버와 클라이언트 또는 패턴 업데이트 될때 탐지함.

map alias traffic-sapf-symatec
type secondLevel byRule
roles replace admin to owner_roles
use gsop youtube-gsop
gsrule add pass pmatch RegEx symantec|syma|sep|livet|symant 0..1460
to 1/1/x3
from vp1
exit

번외 - 특정 헥사 코드값 만을 탐지

map alias traffic-sapf-hex
type secondLevel byRule
roles replace admin to owner_roles
comment hex-.ama
use gsop youtube-gsop
gsrule add pass pmatch protocol ipv4 pos 1 RegEx [\x2e\x61\x6d\x61] 0..80
to 1/1/x7
from vp1
exit

The RegEx expression identifies the

SSL handshake type Client Hello patterns and All Buffered packets(TCP) #

pos -> number presenting the occurrence(발생 될 숫자 지정)

HTTPS사이트에 접근하면 탐지

map alias traffic-sapf-https
type secondLevel byRule
roles replace admin to owner_roles
use gsop youtube-gsop
gsrule add pass pmatch protocol tcp pos 1 RegEx \x16\x03.{3}\x01 0..6
to 1/1/x7
from vp1
exit

특정 지정한 패킷(HTTPS,youtube,symatec 등) 외 탐지

map-scollector alias traffice-non-asf
roles replace admin to owner_roles
from vp1
collector T-LB-1
exit

GigaVUE H Series nodes support Secure Sockets Layer (SSL) decryption. SSL is a cryptographic protocol that adds security to TCP/IP communications such as Web browsing and email. The protocol allows the transmission of secure data between a server and client who both have the keys to decode the transmission and the certificates to verify trust between them. Out-of-band SSL decryption delivers decrypted traffic to out-of-band tools that can then detect threats entering the network.

SSL decryption is a pillar of the GigaSECURE Security Delivery Platform. For an overview of GigaSECURE, refer to the “GigaSECURE Security Delivery Platform” section in the GigaVUE-FM User’s Guide.

Configure Out-of-Band SSL Decryption Examples
The following sections provide examples of out-of-band SSL decryption. Refer to the following:

• Example 1: Out-of-Band SSL Decryption with a Regular Map
• Example 2: Out-of-Band SSL Decryption with De-Duplication
• Other Usage Examples
For details on the CLI commands used in the following sections, refer to apps ssl, gsparams, and gsop in the reference section.

Example 1: Out-of-Band SSL Decryption with a Regular Map
In Example 1, a regular map is configured to use with out-of-band SSL decryption.

Step

Description

Command

1. Upload a key and create a service. Refer to Working with Keys and Services on page 732.

(config) # apps ssl key alias key1 download type private-key url https://keyserver.domain.com/path/keyfile.pem
(config) # apps ssl service alias service1 server-ip 192.168.1.1 server-port 443

2. Configure a GigaSMART group.

(config) # gsgroup alias gsgrp1 port-list 1/1/e1

3. Specify the GigaSMART group alias.

(config) # gsparams gsgroup gsgrp1

4. Specify a failover action.

(config gsparams gsgroup gsgrp1) # ssl-decrypt decrypt-fail-action drop

5. Configure session timeouts, in seconds.

(config gsparams gsgroup gsgrp1) # ssl-decrypt pending-session-timeout 60
(config gsparams gsgroup gsgrp1) # ssl-decrypt session-timeout 300
(config gsparams gsgroup gsgrp1) # ssl-decrypt tcp-syn-timeout 20

6. Configure cache timeouts, in seconds.

(config gsparams gsgroup gsgrp1) # ssl-decrypt key-cache-timeout 9000
(config gsparams gsgroup gsgrp1) # ssl-decrypt ticket-cache-timeout 9000

7. Configure a key/service mapping that maps how a key is assigned to an IP address of a server.

(config gsparams gsgroup gsgrp1) # ssl-decrypt key-map add service service1 key key1

8. Enable out-of-band SSL decryption.

(config gsparams gsgroup gsgrp1) # ssl-decrypt enable

9. Exit the GigaSMART group configuration mode.

(config gsparams gsgroup gsgrp1) # exit
(config) #

10. Configure a GigaSMART operation for out-of-band SSL decryption.

(config) # gsop alias gdssl1 ssl-decrypt in-port any out-port auto port-list gsgrp1

In the previous step, gdssl1 is the alias for a GigaSMART operation, in-port specifies the destination port on which to listen, out-port specifies the destination port on which to send decrypted traffic, and port-list is set to the GigaSMART group alias previously configured. The in-port and out-port arguments can also be a port number between 1 and 65535.

