SORACOM Developers

Getting Started

Use SORACOM Junction’s inspection function to visualize statistics of packets passing through VPG

In this guide, packets passing through VPG are visualized based on statistical information outputted by SORACOM Junction inspection function.

What is SORACOM Junction

What is SORACOM Junction “SORACOM Junction” (Junction) is a service that provides three functions of mirroring, redirection, and inspection for packets passing through Virtual Private Gateway (VPG). For VPG, please also check the Virtual Private Gateway (VPG) function details.

Three functions provided by Junction

Mirroring

The mirroring function sends a copy of the packet that passes through the VPG to the specified destination. The following figure shows an example where a device using AirSIM is accessing the Internet via VPG. The device is accessing the Internet, but a copy of the packet is sent to the specified destination (here Customer VPC / Customer’s system)

Mirroring

Redirection

The redirection function changes the route so that the user packet passing through the VPG passes through the server specified by the customer. The following figure shows an example where a device using AirSIM is accessing the Internet via VPG. Packets from devices attempting to access the Internet are forwarded to the specified destination (here Customer VPC / Customer’s system). Routing after transfer is done with Customer VPC / customer’s system. Note that this function requires the use of Gate The redirect packet transfer destination is Gate Peer.

Redirection

Inspection

The inspection function analyzes packets passing through the VPG and provides statistical information on packets passing through the VPG, such as application discrimination. The following figure shows an example where a device using AirSIM is accessing the Internet via VPG. The device accesses the Internet. Statistics of packets passing through the VPG are forwarded to the specified destination (here Customer VPC / Customer’s system). For details on the statistics and format of packets passing through the VPG, see “Statistics of packets sent by inspection”.

inspection

This guide uses the inspection function to visualize statistical information.

Use the inspection function of Junction to visualize statistical information of packets passing through VPG

Send the statistics of the packet output by the inspection function to Amazon Kinesis Stream (Kinesis Stream). In addition, AWS Lambda (Lambda), which subscribes to Kinesis Stream, sends the data to Elastic Cloud. Elastic Cloud’s Elasticsearch, Kibana will visualize statistical information.

overview

Prepare the following in advance.

The Lambda function provides sample scripts. Dashboard and visualization used by Kibana are provided by Elastic Company for providing samples.

Elastic Cloud settings

Set up Elastic Cloud.

Set up Elastic Cloud.

Elastic Cloud is a managed service of Elasticsearch and Kibana provided by Elastic.

If you do not have an account yet, create an Elastic Cloud account here. (14 day free trial is available.)

Create a cluster

After user registration, log in and click “Create Cluster”. Since you will be transitioning to the cluster creation screen, select “Tokyo Region” and create the rest by default.

Elastic Cloud

Upon completion, the password of the “elastic” user to manipulate the cluster for the first time is displayed. I will use it later, please write down.

Next, please set “Kibana” to “enable” from the “Configuration” menu.

Please wait for a while if “Please wait until the current plan is finished before enabling Kibana.” is displayed.

Elastic Cloud

Confirm access

Elastic Cloud

Elastic Cloud

Creating indexes and creating documents

Before submitting data, register the index template.

$ curl --user elastic:ES_PASSWORD -X PUT "https://xxxxxxxxxxxxxxxxxx.ap-northeast-1.aws.found.io:9243/_template/soracom-vpg" -d@/Users/xxx/elastic/soracom-realtime-vpg-metrics-template.json

If there is a response like {“acknowledged”:true}, it is successful.

This concludes the setting of Elastic Cloud.

Create Kinesis Stream

Create a Kinesis Stream to send data from inspection.

Create Kinesis Stream

Create a Kinesis stream

Create a Kinesis stream

Create a Kinesis stream

Create a Kinesis stream is over.

Create IAM

Here we will create IAM users and roles. The IAM user you create will input to the Kinesis stream. We will use this user’s credentials in setting up SORACOM Junction.

The role is used as a role to execute the Lambda function to be created later.

Create a user

Select a user from “IAM” of the AWS console and click “Add user”. create a user

The user name is “kinesis”.

create a user

Select “Access by program”.

create a user

For policy, select “Attach existing policy directly” and select “AmazonKinesisFullAccess”.

create a user

Confirm the contents and click “Create User”.

It will be successful if the following screen appears. Later, please note the access key ID and secret access key for use with Junction ’s inspection function.

