The FlowVision Controller can be installed using the following methods:

Release 2.3

ASN 2.3 introduces key enhancements including Active bearer support, Unique identifiers for kafka exports, DSCP IP TOS extraction support, User session flow visibility on control sessions, Radius session info on control sessions, PRIO Cause attribute on control session data for Delete Session request or Delete Bearer request, Rule base attribute to RADIUS session data, Boot configuration support in FV for Telco and DC environments. The release also includes SIP-RTP support, Intel & ConnectX NIC combination support. The enhanced DPI dynamic upgrade, Config TX options & unique packet stats in dedup, Boot option for Dedup only and to skip metadata extraction in FV, memory optimisations, critical bug fixes, and retains all features from ASN 2.2 with improved stability and performance.

Key Features & Enhancements:

• Active bearer support: Aviz Service Node provides user based Active Bearer export for subscriber sessions in 4G-EPC/5G-NSA networks

• Unique identifiers for kafka exports: Aviz Service Node is improved to export data with a unique key—configurable via Flow Vision (FV) or defaulting to hostname—enabling improved end-to-end monitoring of control and user session subscriber information.Also unique id is to find the right ASN which is exporting the data out of Multiple ASNs in the network.

• DSCP IP TOS extraction support: Aviz Service Node now supports extraction of both inner and outer IP header DSCP (IP TOS) attributes for Telco and Enterprise environments.

• User Session flow visibility on control sessions: Aviz Service Nodes provide the consolidated User session creation, termination stats per control session export.

• Radius correlation on control sessions: Aviz Service Nodes include RADIUS-related subscriber information directly in control session data for 4G-EPC/5G-NSA networks.

• PRIO Cause on control session for Delete Session or Delete Bearer request: Aviz Service Nodes now categorize session deletions with the PRIO Cause attribute in control session data for Delete Session Request and Delete Bearer Request packets.

• Rule base attribute to RADIUS session data: Aviz Service Nodes support in-depth extraction of Rulebase attribute payloads from RADIUS protocol packets.This enables precise policy enforcement visibility, improves subscriber authorization tracking, and helps operators validate rule-based access decisions for troubleshooting, auditing, and compliance.

• : Aviz Service Nodes enable Boot configuration via Flow Vision for in-service provisioning in both Telco and Enterprise deployments..

• : Aviz Service Nodes support extraction of SIP and RTP protocol data (including audio, voice, and media formats) along with Call-ID based information and correlations.

• Aviz Service Nodes feature an advanced DPI engine for deep, accurate traffic analysis, including examination of packets with various payloads and targeted metadata extraction

• Intel and ConnectX NiC combined support: Aviz Service Nodes support multi-NIC configurations using Intel, ConnectX, or both simultaneously for control and user planes (and vice versa) in Telco and Enterprise environments..

• Dynamic DPI Upgrade from FV: Aviz Service Nodes allow in-service dynamic DPI upgrades through Flow Vision.

• Aviz Service Nodes is optimized for Dedup Tx configuration options and Packet statistics for Enterprise environments through Flow Vision.

• Dedup-Only Boot Option: Aviz Service Nodes can be configured with Deduplication-only support via a Dedup-Only boot option in Flow Vision for enhanced performance..

• Metadata Export skip Boot Option: Aviz Service Nodes support disabling Metadata Export for application payload data through boot options in Flow Vision

• Enabling ASN on RHEL: Aviz Service Nodes can now be installed on Red Hat Enterprise Linux.

• ASN VIZ Package: Aviz Service Nodes support offline package installation with Kibana dashboard for Telco and DC modes.

Release 2.2

ASN 2.2 introduces key enhancements including Cplane Handover and switching, KPI Packet loss and Jitter for Telco and DC environments. The release also includes ASN DPU, ConnectX, enhanced DPI, memory optimisations, critical bug fixes, and retains all features from ASN 2.1 with improved stability and performance.

Key Features & Enhancements

• Cplane Handover/Switching: Aviz Service Node ensures smooth subscriber session continuity when users move between 4G (EPC) and 5G (Core) networks

• KPI - Packet Loss and Jitter: Aviz Service Node delivers precise KPI measurements for TCP Packet Loss and TCP–UDP Jitter enabling end-to-end insight into real user experience

• ASN on NVIDIA BlueField-3 DPU: Aviz Service Node on NVIDIA BlueField-3 DPU delivers standalone Subscriber-Aware Load Balancing (SALB), leveraging P4 programmable datapath to achieve peak 400 Gbps performance

Release 2.1

ASN 2.1 introduces key enhancements including control session timeout support, active bandwidth KPIs, and advanced observability packaging for Telco and DC environments. It supports flexible mode switching (TELCO ⇄ DC), improved App ID detection, and RADIUS Flex Export. The release also includes memory optimizations, critical bug fixes, and retains all features from ASN 2.0 with improved stability and performance.

Key Features & Enhancements

• - This feature enables automatic timeout handling for inactive control-plane sessions, helping to free up system resources and maintain performance in long-running deployments. It allows the system to detect and clean up sessions that have exceeded a defined inactivity period, improving session lifecycle management and resource efficiency.

• - This feature introduces a new KPI to measure the active bandwidth usage of control-plane sessions. It enables real-time monitoring of data transmission rates during session activity, helping operators track usage patterns, detect anomalies, and optimize resource allocation. This KPI enhances observability and supports detailed traffic analysis per session.

Release 2.0

The ASN R2.0 release brings enterprise-ready enhancements and telco-grade capabilities, making it the most powerful and scalable version yet. With a focus on advanced traffic processing, deep packet inspection, and seamless packet capture, this release enables real-time network intelligence and improved operational efficiency.

Key Highlights of ASN R2.0

1. Enterprise & Telco Ready – ASN R2.0 ensures seamless deployment across both enterprise and high-capacity telco environments. Whether managing large-scale enterprise infrastructure or a high-traffic telecom network, its enhanced scalability and efficiency make deployment smooth and reliable.

