Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| en:dpi:bras_bng:replication [2024/09/26 15:29] – created - external edit 127.0.0.1 | en:dpi:bras_bng:replication [2025/09/30 15:53] (current) – elena.krasnobryzh | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== BNG/BRAS reservation ====== | ||
| {{indexmenu_n> | {{indexmenu_n> | ||
| + | ====== BRAS Active-Standby (Master-Backup) redundancy ====== | ||
| + | ===== Description of the switching algorithm for BRAS L2 (DHCP, Static IP) ===== | ||
| + | * BRAS L2 redundancy for IPoE (DHCP and Static IP) is recommended using the Active-Standby scheme, which involves connecting two SSG BRAS devices to a single broadcast L2 domain: one in Master mode, the other [[en: | ||
| + | * The Master is the active server and processes traffic during normal network operation. The Backup is in standby state and does not pass traffic through itself; the DPDK interfaces towards subscribers (IN ports) are administratively shut down (down). | ||
| + | * The Backup server monitors the operation of the Master server using a script (heartbeat) via dedicated management ports. Upon detecting a failure of the Master server, the Backup server automatically activates (up) the DPDK interfaces towards subscribers (IN ports) and begins processing traffic. | ||
| + | * Single traffic switchover to the Backup server and stopping the Master server is implemented to avoid multiple traffic transfers and network impact. Switching traffic back to the Master is performed by the network administrator manually. | ||
| + | * For correct operation, all service profiles must be identically configured on both the Master and Backup servers; we recommend using a profile synchronization script. | ||
| + | * Note that SSG BRAS supports dynamic (OSPF, BGP) and static routing. In case of dynamic routing, for Static IP subscribers with public IP addresses, the announcement will change automatically when switching to the Backup server; for subscribers with private addresses, a NAT profile will be applied, under the same name, but from a different public address pool configured on the Backup server. | ||
| - | The following replication scheme is used in the Stingray Service Gateway ver. 8.3+ to align subscriber data on all fastDPI servers: fastPCRF sends authorization responses and CoA requests to all the servers listed in the [[en: | + | {{ : |
| - | <note important> | + | |
| - | ===== Ways the data is applied on the DPI ===== | + | ===== Master server status monitoring script |
| - | When receiving authorization data, the fastDPI | + | The script must be installed on the Backup |
| + | **Four checks** are used to confirm | ||
| + | | ||
| + | - The fastDPI process is present | ||
| + | - The PID of the fastDPI process has not changed (no uncontrolled process restart) | ||
| + | - The link state on the main fastDPI has not changed (optional check). This check is disabled by default, as it may not be needed in some topologies | ||
| - | ===== BRAS L2 backup ===== | + | **Script Installation Process:** |
| - | Backing up of BRAS in L2 mode involves | + | - Download all files from the {{: |
| - | One of them in Master | + | - Configure the Master |
| - | Master SSG carries out traffic processing along with users authorization through | + | - Create an SSH key pair on the Backup server using the command <code bash> |
| - | Slave does not pass traffic through itself, dpdk interfaces are in the traffic standby mode (down). Subscribers information is synchronized through | + | - Create a new user with sudo rights on the Master |
| - | Slave monitors | + | - Copy the private SSH keys from the Backup |
| - | An example of DPI connection and routes | + | - Add execute permissions |
| - | {{ : | + | - Run <code bash> |
| - | ==== Database synchronization ==== | + | **Service Management: |
| - | FastPCRF is responsible for synchronization, | + | - Start the service: <code bash> |
| + | - Check service status: <code bash> | ||
| + | - Stop the service: <code bash> | ||
| + | - Check service logs: <code bash> | ||
| - | === Configuring the SSG Master mode === | + | ===== Service profile synchronization script |
| + | The script synchronizes service profiles [[en: | ||
| + | The script runs on the Master server; service profiles on the Backup server will be aligned with those on the Master server. Profile transfer is performed using '' | ||
| - | === Configuring the SSG Slave mode === | + | System Requirements: |
| + | * SSH | ||
| + | * Bash | ||
| + | * Jq | ||
| + | * Installed | ||
| + | * Rsync | ||
| - | == Algorithm description == | + | Script Logic:\\ |
