Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_components:platform:dpi_admin:testversion_install:start [2024/03/14 14:12] – elena.krasnobryzh
+++ en:dpi:dpi_components:platform:dpi_admin:testversion_install:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Test version installation ======
-{{indexmenu_n>3}}
-====Changes in version 13.0 BETA1====
-  - [LAG] LACP support. [[en:dpi:dpi_components:platform:dpi_inst_spec:dpi_onstick:start|Description]]
-  - Only the basic devices for On-Stick must be specified in the LAG description. Mixing On-Stick and conventional devices in one LAG is not allowed. [[en:dpi:dpi_components:platform:dpi_inst_spec:dpi_onstick:start|Description]]
-  - [LAG] Apply balancing to outgoing traffic LAG. [[en:dpi:dpi_components:platform:dpi_inst_spec:dpi_onstick:start|Description]]\\ The type of balancing algorithm to be applied is specified by the ''lag.balance_algo'' parameter. Valid values:
-    * ''0'' — balancing by internal ''session_id'' (this is the default balancing). The ''session_id'' is taken as a hash
-    * ''1'' — without balancing - the packet will be sent to the paired bridge port
-    * ''2'' — hash from ''flow key <srcIP, dstIP, srcPort, dstPort, proto>''. If there is no flow, we balance by ''session_id''.\\ \\ Additional hash configuration parameters in the ''lag'' section: ''hash_seed'', ''hash_offset'', ''hash_bits''\\ How many significant bits we take from a 64-bit hash during balancing. The balancing algorithm in the general case looks like this:
-    * calculate a 64-bit hash of some fields of the packet and ''hash_seed'';
-    * we take ''hash_bits'' bits from the 64-bit hash starting from ''hash_offset'' bit;
-    * use the resulting number N to determine the port number in the LAG: ''port := N mod LAG_active_port_count'', i.e.<code bash>port := ((hash(packet, hash_seed) >> hash_offset) & (2^hash_bits - 1)) mod LAG_active_port_count</code>Example:<code bash>
-//       +------------------------------------------------+
-// hash: |                                XXXXXXXXXX------|
-//       +------------------------------------------------+
-//                                        ^         ^
-//                                        |         hash_offset = 6
-//                                        hash_bits = 10
-hash_seed=0
-hash_offset=0
-hash_bits=64</code>
-  - [LAG] Added traffic balancing tracing. [[en:dpi:dpi_components:platform:dpi_inst_spec:dpi_onstick:start|Description]]
-  - [DPDK] Transition to DPDK 23.11
-  - Modified: for QUIC and QUIC_IETF: if no SNI is detected, check by AS
-  - Modified: when analyzing STUN check AS from Facebook — define VASE_DPI_PROTO_FACEBOOK_VIDEO, not WHATSAPP_VOICE
-  - [DPDK][rss-engine] Setting RSS hash flags for UDP and TCP
-  - Modified: openvpn protocol definition
-  - [BRAS][DHCP] Added: accounting of DHCP packets from subscriber in billing statistics: subscriber CPE (i.e. Wi-Fi router) without clients (e.g. at night) — sends only license renewal requests. Since these requests were intercepted by BRAS and were not included in the accounting, the session was terminated by idle timeout
-  - [BRAS][DHCP] Corrected: actions when QinQ/VLAN is changed for a subscriber
-  - [DHCP] Fixed: ''framed-pool renew''\\ In some cases incorrect DHCP responses were generated. Added tracing to DHCP packets log for ''framed-pool renew''.
-  - [DHCPv6] Fixed: receiving packets from the relay. Previously it was checked that the relay was on the fc::/7 network. Now this check is unnecessary and has been removed - the relay can have any address.
-  - [PPPoE] Fixed: DHCPv6 options parsing from Radius
-  - Fixed: SIGHUP processing only if fastDPI is fully initialized. A crash is possible if a SIGHUP is received during the fastDPI startup process
-  - [AJB][PCAP] Trace/debug packet recording moved to new API
-  - Added: wechat protocol support for UDP
-====Changes in version 13.0 BETA2====
-  - [DPI] Support for additional markup of autonomous systems ''mark1'', ''mark2'', ''mark3''. [[en:dpi:dpi_options:opt_priority:priority_config_as:start|Description]]<code bash>
-vi test.txt
-mark1
-cat test.txt|as2dscp /etc/dpi/asnum.dscp
-</code>
-  - [DPI] Prioritize SNI detection in custom signatures for autonomous systems marked as ''mark1''. [[en:dpi:dpi_options:opt_priority:priority_config_as:start|Description]]
-  - [DPI] Prioritize more specific custom SNI signatures. Example: for host ''a.b.c.d'', if the signatures ''*.d'', ''*.c.d'' and ''*.b.c.d'' are present, the protocol defined by the signature ''*.b.c.d'' :!: works only for signatures with ''*''. [[en:dpi:dpi_components:dpiui:user_guide:vas_cloud_services:custom_protocols:start#protocols|Description]]
-  - [DPI] Support for hard locks (despite hostname/SNI) - set in an additional field in the address blacklist, example: ''1.1.1.1.1 443 hard''.
