Packet-based communication networks continue to grow in importance, and it is often desirable to monitor network traffic associated with these packet-based networks on an ongoing basis. To meet these monitoring needs, copies of network packets can be distributed to diagnostic network monitoring tools. Packets are often forwarded using network hubs, test access ports (TAPs), switched port analyzer (SPAN) ports, and/or other tap devices installed within network communication systems.
Certain network systems also include virtual processing environments hosted by one or more host servers. For example, network applications and resources can be made available to network-connected systems as virtualized resources operating within virtualization layers on host servers. In some embodiments, processors or other programmable integrated circuits associated with a server (e.g., server blade) and/or combinations of such servers operate to provide such virtual resources. These hosted virtual processing can then be made available to network-connected systems and devices.
For certain communication systems, network packets are communicated within network sessions between two or more network nodes. One protocol that is used for network sessions is GTP (GPRS (General Packet Radio Service) Tunneling Protocol). User equipment (UE), such as mobile cellular handsets, can have multiple active sessions at a time that are using GTP communications. To manage these GTP communication sessions, it is often desirable to have visibility into all sessions that are active for a particular UE. As such, network monitoring tools often desire to receive all network packets associated with the active GTP sessions for particular UE. Tracking these active sessions, however, is difficult because sessions are constantly being created and torn down within the network communication system.
GTP packets are often classified by their F-TEID. An F-TEID is a combination of the destination IP address and the tunnel endpoint identifier (TEID) included within the GTP packet. The F-TEID can be used to determine to which user session a GTP packet belongs. However, because F-TEIDs are dynamically allocated and will change over time, an F-TEID can be used by one session for one user and can later be re-used by a different session for a different user. As such, it is difficult over time to determine which packets should be associated with which user sessions based upon F-TEIDs. A GTP session controller (GSC) can be used to identify and track user sessions and related F-TEIDs so that packets associated with a user session can be forwarded to a common network monitoring tool. To achieve this result, a GSC typically receives and analyzes control packets (GTP-C) and user packets (GTP-U) associated with user traffic to track changes to sessions and determine which F-TEIDs are associated with which user.
As the volume of mobile GTP network traffic and/or other session-based traffic increases within networks (e.g., mobile IP (Internet Protocol) traffic), network operators can experience significant difficulty in their ability to monitor this increasing volumes of GTP traffic. As indicated above, GTP traffic can be generally divided into user plane traffic that is carried in GTP-U packets and control plane traffic that is carried in GTP-C packets. Prior GSC solutions receive the GTP-C and GTP-U packets or copies of these packets, apply filtering and sampling rules, and forward these packets to one or more network tools (e.g., billing verification, billing, security, QoS, analytics, etc.). In order to do their job properly, these network tools need to receive all GTP-C and GTP-U packets associated with communication sessions for each particular mobile subscriber user. As the volume of GTP traffic increases, however, traditional GSC solutions can experience performance issues or become less-cost effective due to the increases in GTP traffic volumes. Further, other types of session-based network traffic that has similar user/control planes and related user/control packets have similar problems with increased volumes. For example, in addition to GTP traffic, similar problems can be suffered by other SPP (Signaling Plane Protocol) traffic such as the Diameter protocol traffic, S1-AP (S1 Application Protocol) traffic, NAS (network attached storage) traffic, X2-AP (X2 Application Protocol) traffic, RANAP (Radio Access Network Application Protocol) traffic, and/or other SPP traffic for network packet communications.