Network Interaction [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    en:dpi:faq:fastdpi:net_points:start [2024/07/29 15:13] elena.krasnobryzhen:dpi:faq:fastdpi:net_points:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
    Line 1: Line 1:
    -====== Network Interaction ====== 
    -{{indexmenu_n>3}} 
      
    -<accordion autoclose> 
    -<accordion-item title="1. Is STP processed transparently?"> 
    -Yes. 
    -</accordion-item> 
    - 
    -<accordion-item title="2. Can SSG support a configuration with a single 10G network interface in the server, where traffic passes through SSG using two VLANs (in and out)?"> 
    -No. This is not planned for future support. 
    -</accordion-item> 
    - 
    -<accordion-item title="3. Can SSG set up a BGP link with a border router for exporting prefixes that need to be routed through SSG?"> 
    -Yes, this is possible. [[en:dpi:dpi_brief:install_point_ssg:start|More about router settings.]] 
    -</accordion-item> 
    - 
    -<accordion-item title="4. If during a test connection to the internal LAN the 'ping' time hasn't changed, should there be a delay?"> 
    -The delay on the device, if the hardware meets our recommendations, does not exceed 30 µs (microseconds) or 0.03 ms (milliseconds). 'Ping' measurements start at 1 ms. Measuring such delays requires special software and equipment; in our lab, we use counters in nanoseconds supported by modern network cards. 
    -</accordion-item> 
    - 
    -<accordion-item title="5. If implementing mirroring, can SSG remove tags on the output (out_dev=dnaX) when traffic with different tags comes on in_dev=dna1:dna2?"> 
    -SSG will send a response with the original packet tag if VLAN [[en:dpi:dpi_components:platform:dpi_vlan_recode:start|translation settings]] have not been applied. 
    -</accordion-item> 
    - 
    -<accordion-item title="6. What is SSG? Is it a router, NAT, transparent proxy, or is it transparent to network devices?"> 
    -SSG is a DPI device, similar to Cisco SCE. It operates as a bridge, without IP addressing, and is invisible on the network.\\ 
    -The delay when using it is no more than 30 microseconds (based on tests, 16 µs), which is virtually indistinguishable from a direct connection.\\ 
    -[[en:dpi:dpi_brief:install_point_ssg:start|See detailed connection diagrams for SSG]]. 
    -</accordion-item> 
    - 
    -<accordion-item title="7. In what form is aggregated traffic provided? Are ports grouped through LACP?"> 
    -Yes, you can use LACP and LAG for traffic aggregation.\\ 
    -[[en:dpi:dpi_brief:install_point_ssg:start|See detailed connection diagrams for SSG]]. 
    -</accordion-item> 
    - 
    -<accordion-item title="8. At which point should the system connect, before or after termination on BRAS (in other words, at L2 or L3)?"> 
    -It depends on the task: if the platform connects as a DPI, then after the termination point; if BRAS, NAT functionality is required, then the SSG platform performs traffic termination directly.\\ 
    -[[en:dpi:dpi_brief:install_point_ssg:start|Connection diagrams]]. 
    -</accordion-item> 
    - 
    -<accordion-item title="9. How to optimize the WEB server network stack?"> 
    -Apply the following settings: 
    -<code bash> 
    -net.core.netdev_max_backlog=10000 
    -net.core.somaxconn=262144 
    -net.ipv4.tcp_syncookies=1 
    -net.ipv4.tcp_max_syn_backlog = 262144 
    -net.ipv4.tcp_max_tw_buckets = 720000 
    -net.ipv4.tcp_tw_recycle = 1 
    -net.ipv4.tcp_timestamps = 1 
    -net.ipv4.tcp_tw_reuse = 1 
    -net.ipv4.tcp_fin_timeout = 30 
    -net.ipv4.tcp_keepalive_time = 1800 
    -net.ipv4.tcp_keepalive_probes = 7 
    -net.ipv4.tcp_keepalive_intvl = 30 
    -net.core.wmem_max = 33554432 
    -net.core.rmem_max = 33554432 
    -net.core.rmem_default = 8388608 
    -net.core.wmem_default = 4194394 
    -net.ipv4.tcp_rmem = 4096 8388608 16777216 
    -net.ipv4.tcp_wmem = 4096 4194394 16777216 
    -</code> 
    -</accordion-item> 
    - 
    -<accordion-item title="10. Why does one BGP session come up while another does not?"> 
    -Example: 
    -  * Check ''tcpdump''. On the client's interface, mtu = 9000. \\ 
    -  * On one session, mss = 1480 during sync, while on the other, mss = 8500.\\ This indicates that one peer has a standard mtu of 1500, while the other has an increased mtu. \\ 
    -  * On sessions where mss is higher than 1480 and there is an IP header, set the settings in MX: 
    -<code bash>neighbor 95.167.18.57 { 
    -traceoptions {                       
    -file as12389.log size 1m files 3; 
    -} 
    - description "-= RT AS12389 Upload =-"; 
    - import [ bogus-reject MM-IN ]; 
    - export REJECT-ALL; 
    -  peer-as 12389; 
    -  tcp-mss 1460; 
    -} 
    - tcp-mss 1460;</code> 
    - 
    -[[en:dpi:faq:fastdpi:ssg_platform:start|Administration questions]]  
    -</accordion-item> 
    -</accordion>