-  - Improved detection of YOUTUBE, SIGNAL
-  - Added the DPITUNNEL protocol, which includes traffic anomalies commonly used for DPI traversal
-  - Updating dpiutils
-====Changes in version 13.0 BETA3====
-  - [DPI] New protocols VK_CDN_VIDEO, META_CHAT
-  - [DPI] FACEBOOK_VIDEO, META_CALLS protocol signatures improvement
-  - Updating dpiutils
-====Changes in version 13.0 BETA4====
-  - [DPI] Fixed protocol name VK_CDN_VIDEO
-  - [DPI] Fixed: SNI decoding in QUIC IETF and possibility of crusting in exceptional cases
-  - [DPI] Fixed: clearing search structures when deleting CUSTOM protocols
-  - [utils] Added ability to add comments (#) and blank lines in input files for lst2dscp, lst2tbf utilities
-====Changes in version 13.0 BETA5====
-  - [DPI] Added protocols QUIC_UNKNOWN - QUIC without SNI and QUIC_UNKNOWN_MARKED - QUIC without SNI and AS labeled MARK2. [[en:dpi:dpi_options:opt_priority:priority_config_as:start|Description]]
-  - [DPI] Fixed: stun characterization for TCP
-  - [DPI] Modified: if the stun packet viewing limit is reached - set this protocol with AS in mind
-  - [DPIutils] Updated utilities to support new protocols
-  - [Router] Mempool allocation for emit packets: we do not allow full exhaustion of the pool, there should be at least 256 free elements in the pool
-  - [Router] The error of route deletion ''errno=3'' (No record found) has been moved to TRACE to avoid clogging the log
-  - Added L2 traffic balancer mode. This enhancement allows to use SCAT as a traffic balancer based on IP addresses owned by AS and defined as ''local'' in ''asnum.dscp''. DPI functionality does not work in this mode. The ''maglev'' algorithm with fixed hash table size is used for traffic balancing: the output interface definition according to the following algorithm:\\ 1 — if src and dst ip are both local, hash is calculated based on these two addresses;\\ 2 — If only src ip local, then hash is calculated based on src ip;\\ 3 — If only dst ip local, hash is calculated based on dst ip;\\ 4 — hash is calculated based on src and dst ip.\\ Based on the calculated hash value, the output interface is determined by determining the index of the hash table cell containing the interface index from the array of output interfaces. The value from the array of output interfaces is substituted into the current context and ''pcs_accept'' is returned.\\ \\ The following settings are required for correct operation:
-    * Definition of an autonomous system with IP addresses that are used by subscribers. [[en:dpi:dpi_options:opt_statistics:statistics_asn:start|Description]]
-    * Marking a given autonomous system as local. [[en:dpi:dpi_options:opt_priority:priority_config_as:start|Description]]
-    * Define input and output interfaces in the configuration file. Input interfaces are defined in the in_dev parameter, and output interfaces in out_dev. Interfaces do not form pairs and constructions of the following kind are allowed:<code bash>in_dev=05-00.0:05-00.1:05-00.2:05-00.3:0b-00.0:0b-00.1:0b-00.2:0b-00.3
-out_dev=08-00.0:08-00.1:08-00.2:08-00.3</code> Or <code bash>in_dev=05-00.0
-out_dev=out_dev=08-00.0:08-00.1:08-00.2:08-00.3</code>
-    * Enable SORM balancing mode: ''enable_l2_lb=true''\\ \\ Input parameters:\\ ''enable_l2_lb=false|true'' - enable traffic balancer for SORM\\ ''lb_hash_out_dev_type = 0|1'' - by which value to initialize hash table:\\ 0 — use the internal index of the output interface\\ 1 — use the interface name from [in|out]_dev\\ \\ The following types can be used as ''dpdk_engine'': 0 (default), 1, and 2.
-====Changes in version 13.0 BETA6====
-  - [DPI] Improvements in QUIC_UNKNOWN, QUIC_UNKNOWN_MARKED, SIGNAL, DpiTunnel protocols
-  - [DPI] SNI/HOST embedded protocol definitions are cloud-based, SNI/IP prioritization is supported
-  - [Router] Fixed the order of router components termination
-  - [LAG] Increase max number of ports in LAG
-  - [SDS] The ''storage_tag'' value is set based on directional priority or protocol priority
-  - [CLI] The ''subs prop show active'' command has been added. The command outputs a dump of L2 properties of all active (non-expired) subscribers.
-  - [CLI] Fixed: Prohibit calling CLI commands while stopped
-  - [Router] Fixed: system error when clearing route tables. Cleaning of route tables (deleting all entries added by SCAT) is done at stop and start of fastDPI. During cleaning process EBUSY error may occur, which is fatal for netlink socket, socket should be closed.