2. – The new packet deduplication feature eliminates redundant L2, L3, and L4 packets, optimizing data flow and reducing unnecessary processing overhead.

3. Next-Generation Application Identification with Advanced DPI – Gaining deep visibility into network traffic is more critical than ever. With advanced Deep Packet Inspection (DPI) for IP packets

Aviz Service Node (ASN) offers two types of licenses tailored for different network environments:

• ASN Subscriber -Designed for telecom networks, including 4G LTE, 5G NSA, and 5G SA, enabling advanced traffic extraction, correlation, and subscriber-aware analytics.

• ASN Application- Optimised for data centers, FTTH, edge, and campus networks, providing deep IP session management, application-level analytics, and advanced traffic visibility.

ASN Subscriber

ASN Application

Aviz Service Node (ASN) is a high-performance, software-defined solution for network visibility, real-time packet processing, and metadata extraction across telecom, enterprise, data center, FTTH, campus, and edge networks. It efficiently identifies applications, extracts HTTP metadata, captures DNS information, and enables deep traffic analysis.

Designed for scalability and high availability, ASN runs on general-purpose hardware, eliminating vendor lock-in while delivering high-speed packet filtering, flow processing, and intelligent data correlation. Whether deployed in core networks or distributed environments, ASN ensures efficient traffic monitoring, security enforcement, and performance optimization at any scale.

Network Packet Stack

The Aviz Network Packet Stack features advanced packet filtering, manipulation, and metadata export functions through the Aviz Service Node, enhancing network operations such as security and analytics.

Mobile Stack

The Mobile Stack from Aviz delivers comprehensive traffic inspection for mobile core networks. It features support for GTP control plane and user plane correlation across various network interfaces, optimizing mobile core deployments.

Application Stack

The Aviz Service Node Application Stack offers dynamic discovery and identification of traffic patterns and applications. It delivers a detailed overview of the applications operating within your network, their bandwidth usage, and their geographic locations. Additionally, the ASN furnishes enriched application metadata to facilitate integration with external customer and open source tools.

Guides: Jump right in

Explore these guides to set up and work with the Aviz Service Node.

This section provides information about how to install/upgrade the ASN.

Pre-Requisite:

• A Windows machine/VM with the below minimum requirement:

Pre-Requisite:

• An ESXi Host with the below minimum requirement available for FlowVision:

Prerequisites

• Enable internet and DNS to install packages via Ubuntu apt

Please refer to the following links for downloading ASN Package & FlowVision :

Extraction means capturing and decoding GTP-C and GTP-U packets from live traffic or PCAP traces.

Correlation is the process of linking GTP-C (control-plane) messages with their corresponding GTP-U (user-plane) flows.The correlation between GTP-C and GTP-U is essential for ensuring seamless communication and data integrity in a 5G NSA architecture. By analyzing both control and user plane packets, it becomes possible to troubleshoot issues related to session management and data flow effectively.

GTP-C Handling

• GTP-C Handling refers to how a network element (NE) — such as an MME, SGW, PGW, SMF, or UPF — processes, manages, and responds to GTP-C (GPRS Tunneling Protocol–Control) messages.

GTP-U Handling

• GTP-U Handling refers to how a network element (NE) — such as SGW, PGW, or eNodeB processes, encapsulates, forwards, and decapsulates GTP-U packets in the user plane.

  Essentially, it’s the end-to-end management of data flow through GTP tunnels.

S11S1U Extraction and Correlation

• Control Plane - GTP-C processing is done on S11 Interface between MME(Mobile Management Entity) and SGW (Service Gateway)

• User Plane - GTP-U processing is done on S1-U Interface between SGW and eNodeB (Base Station)

• Metadata extraction is done on both GTP-C and GTP-U Packets.

S5S8 Extraction and Correlation

• Control Plane - processing is done on S5/S8-C Interface between SGW-C and PGW–C

• User Plane - GTP-U processing is done on S5/S8-U Interface between SGW-U and PGW-U

• Metadata extraction is done on both GTP-C and GTP-U Packets.

Enable/Disable below Metadata extraction on the Service Node:

Outer Header Tuple

1. Source IP: IP address of the sender in the outer header.

2. Destination IP: IP address of the recipient in the outer header.

3. Source Port: Port number used by the sender in the outer header.

4. Destination Port: Port number used by the recipient in the outer header.

5. Protocol: Protocol used for communication in the outer header.

Inner Header Tuple

1. Source IP: IP address of the sender in the inner header.

2. Destination IP: IP address of the recipient in the inner header.

3. Source Port: Port number used by the sender in the inner header.

TEID

1. TEID: Tunnel Endpoint Identifier for the inner header.

Application

1. App-Name: Name of the application associated with the traffic.

2. HTTP Data: Data transmitted over the HTTP protocol.

3. DNS Data: Data transmitted over the DNS protocol.

Correlated Information

1. Correlation Status: Status indicating whether the information is correlated.

2. IMSI: International Mobile Subscriber Identity.

3. IMEI: International Mobile Equipment Identity.

Total Bytes and Total Packets

1. Total Bytes: Total number of bytes transmitted.

2. Total Packets: Total number of packets transmitted.

Key Performance Indicator

1. Uplane Bandwidth/Throughput: Bandwidth or throughput in the user plane.

2. Uplane Latency: Latency in the user plane.

Overview

This document describes the integration of Kibana and Elasticsearch into the ASN installation, providing visualisation capabilities for ASN data.

ASN uses below version from R2.3 release onwards.

