Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:dpi:dpi_brief:install_point_ssg:instruction_instal_mirror:start [2023/09/04 09:34] – ↷ Links adapted because of a move operation elena.krasnobryzh | en:dpi:dpi_brief:install_point_ssg:instruction_instal_mirror:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== The SSG installation manual using MIRRORING installation scheme ====== | ||
| - | {{indexmenu_n> | ||
| - | - Install and start the Stingray SG, please refer to the [[en: | ||
| - | - Set an [[en: | ||
| - | - Apply for license and fastDPI installation to Service Desk | ||
| - | - Once installed both, you should edit the following settings: | ||
| - | |||
| - | Configure mirror traffic reception and response: | ||
| - | |||
| - | The settings are changed by editing the configuration file / | ||
| - | * '' | ||
| - | * '' | ||
| - | |||
| - | To set the DPI in mirroring mode, you have to specify the following in the configuration: | ||
| - | |||
| - | In the configuration for the inbound ports '' | ||
| - | <code bash> | ||
| - | in_dev=dna1: | ||
| - | </ | ||
| - | |||
| - | In the configuration for outgoing ports '' | ||
| - | <code bash> | ||
| - | tap_dev=dna0 | ||
| - | </ | ||
| - | |||
| - | Specify the mode – asymmetric | ||
| - | <code bash> | ||
| - | asym_mode=1 | ||
| - | </ | ||
| - | |||
| - | Specify the direction of '' | ||
| - | <code bash> | ||
| - | emit_direction=2 | ||
| - | tap_mode= | ||
| - | </ | ||
| - | |||
| - | <note important> | ||
| - | |||
| - | Specify that VLAN should be reset: | ||
| - | <code bash> | ||
| - | strip_tap_tags=1 | ||
| - | </ | ||
| - | |||
| - | Set MAC change: | ||
| - | <code bash> | ||
| - | replace_source_mac=00: | ||
| - | replace_destination_mac=78: | ||
| - | </ | ||
| - | |||
| - | Set the number of retries if there are network losses: | ||
| - | <code bash> | ||
| - | emit_duplication=3 | ||
| - | #here, 3 is the number of repetitions (duplicates) of a packet with redirect or blocking. | ||
| - | </ | ||
| - | |||
| - | ===== Implementation scheme and description of operation ===== | ||
| - | {{ en: | ||
| - | |||
| - | <note important> | ||
| - | |||
| - | ===== Header of the IP response packet ===== | ||
| - | - **Destination MAC** – MAC address of the router port where the response link is connected. | ||
| - | - **Source MAC** – MAC address of the '' | ||
| - | - **Source IP** – IP address of the restricted resource IP2. | ||
| - | - **Destination IP** – IP address of user IP1. | ||
| - | |||
| - | ===== Router configuration example ===== | ||
| - | Configuration example: | ||
| - | The port on the router where the response link from the SSG is connected should be configured as a regular L3 port. The task is to receive a packet from the SSG and, based on the common routing tables, forward it to the subscriber. | ||
| - | |||
| - | '' | ||
| - | |||
| - | <code bash> | ||
| - | #Settings on tha MX side: | ||
| - | description from_SSG_redirect; | ||
| - | unit 0 { | ||
| - | family inet { | ||
| - | address a.b.c.d/30; | ||
| - | } | ||
| - | } | ||
| - | </ | ||
| - | |||
| - | ===== Statistics collection ===== | ||
| - | <code bash> | ||
| - | http_parse_reply=1 | ||
| - | |||
| - | netflow=8 | ||
| - | netflow_full_collector_type=2 | ||
| - | netflow_dev=eth3 | ||
| - | netflow_timeout=20 | ||
| - | netflow_full_collector=172.18.254.124: | ||
| - | netflow_rate_limit=30 | ||
| - | netflow_passive_timeout=40 | ||
| - | netflow_active_timeout=120 | ||
| - | |||
| - | #URL upload | ||
| - | ipfix_dev=eth3 | ||
| - | ipfix_tcp_collectors=172.18.254.124: | ||
| - | ipfix_observation=127 | ||
| - | |||
| - | #SIP | ||
| - | ipfix_meta_tcp_collectors=172.18.254.124: | ||
| - | rlimit_fsize=32000000000 | ||
| - | </ | ||
| - | |||
| - | Further settings are made depending on which components are to be used and are described in [[en: | ||