Overview of the IP Quality Monitor (IQM) Solution Edition 2018-11-14

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Overview of the IP Quality Monitor (IQM) solution

Purpose of IQM

IP Quality Monitor (IQM) is a hardware-software system intended for measurement, monitoring and management of network quality parameters and network performance.

Any of network topologies are supported for monitoring. The system also takes into consideration a set of characteristics as technical and abstract. Such as: traffic parameters, network architectural levels, service levels, zonal structure, geography and etc.

System supports a lot of standard measurement methods on different network layers of OSI model: from L2 (data channel layer) – up to L7 (application layer).

Also system has possibility for receiving data from external sources with wide variety of methods: SNMP, CLI, HTTP, etc. For non-standard methods system provides programmable tests. Any abstract data can be received with programmable test. Thus, the IQM agents can work as adapters for data acquisition for the further analysis, monitoring, alarming and presentation.

The functional composition of IQM

From the technical point of view, IP Quality Monitor consists of two basic elements: quality measurement agents IQMA (IQM-Agent) and management system IQMM (IQM- Manager).

The quality measurement agents (IQMA) are software and hardware systems producing automated measurement of quality parameters using internal or standard protocols. Agents can initiate the test sessions, as well as accept requests from other agents for the quality measurements. The test session consists of traffic exchange between initiating agent and test responder. Traffic delivery parameters are measuring during test session. There are a lot of types of tests available for measuring different network layers.

The management system (IQMM) performs the following tasks:

• Management of IQM subsystems,

• Configuration and agent’s status monitoring,

• Data receiving, storing, analysis,

• Alarming on critical states,

• Data presentation with wide variety of tools: graphs, tables, diagrams, standard and custom reports,

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 1

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

• Limited access to data in personal account,

• Administration.

Approach to measurements

The traditional approach is applied to the quality parameters measurement: specialized network devices – quality measurement agents IQMA are placed on the key network nodes.

Network quality parameters are measured during emulated test traffic exchange between agents or between agent and network service/host/device. Test traffic is formed and shaped in accordance with configuration. Test configuration is stored on initiating agent and synchronized with IQMM database.

Using agents on key network nodes will facilitate further processes of network troubleshooting. Thus, for example, it is possible to carry out quality management on the last miles – one of the most problematic divisions of a network.

Last mile parameters Core parameters Last mile parameters

Agent Test Agent Test Agent

Тест

LAN LAN VPN Agent

Last mile Last mile

DMZ Test

Agent

End-to-end parameters

Moments for test starting can be defined in configuration of scheduler as follows:

• With pre-defined periods beginning with some moment,

• In specific moments pre-defined in cron-like templates

• On demand

Before each test session agents create a signaling connection with responder and authorize each other with hand-shake. Signaling connection is used to send test configuration to responder and receive measurements from it. The both agents send and receive test traffic-flows for bi-directional measurements.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 2

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Parameters

Each of agents measures traffic delivery parameters in their directions. Parameters measured on OSI L3/4 are:

• Packet loss in each direction (as % to total expected packets, and in pieces),

• Round-trip times (Min/Avg/Max),

• One-way delays in each direction (Min/Avg/Max),

• Packet delay variation (Jitter) in each direction,

• Rate (Speed) of packets reception for each direction (as % ratio to expected norm, and as bits per second),

• Volume of packets received in each direction,

• Percentage of reclassified packages received in each direction,

• Out of Order - percentage of packets, received in wrong order

Test traffic can be configured with different parameters: packet size, VLAN-interfaces, ports, generation speed, class of service etc.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 3

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Data filtering

All measured data are being gathered on management system IQMM. Generally, agents push data to core-system. After IQMM data is inserted into database and processed by various mechanisms: violation-detection, alarming, aggregation etc.

After data are entered in the database, they become available for presentation in the web interface. Web-interface provides wide variety of tools for data presentation: graphs, tables, diagrams, standard and custom reports. Custom reports makes possible preparation of customized table reports based on the data stored in database. All reports are exported in excel- compatible format.

Filters are used for generation of any type of report. Filters provide the ability to filter the data requested by various features: customers, providers, services, network architectural levels, zonal structure, agents, tests, classes of service, measured parameters. Regular expressions could be used for selections. All features in filters are grouped in accordion.

Control policies

Policies act for arbitrary group of parameters. Policies use thresholds to divide parameter state into some number of critical zones. Violation takes place when number of threshold excesses more or equal to the number specified in policy. Each violation of threshold could be binded with specific alarming model.

Available thresholds are:

• Green: limit of normal value.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 4

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

• Yellow: limit of high value.

