Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_brief:network_preparation:install_point_ssg:ssg_cluster [2024/12/12 07:38] – ↷ Страница перемещена из en:dpi:dpi_brief:install_point_ssg:ssg_cluster в en:dpi:dpi_brief:network_preparation:install_point_ssg:ssg_cluster elena.krasnobryzh
+++ en:dpi:dpi_brief:network_preparation:install_point_ssg:ssg_cluster [2025/02/14 11:37] (current) – elena.krasnobryzh
@@ Line 1: / Line 1: @@
 {{indexmenu_n>5}}
-====== Scheme of SSG DPI Cluster ======
+======SSG DPI Cluster Organization Scheme======
-The complex is a high-performance, scalable cluster designed for real-time analysis and management of network traffic at OSI model levels L2-L7. It consists of the following elements:
+The complex is a high-performance, scalable cluster. It is designed for real-time analysis and management of network traffic at L2-L7 levels of the OSI network model and consists of the following elements:
-  - External optical bypass (Bypass Switch) with replaceable optical modules supporting SM (1310nm) or MM (850nm) line connections
+  - External optical bypass (Bypass Switch) with replaceable optical modules providing connection of SM (1310nm) or MM (850nm) lines
-  - Network Packet Broker (NPB) traffic aggregator (load balancer)
+  - Traffic aggregator (load balancer) Network Packet Broker (NPB)
   - SSG DPI server cluster
-  - Virtualization cluster for deploying the Network Management System (NMS) with a graphical interface (DPIUI2). It also includes FTP servers, Syslog for collecting logs from system components, an HTTP server for centralized download of web lists and a Zabbix monitoring system
+  - Virtualization cluster for deploying the Network Management System (NMS) with a graphical interface (DPIUI2). It also includes FTP and Syslog servers for log collection from system components, an HTTP web server for centralized blacklists loading, and a monitoring system (Zabbix).
-  - Data storage complex (QoE Stor) for generating statistical and analytical reports, ensuring long-term storage of aggregated information
+  - Data storage complex (QoE Stor) for building statistical and analytical reports, ensuring long-term storage of aggregated information
-  - Set of necessary cables for interconnection, QSFP28 and SFP+ modules
+  - A set of necessary cables for communication and QSFP28/QSFP/SFP28/SFP+ modules
-  - Fault-tolerant switches for integrating solution components and management
+  - Fault-tolerant switches for connecting solution components and management
-The complex is designed for in-line installation and supports the following types of Ethernet interfaces:
+The complex is designed for inline installation and supports the following Ethernet interface types:
   * 10G-BASE SR/LR
   * 25G-BASE SR/LR
   * 40G-BASE SR4/LR4
   * 100G-BASE SR4/L4
 Supported encapsulations: MPLS, IPinIP, VLAN, QinQ, GRE.
-The operator's links are connected "in-line" to the traffic balancing devices through an optical bypass, ensuring network protection in case of hardware component failure or software malfunction. The traffic balancer distributes flows among the nodes, ensuring symmetric session-aware load balancing (L3/L4). The entire complex functions as a transparent L2 device and generally does not require additional configuration from the operator or changes to the network's logical topology. If there is asymmetric traffic (outgoing traffic passes through one site/DPI cluster, and incoming traffic passes through another site), it is necessary to send a copy of only OUTGOING traffic from one site to another. Thus, ALL outgoing traffic gets into DPI clusters at different sites and traffic asymmetry is eliminated. Note that outgoing traffic is 10% of incoming traffic, so mirroring between sites does not require wide channels, and the load on the DPI cluster does not increase.
-The cluster provides redundancy based on the N+X principle by adding additional DPI nodes. In case of failure of one or more DPI nodes, depending on the built-in redundancy, traffic will be rebalanced. The balancer will disable the faulty node and redirect traffic to the remaining DPI nodes. If a larger number of devices fail or the balancer fails, the system will switch to bypass mode (configurable behavior). Each DPI node generates heartbeat messages to the balancing devices, which, in turn, directly manage the bypass switches that monitor signal status in the line, power status, and software status, thus ensuring the operability of the DPI cluster and balancers as a whole.
+**1xNPB up to 1Tbps:**\\
-xNPB:\\
 {{:dpi:dpi_brief:install_point_ssg:ssg_cluster:1xnpb.png?direct&700|}}
-xNPB:\\
+===== Traffic Flow =====
-{{:dpi:dpi_brief:install_point_ssg:ssg_cluster:2xnpb.png?direct&700|}}
+Telecom operator links are connected "inline" to traffic balancing devices via an optical bypass, ensuring network protection in case of hardware failures or software crashes. The traffic balancer distributes flows (sessions) among nodes, ensuring symmetric session-aware load balancing at L3/L4 levels. The entire complex operates as a transparent L2 device and generally does not require additional configurations from the telecom operator or changes in the logical network topology.
-xNPB:\\
+==== Asymmetric Traffic Processing ====
+If asymmetric traffic is present (outgoing traffic passes through one SSG DPI site/cluster while incoming traffic goes through another), a copy of only the OUTGOING traffic from one site must be sent to the other. This ensures that ALL outgoing traffic reaches the SSG DPI clusters at different sites, eliminating traffic asymmetry. The traffic copy is transmitted via direct links between NPBs to minimize latency. The copied traffic is delivered to all DPI devices with load balancing in mind. DPI accounts for this traffic when detecting signatures but does not include it in statistical reporting. After processing, the copied traffic is discarded. This method improves recognition accuracy for asymmetric traffic. Note that outgoing traffic constitutes only 10% of incoming traffic, so mirroring between sites does not require high-bandwidth channels and does not increase the DPI cluster load.
