TWI760887B - Method and server for abnormal status detection of voice signaling - Google Patents

Abstract

A method and a server for abnormal status detection of voice signaling, which are used to monitor abnormal status in telecom voice network, are provided. Different signaling data in the whole telecom network is collected and analyzed, to locate abnormal address quickly and obtain abnormal signaling content. Furthermore, the belonging status and subscribed services of the subscriber number can be searched according to the abnormal event automatically, equipment logs and server record related the event are translated to an easy read content as abstract and integrated into characterized status data structure, to help the value-added application such as abnormal alert, trouble determination or event statistics.

Description

Method and server for detecting abnormal state of voice signaling

The present invention relates to a state detection mechanism, and more particularly, to a method and server for abnormal state detection of voice signaling.

With the rapid development of the telecommunication network, it is now moving towards the goal of developing into a next generation network (Next Generation Network, NGN). The NGN network integrates the transmission of control signaling and data signaling between networks through the platform controlled by the IP Multimedia Subsystem (IMS), and derives the Voice over Internet Protocol (VoIP) technology. The application of IP telephony has also made the service of IP telephony more and more popular. It is a trend that traditional telephones are fully IP-based. Therefore, how to continuously maintain the overall traffic operation during the transfer process, and how to quickly find the obstacle point when encountering an abnormality is the most concerned goal of the telecom administrator. With the transfer of traditional traffic to NGN network, the network complexity also increases, which makes it difficult to remove obstacles in NGN/IMS network, and it is even more difficult to quickly locate and find the root cause.

In the application of VoIP technology, the Session Initiation Protocol (SIP) adopts the request (Request)/response (Response) mode, provides several commands and response codes, and cooperates with the header fields and communication content to complete the call control. , its text-based communication method enables SIP protocol messages to have debug and expansion features, but there is still a long way to go before the real obstacle is eliminated. For example, although the obstacle can be seen briefly from the Status-Line response content, the real root cause is not obvious.

The current common NGN network obstacle detection methods can be roughly divided into active and passive obstacle detection. Active obstacle detection mainly detects network status by sending SIP messages. For example: send SIP REGISTER message to monitor the heartbeat of the server; use SIP options (OPTIONS) to monitor the status of network node devices; or use dial test equipment to verify network service status, etc. Passive obstacle detection analyzes and detects network status by capturing SIP signaling. For example: detect the delay of each node's SIP response (Response) through a timer; find out whether a call loop (Call Loop) occurs by analyzing SIP signaling; whether the abnormal signaling count exceeds the threshold; or It is to test the quality of voice quality.

China Invention Publication No. CN106685737B The prior art 1 of "IMS fault analysis operation and maintenance system, method and server based on IP phone" adopts two obstacle detection strategies, firstly detect obstacles through passive packet analysis, and then actively send SIP OPTIONS Get the parameters of the abnormal device to judge whether the device is abnormal. However, the prior art 1 is only applicable to NGN/IMS environment, and the breadth of obstacle detection range is narrow.

The prior art 2 of US Patent Publication No. US7869364B2 "SIP server overload detection and control" uses the SIP messages received by the SIP server (Server) to count relevant measurement values, and uses the status of red, yellow, and green lights to limit the current SIP server The function of the device is used to achieve the purpose of monitoring SIP calibration. However, the prior art 2 can only detect and limit the function of the server itself through the statistics of the SIP messages, and is only applicable to the monitoring of the server performance of the pure SIP protocol. However, there are many reasons for the abnormal state, not just the weakening of a single device.

Taiwan's New Patent Publication No. TWM393936U1 "Packet Obstacle Detection System" The prior technology 3 is used to check the processing status of the packet exchange between the two parties in the call, and to detect the obstacle point when the voice single-pass or the call is interrupted between the receiving end and the calling end. However, the prior art 3 only focuses on VoIP packets, and performs obstacle determination only based on packet comparison.

The prior art 4 of US Patent Publication No. US7688809B2 "Media inactivity detection in VoIP networks" monitors Real-time Transport Protocol (RTP) / Real-time Transport Control Protocol (RTCP) through the design of counters ) whether the packet was sent or received. However, the prior art 4 is limited to the statement of the abnormal state, and is only applicable to the alarm of VoIP voice failure, and there is still a long way to go before the actual obstacle is clarified.