1. cp-zookeeper:7.9.4

2. cp-kafka:7.9.4

3. cp-kafka-connect:7.9.4

4. elasticsearch:8.11.1

5. kibana:8.11.1

Usage Instructions

Installation

Extract the package tar -xvf asn-viz-packages.tar.gz

Change to the extracted directory cd asn-viz/

Execute the asn package script : sudo ./run-asn-viz.sh

Accessing the Dashboard

• Open the Kibana URL displayed at the end of installation.

• Log in using the credentials provided.

• Navigate to the Dashboard section to view the ASN data visualizations.

Credentials Management

• Credentials are displayed at the end of installation.

Installation Process

The visualization stack is deployed after the standard ASN installation. The installation script performs these key functions:

Infrastructure Setup

• Deploys Elasticsearch, Kibana, and Kafka Connect using Docker Compose.

• Configures security settings with password authentication.

• Sets up connectivity between components.

Security Configuration

• Enables secure authentication for Elasticsearch.

• Creates and manages access credentials.

• Configures Kibana to authenticate with Elasticsearch.

Data Pipeline Configuration

• Connects Kafka topics to Elasticsearch indices.

• Configures data transformation for visualization.

Dashboard Deployment

• Imports pre-configured dashboards into Kibana.

How does the script work?

The `run-asn-viz.sh` script performs the following steps:

• Validates the presence of required files.

• Detects the system IP address for proper configuration.

• Updates Docker Compose configuration (with system ip).

Troubleshooting

Kibana page troubleshooting

• Execute “sudo docker compose down” and execute the install script, this is the case where already the containers are up and installation script needs to be executed

• Steps to check docker status if its already running,

  1. sudo docker ps -a

Dashboard Import Issues

• If dashboard import fails during installation, manually import using the command shown at the end of installation output.

Connection Issues

• Ensure all services are running with `sudo docker ps`.

Authentication Problems

• Verify the credentials in the Kibana configuration. It is suggested to use the elastic user and the corresponding password to login to the kibana

Other Details

Data Flow

• Kafka topics → Kafka Connect → Elasticsearch → Kibana

This integration enhances the ASN platform with visualization capabilities while maintaining a simple shell script based deployment process.

Accessing the Dashboard - Telco

• Open the Kibana URL displayed at the end of installation.

• Log in using the credentials provided.

Navigate to the Dashboard section to view the ASN data visualizations

• ASN-RADIUS-DASHBOARD

• ASN-TELCO-UPLANE-Dashboard

• ASN-TELCO-CONTROL

Navigate to the Topics section and click on the overview to get kafka statistics information

Credentials Management

• Credentials are displayed at the end of installation.

Accessing the Dashboard — DC

• Open the Kibana URL displayed at the end of installation.

• Log in using the credentials provided.

Navigate to the Dashboard section to view the ASN data visualizations.

Open the kafka UI URL displayed at the end of installation

Navigate to the Topics section and click on the overview to get kafka statistics information

Note - Existing dashboard ASN-DC-FTTH-Dashboard will be replaced

As mobile operators continue to transition between 4G and 5G, one of the biggest operational challenges is maintaining consistent Control Plane visibility when subscribers move across Radio Access Technologies (RATs). The Aviz Service Node bridges this visibility gap. Acting as a passive, observability-driven mediation layer, it maintains continuous and correlated session tracking across EPC and 5GC interfaces — enabling seamless 4G ↔ 5G handover insights without any change to the live network configuration.

Aviz Service Node automatically detects handovers between EPC and 5GC through IMSI-based session matching and performs an in-place session upgrade logic — maintaining a unified view of the subscriber session throughout the transition. During each transition, ASN dynamically updates metadata exports to Kafka, reflecting real-time field updates such as RAT type, user type, IP, and TEIDs — ensuring analytics and monitoring systems always have synchronized, current session data.

The Packet Capture feature allows users to capture network traffic on selected interfaces for analysis. It provides configurable options to define capture duration, file size limits, & interface.

Configurable Metadata Extraction in ASN

From this page, you can enable or disable the following metadata extraction options on the Aviz Service Node (ASN) for 5G-SA:

User Information

1. IMSI (International Mobile Subscriber Identity): A unique identifier for a mobile subscriber.

2. IMEI (International Mobile Equipment Identity): A unique identifier for a mobile device.

3. MSISDN (Mobile Station International Subscriber Directory Number): The phone number associated with the subscriber.

4. APN/DNN (Access Point Name / Data Network Name): Defines the network path for data connections.

5. USER TYPE: Classification of the user, typically indicating subscriber type or service level.

6. 5G-SA TYPE: Type of 5G network architecture, such as standalone (SA) or non-standalone (NSA).

7. UE IP ADDR(User Equipment IP Address):The IP address assigned to the user's device.

User Location Information

1. CGI (Cell Global Identifier): Unique identifier for a cell in a mobile network.

2. TAI (Tracking Area Identifier): Identifier for tracking areas in a 5G network.

3. Cell Changed: Indicates whether the user's device has changed cells within the network.

Tunnel Information

1. IPV4 Address Uplink (UPF): IPv4 address for the uplink from the User Plane Function (UPF).

2. IPv4 Address Downlink (RAN): IPv4 address for the downlink to the Radio Access Network (RAN).

3. IPv6 Address Uplink (UPF): IPv6 address for the uplink from the User Plane Function (UPF).

Key Performance Indicator(KPIs)

1. Cplane Latency: The latency in the control plane, measuring the delay in signaling and control messages.

2. Per IMSI Metrics:

   • Uplane Bandwidth/Throughput: Bandwidth or throughput in the user plane for each IMSI.