| - | Stingray Service Gateway backup concept - MASTER-SLAVE (L2-BRAS): | + | The script retrieves |
| - | * 1. MASTER is running 99% of the time, it can be disabled or may fail | + | |
| - | * 2. When being recovered MASTER always treacherously proceed | + | |
| - | * 3. SLAVE just accepts replications from MASTER and saves them in UDR in 99% of the time | + | |
| - | * 4. There is a third party that switches traffic | + | |
| - | * 4.1. MASTER is available, SLAVE is available, then the traffic will be switched to MASTER | + | |
| - | * 4.2. MASTER is available, SLAVE isn't, then the traffic will be switched to MASTER | + | |
| - | * 4.3. MASTER is not available, SLAVE is available, then the traffic will be switched to SLAVE | + | |
| - | * 4.4. MASTER and SLAVE are not available, then the traffic will be switched to MASTER | + | |
| - | MASTER-> SLAVE toggling: | + | ==== Installation and management ==== |
| - | | + | |
| - | * 2. Delays when switching are barely perceptible | + | |
| + | - Add permissions for the script using the command <code bash> | ||
| + | - Configure the user and IP of the Backup server within the script. The user must have write access | ||
| + | | ||
| + | 0 * * * * * /bin/bash / | ||
| + | - Add a bash alias to run the script on demand:< | ||
| + | - Create the directory ''/ | ||
| - | Bootstrap MASTER' | + | Script Operation:\\ |
| - | * 1. MASTER has the fastdpi+fastpcrf services running and enabled (they were started on boot) | + | The script |
| - | * 2. MASTER detects that SLAVE is active and stores relevant data | + | |
| - | * 3. MASTER stops its fastdpi + fastpcrf services | + | |
| - | * 4. MASTER backups UDR on SLAVE and takes it back | + | |
| - | * 5. MASTER starts its fastdpi + fastpcrf | + | |
| - | * 6. A third party detects that the MASTER becomes available and switches the traffic to it | + | |
| - | + | ||
| - | Bootstrap MASTER'а (SLAVE is anavailable): | + | |
| - | * 1. MASTER has the fastdpi+fastpcrf services running and enabled (they were started on boot) | + | |
| - | * 2. MASTER determines that SLAVE is not available, considers that UDR it holds is more relevant than the one located on SLAVE, continues to work normally | + | |
| - | * 3. A third party detects that the MASTER becomes available and switches the traffic to it | + | |
| - | + | ||
| - | Bootstrap SLAVE'а (MASTER is active and process traffic): | + | |
| - | * 1. SLAVE has the fastdpi+fastpcrf services running and enabled (they were started on boot) | + | |
| - | * 2. SLAVE detects that MASTER is active and stores relevant data | + | |
| - | * 3. SLAVE stops its fastdpi + fastpcrf services | + | |
| - | * 4. SLAVE backups UDR on MASTER and takes it back | + | |
| - | * 5. SLAVE starts its fastdpi + fastpcrf | + | |
| - | * 6. SLAVE starts to replicate data | + | |
| - | + | ||
| - | Bootstrap SLAVE'а (MASTER is unavailable): | + | |
| - | * 1. SLAVE has the fastdpi+fastpcrf services running and enabled (they were started on boot) | + | |
| - | * 2. SLAVE detects that MASTER is unavailable, | + | |
| - | * 3. A third party detects that SLAVE becomes available and switches the traffic to it | + | |
| - | + | ||
| - | =====Script for active DPI reservation===== | + | |
| - | The script should be installed on the reserve DPI where it runs in a continious loop monitoring the state of main dpi via ssh.\\ | + | |
| - | This script uss **4 checks** to confirm that main dpi is working: | + | |
| - | - The server is rachable via network (pingcheck) | + | |
| - | - The fastDPI process is present | + | |
| - | - FastDPI process PID did not change | + | |
| - | - The link state on the main DPI did not change (optional check). This check is disabled by default as it may not be necessary in some installations. | + | |
| - | **Installation process: | + | Note that if a service profile is applied to a subscriber, it will not be deleted. Also note that any files not saved in the '' |
| - | - Download all files from the {{ : | + | |
| - | - Configure main server ip inside | + | |
| - | - Create an ssh key pair on the reserve server | + | |
| - | - Create a new sudo user account on the main server | + | |
| - | - Copy private ssh keys from reserve server to the new account authorized keys file on the main server | + | |
| - | - Add permissions to installation scrip via <code bash> | + | |
| - | - Run '' | + | |
| - | **Controlling the service:** | ||
| - | - Starting the service: <code bash> | ||
| - | - Checking service status: <code bash> | ||
| - | - Stoping the service: <code bash> | ||
| - | - Checking service logs: <code bash> | ||