• Red: maximum limit.

• Blue: minimum limit.

On transition of parameter's state from one critical zone to another it is possible to execute series of alarming:

• Notification in special forms of WEB-interface: alarm dashboards, alarm flows, GIS

• e-Mail,

• SNMP-trap,

• syslog,

• external procedure call allows to employ any desirable way of notification: HTTP, SQL etc.

Support of third-party agents

IQM system provides ability for working with agents of other vendors.

• Cisco: IP SLA agent built in IOS

• Juniper: RPM agent built in JUNOS

• Accedian Networks. EtherNID, MetroNID etc.

• Rad: via TWAMP-Light Rad MiNID.

• Any network devices with support of TWAMP (RFC5357)

In case of absence any of supported agents is possible to use any network host with support of UDP/ICMP-echo services. Tests with UDP/ICMP-echo will give only round-trip measurements and one-way will be inaccessible. Anyway in many cases this will be enough.

Using programmable test-type it is possible to perform SNMP/CLI-commands on routers, switches, hosts and receive results of command execution for example Cisco SNMP ping, Cisco CLI ping. This approach allows to perform testing in network segments without plugging agents in customer’s addressing plan.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 5

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Application Layer services

On application level (OSI L7) IQMA supports the following built in protocols: FTP, HTTP, IMAP, RTSP, SMTP, TFTP, DNS, +.

For application level tests supports the following options:

• SSL (Secure Sockets Layer). Thus, secured protocols are available, for example HTTPS, FTPS etc;

• Reuse of one TCP session for multiple content downloads. This can be useful for influencing the TCP-window and speeding up the TCP connection;

• Class of services;

• URL-based authorization;

• For HTTP application: cookies, HTTP redirect, HTTP persistent connection (HTTP keep-alive)

Programmable test-type allows to develop any kind of application and arbitrary scenario of testing.

Bandwidth

While investigating bandwidth it is interesting to discover available and used bandwidth.

Usually there is no need in regular measurement of available bandwidth. Generally it is one-time task which appears on stage of acceptance the channel in maintenance or in case of customer’s complaints. In this case it is recommended to run stress-load tests in on-demand mode or in nighttime using cron-like scheduler template.

Let’s consider the network with support of differentiated serving for different classes of service (CoS). It is worth to support Best-effort traffic without any guarantee that its data is delivered. Best-effort obtains unpredictable delivery service, i.e. unspecified variable bit rate and latency and packet loss, depending on the current traffic load. Best-Effort traffic will be suppressed by any priority traffic. In contrast, priority traffic obtains reliable delivery service. For such networks it becomes possible to verify channel utilization with partial load using Best- effort class for test traffic. In case of lack of channel capacity any priority service traffic will suppress test-traffic and this will make implicit signal about load growth. For example let’s suppose testing with partial load 20% of total capacity available. When packet loss and lack of 20% capacity will be discovered it will mean more than 80% usage of total available bandwidth. And before this one-way delays will have been rising.

As well the IQM system offers the intellectual measurements of available bandwidth. Iteration of measurements will go on until specified packet loss will be reached.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 6

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

To monitor used bandwidth you can use SNMP-polling as well. IQM system offers SNMP collector for this goal.

IPTV quality monitoring

IQM system offers solution for quality monitoring of IPTV content-providers and TV- headends. Special module MReceiver is developed to meet this tasks. MReceiver is run by IQM agent. Module subscribes to multicast group, receives and analyzes MPEG-TS packets. The MPEG-TS over UDP is supported. MReceiver calculates quality parameters RFC 4445 – A Proposed Media Delivery Index (MDI), as well as some additional useful parameters. Measurement results are sent to IQM manager, where they can be checked by policies of quality control and presented to operator. Measured parameters are:

 Delay Factor, DF (ms): In RFC4445 DF is the difference between the arrival of media data and the drain of media data devided by bitrate of media flow. From another point of view there is more clear definition: delay factor is absolute difference between time spend for content reception and the time of received content. Minimum, average and maximum values per measurement session are available in system.

 Media Loss Rate, MLR (pps): referring to RFC445, MLR is the count of lost or out-of-order flow packets over a 1-seconds time interval. Average and maximum values per measurement session are available in system.

 Media Loss Packets, MLP (p): number of MPEG-TS packets which is lost or arrived with out-of-order, referring to continuity counter (CC).

 Media Loss Bytes, MLB (B): number of MPEG-TS bytes which is lost or arrived with out-of-order, referring to continuity counter (CC).

 Media Loss Time, MLT (ms): number of milliseconds, during which MLR was detected.

 Bitrate (bps): total of MPEG-TS packets in bits arrived per sec.

 NumPacketsTS (p): number of MPEG-TS packets received during quality measurement

 Join Time (ms): time in millisecons between the moment of a subscription and the first packet reception in MPEG-TS flow.

 Inter-packet Arrival Time, IAT (ms): interval in milliseconds between arrival of two serial UDP packets of traffic flow. Average and maximum values per measurement session are available in system.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 7

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Hardware solutions for IQMA Depending on customer’s requirements IQM is delivered as software or hardware-software complex.

When delivering as hardware-software complex, there are different hardware solutions. All IQMA-X hardware platforms are developed especially for traffic characteristic measurements and are in state register of measuring instruments of Russian Federation. 100Mbps agents  IQMA-P100 – 100Mbps agent, based on hardware AK-systems IP Plug. The most common solution for customer’s premises level. ARM Compliant, 2xGigabit Ethernet, 802.1q VLAN, option: WiFi, USB.

 IQMA-R100 – the same as IQMA-P100 rack-mountable platform:

1 Gbps agents  IQMA-P1000 – 1Gbps agent. PC X86_64 nettop platform:

 IQMA-R1000 – rack-mountable 1Gbps x86_64 server platform. IQMA-R1000 is common solution for aggregation level.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 8

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

10 Gbps agents  IQMA-R10G is powerful 10Gbps agent. 2x10GigabitEthernet optical or copper.

100 Mbps GlobalScale Plugs  ARM-compliant plugs are supported and could be used as a hardware platform for IQM agents. For example: SheevaPlug, DreamPlug, MiraBox, GuruPlug.

Agents on network devices

 NSG-routers be used as a hardware platform for IQM agents. For example NSG-700:

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 9

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

 For low performance devices the IQM-responder is developed. IQM-responder has limited functionality to meet low memory and CPU-requirements. IQM-responder accepting test sessions from full-functionality IQM-agents to make two-directional measurements. For example Microtik RouterBoard or Moxa-devices could be an IQM responder:

Ability for integration

There are standard interfaces for integration with third-party systems. The following tools is available:

• Notification level. Alarms are distributed with standard protocols: syslog, SNMP- trap, e-Mail, external procedure call, HTTP, SQL…

• Presentation level. JavaScript library for embedding web-interface elements in other HTML-pages.

• Management level. IQM-driver is a REST-HTTP/CLI interface developed to enable automated management of IQM-objects for third-party systems. HTTP and CLI modes are supported. IQM-driver response available formats are: text, CSV, HTML, JSON.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 10

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Distributed monitoring

IQM solution allows launching distributed monitoring with number of remote management domains.

Managed network can be distributed geographically, with several centers of traffic concentration and with regional subnetworks. In this case it worth to deploy multiple monitoring domains and control them from central domain.

The picture shows an example of the distributed monitoring system. Regional operators use domains as if it would be standalone monitoring system deployed on regional level. Each operator receives access rights to its domain in accordance with supported policy. Central system stores intra-domain and inter-domain data and also can switch to regional domains.

Also multi-domain mode can be used for scaling the whole IQM-solution.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 11

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Screenshots NB: Interface has English and Russian localization, supports localization for any other language. Graphical reports The graphs show the results of DDOS-attacks on the site Livejournal, for example, shows that the service was unavailable for customers of Nizhny Novgorod and Yekaterinburg.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 12

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 13

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Combined reports: It is possible to combine reports to facilitate the analysis of the measured quality characteristics. Picture shows combination of the transport and application levels. This proves that the HTTP service unavailability was caused by losses in the transport layer.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 14

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Monitoring with GIS:

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 15

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Alarms: Board of alarms with the history on a particular object

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 16

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

TopX reports: Example of a report from TopX, based on L7 tests: the tops with a maximum speed of loading pages, with the maximum amount of losses, with a maximum delay. The highest HTTP transfer rate is on mail.ru, maximum losses is on odnoklassniki.ru, the biggest delays from the livejournal.com to Khabarovsk.

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 17

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Parameters reports: Table with minimum, average and maximum values of monitored parameters for a given reporting period

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 18

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Group violation reports: An example of violations distribution among the tests of specific type:

Group distribution reports: An example of parameters value distribution among the tests of specific types

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 19

Overview of the IP Quality Monitor (IQM) solution Edition 2018-11-14

Availability reports

LLC “Network Probe” Address: 123557, Moscow, Presnensky Val Street, house 27, structure 11 e-Mail: [email protected] Web: www.net-probe.ru 20