| Both sides previous revisionPrevious revision | |
| en:dpi:dpi_brief:network_preparation:install_point_ssg:ssg_cluster [2025/02/14 11:36] – [Management] elena.krasnobryzh | en:dpi:dpi_brief:network_preparation:install_point_ssg:ssg_cluster [2025/02/14 11:37] (current) – elena.krasnobryzh |
|---|
| |
| ==== DPI Node ==== | ==== DPI Node ==== |
| The primary system component is DPI—deep packet inspection equipment. DPI is software running on general-purpose X86_64 servers supporting network cards based on Mellanox/Intel chipsets. In a typical cluster: Servers are equipped with 6x 2-port optical network cards with 10/25GE interfaces, of which 8 ports are used for traffic processing, 2 ports for sending IPFIX to the QoE server, and 2 ports are reserved. | The primary system component is DPI — deep packet inspection equipment. DPI is software running on general-purpose X86_64 servers supporting network cards based on Mellanox/Intel chipsets. In a typical cluster: Servers are equipped with 6x 2-port optical network cards with 10/25GE interfaces, of which 8 ports are used for traffic processing, 2 ports for sending IPFIX to the QoE server, and 2 ports are reserved. |
| |
| The DPI device is fully transparent at Layer 2. When installed "inline," the client-side ports are called IN (input), and the WAN-side ports are called OUT (output). Port pairs form bridges. Proper port orientation is crucial for correct traffic detection and control functions. Each DPI node can operate independently or be connected to a cluster. | The DPI device is fully transparent at Layer 2. When installed "inline," the client-side ports are called IN (input), and the WAN-side ports are called OUT (output). Port pairs form bridges. Proper port orientation is crucial for correct traffic detection and control functions. Each DPI node can operate independently or be connected to a cluster. |
| |
| ===== Management ===== | ===== Management ===== |
| The complex is managed via a web-based management subsystem [[en:dpi:dpi_components:dpiui:install_and_update|DPIUI2]] — FilterUI. FilterUI manages subscriber profiles and services or downstream ISPs (including BGP signaling), traffic processing policies, including policing, filtering rules—blacklists and whitelists, custom protocols, report generation, etc. Standardized interfaces/APIs are available for integration with third-party systems. SSG DPI implements the 3GPP paradigm, and as an additional option, it supports profile and subscriber service management via an embedded PCRF module with RADIUS, Gx/Gy DIAMETER protocol support. | The complex is managed via a web-based management subsystem [[en:dpi:dpi_components:dpiui:install_and_update|DPIUI2]] — FilterUI. FilterUI manages subscriber profiles and services or downstream ISPs (including BGP signaling), traffic processing policies, including policing, filtering rules — blacklists and whitelists, custom protocols, report generation, etc. Standardized interfaces/APIs are available for integration with third-party systems. SSG DPI implements the 3GPP paradigm, and as an additional option, it supports profile and subscriber service management via an embedded PCRF module with RADIUS, Gx/Gy DIAMETER protocol support. |
| |
| To switch from DPIUI2 to FilterUI, the appropriate role must be configured. | To switch from DPIUI2 to FilterUI, the appropriate role must be configured. |
| |
| ===== Scalability ===== | ===== Scalability ===== |
| A key feature of the system is its simple scalability—throughput increases linearly by adding more DPI devices and balancers. | A key feature of the system is its simple scalability — throughput increases linearly by adding more DPI devices and balancers. |
| |
| **2xNPB up to 2Tbps:**\\ | **2xNPB up to 2Tbps:**\\ |