Enable/Disable below Metadata extraction on the Service Node:

Inner Header Tuple

1. Source IP: IP address of the sender in the inner header.

2. Destination IP: IP address of the recipient in the inner header.

3. Source Port: Port number used by the sender in the inner header.

4. Destination Port: Port number used by the recipient in the inner header.

5. Protocol: Protocol used for communication in the inner header.

Application

1. App-Name: Name of the application associated with the traffic.

2. HTTP Data: Data transmitted over the HTTP protocol.

3. DNS Data: Data transmitted over the DNS protocol.

Total Bytes and Total Packets

1. Total Bytes: Total number of bytes transmitted.

2. Total Packets: Total number of packets transmitted.

Key Performance Indicator

1. Uplane Bandwidth/Throughput: Bandwidth or throughput in the user plane.

2. Uplane Latency: Latency in the user plane.

Enable/Disable below Metadata extraction on the Service Node:

User Access Information

1. IMSI - Vendor-Specific - 3GPP, Type - 3GPP-IMSI(1)

2. IMEI - Vendor-Specific - 3GPP, Type - 3GPP-IMEISV(20)

3. MSISDN - Calling-Station-Id

4. APN - Called-Station-Id

5. Virtual APN - Vendor-Specific - Starent Type SN-Virtual-APN-Name

6. User Name - User-Name

7. Packet Code - Code

8. Packet Identifier - Packet Identifier

9. PGW IP Address - NAS-IP-Address

10. Assigned IP Address - Framed-IP-Address

11. Assigned IPv6 Address and Prefix - Framed-IPv6-Prefix

12. Input Bytes - Acct-Input-Octets

13. Output Bytes - Acct-Output-Octets

14. Input Packets - Acct-Input-Packets

15. Output Packets - Acct-Output-Packets

16. Session Time - Acct-Session-Time

Packet deduplication is a feature used to identify and eliminate duplicate network packets, improving network efficiency and reducing redundant data processing. It works by comparing incoming packets.

• Deduplication Process: Traffic is continuously analysed in real-time with a granularity of up to 8 milliseconds, enabling the rapid detection and elimination of duplicate packets. The analysis process begins by inspecting ingress packets for familiarity based on their type and fields. If a packet is found to exist within the customer-defined time frame, it is identified as a duplicate and dropped. Users can configure the Packet Source (Full or Routed Packet) to filter out redundant traffic, even across multiple hops. Anchor & Offset settings define where and how packet data is compared, while the Window Size (2-8ms) ensures efficient real-time deduplication. For detailed configuration, refer to this link .

Modern networks—whether telco cores, enterprise data centers, or edge sites—demand flexible, high-performance packet intelligence to keep pace with AI-driven workloads and subscriber traffic. Aviz Service Nodes (ASN) deliver a software-defined solution for advanced traffic analytics, application identification, and AI-powered insights on commodity servers.

In our latest release, we’re thrilled to announce support for NVIDIA ConnectX NICs, building on our existing x86 platform compatibility. With ConnectX, ASN leverages cutting-edge NVIDIA technology to achieve unparalleled throughput, low latency, and future-proof scalability. From 4G/5G traffic correlation to real-time flow tracing, ASN on ConnectX empowers operators to modernize network observability effortlessly.

In the high-stakes world of telco networks, operators must manage massive subscriber traffic while ensuring optimal performance, metadata extraction, and application identification. Subscriber traffic, split into control packets (e.g., GTP-C, PFCP, N11) and user packets (GTP-U), is often processed separately in the core network, complicating analysis. Without precise correlation, directing both traffic types to the same tool for comprehensive insights is inefficient and prone to errors.

Introducing Subscriber-Aware Load Balancing (SALB) in the Aviz Service Node (ASN), running standalone on the NVIDIA BlueField-3 (BF3) DPU. This solution harnesses P4 programmable datapath and embedded ARM cores to deliver peak datapath performance, ensuring correlated traffic reaches the right tools with unmatched efficiency. Now generally available, ASN SALB on BF3 DPU empowers operators to achieve high-speed, intelligent traffic processing for next-generation telco networks.

Key Functionalities:

• GTP-U Extraction:

  • Decodes GTP-U headers and retrieves inner IP payloads for user-plane sessions.

  • Extracts key identifiers such as TEID, UE IP, QoS Flow Identifier (QFI), and Tunnel Endpoints.

• HTTP/2 Extraction:

  • Parses HTTP/2 requests, responses, and headers (e.g., :method, :path, :authority).

  • Identifies and reconstructs HTTP/2 streams over TCP/QUIC sessions.

• Correlation Engine:

  • Maps GTP-U session data with corresponding HTTP/2 flows using UE IP and session metadata.

  • Enables per-user, per-session correlation between transport and application KPIs.

• Analytics and Export:

  • Generates per-session KPIs (latency, throughput, error rate, retransmissions).

  • Supports export to Kafka, ElasticSearch, or external monitoring systems.

Benefits:

• Enables end-to-end visibility from 5G transport to application layer.

• Improves troubleshooting of latency, congestion, and QoS degradation issues.

• Enhances KPI accuracy by linking transport sessions to application activity.

Configurable Metadata Extraction in ASN

From this page, you can enable or disable the following metadata extraction options on the Aviz Service Node (ASN) for 5G-NSA:

User Information

1. IMSI (International Mobile Subscriber Identity): A unique identifier for a mobile subscriber.

2. IMEI (International Mobile Equipment Identity): A unique identifier for a mobile device.

3. MSISDN (Mobile Station International Subscriber Directory Number): The phone number associated with the subscriber.

User Location Information

1. CGI (Cell Global Identifier): A unique identifier for a cell in a mobile network.

2. SAI (Service Area Identifier): Identifies the service area within a network.

3. RAI (Routing Area Identifier): Specifies the routing area within a mobile network.

Tunnel Information

1. IPv4 Address Uplink (SGW): The IPv4 address for the uplink from the Serving Gateway (SGW).

2. IPv4 Address Downlink (eNodeB): The IPv4 address for the downlink to the eNodeB (Evolved Node B).

3. IPv6 Address Uplink (SGW): The IPv6 address for the uplink from the Serving Gateway (SGW).

Key Performance Indicator(KPIs)

1. Cplane Latency: The latency in the control plane, measuring the delay in signaling and control messages.

2. Per IMSI Metrics:

   • Uplane Bandwidth/Throughput: The bandwidth or throughput in the user plane, specific to each IMSI .