Create role

Select the role from “IAM” of the AWS console and click “Create new role”.

create role

For role type, select “AWS Lambda”.

create role

In the policy, attach “AWSLambdaKinesisExecutionRole”.

create role

In the role name, we create a role as lambda_kinesis_execution.

create role

Creating users and roles is now complete.

Create Lambda

Next I will create Lambda.

overview

Access the AWS Lambda administration screen from the AWS console. Click “Create Lambda function”. Create Lambda

Click “Blank Function”. Create Lambda

For trigger setup, select “Kinesis” and for Kinesis stream, select “junction-inspection-escloud” we created earlier. Please check “Activate Trigger”. Create Lambda

Please copy and paste the downloaded script from the Lambda function here. For runtime, select “Python 3.6”.

Create Lambda

Next, enter the environment variables. Please enter five environment variables as follows.

Environment variable name Value
ESBASEURL It will be the Endpoint of Elasticsearch. “HTTPS” link of “Endpoints” on the top page of Elastic Cloud’s cluster. Delete the last / of the URL.
ES_USERNAME Elastic Cloud user ID. In this guide it will be “elastic”.
ES_PASSWORD Password for user “elastic”.
ES_INDEX It is an index name. Here, please say “soracom”. (The Lambda function sends data as soracom-YYYY.MM.DD.)
ES_TYPE “Stats”.

In the role, select lamdba_kinesis_execution we created earlier.

Create Lambda

Set the timeout to 1 minute. Confirm the setting contents and click “Create function”. Creation is completed if the following screen is displayed.

Inspection settings

Next, set the inspection function of the junction. The flow will be as follows.

Create VPG

Log in to the SORACOM user console. Select “VPG” from the pull-down menu at the upper left of the screen.

Click “Add VPG”.

Enter the name of the VPG and select “Canal” here as the target service. When you click “Create”, “State” becomes “Creating”. After a while (about 3 minutes), it is completed when it is “running”.

Create a group and change the group to which SIM belongs

Select “Group” from the pull-down menu in the upper left corner of the SORACOM user console.

Click “Add”, enter the group name, and create a group. Click on the group you created and open “SORACOM Air Setting” from “Basic setting” on the group screen.

Since “VPG (Virtual Private Gateway) setting” exists in “SORACOM Air setting” as below, set it to “ON” and select “VPG” created earlier.

Click “Save”.

Air SIM included in the group that specified VPG will use VPG.

Next, let Air SIM belong to the group. From the “SIM Management” menu, select the SIM to be connected and click “Change belonging group”.

I will belong to the group I created earlier.

Attention

Credential registration

Next, register the credentials of the Kinesis Stream to which the statistical information is sent with the inspection function. Select “Security” -> “Authentication information store” from Solacom’s user console.

Credential registration

As described below, you will register the credentials of the user created from IAM of AWS earlier. Register access key ID and secret access key. In this case, we will register with the authentication information ID “kinesis”.

Credential registration

Set inspection function

Open the VPG setting screen that you created. Open the “Junction Settings” tab.

Set the inspection to “ON” and enter the following information.

Setting Value
Destination service Amazon Kinesis Stream
Destination URL https://kinesis.ap-northeast-1.amazonaws.com/junction-inspection-escloud
format: https://kinesis.<region>.amazonaws.com/<delivery stream name>. The is “junction-inspection-escloud”.
Authentication information kinesis
It will be the credentials we made earlier.

Inspection settings

Visualize statistical information of packets passing through VPG

Communicate with the SIM included in the Air SIM group to which the created VPG is applied.

Create an index pattern

Inspection settings

The index pattern is created after inputting data. Please input data first.

Import dashboard

I will import Kibana’s dashboard.

Elastic Cloud

Visualize statistical information

Go to Elastic Cloud’s Kibana. Click “Dashboard” -> “Soracom”.

Kibana dashboard

You can check the protocol and application of the communication destination, the data communication volume, the number of packets etc. as follows. We are visualizing packet statistics by the inspection function.

Kibana dashboard

“Visualize statistical information of packets passing through VPG” is over.

About ElasticCloud, we can not support it, so thank you for your understanding. *

Getting Started

SORACOM Air for Cellular

SORACOM Air for Sigfox

SORACOM Beam

SORACOM Canal/Direct/Door

SORACOM Endorse

SORACOM Funnel

SORACOM Gate

SORACOM Harvest

SORACOM Inventory

SORACOM Junction

SORACOM Krypton

SORACOM Lagoon

Service Detail

Developer Tools

pagetop