Transmission speeds of communications networks continue to increase, and with this increase, the difficulty to effectively monitor the traffic transmitted over communications networks also increases. Despite these high speeds, it is desirable to monitor signaling message traffic sent over high-speed IP communications networks.
Current IP traffic monitoring systems may include full-duplex taps which copy IP traffic and send the packets to one or more processors for analysis. However, some single current generation processors may not be capable of processing high bandwidth IP traffic streams in real time or near real time, as is necessary for many applications. Thus, some systems split high bandwidth IP streams among a plurality of processors based on each packet's address information. This information can include a packet's source or destination IP address, TCP or UDP port values, or its SCTP information.
Current IP traffic monitoring systems rely upon each monitored packet being uniquely identifiable. In many cases, this is accomplished via each packet's IP and TCP, UDP, or SCTP address information. However, in some networks, signaling message packets are tunneled such that each packet includes the same outer IP address and/or TCP, UDP, or SCTP port information. Accordingly, where tunneling is used, the outer IP addresses and TCP, UDP, or SCTP header information is not usable to segregate traffic into multiple streams. Thus, a single network monitoring processor may be required to process all signaling message packets sent through the same tunnel. This may result in the processor being overwhelmed in current high speed networks.
Accordingly, in light of these difficulties, there exists a need for methods, systems, and computer program products for monitoring tunneled IP traffic on a high bandwidth IP network.