The prior art 5 of China Patent Announcement No. CN101605075B "A SIP-based IP Phone Fault Alerting Method and Device" is used to provide maintenance personnel to obtain erroneous phone call records in a short period of time, and to judge the status of the IP phone through data analysis. Improve the real-time maintenance and equipment reliability. However, the prior art 5 mainly focuses on IP phone obstacle detection, and only focuses on SIP packets.

It can be seen from this that although many existing technical studies have proposed designs for passive obstacle detection, the implementation details are biased towards the issue of equipment weakening, or only observing abnormal trends through counting methods, or even only revolving around the content analyzed in signaling. And the root cause could not be found. However, in the past research, the method of detecting voice signaling obstacles that can cover both NGN network and traditional network is less focused. Therefore, even an experienced manager may not be able to accurately identify the root cause if the obstacle is judged solely by the content of the response code in the agreement.

It can be seen that there are still many deficiencies in the above-mentioned conventional method, which is not a good design and needs to be improved urgently.

Objects of the present invention include monitoring abnormal states of a telecommunications voice network. By comprehensively grasping the packet or signaling data of the telecommunication network, and using the analysis method proposed by the present invention, the address of the abnormal device can be quickly located, and the relevant abnormal signaling information can be obtained. In addition, through these signaling clues, it is possible to further automatically confirm the membership of the door number and the service subscription status, and automatically query the system logs and service records related to the abnormal device, and then integrate the important information into the data structure as a summary to facilitate the follow-up. Perform value-added applications such as abnormal alarms, obstacle interpretation, or event statistics.

In an embodiment of the present invention, a method for detecting abnormal state of voice signaling is provided. Through the deployment of the global telecom network capture module, it can monitor the signaling flowing between various devices in the telecom network. This telecommunication network can include networks with different bearer media, including NGN network, Public Switched Telephone Network (PSTN) or Public Land Mobile Network (PLMN), or logical Split different network domain packets or signaling, etc. By the synchronized time stamp, the signaling is collected and sequenced to the analysis module, and then the key information in the signaling is stored in a characteristic data structure through the abnormal state analysis process. The summary module then summarizes the affiliation and service subscription status of the door number according to the field values in this structure, and automatically reads the system log or software service record (recording the hardware, operation, etc. system and application software), find out the correlation with the event exception (that is, check the cause of the event error through the message), and summarize it into the aforementioned data structure for subsequent abnormal alarm, obstacle interpretation or event Statistics and other value-added applications.

To achieve the above-mentioned purpose of the invention, a method for detecting obstacles of voice signaling is proposed, and a technology for analyzing abnormal state signaling and information summarizing abnormal events is proposed. The server for detecting abnormal state of voice signaling proposed by the present invention includes five units: (1) signaling capture module, (2) aggregation module, (3) analysis module, and (4) summary module Group and (E) abnormal state structure.

First, the signaling capture module is deployed into the telecommunication network, which includes NGN network, traditional PSTN and PLMN or homogeneous network domains belonging to different realms. The signaling collected by the signaling capture module includes IP packets such as Session Initiation Protocol (SIP), Diameter, Megaco, and Telephone Number Mapping (ENUM), Domain Name System (DNS), etc. Integrated Service Digital Network User Part (ISUP), Intelligent Network Application Protocol (INAP), Mobile Application Part (MAP) and Open Multimedia Application Platform Signaling data of Signaling System No. 7 (SS7) such as Open Multimedia Applications Platform (OMAP). Alternatively, the signaling is related to a field identifying the occurrence of an event, the change of an event, or the disappearance of an event.

The aggregation module collects the captured signaling from the database or related storage device of each signaling capture module into the local database or related storage device, and sorts according to the time stamp of the signaling to perform Use of subsequent analysis modules.

The analysis module reads the collected signaling data and analyzes the abnormal state. From the input signaling data, it is detected whether a new voice event is generated, and a corresponding abnormal state structure is generated at the same time. Then, according to the type of the decoded response code, it is determined whether to activate a further event summary module.

The summary module is used to query the ENUM and its corresponding Home Subscriber Server (HSS) and Telephony Application Server according to the door number information when the response code is judged to be a non-temporary failure. Server, TAS) to obtain the membership and service subscription status of the door number (including the equipment to which the door number belongs, license of the door number, billing content of the door number, service period, registration information, specialties for application and installation specialty and customer-related information). Then, according to the device address of the source of the abnormality, query the system log or service record of the corresponding time. In addition, the meaning represented by the response code is translated into a text description to improve readability, and finally the above content is integrated and stored in the abnormal state structure.

