Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_statistics:statistics_asn [2020/02/05 17:30] – ↷ Page moved from en:dpi:dpi_options:base_functionality:opt_statistics:statistics_asn to en:dpi:dpi_options:opt_statistics:statistics_asn lexx26
+++ en:dpi:dpi_options:opt_statistics:statistics_asn [2024/09/26 15:29] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Configuring autonomous systems ======
+{{indexmenu_n>4}}
+During software updates for SSG, an up-to-date correspondence list between AS numbers (autonomous systems) and IP addresses is downloaded from the RIR (Regional Internet Registry).
+The global correspondence list for IPv4 is located in the file ''/etc/dpi/asnum.bin'', and for IPv6 — in the file ''/etc/dpi/asnum6.bin''.
+<note warning>Do not modify these files to avoid disrupting the update mechanism.</note>
+Updating the AS list for IPv4 is possible dynamically during ''reload'' from the cloud. To enable this, add the parameter ''asnum_source=1''. \\
+Values:
+  * 0 (default) — cloud update is disabled;
+  * 1 — main list;
+  * 2, 3, etc. — reserved.
+During the system's operation, there may sometimes be a need to make adjustments to this list to improve NetFlow reports and for use in other services.
+The list of changes is prepared in text format. Each record is placed in a new line:
+<code>
+CIDR AS_number
+CIDR AS_number
+...
+</code>
+Here CIDR specifies the IP addresses range that belongs to the specified system.
+<note important>In order to check whether the IP belongs to autonomous system the DPI uses classical DIR24 algorithm with limited number of /24 networks that can be splited into smaller subnets (/25..../32). There can be no more than 8192 such subnets.</note>
+This file is converted into the internal format by **as2bin** utility. It is placed to **/etc/dpi/aslocal.bin.** DPI picks up the changes from the latest file. The IP addresses' ranges are added to the global list. In case some changes overlap with the global list, the local ranges override existing ones.
+<code>
+cat aslocal.txt|as2bin /etc/dpi/aslocal.bin
+service fastdpi reload
+</code>
+Loading the modifications does not require DPI restart (only reload).
+<note important>In case of crossing the global list by IP the local settings will replace the existing entries in it.</note>
+===== Examples for IPv4 =====
+To add local addresses to the operator's autonomous system in order to improve NetFlow reports:
+<code>
+vi aslocal.txt
+.0.0.0/8 64511
+.16.0.0/12 64511
+.168.0.0/16 64511
+cat aslocal.txt|as2bin /etc/dpi/aslocal.bin
+service fastdpi reload
+</code>
+Here 64511 is the operator's autonomous system number.
+To apply specific policies to operator's addresses 10.0.0.1 and 10.0.0.2:
+<code>
+vi aslocal.txt
+.0.0.1/32 64512
+.0.0.2/32 64512
+cat aslocal.txt|as2bin /etc/dpi/aslocal.bin
+service fastdpi reload
+</code>
+In order to avoid overlap of the new autonomous systems' numbers with existing ones, we advise to use the reserved numbers for new systems:
+<code>
+..64511 are reserved for use in documentation and examples
+..65534 are reserved for private purposes
+</code>
+===== Examples for Ipv6 =====
+There is no analog to aslocal.bin for IPv6, as there is no way to merge these structures like in IPv4 case. It is necessary to add subnets to the general list:
+  - convert to text <code>bin2as /etc/dpi/asnum6.bin > list.txt</code>
+  - add your subnets to text of list.txt
+  - merge back <code>cat list.txt | as2bin6 /etc/dpi/asnum6.bin</code>
+<note important>To apply changes in the file ''asnum6.bin'' it is required to restart the service!</note>

Profile

Settings

Differences