Configurable Metadata Extraction in ASN

From this page, you can enable or disable the following metadata extraction options on the Aviz Service Node (ASN) for 5G-SA:

User Information

1. IMSI (International Mobile Subscriber Identity): A unique identifier for a mobile subscriber.

2. IMEI (International Mobile Equipment Identity): A unique identifier for a mobile device.

3. MSISDN (Mobile Station International Subscriber Directory Number): The phone number associated with the subscriber.

User Location Information

1. CGI (Cell Global Identifier): Unique identifier for a cell in a mobile network.

2. TAI (Tracking Area Identifier): Identifier for tracking areas in a 5G network.

3. Cell Changed: Indicates whether the user's device has changed cells within the network.

Tunnel Information

1. IPV4 Address Uplink (UPF): IPv4 address for the uplink from the User Plane Function (UPF).

2. IPv4 Address Downlink (RAN): IPv4 address for the downlink to the Radio Access Network (RAN).

3. IPv6 Address Uplink (UPF): IPv6 address for the uplink from the User Plane Function (UPF).

Key Performance Indicator(KPIs)

1. Cplane Latency: The latency in the control plane, measuring the delay in signaling and control messages.

2. Per IMSI Metrics:

   • Uplane Bandwidth/Throughput: Bandwidth or throughput in the user plane for each IMSI.

Configurable Metadata Extraction in ASN

From this page, you can enable or disable the following metadata extraction options on the Aviz Service Node (ASN) for 5G-NSA:

User Information

1. IMSI (International Mobile Subscriber Identity): A unique identifier for a mobile subscriber.

2. IMEI (International Mobile Equipment Identity): A unique identifier for a mobile device.

3. MSISDN (Mobile Station International Subscriber Directory Number): The phone number associated with the subscriber.

4. APN/DNN (Access Point Name / Data Network Name): Defines the network path for data connections.

5. USER TYPE: Classification of the user, typically indicating subscriber type or service level.

6. UE IP ADDR(User Equipment IP Address):The IP address assigned to the user's device.

User Location Information

1. CGI (Cell Global Identifier): A unique identifier for a cell in a mobile network.

2. SAI (Service Area Identifier): Identifies the service area within a network.

3. RAI (Routing Area Identifier): Specifies the routing area within a mobile network.

Tunnel Information

1. IPv4 Address Uplink (SGW): The IPv4 address for the uplink from the Serving Gateway (SGW).

2. IPv4 Address Downlink (eNodeB): The IPv4 address for the downlink to the eNodeB (Evolved Node B).

3. IPv6 Address Uplink (SGW): The IPv6 address for the uplink from the Serving Gateway (SGW).

Key Performance Indicator(KPIs)

1. Cplane Latency: The latency in the control plane, measuring the delay in signaling and control messages.

2. Per IMSI Metrics:

   • Uplane Bandwidth/Throughput: The bandwidth or throughput in the user plane, specific to each IMSI .

To view the Global statistics of a Node from the FlowVision GUI, click Statistics > ASN>Global.

The following image shows the global statistics page:

The page shows the following metrics:

• Total User Sessions: Indicates the total number of active user sessions on the Service Node.

• Total Subscriber: Reflects the total subscribers registered on the service node.

The list below specifies the unique unified data type of metadata attributes exported from ASN, 5GC-control-session-data-mapping, EPC-control-session-data-mapping, and the user-session-data-mapping file.

• 5GC-control-session-data-mapping

• EPC-control-session-data-mapping

To view the Kafka Export statistics of a Node from the FlowVision GUI, click Statistics > ASN>Kafka Export

The following image shows the Kafka Export Statistics page:

The page shows the following metrics:

• C-Plane Data: Indicates the total number of C-Plane data export Counts from ASN Node.

• Priority C-Plane Data: Indicates the total number of Priority C-Plane data export Count from ASN Node.

• U-Plane Data: Indicates the total number of U-Plane data export Count from ASN Node.

• Priority U-Plane Data: Indicates the total number of Priority U-Plane data export Count from ASN Node

Introduction

This guide explains how to use the FlowVision Graphical User Interface (GUI) to manage ASN servers efficiently.

The FlowVision GUI provides the following top-level menu options:

The following image shows the home page of the Aviz FlowVision GUI:

1. Overview

Voice and video calls over IP use two major protocols:

• SIP (Session Initiation Protocol) → Signaling

• RTP (Real-time Transport Protocol) → Media (voice/video)

Because SIP carries only signalling and RTP carries the actual media, correlation is required to associate RTP flows with the corresponding SIP session.

This feature enables ASN-DPI to:

1. Parse SIP and extract SDP parameters

2. Track media endpoints (IP:Port)

3. Correlate live RTP traffic to the SIP session

4. Export SIP and RTP metadata to Kafka topics

2. SIP Processing

2.1 What SIP Does

SIP is responsible for:

• Setting up a call

• Exchanging SDP with codec & media IP/port

• Modifying the session

• Ending the call

Important: SIP does not carry media. It only negotiates media parameters.

3. SDP (Session Description Protocol)

SDP is embedded inside SIP messages (INVITE, 200 OK, ACK).

SDP contains:

• Media types (voice, video, dtmf, etc.)

• Codec formats

• Media IP and port

• Transport protocol (e.g., RTP/AVP)

This is the key information used for SIP→RTP correlation.

4. RTP (Real-time Transport Protocol)

• Carries actual audio/video packets.

• Does not contain SIP identifiers.

• ASN-DPI correlates RTP streams by SrcIP/DstIP/SrcPort/DstPort with SDP parameters.