This structure can be used for post-production, such as sending it to the terminal equipment of the relevant personnel through the short message center to warn the occurrence of the obstacle; sending it to the mailbox of the relevant personnel through E-mail to determine the root cause of the obstacle; using the analysis software to carry out obstacle statistics or trends forecast, etc.

In order to make the above-mentioned features and advantages of the present invention more obvious and easy to understand, the following embodiments are given and described in detail with the accompanying drawings as follows.

FIG. 1 is a schematic diagram of a telecommunication network capture and analysis system according to an embodiment of the present invention. Please refer to FIG. 1 , the system includes but is not limited to one or more user agents (User_Agent) 102 and one or more servers 10 .

User_Agent 102 is a phone device (such as a mobile phone, a traditional phone, or a smart watch, etc.) or a computing device (such as a tablet computer, desktop computer, or notebook computer, etc.) loaded with VoIP communication software, and has a set of or multiple sets of door numbers (or other client equipment identification codes, such as equipment serial numbers, temporary identification codes, etc.), and can transmit packets or signaling to the telecommunications network 101 for registration, update, subscription events, or calling to another A common VoIP behavior such as User_Agent 102.

The telecommunication network 101 may be a single independent area 103 or composed of several areas 103 . The area 103 may be an NGN/IMS network, which includes a local area network (Local Area Network, LAN) and a wide area network (Wide Area Network, WAN), or may be a network such as PSTN or PLMN. When the area 103 is a local area network, several areas 103 may be governed by the same or different realms. It should be noted that other network types: WAN, PSTN, and PLMN have their own domains, that is, User_Agent 102 in different areas 103 cannot share registration information.

The server 10 includes a signaling capture module 104 , an aggregation module 105 , an analysis module 106 and a summary module 115 . These modules 104 , 105 , 106 , 115 are software modules, which are implemented by code, and can be loaded by the processor to execute the method for detecting abnormal state of voice signaling according to the embodiment of the present invention.

The signaling acquisition modules 104 are respectively deployed in the networks of the areas 103 , and can acquire voice-related information (eg, packets or signaling data) in the areas 103 in the telecommunication network 101 . For example: when the area 103 is an NGN/IMS network, the signaling capture module 104 captures the signaling data of the IP packet (including the signaling of IP bearers such as SIP, Diameter, Megaco, and ENUM DNS); if the area 103 is In PSTN/PLMN network, SS7 signaling data such as ISUP, INAP, MAP and OMAP are captured. The signaling capture module 104 stores the captured IP packets or SS7 signaling in a storage element (eg, memory or hard disk) within the module 104 . In addition, the packets or signaling in each area 103 have undergone time synchronization processing. If there are N regions ( N is a positive integer), at least N or enough signaling acquisition modules 104 are deployed, so that the signaling acquisition range can cover the entire telecommunication network.

The aggregation module 105 collects the signaling or packet data captured by the signaling capture module 104 in each area 103 periodically or triggered by aggregation events. The so-called "periodic" can be an interval of any length of time, such as every 10 seconds, 15 seconds, or 1 hour. In addition, the collected data will be sorted according to packet or signaling time to provide the analysis module 106 for analysis.

The analysis module 106 will import the data of the collection module 105 in sequence, start the state analysis process 400, and generate the corresponding abnormal state structure 107 according to the conditions of the events of each User_Agent 102 (including registration, update, subscription, and receiving calls, etc.). . The feature fields in this structure 107 include the start time of the event 108, the User Agent (UA) number 109 (or other client equipment identification code), the occurrence time of the abnormal response code 111, the abnormal response code 112, and the address of the responding device. 113 (ie, the source device corresponding to the exception response code) and the exception status summary 114 (ie, the summary content). That is, the analysis module 106 extracts contents corresponding to several characteristic fields in the abnormal state structure from the information, and writes the extracted content into the abnormal state structure 107 accordingly. When the event is a call, the caller's (Caller's) calling number (SIP-From-Address) and the callee's (Callee's) calling number (SIP-To-Address) will correspond to UA number 1 109 and UA number 2 respectively 110; Registration or other events, also refer to the same address of record (Address of Record, AOR). If the event includes multiple response codes with different values, the analysis module 106 will sequentially fill in the received response code 112 and the response device address 113 according to the individual response time 111 . The content of the abnormal state structure 107 can be stored in a computer or any tangible storage medium that can be read by the computer, and the storage medium can be a storage medium such as memory, hard disk, optical disc, magnetic tape, etc. for subsequent use.