+==== DPI Node ====
+The primary system component is DPI — deep packet inspection equipment. DPI is software running on general-purpose X86_64 servers supporting network cards based on Mellanox/Intel chipsets. In a typical cluster: Servers are equipped with 6x 2-port optical network cards with 10/25GE interfaces, of which 8 ports are used for traffic processing, 2 ports for sending IPFIX to the QoE server, and 2 ports are reserved.
+The DPI device is fully transparent at Layer 2. When installed "inline," the client-side ports are called IN (input), and the WAN-side ports are called OUT (output). Port pairs form bridges. Proper port orientation is crucial for correct traffic detection and control functions. Each DPI node can operate independently or be connected to a cluster.
+Two types of traffic processing ports are defined:
+  * IN - ports facing local ISPs or subscribers (LAN)
+  * OUT - ports facing upstream providers (WAN)
+Typical server configuration: AMD EPYC 64-core processor, 512GB RAM, HW RAID controller, 2x SSD disks, 1-2x NVME SSD, 6x NIC 2x25GbE, 2x PSU.
+DPI performance also depends on the PPS parameter and the overall traffic profile. [[en:dpi:dpi_brief:dpi_requirements|Performance parameters are described in detail in this article]].
+For proper DPI operation, it must receive both forward and reverse subscriber traffic (full bidirectional sessions); otherwise, some functions, including application protocol detection, may not work or function incorrectly. Therefore, it is crucial to ensure that bidirectional subscriber session traffic passes through a single DPI device. Traffic symmetry through DPI is maintained by mirroring outgoing traffic from one site to another and balancing on NPB.
+===== Management =====
+The complex is managed via a web-based management subsystem [[en:dpi:dpi_components:dpiui:install_and_update|DPIUI2]] — FilterUI. FilterUI manages subscriber profiles and services or downstream ISPs (including BGP signaling), traffic processing policies, including policing, filtering rules — blacklists and whitelists, custom protocols, report generation, etc. Standardized interfaces/APIs are available for integration with third-party systems. SSG DPI implements the 3GPP paradigm, and as an additional option, it supports profile and subscriber service management via an embedded PCRF module with RADIUS, Gx/Gy DIAMETER protocol support.
+To switch from DPIUI2 to FilterUI, the appropriate role must be configured.
+{{ :dpi:dpi_brief:network_preparation:install_point_ssg:filterui.png?nolink&800 |}}
+A dedicated web server is used for centralized Global Lists loading onto DPI. FilterUI exports lists to this server in a prepared format for DPI. Each DPI downloads these lists and applies them according to rules. Additionally, FilterUI exports unique rules for each DPI. If necessary, these lists are merged and applied to a channel or subscriber.
+==== Statistics Storage ====
+The package includes a data storage system and a report builder, allowing the creation of arbitrary (custom) reports. The report builder provides statistics on users, ISPs, IP addresses, subnets, autonomous systems, network protocols, application protocols, and their combinations, ensuring full network transparency for the customer and support for [[en:dpi:qoe|Quality of Experience]]. The system allows storing both raw IPFIX data and aggregated data.
+===== Redundancy =====
+The cluster ensures redundancy based on the N+X principle by adding extra DPI nodes. If one or more DPI nodes fail, traffic is rebalanced based on the configured resilience level. The balancer excludes the faulty node and redirects traffic to the remaining DPI nodes. If multiple devices or the balancer fail, the system switches to bypass mode (configurable behavior). Each DPI node generates heartbeat messages towards balancing devices, which, in turn, control the bypass switches that monitor signal state in the line, power status, and software operability, ensuring the overall functionality of the DPI cluster and balancers.
+===== Scalability =====
+A key feature of the system is its simple scalability — throughput increases linearly by adding more DPI devices and balancers.
+**2xNPB up to 2Tbps:**\\
+{{:dpi:dpi_brief:install_point_ssg:2xnpb.jpg?direct&700|}}
+**3xNPB up to 3Tbps:**\\
 {{:dpi:dpi_brief:install_point_ssg:ssg_cluster:3xnpb.png?direct&900|}}
-xNPB:\\
+**4xNPB up to 4Tbps:**\\
 {{:dpi:dpi_brief:install_point_ssg:ssg_cluster:4xnpb.png?direct&900|}}
-A key feature of the system is its simple scalability—through the linear addition of DPI devices and balancers, the system’s throughput can be increased.
-The complex is managed through a web-based DPIUI2 management subsystem. DPIUI2 provides management of subscriber or downstream operator profiles and services (including BGP signaling), traffic handling policies, including policing, filtering rules—black and white lists, custom protocols, report generation, etc. Standardized interfaces/APIs are available for integration with third-party systems. SSG DPI implements the 3GPP paradigm; additionally, profile and subscriber service management can be integrated via an embedded PCRF module supporting the RADIUS protocol and Gx DIAMETER interface as a separate technical solution.
-The package includes a data storage system and a report constructor that allows building custom reports. The report constructor is designed to obtain statistics on users, operators, IP addresses, subnets, autonomous systems, network protocols, applications, and their combinations, providing the customer with full network transparency and support for Quality of Experience. The system allows storing both raw IPFIX data and aggregated data.

Profile

Settings

Differences