-====Changes in version 13.0 BETA7====
-  - [DPI] Changed: SNI comparison is case-insensitive
-====Changes in version 13.0 BETA8====
-  - [DPI] LANTERN_WEAK protocol signature added
-  - [DPI] Improved IMAP protocol recognition
-  - [DPI] Corrects LPM when selecting channel by IP/CIDR
-  - [PPPoE] Fixed: idle-timeout for session. For PPPoE sessions idle timeout should be taken from the ''bras_ppp_idle_timeout'' setting if not explicitly set in the authorization response (Idle-Timeout attribute).
-  - [Router] Fixed: TAP link down in LAG. If a port enters a lag, TAP this port to Link down state only when ALL LAG ports are down.
-  - Added priority redirection with DSCP translation<code>
-in /etc/dpi/fastdpi.conf
-incompatible set_packet_priority (set_packet_priority is prioritized)
-forward_packet_priority=число
-число=bit mask
-which way
-conversion is applied for outgoing traffic (subs->inet)
-conversion is applied to outgoing traffic (inet->subs).
-between what and what
-vlan<->ip conversion
-ip<->ip conversion
-If no conversion file is specified (no /etc/dpi/dscpfrw.bin file),
-then vlan<->ip conversion is performed without conversion, that is the priority that was in the header (3 bits),
-is transferred as it is to another header (ip or vlan).
-If a file with conversion is specified, then the conversion of priority is performed according to the rules specified in it.2
-Specifying a priority conversion file:
-vi test.txt
-in cs0 cs1
-in cs1 cs2
-in cs2 keep
-in default cs3
-out default keep
-out 0x1 0x2
-out 0x2 0x3
-out cs0 0x3F
-cat test.txt|forw2dscp test.bin
-cp test.bin /etc/dpi/dscpfrw.bin</code>
-  - [PCRF] Fixed: Adding unnecessary option 61 (Client-Id) to fastDPI response when distributing address from Framed-Pool
-  - [PCRF] Fixed: Logging of DHCP server IP addresses
-  - [PCRF] Fixed: Enabling services with profiles. The `VasExperts-Service-Profile` attribute (service profile name, implicitly enables the service) has higher priority than `VasExperts-Enable-Service` (enabling/disabling a service without specifying a profile).
-  - Added: to DNS text file record format - format vchnl - virtual channel number.
-  - Added: in the IPFIX data transfer template for DNS channel number
-  - Fixed: LACP interception in on-stick mode
-====Changes in version 13.0 BETA9====
-  - [CLI] Added ''ping inet'' command on behalf of subscribers through the entire BRAS/NAT/ROUTER processing chain. Description ''fdpi_cli ping inet ?''
-  - Fixed: crash on DNS trace
-====Changes in version 13.0 BETA10====
-  - [fastRadius] Added ability to work with standard linux interfaces using ''libpcap''
-  - Improved VIBER_VSTREAMS protocol definition
-  - [Router] Fixed: control of selfgen mempool exhaustion
-  - [Router] Optimization of data readout from TAP
-  - [ctl] Fixed: fastDPI does not accept or process any ctl requests during fastDPI stop process
-  - Added ''checknat'' utility to check the distribution of white addresses
-====Changes in version 13.0 BETA11====
-  - [DPI] SSTP protocol added (49296)
-  - [L3 BRAS] Fixed: call to deanonce subscriber's IP address when acct idle. A new flag has been added to the router option ''router_subs_announce'': ''0x10000'' - de-announce L3 subscriber when acct idle occurs (acct session closure by idle timeout)
-  - [PCRF] Added support for setting service profile 18 during authorization. The inclusion of service 18 in the Access-Accept Radius response is specified in the usual way for a service with a mandatory profile (here ''serv18'' is the profile name):<code bash>VasExperts-Service-Profile = "18:serv18"</code>
-  - [CLI] A search by ''MAC'' and ''subs_id'' has been added to the ''subs prop show'' command. A search result for ''MAC'' or ''subs_id'' can be multi-valued - several different entries for the same ''MAC''/''subs_id''. The result of the ''subs prop show active'' command has been changed, which may be critical when parsing the json wiggle of the command.
-  - [Router] Fixed LAG+On-stick: put TAP in link down state. TAP is set to link down only when all ports in LAG are in down state. If there is at least one port in Up state - TAP should be in Link Up state.
-  - [DPDK][CLI] Fixed: setting link up/down flag for ports that do not support link up/down interrupts (e.g. af_packet)
-  - [Router] Corrected: Traffic diversion in router for on-stick device in LAG. When forming VRF topology, it was not taken into account that the LAG includes the base (physical) device, and the on-stick (virtual) device is specified in the router description.
-====Update instructions====
-You can check the current installed version with the command below
-<code bash>
-yum info fastdpi
-</code>
-If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:
-<code bash>
-sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo
-</code>
-and then update as usual.
-To install the test version, you should issue the following command:
-<code bash>
-yum --enablerepo vasexperts-beta update fastdpi
-</code>
-Downgrade to 12.3:
-<code bash>
-yum downgrade fastdpi-12.3 fastpcrf-12.3
-</code>
-<note important>After an update or version change, a restart of the service is required.</note>