The summary module 115 will perform the following procedure according to the conditions in the abnormal state structure 107 (including the start time 108, UA number 1 109, UA number 2 110, response time 111, response code 112 and response device address 113): summary The module 115 inquires about the affiliation status of the UA number through the ENUM and the HSS and TAS services in the network domain 103 (that is, the local situation status corresponding to the client equipment identification code, and is related to the affiliation area); the summary module 115 responds to the equipment address according to Query system logs or service records; the summary module 115 provides obstacle-related or any prompt text that is helpful for obstacle elimination according to the response code. In addition, the summary module 115 summarizes the final result in the abnormal state summary 114 field (ie, the summary content, and includes the meaning statement of the response code, or the text content for prompting or explaining the root cause of the disorder).

The following will illustrate the registration situation in the VoIP event, which includes normal and abnormal signaling processes, to illustrate the implementation details of the method for detecting abnormal state of voice signaling of the present invention.

FIG. 2 is a normal NGN/IMS registration signaling process 200 of the UA 102 according to an embodiment of the present invention. Referring to FIG. 2, the process 200 includes two registration procedures. The first registration procedure is steps S201 to S210, the purpose of which is to obtain the authentication method and related parameters of the core network. It is worth noting that, step S204 in the procedure 200: the HSS will return its assigned Serving Call Session Control Function (Serving Call Session Control Function, S-CSCF) to the Interrogation Call Session Control Function (Interrogation Call Session Control Function). , I-CSCF), transmitted by Diameter user-authorization-answer (User-Authorization-Answer, UAA) signaling. Wherein, the signaling content includes device name or device capability and response code result-code (Result-Code) 2001 (DIAMETER_FIRST_REGISTRATION); step S207 is that the HSS informs the S-CSCF which method should be used to authenticate the UA; in step S208, According to the authentication information provided by the HSS, the S-CSCF transmits the algorithm name and authentication parameters to the I-CSCF through the SIP response code Status-Code (Status-Code) 401 (Unauthorized) message, indicating that the authentication has not been passed.

The second registration procedure is steps S211 to S220, the purpose of which is to calculate and deliver to the S-CSCF according to the core network authentication method and parameters to confirm whether the registration is valid. Among them, in step S217, the HSS will send the user's service type and charging information to the S-CSCF, and match the response code Result-Code 2001 (DIAMETER_SUCCESS) to represent the Diameter server-assign-answer (Server- Assignment-Answer, SAA) responded successfully. After that, the CSCF will notify the UA 102 that the registration is successful with the SIP response code Status-Code 200 (OK).

FIG. 3 is a NGN/IMS registration signaling process 300 in which the UA 102 is abnormal according to an embodiment of the present invention. Please refer to FIG. 3, step S304 in the procedure 300: when the HSS receives the UA authentication information forwarded by the I-CSCF and finds that the user identity qualifications do not match, it returns the I-CSCF with a response code Result-Code 5002 (DIAMETER_ERROR_IDENTITIES_DONT_MATCH); then , the CSCF responds to the UA with the SIP response code Status-Code 403 (Forbidden) to notify the registration failure.

Since the input of the analysis module 106 in FIG. 1 is the signaling data sorted by time, the data flow will be viewed in sequence according to the signaling process, and the state analysis process 400 is shown in FIG. 4 . The steps are as follows:

The flow starts (step S401).

Step S402: Assemble data (including signaling data of each network domain), and input the data in sequence.

Step S403: Determine whether it is a new event according to the signaling characteristic. For example: if it is SIP signaling, the analysis module 106 will determine whether it is a new event according to the start time, UA number or AOR, Call-ID, Cseq, and Tag; if it is SS7 signaling, the analysis module 106 will determine whether it is a new event according to the circuit Circuit Identification Code (CIC), Calling Party Number (Calling Party Number), and Called Party Number (Called Party Number) determine whether it is a new event; if it is Diameter signaling, the analysis module 106 is based on Session-ID and other contents Determine if it is a new event. Among them, the UA number and the event time range are the main keys to connect each signaling. If it is determined to be a new event, the analysis module 106 proceeds to step S404; if it is not a new event, proceeds to step S405.

