For certain communication systems, network packets are communicated within network sessions between two or more network nodes. One protocol that is used for network sessions is GTP (GPRS (General Packet Radio Service) Tunneling Protocol). User equipment (UE), such as mobile cellular handsets, can have multiple active sessions at a time that are using GTP communications. To manage these GTP communication sessions, it is often desirable to have visibility into all sessions that are active for a particular UE as a subscriber within the network. As such, network monitoring tools often desire to receive all network packets associated with the active GTP sessions for a particular subscriber. Tracking these active sessions, however, is difficult because sessions are constantly being created and torn down within the network communication system.
Mobile subscribers within a mobile communication network are often identified by a unique subscriber identifier such as their IMSI (International Mobile Subscriber Identity), which is a unique digital value stored by the mobile unit (e.g., cellular telephone in a SIM (Subscriber Identification Module) card or other storage medium), their MSISDN (Mobile Subscriber International Subscriber Directory Number) identifier, their phone number, a call identifier, and/or other unique identifier corresponding to the subscriber or caller within the network. The IMSI or other unique subscriber identifier is often communicated by the mobile unit to the communication network (e.g., to cellular base stations). Where GTP packets are used, the GTP packets are often classified in part by their TEID (tunnel endpoint identifier) that associates the GTP packet with a subscriber session and related GTP tunnel. GTP session controllers (GSC) have been used in the past to identify and track user sessions and related TEIDs so that all packets associated with a subscriber session can be forwarded to a common network monitoring tool. To achieve this result, a GSC typically receives and analyzes control packets (GTP-C) associated with subscriber traffic to track changes to sessions and to map TEIDs to their particular subscriber sessions.
Mobile core networks (e.g., latest generations often called Evolved Packet Cores or EPC networks) provide seamless transfer of data to subscribers as they move around the network, from one cell tower (e.g., eNodeB) to another. For certain mobile networks such as 3GPP (3rd Generation Partnership Project) networks, a session is created for the subscriber when the subscriber attaches to the network, and the session effectively builds a data plane connection with the data being encapsulated using tunnels (e.g., GTP tunnels). These tunnels can use various tunnel identifiers (e.g., TEIDs) along the communication path that are associated with the temporary subscriber sessions that are created and then torn down, and these tunnel identifiers are maintained by a control plane connection between the nodes.
As traffic volumes increase within a network, it becomes practically impossible for quality of service (QoS) and/or other network metrics or security to be monitored by a single network probe or monitoring tool. As such, multiple network monitoring tools are often used. Traditional load balancing mechanisms, however, do not work well as traffic for one user often ends up on multiple monitoring tools. The monitoring tools are then required to spend valuable resources correlating user data. To resolve this problem, network taps or collections points can be used to feed the GTP traffic to network packet brokers and/or GSCs that filter and forward the GTP traffic to network monitoring tools based upon tracked user sessions. For example, a session table can be built that associates each session to its GTP tunnels and then forwards subscriber traffic to a single monitoring tool based upon those tracked sessions. In another example, for VoLTE (Voice over Long-Term Evolution) calls, a session table can be built by associating the caller and callee to the tunnels represented by the combination of IP (internet protocol) addresses and UDP (User Datagram Protocol) ports that are used for RTP (Real Time Protocol) along the VoLTE call path within the network.
This session table tracking for subscriber flows, however, can degrade due to latencies when subscriber packets are being detected at multiple monitoring interfaces associated with a GSC and/or are being received by independent GSCs in distinct network locations. Further, it is often desirable to sample all network traffic across all monitored links for a subset of selected subscribers. When a particular subscriber or subset of subscribers is selected for sampling, it can be difficult to effectively communicate this sampling selection information to other monitoring processes in the GSC and/or to other GSCs in the network where session based tracking is being used. Further, where common session tables and/or copies of session tables are used within a GSC and/or shared across multiple GSCs, concurrent memory access contention issues can arise as well as update latency and scaling issues.