5. SIP–RTP Correlation

Why is it needed?

RTP packets contain no SIP call ID or SIP headers.

To identify SIP sessions, need to do correlation Thus DPI must match SDP media endpoints: ip:port

SIP Metadata Explanation

RTP Metadata Explanation

Enhanced Subscriber Intelligence: The load balancing feature significantly enhances the ASN node's capability in enabling subscriber-level intelligence. It achieves this by egressing correlated control and user plane traffic to probes for in-depth analysis.

Efficient Load Distribution: This feature ensures efficient distribution of network load across multiple tools. By balancing the traffic, it prevents any single tool from becoming overwhelmed, thereby maintaining optimal network performance.

Comprehensive Network Analysis: The load balancing feature is crucial for achieving comprehensive network analysis. By directing correlated traffic to specific probes, it allows for detailed monitoring and assessment of traffic pattern.

Currently, wo subscriber-aware load balancing options are available, which can be configured based on customer requirements:

To manage connected nodes from the FlowVision GUI, click System > Devices.

The Devices screen shows all the connected nodes and their connection status. The nodes that are online are shown with a green status and the nodes that are offline are shown in a red status.

You can click the icon to reboot an active ASN appliance, restart the ASN application, or remove the ASN database configuration, as shown below.

The System menu lets you perform the following actions:

To access the system and device information, click System > General.

System Information

The system information table shows you the product name, version, and technical support information about the system.

To manage users from the FlowVision GUI, click System > User Management.

The User Management page shows the details of all the users of the system and their user privileges and roles. From the User Management page, you can add new users, edit user roles and permissions, de-activate a user, and delete a user.

The following image shows the User Management page:

Adding a New User

To add a new user,

1. Click the ADD button on the header of the user management table at the top. The New User window displays.

2. Specify the Email address, Username, Password, and Role of the new user in their respective fields. The Role drop-down field has two options - Admin and Viewer. The Admin role has full access and the Viewer role has read-only access.

Editing Existing Users

To edit an existing user,

1. Click the Edit button against the user in the User Management table. The Edit User window displays.

2. Edit the required details in the Email, Username, Password, and Role fields.

3. Click Update User to update the user details.

De-Activating or Deleting Users

In the User Management table,

• Click the De-Activate button to deactivate a user.

• Click the Delete button to delete a user.

To view the system log from the FlowVision GUI, click System > Syslog.

The Syslog page shows the system logs of all the nodes that are online. You can click the device icon for each of the online devices to get the system log for that particular device. The system log shows the device IP, component, severity level, time stamp, and the severity level message with more specific information.

The following image shows the system log table of a device:

You can change the severity level of the messages displayed in the syslog table using the Severity Level drop-down menu. The available options are Debug, Info, Notice, Warning, Err, Critical, Alert, and Emergency. This is a multi-select menu where you can select multiple severity levels to be displayed.

Application, Protocol, and Category Identification with DPI

ASN Deep Packet Inspection enables precise identification of 2,700+ applications and 9,000+ subcategory applications, and their attributes by analyzing network traffic in detail. This capability allows organizations to know exactly which apps are running—whether it’s video, audio, gaming, file transfer, or chat—along with the underlying protocols they use. Categorizing traffic helps in applying tailored policies for security, bandwidth allocation, and compliance. By understanding both the app and its category, enterprises and telcos can optimize network performance, enforce acceptable use policies, and gain valuable insights into user behavior and traffic trends

DPI Benefits for Telcos

For telecom operators, ASN DPI delivers detailed application, protocol, and category identification—covering over 2,700+ apps—combined with critical session KPIs such as average, max, and min bandwidth, uplink/downlink latency, and packet retransmissions. This data helps telcos monitor how many users are engaging with each app and how network resources are being consumed in real time. By correlating user behavior with network performance metrics, telcos can optimize bandwidth allocation, improve quality of service for high-priority applications, and quickly troubleshoot performance issues. Additionally, rich metadata like HTTP hostnames and user-agent information aids in refining subscriber analytics, enabling personalized service offerings and efficient network management.

DPI Benefits for Data Centers/Enterprise

In data centers and enterprise networks, ASN DPI combines accurate app, protocol, and category identification with detailed session metrics—such as bandwidth usage, latency, and packet loss—to provide deep visibility into application performance and user experience. Tracking how many users access specific applications and the bandwidth consumed per session allows IT teams to optimize resource allocation and enforce security policies effectively. Latency and retransmission data help identify network bottlenecks or faulty links, enabling proactive issue resolution. Supplemented by metadata like HTTP URLs and user agents, this granular insight empowers enterprises to manage complex traffic flows, ensure compliance, and enhance overall network reliability and efficiency.

DPI Dynamic Upgrade: Always Stay Current:

In a fast-changing digital landscape where new applications and protocols constantly emerge, a static DPI quickly becomes outdated. ASN-DPI addresses this challenge with a robust DPI dynamic upgrade mechanism, allowing its detection engine and protocol signature database to be updated on the fly—without service interruption or the need for full software redeployment.

DPI metadata payload support Headers List:

The Dashboard is the default home page of the FlowVision GUI. To return to the dashboard view from any other page, click System > Dashboard.

The Dashboard shows you the following data:

ASN Fabric Information

This pie chart shows you the device information based on the ASN Version and the ASN Location. You can hover the mouse pointer over the charts to display a tooltip with more relevant information.

The following image shows the ASN fabric information charts:

Platform Health

The platform health table shows you the CPU usage, and memory availability for each connected node. From this data, you can infer the overall health of the platform.

The following image shows the platform health table:

Link Information

The link information table displays the total number of ports across all connected nodes, the number of ports enabled with administrative privileges, and the number of ports that are down.

