Base SSG configuration for MIRROR scheme [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_brief:install_point_ssg:instruction_instal_mirror [2023/08/28 14:37] – ↷ Page moved from en:dpi:dpi_brief:install_point_scat:instruction_instal_mirror to en:dpi:dpi_brief:install_point_ssg:instruction_instal_mirror elena.krasnobryzhen:dpi:dpi_brief:install_point_ssg:instruction_instal_mirror [2025/05/23 14:02] (current) – ↷ Page moved from en:dpi:dpi_brief:network_preparation:install_point_ssg:instruction_instal_mirror to en:dpi:dpi_brief:install_point_ssg:instruction_instal_mirror elena.krasnobryzh
    Line 1: Line 1:
    -====== The SSG installation manual using MIRRORING installation scheme ======+====== Base SSG configuration for MIRROR scheme ======
     {{indexmenu_n>4}} {{indexmenu_n>4}}
      
    -  - Install and start the Stingray SG, please refer to the  [[en:dpi:dpi_brief:dpi_requirements|installation requirements]] +  - Prepare the server according to the [[en:dpi:dpi_brief:dpi_requirements|installation requirements]]. 
    -  - Set an [[en:dpi:dpi_components:platform:faq:first_install:ipsetincenos|IP address]] +  - Install and configure the [[en:veos:first_install:ipsetincenos|VEOS OS]] 
    -  - Apply for license and fastDPI installation to Service Desk +  - Set an [[en:veos:first_install:ipsetincenos|IP address]]. 
    -  - Once installed bothyou should edit the following settings:   +  - Apply for license installation and fastDPI to [[en:dpi:techsupport_info|Service Desk]]. 
     +  - After installing them, the following settings must be made in **''etc/dpi/fastdpi.conf''** 
      
    -Configure mirror traffic reception and response: +Suppose the SSG is connected as follows: 
    - +  * ''01-00.001-00.101-00.2'' – receive the mirror traffic 
    -The settings are changed by editing the configuration file /etc/dpi/fastdpi.conf. Let's assume that the SSG is connected as follows: +  * ''01-00.3'' – connected to a router that receives and forwards responses to subscribers and to the internet.
    -  * ''dna1dna2dna3'' – receive the mirror traffic +
    -  * ''dna0'' – connected to a router that receives and forwards responses to subscribers and to the internet.+
      
     To set the DPI in mirroring mode, you have to specify the following in the configuration: To set the DPI in mirroring mode, you have to specify the following in the configuration:
    Line 17: Line 16:
     In the configuration for the inbound ports ''in_dev'' set the ports that accept mirror traffic: In the configuration for the inbound ports ''in_dev'' set the ports that accept mirror traffic:
     <code bash> <code bash>
    -in_dev=dna1:dna2:dna3+in_dev=01-00.0:01-00.1:01-00.2
     </code> </code>
      
     In the configuration for outgoing ports ''tap_dev'' set the port to which the forwarding response is sent: In the configuration for outgoing ports ''tap_dev'' set the port to which the forwarding response is sent:
     <code bash> <code bash>
    -tap_dev=dna0+tap_dev=01-00.3
     </code> </code>
      
    Line 33: Line 32:
     <code bash> <code bash>
     emit_direction=2 emit_direction=2
    -tap_mode=+tap_mode=2
     </code> </code>
      
    Line 56: Line 55:
      
     ===== Implementation scheme and description of operation ===== ===== Implementation scheme and description of operation =====
    -{{ :en:dpi:install_point_scat:mirror_en.png?nolink&900 |}}+{{ en:dpi:dpi_brief:install_point_ssg:mirror_en.png?nolink&900 |}}
      
    -<note important>When a request for a restricted resource is detected, the SSG sends an HTTP redirect to a placeholder page to the subscriber (IP1). A TCP RST packet is sent to the restricted resource (IP2) to drop the connection. Blocking (HTTPS) and redirecting (HTTP) occurs because the SSG responds to the request from IP1 faster than IP2.</note>+<note important>When a request for a restricted resource is detected, the SSG sends an HTTP redirect to a placeholder page to the subscriber (IP1).\\ A TCP RST packet is sent to the restricted resource (IP2) to drop the connection. Blocking (HTTPS) and redirecting (HTTP) occurs because the SSG responds to the request from IP1 faster than IP2.</note>
      
     ===== Header of the IP response packet ===== ===== Header of the IP response packet =====
    Line 67: Line 66:
      
     ===== Router configuration example ===== ===== Router configuration example =====
    -Configuration example: +The port on the router where the reply link from the SSG is included should be configured as a normal L3 port. The task is to receive a packet from the SSG and forward it to the subscriber based on the common routing tables.
    -The port on the router where the response link from the SSG is connected should be configured as a regular L3 port. The task is to receive a packet from the SSG andbased on the common routing tables, forward it to the subscriber.+
      
    -''Eth1'' is connected to the Juniper MX side+Configuration example: 
     +''eth1'' is connected to the Juniper MX side
      
     <code bash> <code bash>
    Line 84: Line 83:
     ===== Statistics collection ===== ===== Statistics collection =====
     <code bash> <code bash>
    -http_parse_reply=1 +#FullNetflow/IPFIX
    - +
     netflow=8 netflow=8
     netflow_full_collector_type=2 netflow_full_collector_type=2
    Line 94: Line 92:
     netflow_passive_timeout=40 netflow_passive_timeout=40
     netflow_active_timeout=120 netflow_active_timeout=120
    -  + 
    -#URL upload+#ClickStream/IPFIX
     ipfix_dev=eth3 ipfix_dev=eth3
     ipfix_tcp_collectors=172.18.254.124:1501 ipfix_tcp_collectors=172.18.254.124:1501
    -ipfix_observation=127 +
    - +
     #SIP #SIP
     ipfix_meta_tcp_collectors=172.18.254.124:1511 ipfix_meta_tcp_collectors=172.18.254.124:1511
    Line 105: Line 102:
     </code> </code>
      
    -Further settings are made depending on which components are to be used and are described in [[en:dpi:dpi_components:start|section 3]].+Further settings are made depending on which components are to be used. The settings are described in the [[en:dpi:dpi_components|]] section.