Changelog of SSG BETA-version [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_components:platform:dpi_admin:testversion_install [2025/08/18 07:13] – [Changes in version 14.0 BETA4.4] elena.krasnobryzhen:dpi:dpi_components:platform:dpi_admin:testversion_install [2025/09/09 15:33] (current) elena.krasnobryzh
    Line 6: Line 6:
       - [BRAS] Support for L2TP termination   - [BRAS] Support for L2TP termination
       - [BRAS] Support for DHCP-Dual   - [BRAS] Support for DHCP-Dual
    -  - [DPI]  Migration to DPDK 24.11, support for new NICs (Intel E830 200G, Intel E630, Napatech SmartNIC) +  - [DPI]  Migration to DPDK 24.11, support for new NICs (Intel E830 200G, Intel E610, Napatech SmartNIC). [[en:dpi:dpi_brief:dpi_requirements|Description]] 
    -  - [CLI] Added support for ''subs_id'' in commands: ''dhcp show'', ''dhcp reauth'', ''dhcp6 show'', ''dhcp6 reauth'', and ''dhcp disconnect''+  - [CLI] Added support for ''subs_id'' in commands: ''dhcp show'', ''dhcp reauth'', ''dhcp6 show'', ''dhcp6 reauth'', and ''dhcp disconnect''. [[en:dpi:bras_bng:cli:dhcp|Description]]
      
     ====Changes in version 14.0 BETA2==== ====Changes in version 14.0 BETA2====
    Line 15: Line 15:
       - [DPI] Fixed smartdrop behavior   - [DPI] Fixed smartdrop behavior
       - [DPI] Added validation for complex protocols. [[en:dpi:dpi_options:protocols]]   - [DPI] Added validation for complex protocols. [[en:dpi:dpi_options:protocols]]
    -  - [DPDK] Increased the maximum number of dispatchers to 32+  - [DPDK] Increased the maximum number of dispatchers to 32. [[en:dpi:dpi_components:platform:dpi_config|Description]]
       - [IPFIX/Netflow] Added the ability to change IPFIX/Netflow parameters without restarting fastDPI. A new config parameter ''ipfix_reserved'' has been added to reserve memory for enabling/changing IPFIX/Netflow parameters. If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled and parameters/new exporter types can be changed without restarting fastDPI.   - [IPFIX/Netflow] Added the ability to change IPFIX/Netflow parameters without restarting fastDPI. A new config parameter ''ipfix_reserved'' has been added to reserve memory for enabling/changing IPFIX/Netflow parameters. If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled and parameters/new exporter types can be changed without restarting fastDPI.
    -  - [FastRadius] It is now possible to set both ''bind_ipv6_address'' and ''bind_ipv6_subnet''. If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the ''bind_ipv6_subnet'' restriction.+  - [FastRadius] It is now possible to set both ''bind_ipv6_address'' and ''bind_ipv6_subnet''. If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the ''bind_ipv6_subnet'' restriction. [[en:dpi:dpi_components:radius:radius_requirements#ipv6_support|Description]]
       - CLI command ''dev info'' now includes the name of the LAG that the port belongs to   - CLI command ''dev info'' now includes the name of the LAG that the port belongs to
    -  - [PCRF][PPP][Framed-pool] Added: DHCP option ''Client-Id'' now includes ''tunnel-IP'' as part of the subscriber ID. Format of DHCP option ''Client-Id'' with fastpcrf.conf option ''dhcp_client_id=1'' is as follows: <code> +  - [PCRF][PPP][Framed-pool] Added: DHCP option ''Client-Id'' now includes ''tunnel-IP'' as part of the subscriber ID. For more details, see sections [[en:dpi:bras_bng:ip_pool:ipv4]] and [[en:dpi:bras_bng:ip_pool:ipv6]]
    -     [conntype][subs_id][tunnel_ip] +
    - +
    -     conntype = 1 (1 byte) +
    -     subs_id  - 16 bytes +
    -     tunnel_ip - 4 bytes</code> Tunnel IP is available in L2TP; for PPPoE, tunnel IP = 0.+
       - [IPFIX] Message aggregation added for IPFIX streams: FullFlow/DNS/META/NAT   - [IPFIX] Message aggregation added for IPFIX streams: FullFlow/DNS/META/NAT
       - [IPFIX] Added parameter ''ipfix_mtu_limit'' to restrict maximum message size for IPFIX UDP packets   - [IPFIX] Added parameter ''ipfix_mtu_limit'' to restrict maximum message size for IPFIX UDP packets
    Line 40: Line 35:
         hal mempool stat</code>DPDK must be built with statistics collection enabled to display mempool stats     hal mempool stat</code>DPDK must be built with statistics collection enabled to display mempool stats
       - [BRAS][DHCP] Fixed crash when parsing Framed-Pool Renew response if it contains no DHCP options   - [BRAS][DHCP] Fixed crash when parsing Framed-Pool Renew response if it contains no DHCP options
    -  - [PCRF][Acct] Fixed: Interim-Update sending is now disabled when ''Acct-Interim-Interval = 0'' is explicitly set in the RADIUS response+  - [PCRF][Acct] Fixed: Interim-Update sending is now disabled when ''Acct-Interim-Interval = 0'' is explicitly set in the RADIUS response. For more details, see sections  [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response#acct-interim-interval|Subscriber authorization attributes]], [[en:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_acc]], [[en:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_rej]]
       - [VASE_CLI] Created a unified CLI for managing DPI, BRAS, DHCP (KEA), ROUTER (BIRD) with support for authorization and command logging via TACACS (VEOS 8.x required)   - [VASE_CLI] Created a unified CLI for managing DPI, BRAS, DHCP (KEA), ROUTER (BIRD) with support for authorization and command logging via TACACS (VEOS 8.x required)
       - [SNMP] Created a module for monitoring system components via SNMP   - [SNMP] Created a module for monitoring system components via SNMP
