The disclosure herein pertains generally to the field of telecommunications and more specifically to techniques for routing duplicates of data packets to analytic servers.
General Packet Radio Service (GPRS) is a standard for wireless communications which enables data to be transmitted at speeds up to 115 kilobits per second, compared with Global System for Mobile Communications (GSM) systems' 9.6 kilobits per second. GPRS, which supports a wide range of bandwidths makes efficient use of limited bandwidth and is suitable for sending and receiving small bursts of data, such as e-mail and Web browsing, as well as large volumes of data.
GPRS Tunneling Protocol (GTP) is a group of Internet Protocol (IP)-based communications protocols used to carry packets conforming to the GPRS standard within GSM, UMTS and LTE networks. In Third Generation Partnership Project architectures, GTP and Proxy Mobile IPv6-based interfaces are specified on various interface points. GTP can be decomposed into separate protocols, including GTP-C and GTP-U. In 3G and 4G wireless networks, GTP-C messages are control messages used between the network elements to activate and de-activate sessions orginating from mobile user endpoints. As an example, in 3G networks, GTP-C is used within a GPRS core network for signaling between gateway GPRS support nodes (GGSN) and serving GPRS support nodes (SGSN). This allows the SGSN to activate a session on a user's behalf, to deactivate the same session, to adjust quality of service parameters, or to update a session for a subscriber who has just arrived from another SGSN. GTP-U is used for carrying user data within a GPRS core network and between a radio access network and the core network. The user data transported can be packets in any of IPv4, IPv6, or Point-to-Point Protocol (PPP) formats.
An operator of a telecommunication network can find it beneficial to analyze the traffic that flows through that network. Such analysis might be performed for a variety of different reasons. For example, the operator might want to obtain information that could be used as business intelligence. For another example, the operator might want to detect and pre-empt attacks being made through the network. In order to help prevent such attacks, the operator might want to analyze traffic to determine the sources from which different types of traffic originate.
Such traffic analysis can be performed at an analytic server that the operator maintains. Data packets flowing through the network can be duplicated, and the duplicate packets can be diverted to such an analytic server. Due to the vast amount of traffic that flows through the network, the operator might maintain numerous separate analytic servers that are capable of analyzing different portions of the total traffic concurrently.
The traffic flowing through a telecommunications network often will represent multiple separate and distinct communication sessions. Such sessions can originate from different mobile devices. Regarding GPRS, a session is a tunnel that is established between two endpoints in a communication network. Communications between those endpoints passes through this established tunnel. In a 3G network, the session is established through the creation of a packet data protocol (PDP) context—a data structure—on both an SGSN endpoint and a GGSN endpoint. This data structure contains session information, contents of which are described further below. The establishment of the session allocates a PDP context in the SGSN with which the mobile device is currently in communication. The establishment of the session further allocates that PDP context in the GGSN that serving the mobile device user's access point. The data recorded in the PDP context includes: the mobile device's Internet Protocol (IP) address, the mobile device's International Mobile Subscriber Identity (IMSI), a Tunnel Endpoint ID (TEID) at the GGSN, and a Tunnel Endpoint ID (TEID) at the SGSN.
As is mentioned above, traffic analysis can be performed at an analytic server that an operator maintains. In order for the analysis to be complete, it is desirable that all traffic belonging to a particular communication session be diverted to the same analytic server under circumstances in which multiple analytic servers are analyzing the network traffic.
Achieving this result can be difficult due to the fact that the traffic in a mobile telecommunications network can originate from mobile devices that, by their nature, tend to move about geographically. As a mobile device moves from one region to another, the mobile device may leave the range of one cellular telephone tower and come into the range of another cellular telephone tower. The point through which the mobile device accesses the telecommunication network can thus change, as the device moves, from one point (e.g., a first cellular telephone tower) to another point (e.g., a second cellular telephone tower). When such a change occurs, the parameters associated with the mobile device's currently active communication sessions are likely to change as well.
The change in these communication session parameters complicates the task of ensuring that, for each communication session, all of that communication session's traffic will be sent to the same analytic server in a group of such servers. If the parameters associated with a particular communication session change due to the mobile device moving, then network elements that select the analytic server to which duplicate packets should be forwarded might accidentally send subsequent traffic belonging to that particular communication session to a different analytic server than the one to which those network elements had been sending that traffic prior to the change.