Next, configure a traffic map, as follows:

Step

Description

Command

1. Specify a map alias (m1) and specify the map type and subtype.

(config) # map alias m1

(config map alias m1) # type regular byRule

2. Specify the GigaSMART operation alias (gdssl1) as part of the map. This applies the associated GigaSMART functionality to packets matching a rule in the map.

(config map alias m1) # use gsop gdssl1

3. Specify a map rule.

(config map alias m1) # rule add pass ipver 4

4. Specify the destination for packets matching this map.

(config map alias m1) # to 1/1/g2

5. Specify the source port(s) for this map.

(config map alias m1) # from 1/1/g1

6. Exit the map prefix mode.

(config map alias m1) # exit
(config) #

7. Display the configuration.

(config) # show gsop
(config) # show map
(config) # show gsparams

Example 2: Out-of-Band SSL Decryption with De-Duplication
In Example 2, the configuration steps are the same except when you configure a GigaSMART operation you send the decrypted traffic to de-duplication for additional filtering, as follows:

(config) # gsop alias gdssl1 ssl-decrypt in-port any out-port auto dedup set port-list gsgrp1
Other Usage Examples
Two typical usage examples are as follows:

• Use map rules to filter on the IP address of the server and send everything to GigaSMART. Configure a GigaSMART operation to listen on the in-port used by the server. The GigaSMART will drop other traffic.
• Use map rules to filter on the IP address of the server and in-port and send specific port traffic to the GigaSMART. Configure a GigaSMART operation to listen on in-port any.

https://www.gigamon.com/products/optimize-traffic/subscriber-intelligence/5g-correlation.html

Subscriber-Aware Forwarding in a 5G and CUPS World

In a new 5G or 4G LTE world, where the control and user planes are separated (known as CUPS), obtaining coherent visibility of sessions is more challenging than ever. The physical separation of the user-plane traffic from the control-plane traffic, often in different locations, makes it difficult to associate the GTP user-plane tunnel sessions with the user or equipment identification.

With Gigamon 5G Correlation, 5G and LTE CUPS mobile operators can now intelligently forward subscriber sessions to specific tools by filtering on subscriber or equipment IDs — from ranges of subscribers down to a specific, high-value subscriber. Other benefits include:

• More efficient, effective tool processing throughput
• Improved analytics accuracy from reliable correlation of subscriber sessions
• Maximized quality of experience and monetizing services
• Increased reliability in accounting, billing and subscription management

It’s all part of Gigamon Subscriber Intelligence solutions made specifically for service providers.

Plus, be sure to take advantage of our new bundled GigaSMART® apps to be subscriber-aware!
 

https://www.gigamon.com/products/optimize-traffic/subscriber-intelligence/sip-rtp-correlation.html

VoIP Subscriber- and User-Aware Forwarding

It just got easier — and more efficient — to monitor voice- and video-over-IP (VOIP) sessions carried in Real-Time Transport Protocol (RTP) and managed by Session Initiation Protocol (SIP) signaling. It’s called the SIP/RTP Correlation application, and is a licensable and intelligent addition to the GigaSMART® engine that enables enterprises and service providers to monitor VoIP traffic.

Because it understands the stateful nature of the SIP protocol, the SIP/RTP Correlation application can match and pass an identified user’s SIP signaling and RTP media sessions to the appropriate analytics, performance and security subsystems. That’s a big help ensuring an accurate view of the session performance, the user’s quality of experience and secureness of the communication.

With the SIP/RTP Correlation application, service providers and enterprises can now intelligently forward VoIP sessions to specific tools by filtering on ranges of or specific user IDs, sampling just a percentage of media sessions and/or balancing the aggregate SIP and RTP sessions.

Benefits of the SIP/RTP Correlation Application:

• More efficient, effective tool processing throughput
• Improved analytics accuracy from reliable correlation of user sessions
• Enables improved user experiences and service monetization with more accurate end-user quality of experience metrics
• More reliable accounting, billing and subscription management
• Fewer errors through accurate correlation of subscriber or user data fragmented in transit

Take advantage of our new bundled GigaSMART apps to be subscriber-aware!