The following image shows the link information table:

Top 5 Ports by Traffic

The top 5 ports by traffic show you the top 5 ports across all connected nodes sorted on the basis of their traffic rate. The table shows you the device, port, Mode, In Pkts & the number of In Discards.

The following image shows the top 5 ports by traffic table:

Syslog Statistics

The SYSLOG Statistics shows you the nodes sorted based on the SYSLOG messages. The table shows the device IP, and the number of SYSLOG messages, filtered by severity.

The following image shows the SYSLOG Statistics:

ASN Module Status

The ASN Module Status shows the top nodes and their health with details about the various components of ASN sorted node IP.

The following image shows the ASN Module Status:

HA Status

The HA Status shows the HA status between the connected nodes along with the Cluster Status & Data Export Status.

The following image shows the HA Status:

Introduction

To perform a backup or restore from the FlowVision GUI, navigate to: System > Backup/Upgrade

The Backups page displays a list of available system backup files with the following details:

• Backup Filename

• Date of Backup Creation

• Backup Status

• Option to Delete Specific Backup Files

Additionally, this page provides options to: Upgrade the system using a .jar file. Upgrade the database using a local .sql file.

The following image illustrates the Backups page:

Creating a New Backup

To create a new backup, click the Create Backup drop-down menu and select Create Backup. This action creates a new backup file, displaying its status in the backup table.

You can also have the option to selectively backup the database or the FlowVision system. To perform this selective backup,

1. Click Create Backup > Create Backup. The New Backup window displays.

2. This will take the backup of the DB and Flowvision.

Advanced Backup

1. Click Create Backup > Create Backup (Advanced).

2. Select the backup you want to create. The available options are - Backup DB and Backup FlowVision. This is a multi-select option where you can choose either or both.

3. Click Backup to create the selected backup.

Restoring from a Backup

After completing a backup, you can find the list of backups in a table format below

Click on the Restore Icon to restore that particular backup (.sql / .jar ).

The New Backup window displays, used need to select Restore DB or Restore FlowVision or select both if both are available, then Click on the Restore button.

After Restore is completed, there will be a pop-up -

Note: The user also can download the backup files ( .sql / .jar ) by clicking the Download Icon, it will save the file to the local system.

Upgrading FlowVision

You can upgrade the FlowVision system if required. To upgrade,

There are 2 types of upgrade provided

Upgrade Flowvision

1. Click Upgrade System on the top right corner of the Backups page. The Upgrade System window displays.

2. Select the Upgrade FlowVision checkbox and select .jar file from the local system

3. Click Upgrade to upgrade the system.

After the Upgrade, there will be a popup that -

Upgrade DB

1. Click Upgrade System on the top right corner of the Backups page. The Upgrade System window displays.

2. Select the Upgrade DB checkbox and select .sql file from the local system

3. Click Upgrade to upgrade the system.

After the Upgrade, there will be a popup that -

Deleting a Backup

To delete a specific backup file, click the icon against the corresponding backup file in the Backups table. Confirm the delete action in the Confirm Delete prompt.

To configure the Licenses for ASN Nodes from the FlowVision GUI, click System > Licence

This page displays the current license details in a table format along with Node IP, MAC Address & Serial Number allowing you to either add a new license key for a new ASN device or update an existing license.

• The following license details are shown for each ASN device:

  • Subscriber License Key, Type & Status

  • Application License Key, Type & Status

Adding or Updating a License

To add or modify the license for an ASN node, follow these steps:

1. Click on the Edit button on the license table next to the respective Node

2. A popup window will appear with the following fields:

   1. Subscriber License Key

Information Icon

In the License Information Table, the Subscriber License Key and Application License Keycolumns include an information icon

• When hovering over the info icon, detailed license information will be displayed, including:

  • License Type

  • License Status

To configure Boot Configuration using the FlowVision GUI, navigate to:

Configuration > Boot Configuration.

• A detailed boot configuration showing:

  • General

  • Features

  • Packet Core Interface

  • Kafka Producer Config

General

The following image illustrate the General configs such as hash table, ip & subscriber session limit, Coutn etc as shown below

LB Hash Type:

• Specifies the method used for load balancing packet flows across processing cores.

• 3 Tuples: Uses source IP, destination IP, and protocol/port for hashing.

• 5 Tuples: Uses source IP, destination IP, protocol, source port, and destination port for hashing.

IP Session Limits:

• Sets the maximum number of concurrent IP sessions per core.

Subscriber Session Limits:

• Definition: Defines the maximum number of subscriber sessions (unique users/devices) that can be handled simultaneously.

• The range is typically 100 to 3,000,000. Higher values require more memory and CPU resources.

Kafka Core Count:

• Definition: Number of CPU cores dedicated to Kafka producer threads for exporting data.

• Limitation: Must be less than or equal to the number of Packet Processing cores.

KPI Core Count:

• Definition: Number of CPU cores allocated for Key Performance Indicator (KPI) processing tasks.

• Limitation: Must be less than or equal to the number of Packet Processing cores.

Start Cores:

• Definition: Specifies the logical core ID from which packet processing should begin.

• Limitation: Must be a valid core ID present on the system. Incorrect values may prevent the application from starting.

Total Cores:

• Definition: Total number of logical CPU cores allocated for packet processing and related tasks.

• Limitation: Limited by the physical hardware; allocating more cores than available will result in errors.

Packet Processing Cores (Per Port)

• Definition: Number of CPU cores assigned to process packets for each port.

Total Port

• Definition: Number of asn ports configured for packet processing.

• Limited by hardware capabilities and configuration, typically between 1 and 8.

Control Port

• Definition: Designates the asn port used for control plane traffic.

• Must select a valid port from available options (e.g., port0, port1)

Features & Packet Core Interface

The following image illustrate the Features and Packet core interface configs such as Radius, metadata export,4G & 5G interface type etc.

Enable Radius

• Definition: Enables or disables support for the RADIUS protocol, used for authentication and accounting.