    Line 46: Line 41:
     ====Changes in version 14.0 BETA4==== ====Changes in version 14.0 BETA4====
       - [DPI] Added DOQ 49318 protocol (DNS-over-QUIC)   - [DPI] Added DOQ 49318 protocol (DNS-over-QUIC)
    -  - [Router] Announcing subscriber white addresses for 1:1 NAT individually and after authentication +  - [Router] Announcing subscriber white addresses for 1:1 NAT individually and after authentication. [[en:dpi:opt_cgnat:сgnat_settings|Description]] 
    -  - [PCRF] Added support for service 19 "DNS spoofing", profile required. +  - [PCRF] Added support for service 19 "DNS spoofing", profile required. [[en:dpi:dpi_options:dns_substitution|Description]] 
    -  - [DPDK] Added ''dpdk_engine=6'' (''mqrx-bridge'') — number of RSS dispatchers per bridge. Total number of dispatchers = ''dpdk_rss * number of bridges''. NIC configurationRX queue count = ''dpdk_rss'', TX queue count = number of worker threads (''num_threads''). Intended for setups with many bridges (dev1:dev2:dev3:...) for 100G+ NICs, as a replacement for the cluster approach. On-stick devices are supported.+  - [DPDK] Added ''dpdk_engine=6'' (''mqrx-bridge'') — number of RSS dispatchers per bridge. [[en:dpi:dpi_components:platform:dpi_config#dpdk_engine_6rss_dispatchers_per_bridge|Description]]
       - [DPDK] Removed dedicated mempools. The fastdpi.conf option ''dpdk_emit_mempool_size'' is deprecated and no longer used.   - [DPDK] Removed dedicated mempools. The fastdpi.conf option ''dpdk_emit_mempool_size'' is deprecated and no longer used.
    -  - [VLAN-Rule] Moved vlan group data from UDR to SDR. Global rules for vlan drop/pass/hide/permit set by the previous CLI command ''vlan group'' were converted and moved from UDR to SDR, with removal from UDR.+  - [VLAN-Rule] Moved vlan group data from UDR to SDR. Global rules for vlan drop/pass/hide/permit set by the previous CLI command ''vlan group'' were converted and moved from UDR to SDR, with removal from UDR. [[en:dpi:dpi_components:platform:vlan_traffic_handling|Description]] 
     +  - Up to version 14, only one built-in database UDR (User Data Repository) is used, intended for permanent storage of data about services, policings, and other FastDPI settings.\\ Starting from Version 14, UDR is split into UDR and SDR. The split occurs automatically during version update.\\ SDR (System Data Repository) is intended for storing FastDPI settings not related to subscribers. It can be considered that SDR is an extension of fastdpi.conf. No special activation of SDR is required — the necessary .mdb files are created automatically when the corresponding mode is enabled in fastdpi.conf.
       - [VLAN] VLAN rules — added CLI commands:   - [VLAN] VLAN rules — added CLI commands:
         - ''vlan rule add'' - add new rule to SDR     - ''vlan rule add'' - add new rule to SDR
    Line 97: Line 93:
       - [CLI] Added ''stat firewall'' command   - [CLI] Added ''stat firewall'' command
      
    -====Changes in Version 14.0 BETA4.5====+====Changes in version 14.0 BETA4.5====
       - [DPI] Added BIGO_CDN protocol (49324)   - [DPI] Added BIGO_CDN protocol (49324)
       - [DPI] Added UDP support for BIGOTV   - [DPI] Added UDP support for BIGOTV
    Line 103: Line 99:
       - [BRAS][L2TP] Fixed: data race when closing sessions   - [BRAS][L2TP] Fixed: data race when closing sessions
       - [DPDK] Removed deprecated rx channels settings and related checks   - [DPDK] Removed deprecated rx channels settings and related checks
     +
     +====Changes in version 14.0 BETA4.6====
     +  - [IPFIX] Added configurable sending of drop octets/packets counters when generating IPFIX fullflow
     +  - [PCAP] Added capability to save traffic of a specified vlan using the ''ajb_save_vlan'' parameter
     +  - [DPIUTILS] Updated checknat utility
     +  - [DPIUTILS] Updated dns2dic utility with domain blocking support
     +  - [BRAS][L2TP] Fixed: data race during tunnel creation
     +  - [Router] Fixed: interception and diversion of IPv6 packets to tap interfaces. Link-local addresses were not diverted to tap, even if explicitly specified in the ''router.subnet6'' settings.
     +  - [BRAS][L2TP] Fixed: length field in L2TP header for data packets. According to RFC, the len field in L2TP header is optional for data packets. Some L2TP client implementations do not understand data packets with the len field in the L2TP header. This fix adjusts FastDPI's behavior: if data packets from the subscriber arrive without the len field, then SSG will also send data packets without this field. If data packets from the subscriber contain the len field, SSG will include it as well.
     +
     +====Changes in version 14.0 BETA4.7====
     +  - [BRAS] Fixed: sending commands from the ''pending_queue''. In some cases (e.g., during state transitions of the pcrf monitor ''initial -> connected''), sending commands from the ''pending_queue'' was not triggered, which caused commands to "hang" in the queue indefinitely (until reconnection due to a socket error).
     +
     +====Changes in version 14.0 BETA4.8====
     +  - Fixed a recently introduced error (affecting betas 4.6 and 4.7) in the session lifecycle that leads to resource exhaustion over time; an operational update from these versions (or rollback) is recommended.
     +
     ====Update instructions==== ====Update instructions====
     You can check the current installed version with the command below You can check the current installed version with the command below