Step S404: Generate the abnormal state structure 107, and fill the abnormal state structure 107 with the start time 108, UA number 1 109 and UA number 2 110 of the signaling. When the signaling is SIP, fill in the UA number 1 109 with the SIP-From-Address; fill in the UA number 2 110 with the SIP-To-Address; when the signaling is SS7, fill in the UA number with the Calling Party Number 1 109; Called Party Number is filled in with UA number 2 110.

Step S405: Check whether there is a response code in the signaling. If yes, the analysis module 106 proceeds to step S406; if not, proceeds to step S410, and determines whether the event ends.

Step S406: Determine whether the value of the response code is a failure message. For example, SIP Status-Code of 4xx represents Client-Errors, 5xx of Server-Errors, and 6xx of Global-Errors; Diameter Result-Code of 5xxx represents Permanent Failures, 4xxx represents Transient Failures, and 3xxx represents Protocol Errors. If it is not possible to directly determine whether it is a failure message through the comparison formula, the analysis module 106 determines through a table lookup, for example: Q.850 Cause Codes. If it is a failure message, go to step S407; if it is not a failure message, go to step S410.

Step S407: Determine whether the error event is a temporary failure (including the client busy, the client cancels, the authentication is not completed, and the status related to temporary abnormality). For example, the SIP response code Status-Code 401 (Unauthorized) in Figure 2 only sends the authentication information to the UA, and it needs to wait for the UA response content to determine whether it is a failure; another example: Diameter response code 4xxx is Transient Failures. If it is a temporary failure, the analysis module 106 continues to input the next signaling data (and returns to step S402 ); if it is not a temporary failure, then proceeds to step S408 .

Step S408: Update the relevant value/content in the abnormal state structure 107 (including the response time 111, the response code 112, the response device address 113, etc.). If it is a new response code, the analysis module 106 appends it; and proceeds to step S409.

Step S409 : the summary module 115 establishes a connection relationship with the event according to the abnormal state value, and collects the relevant content into the abnormal state summary 114 . The event summary process 500 is shown in FIG. 5 and will be described later.

Step S410: Determine whether the event ends. If it ends, the analysis module 106 proceeds to step S411; if not, it continues to input the next signaling data (return to step S402).

Step S411: End the state analysis process.

When the voice signaling flows in the NGN/IMS network and an exception occurs, an abnormal status structure (including the start time 108 of the event and the time of the first failure/abnormal response code 111) will be obtained through the status analysis process 400 and device address 113, etc.). If the event has multiple different response codes, the analysis module 106 will sequentially generate multiple sets of response time 111 , response code 112 and response device address 113 .

Through the abnormal state summary 114 , the summary content of the abnormal state can be further known. The summary content is created by the summary module 115 according to the event summary process 500 , as shown in FIG. 5 . The steps are as follows:

The flow starts (step S501).

Step S502: Input the abnormal state structure 107 to obtain the event start time 108, UA number 1 109, UA number 2 110, the time 111 when the failure response code first appeared, and the device address 113, etc.

Step S503: According to the UA number 1 109 and the UA number 2 110, query the ENUM, HSS and TAS services, and obtain the bureau status of the UA number storage. For example, the digest module 115 first queries the ENUM service for the UA number, so as to know whether the UA number is a VoIP door number and which area 103 it belongs to. Next, the digest module 115 queries the HSS of the area 103 according to the UA number, so as to confirm whether the UA number exists in the area 103 . In addition, the digest module 115 can query the TAS in this area 103 according to the UA number, and then can obtain the service subscribed by the UA number.

Step S504: According to the event start time 108, UA number 1 109, UA number 2 110, response code time 111 and device address 113, obtain the device abnormality information in this period; for example: using an application programming interface (API) ) call to obtain the system log or service record file of the device.

Step S505: Provide obstacle prompt text according to the response code 112. For example, the response code 5002 (DIAMETER_ERROR_IDENTITIES_DONT_MATCH) means that the device checks that the public identity of the UA is different from the private identity, which means that the HSS has not been successfully registered. If there are other prompt messages in the packet or signaling, such as the Reason field, it will also be appended to the summary content.

Step S506 : Integrate the results of steps S503 to S505 , and update the field of the summary 114 of the abnormal state structure 107 .

Step S507: End the event summary process.

Through the above process, when an abnormal event occurs, an abnormal state structure 107 will be created. At this time, the server 10 can issue an abnormal warning to notify the owner of the UA number or the maintenance personnel of the relevant network domain. And when an abnormal event occurs, the abnormal state summary 114 can provide further disclosure of the abnormal state content to assist in the elimination of obstacles.

The following will describe the implementation steps of the voice signaling abnormal state detection method of the present invention through the state analysis process 400 and the event summary process 500 for the aforementioned NGN/IMS normal registration signaling process 200:

The flow starts (step S401).

Step S402: Input NGN/IMS normal registration signaling according to the sequence.

Step S403: Read the first signaling, and determine that the signaling is a new event.

Step S404: generate an abnormal state structure 107, and fill in the start time 108, UA number 1 109 and UA number 2 110 of the signaling into the abnormal state structure 107; continue to step S402, input the second signaling; step S403 judges If it is not a new event, go to step S405.

Step S405: there is no response code for the second signaling; go to step S410.

Step S410: the registration event is not over; repeat steps S402, S403, S405, and S410; until the fourth signaling, step S405 checks that there is a response code Result-Code 2001; and goes to step S406.

Step S406: determine that the response code Result-Code 2001 is not a failure message; go to step S410.

Step S410: the registration event is not over; continue to repeat steps S402, S403, S405, and S410, read the fifth and sixth signaling until the seventh signaling; repeat step S406, and determine that the response code Result-Code 2001 is not failure message; continue to step S410; step S402: read the eighth signaling, and continue to steps S403, S405, and S406.

Step S406: Determine that the SIP response code Status-Code 401 (Unauthorized) is a Client-Error failure message; go to step S407.

Step S407: judging the SIP response code Status-Code 401 (Unauthorized), it is only a temporary failure to deliver the authentication information to the UA; repeat steps S402, S403, S405, S406, S407, and read the ninth to tenth letters order, the fourteenth signaling, the seventeenth signaling; repeat steps S402, S403, S405, S410, read the eleventh signaling 11 to the thirteenth signaling, the fifteenth signaling, the tenth signaling Six signaling; when the signaling is from the eighteenth to the twentieth, step S406 determines that the SIP response code Status-Code 200 (OK) is not a failure message, and proceeds to step S410.

Finally, step S410 judges that the event ends.

The process ends (step S411 ): the abnormal state structure 107 that does not contain any abnormal response code 112 and summary content 114 is generated, and the analysis module 106 can choose to discard or perform counting and other applications.

The following will describe the implementation steps of the voice signaling abnormal state detection method of the present invention through the state analysis process 400 and the event summary process 500 for the aforementioned NGN/IMS abnormal registration signaling process 300:

The flow starts (step S401).

Step S402: Input NGN/IMS abnormal registration signaling in sequence.

Step S403: Read the first signaling, and determine that the signaling is a new event.

Step S404: Generate an abnormal state structure 107, fill in the start time 108, UA number 1 109 and UA number 2 110 of the signaling into the structure 107; continue with step S402, input the second signal; step S403 judges that it is not new event, go to step S405.

Step S405: there is no response code for the second signaling; go to step S410.

Step S410: the registration event is not over; repeat steps S402, S403, S405, and S410; until the fourth signaling, step S405 checks that there is a response code Result-Code 5002; and goes to step S406.

Step S406: It is judged that the response code Result-Code 5002 is a failure message. If the device checks that the public identity of the UA is different from the private identity, it means that the HSS has not been successfully registered.

Step S407: It is determined that the response code Result-Code 5002 is not a temporary failure.

Step S408: Update the relevant values of the abnormal state structure 107, including the response time 111, the response code 112, the response device address 113, and the like.

Step S409: The summary module 115 performs the event summary process 500 according to the abnormal state value.

The flow starts (step S501).

Step S502: Input the abnormal state structure 107, and obtain the event start time 108, UA number 1 109, UA number 2 110, the time 111 of the response code Result-Code 5002, and the device address 113, etc.

Step S503: According to the UA number 1 109 and the UA number 2 110, inquire about the ENUM, HSS and TAS services, and obtain the bureau status and subscribed services accommodated by the UA number.

Step S504: According to the event start time 108, UA number 1 109, UA number 2 110, response code time 111 and device address 113, obtain the HSS service record for this period.

Step S505: According to the response code Result-Code 5002, provide a message that the HSS has not been successfully registered.

Step S506 : Integrate the results of steps S503 to S505 , and update the summary field 114 of the abnormal status structure 107 .

Step S507: End the event summary process 500, and return to step S409.

Step S410: the registration event is not over; continue to repeat steps S402, S403, S405, read the ninth signaling, and step S406 determines that the response code Status-Code 403 is a failure message; repeat the aforementioned steps S407 to S507, and append accordingly. New summary content; continue with steps S402, S403, and S405, and read the tenth signaling. Since the response code Status-Code 403 already has an abnormal status structure 107, step S410 is continued.

Step S410: judging that the event ends.

The process ends (step S411 ): the abnormal status structure 107 including the abnormal response code 1 112 (Result-Code 5002), the abnormal response code 2 112 (Status-Code 403) and the corresponding summary 114 is generated, and the analysis module 106 can use it It performs applications such as obstacle warning, prompting or counting.

The above detailed description is for a specific description of a feasible embodiment of the present invention, but this embodiment is not intended to limit the patent scope of the present invention. Any equivalent implementation or modification that does not depart from the technical spirit of the present invention shall be included in the within the scope of the patent in this case.

Features and effects of the embodiments of the present invention:

The method and server for detecting abnormal state of voice signaling provided by the embodiments of the present invention mainly analyze the packets or signaling of the telecommunication network by capturing the packets or signaling of the telecommunication network, and apply the relevant information of the abnormal state to assist the door number owner or the Network maintenance personnel find out the root cause of the abnormal state. When compared with other conventional technologies, it has the following benefits and advantages:

The method and server for detecting abnormal state of voice signaling according to the embodiment of the present invention, in addition to the basic abnormal response code prompt, also provide the door number attribution state, the source device address of the abnormal response code, and the device log and service message of the abnormal time period Such important information can greatly improve the accuracy of obstacle diagnosis by maintenance personnel, and shorten the time for troubleshooting.

The method and server for detecting abnormal state of voice signaling according to the embodiment of the present invention can quickly generate basic alarm content (including event start time, abnormal code generation time, abnormal event response code) when abnormal state occurs. and source equipment of abnormal events, etc.), in order to achieve a near-instant alarm function, which can quickly notify maintenance and operation personnel of the occurrence of abnormal events.

The method and server for detecting abnormal state of voice signaling according to the embodiment of the present invention can provide relevant information when the abnormal state occurs after the abnormal state occurs (including the local situation state of the door number, the service subscription state, and the start of the abnormal event). (starting time, source equipment of abnormal events, relevant logs and program records of abnormal events, etc.), so that maintenance and operation personnel can more comprehensively grasp the whole picture of abnormal events.

The method and server for detecting abnormal state of voice signaling according to the embodiments of the present invention adopt the method of capturing and analyzing signaling, and it is not necessary to embed an Agent in each NGN/IMS device for monitoring, so as to determine whether there is an abnormal event. Therefore, the performance impact on each device can be minimized.

Although the present invention has been disclosed above by the embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, The protection scope of the present invention shall be determined by the scope of the appended patent application.

101: Telecom Networks 10: Server 102:User Agent 103: Area 104: Signaling capture module 105: Aggregate Mods 106: Analysis Module 107: Abnormal state structure 108: Event start time 109:User Agent number (SIP-From-Address) 110:User Agent number (SIP-To-Address) 111: The time when the response code was generated 112: Response code code number 113: The address of the device that generated the response code 114: Abnormal state summary 115:Summary module 200:NGN/IMS normal registration signaling process S201~S220: Steps 300:NGN/IMS abnormal registration signaling process S301~S306: Steps 400: Status Analysis Process S401~S411: Steps 500: Event Summary Process S501~S507: Steps

FIG. 1 is a schematic diagram of a telecommunication network capture and analysis system according to an embodiment of the present invention. FIG. 2 is a flowchart of NGN/IMS normal registration signaling according to an embodiment of the present invention. FIG. 3 is a flowchart of NGN/IMS abnormal registration signaling according to an embodiment of the present invention. FIG. 4 is a flow chart of state analysis according to an embodiment of the present invention. FIG. 5 is a flowchart of an event summary according to an embodiment of the present invention.

400: Status Analysis Process

S401~S411: Steps

Claims (6)

A method for detecting abnormal state of voice signaling, comprising: acquiring voice-related information in a telecommunication network, wherein the information is signaling or packet data; retrieving from the information a plurality of data corresponding to an abnormal state structure The content of the characteristic field, wherein the characteristic field includes the start time of the event, the client equipment identification code, the abnormal response code, the occurrence time of the abnormal response code, the source device of the abnormal response code, and the summary content, which is derived from the message The step of retrieving the content corresponding to the feature fields in the abnormal state structure includes detecting from the message whether a voice event occurs, whether there is a response code, or whether the response code belongs to a temporary failure, wherein the temporary failure Discrimination of sexual failure includes client busy, client canceled, authentication incomplete, and status related to temporary exception; write the retrieved content into the exception status structure; and access the client device according to the content in the exception status structure The bureau situation status and service subscription content corresponding to the identification code are used as the summary content, wherein the bureau situation status is related to the subordinate area, and the system log or service record corresponding to the summary content includes the system log or service record of each device in the telecommunications network. It is the service record of the software, the system log or the service record records the event information of the hardware, operating system and application software in the system, and through the information to check the cause of the event error, and the summary content includes the meaning statement of the response code , or textual content that prompts or explains the root cause of the disorder. The method for detecting abnormal state of voice signaling according to claim 1, wherein the step of obtaining the voice-related information in the telecommunication network comprises: Collect the signaling or the packet data between devices captured by each network domain in the telecommunication network periodically or according to event triggers, wherein the telecommunication network is Next Generation Network (NGN), public exchange Telephone Network (Public Switched Telephone Network, PSTN), Public Land Mobile Network (Public Land Mobile Network, PLMN) or a combination thereof. The method for detecting abnormal state of voice signaling according to claim 1, wherein the response code is a status-code (Status-Code) of a Session Initiation Protocol (SIP), a client terminal of a digital network integration service (Integrated Service Digital Network User Part, ISUP) Cause-Code (Cause-Code), Diameter Result-Code (Result-Code), Telephone Number Mapping (ENUM) Domain Name System (DNS) Response - Reply-Code, Megaco's Error-Code, or a field related to identifying the occurrence of an event, an event change, or an event disappearance. The method for detecting abnormal state of voice signaling according to claim 1, wherein the local situation and the service subscription include the device to which the door number belongs, the door number license, the door number billing content, the service period, the registration information, Specialties that can be applied, specialties that can be applied and information related to customers. The method for detecting abnormal state of voice signaling according to claim 1, wherein the content of the abnormal state structure is stored in a computer or a tangible storage medium that can be read by the computer, and the storage medium includes a memory, a hard disk, an optical disc, or tape. A server for detecting abnormal state of voice signaling, comprising: a collection module to obtain voice-related information in a telecommunication network, wherein the The message is signaling or packet data; an analysis module extracts content corresponding to a plurality of feature fields in an abnormal state structure from the message, and writes the extracted content into the abnormal state structure, wherein the feature The fields include the start time of the event, the client equipment identification code, the abnormal response code, the occurrence time of the abnormal response code, the source device of the abnormal response code, and the summary content, which are extracted from the message corresponding to the abnormal status structure. The operation of the content of these characteristic fields includes detecting from the message whether there is a voice event, whether there is a response code, or whether the response code belongs to a temporary failure, wherein the judgment of the temporary failure includes the customer busy line, The status of the client canceled, the authentication is not completed and related to the temporary abnormality; and a summary module, according to the content in the abnormal status structure, access the situation status and service subscription content corresponding to the client equipment identification code, as the summary content, wherein the state of the bureau is related to the subordinate area, and the system log or service record corresponding to the summary content includes the system log of each device in the telecommunication network or the service record of the software, the system log or the service record in the record system The event information of hardware, operating system and application software, and the reason for the occurrence of the event error is checked through the information, and the summary content includes the meaning statement of the response code, or the text content used to prompt or explain the root cause of the failure.

Images