• Set to "true" or "false" based on deployment requirements.

Active Bearer Export

• Definition: Enables the export of active bearer information for monitoring or analytics.

Uplane Flow Stats (Control Metadata):

. Definition: Enables collection and export of user-plane flow statistics as part of control metadata.

Packet Core Interface:

• Definition: Selects the type of packet core interface for network connectivity.

• 4G Interfaces: S5-S8, S11

• 5G Interfaces: N11

Kafka Producer Config

The following image illustrate the Kafka Producer configs such as Queue buffer, compression type etc.

Queue Buffer Messages (max):

• Definition: Maximum number of messages buffered per Kafka queue before sending.

• Range is 1,000 to 1,000,000,000.

Queue Buffer kbytes (max):

• Definition: Maximum buffer size in kilobytes per Kafka queue.

• Range is 1 to 2,147,483,647 kB.

Queue Batch Size (max):

• Definition: Maximum number of messages sent in a single Kafka batch.

• Range is 1 to 2,147,483,647.

Linger (ms):

• Definition: Time in milliseconds to wait before sending a batch to Kafka, allowing more messages to accumulate.

• Range is 0 to 900,000 ms.

Compression Type:

• Definition: Compression algorithm used for Kafka messages.

• Must be one of: none, gzip, lz4, zstd, snappy. Unsupported types will cause errors.

To view the audit logs from the FlowVision GUI, click System > Audit Logs.

The audit logs table gives you the details of all the actions performed on the connected systems. The details include the action performed, the date, the IP address of the system used to login to the GUI, the resource used, the username of the operator that acted, and the status of the action.

The following image shows the audit logs table:

Introduction

ASN DPI (Deep Packet Inspection) identifies applications using pattern-based signatures. Aviz Networks provides seamless signature updates, allowing support for new applications or enhancements of existing ones without impacting the existing deployment.

Upgrade Process

Follow these steps to upgrade ASN DPI without restarting ASN modules:

1. Copy the Signature File to the ASN Device

2. Extract the Tar file

3. Navigate to the Installation Directory

4. Execute the Upgrade Script

The configuration menu helps you perform the following:

• Configuring Ports

• Configuring Metadata Attributes

Deep Packet Inspection (DPI) is a powerful technique that analyzes network traffic at the packet level, going beyond basic header inspection to examine the payload of the actual data being transmitted.

Aviz Service Nodes support in-service DPI upgrade for enhanced new DPI library integrations.

To configure ASN ports using the FlowVision GUI, navigate to:

Configuration > Ports.

This page displays:

• Managed Nodes and their connected ports.

To configure and manage control session timeout and active communication bandwidth of ASN via the FlowVision GUI, navigate to:

Configuration > ASN > Threshold and Timeout

Threshold and Timeout Configuration Options:

1. control session timeout

The list below specifies the unique unified data type of metadata attributes exported from ASN, 5GC-control-session-data-mapping, EPC-control-session-data-mapping, and the user-session-data-mapping file.

The following Metadata Attributes can be modified using this menu:

• 4G-LTE/5G-NSA

• 5G-SA

• U-Plane

• Radius

To view and configure ASN global parameters from the FlowVision GUI, navigate to:

Configuration > Global.

The following image illustrates the ASN Global page:

Configure Global Parameters

Select a Node to configure the below parameters:

• Kafka Export Interval (seconds): Sets the interval for exporting data to Kafka, configurable between 5 to 300 seconds.

• 5G Cplane Processing (N4/N11): Choose between N4 or N11 for processing 5G control plane traffic.

• HTTP2 Port: Define multiple HTTP2 ports, separated by commas (,).

To configure and manage system attributes of ASN via the FlowVision GUI, navigate to:

Configuration > Systems.

The Systems Manager page displays the configurations for Kafka, SNMP, NTP, and Syslog servers, allowing users to add or remove associated IP addresses as needed.

The following image shows the System Parameters page:

Kafka Configurations

Configure and manage up to one Kafka server IP address for exporting metadata extracted by the Service Node.

SNMP Trap Configuration

Configure and manage up to three SNMP trap server IP addresses for receiving SNMP traps generated by the Service Node.

NTP Configuration

Configure and manage up to three NTP server IP addresses for time synchronization.

Syslog Configuration

Configure and manage up to three Syslog server IP addresses for receiving system logs from the Service Node.

SNMP Trap Threshold

Set thresholds for SNMP traps based on the following parameters:

• Disk Usage (%): Define a trigger when disk utilization exceeds a specified percentage.

• CPU Usage (%): Set a threshold for CPU utilization percentage.

• Temperature (℃): Configure the ASN appliance temperature limit before an SNMP trap is triggered.

To configure and manage packet deduplication of ASN via the FlowVision GUI, navigate to:

Configuration > ASN > Deduplication

Deduplication Configuration Options:

1. Packet Deduplication: Toggle this option to enable/disable deduplication.

2. Selecting the Packet Source, you can choose one of the following packet sources:

   1. Full Packet: Deduplication is applied to the entire packet.

   2. Routed Packet: In real time, the packets can be routed across multiple devices/hops. Hence there are chances the duplicate packets can be received to monitoring fabric with different Src MAC/TTL/Checksum fields.

3. Anchor : Determines the starting position for packet comparison during deduplication. Available options:

   1. Packet Start – Begins deduplication from the start of the packet.

   2. L3 Start – Uses the Layer 3 (network layer) header as the reference point.

4. Offset: Define the byte offset from the anchor point where deduplication begins till the provided bytes (14 to 128 bytes)

5. Window Size: The time interval within which duplicate packets will be identified. Available options: 2,4,6 & 8ms.

6. Deduplication Interface: Select the network interface where deduplication should be applied.

Below image show packet deduplication for full packet

Below image show the Packet Deduplication for Routed Packet