Packet Trace Remote

Packet trace remote enables the Oracle® Enterprise Session Border Controller to mirror traffic between two endpoints, or between itself and a specific endpoint to a user-specified target. To accomplish this, the Oracle® Enterprise Session Border Controller replicates the packets sent and received, encapsulates them according to RFC 2003, and sends them to a user-configured target. At the target, the user would capture and analyze the packets.

Currently, the Oracle® Enterprise Session Border Controller supports:

  • One configurable trace server (on which you capture/analyze the traffic)
  • Sixteen concurrent endpoint traces

To use this feature, the user configures a capture-receiver on the Oracle® Enterprise Session Border Controller so that it knows where to send the mirrored packets. Once the capture-receiver is configured, the user issues the packet-trace command to start, stop and specify filters for traces.

You establish a packet trace filter with the following information:

  • Network interface—The name of the network interface on the Oracle® Enterprise Session Border Controller from which you want to trace packets. The user can enter this value as a name or as a name and subport identifier value (name:subportid)
  • IP address—IP address of the endpoint to or from which the target traffic goes.
  • Local port number—Optional parameter; Layer 4 port number on which the Oracle® Enterprise Session Border Controller receives and from which it sends; if no port is specified or if it is set to 0, then all ports will be traced
  • Remote port number—Optional parameter; Layer 4 port number to which the Oracle® Enterprise Session Border Controller sends and from which it receives; if no port is specified or if it is set to 0, then all ports will be traced.

The Oracle® Enterprise Session Border Controller then encapsulates the original packets in accordance with RFC 2003 (IP Encapsulation within IP); it adds the requisite headers, and the payload contains the original packet trace with the Layer 2 header removed. Since software protocol analyzers understand RFC 2003, they can easily parse the original traced packets.

This image depicts the SBC relaying remote packet trace data.

It is possible that—for large frames—when the Oracle® Enterprise Session Border Controller performs the steps to comply with RFC 2003 by adding the requisite header, the resulting packet might exceed Ethernet maximum transmission unit (MTU). This could result in packets being dropped by external network devices, but widespread support for jumbo frames should mitigate this possibility.

If the Oracle® Enterprise Session Border Controller either receives or transmits IP fragments during a packet trace, it only traces the first fragment. The first fragment is likely to be a maximum-sized Ethernet frame.

The Oracle® Enterprise Session Border Controller continues to conduct the packet trace and send the replicated information to the trace server until you instruct it to stop. You stop a packet trace with the ACLI packet-trace remote stop command. With this command, you can stop either an individual packet trace or all packet traces that the Oracle® Enterprise Session Border Controller is currently conducting.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents