SPAN Recording

Overview

SPAN Recording is a passive technology. It is working with all Cisco CallManagers and all kind of phones as long as they are SIP or SKINNY compatible.

The application service uses a network interface card functioning in promiscuous mode, in order to capture packets for the conversation recording. The host computer or the server need a network connection to voice traffic, through a non-switched hub or through a SPAN port on a switch. For more information about configuring a mirrored port on your switch, read the user manual of the switch. 
You can also visit the following links:

• Configuring the Catalyst Switched Port Analyzer (SPAN) Feature: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml

The application works by monitoring phone traffic. There are two types of phone traffic essential to recording:

• signaling (call control), from phones or voice gateway to CallManager
• audio streams (RTP), from phone to phone, or from phone to voice gateway

To be able to record calls, the application needs to intercept both types of traffic, call control and audio streams.
For more information about network sniffing please read the Wireshark FAQ: http://www.wireshark.org/faq.html

Virtual Environment

The difficulty in getting SPAN based/passive recording functional in a virtual environment is the SPAN itself. With the SPAN configured on a physical switch port, all communication will be directed to a physical NIC. This physical NIC MUST be bound on the VM. The reason behind this statement is because most virtual NIC software cannot forward the SPAN information to the VM, so the physical NIC will be required to be bound to the VM. Because of this requirement installing the application into a virtual environment may not be advisable. Allocating a physical device to a VM only requires VT-D support in the host CPU.

Implementation Options

There are two main options in configuring network monitoring:  

1. Record only external calls. This is the easiest. All you need to do is to have the CallManager and the voice gateway in the same switch and SPAN them to the application recording port. If you have them in different switches you need two monitoring NICs in the recording application server, one for each switch. Make sure you are mirroring all the CallManagers and voice gateways, including backup ones.
2. Record all calls, external and internal. For that you will need to have all the phones' traffic monitored to the application recording port. That is, monitor all switches with phones. Usually this is done by placing all the phones in a separate VLAN, and monitoring that VLAN. Using a VLAN also has the advantage of discarding the general (PC) network traffic, which can overload the monitoring interface in both the switch and in the recording application.

Because RTP traffic (green and red in the figure) travels directly between end points, without going through CallManager, in a large enterprise with multiple switches only external calls (PSTN) can be recorded in a cost effective way (one recorder for each voice gateway). 
To record internal calls also, one recorder per switch with IP phones is required.

Server Side Network configuration

Because monitoring ports cannot usually transmit traffic, for production setups the server you are using must have a minimum of two network cards for the application to function properly. One of them will be used for general network traffic and accessing Application Web Administration Interface and the other for listening VOIP related traffic. The NIC selected for website access should have a static IP address. 

Important: The monitoring NIC should not have a routable IP address, because network switches inhibit the transmission of packets from ports used as port mirroring destinations. If the OS routes packets through this port, all sent packets will be discarded. Remove the IP address of the monitoring NIC, or set it a non-routable address, such as 1.1.1.1.

We assume that you have already configured your network switches in order to mirror all VOIP traffic from VOIP LAN to the monitoring NIC of CallReplay otherwise no calls will be recorded.

Open the Recording / Network Interfaces page, and choose which NIC is used for VOIP traffic and which one is used for web administration and general traffic.

 Recording > Network Interfaces

If you have configured port mirroring correctly, calls will start being recorded immediately. For CallManager Express please see the PBX Configuration chapter.