====== Local traffic interconnect ======
{{indexmenu_n>2}}
===== Description =====
FastDPI BRAS has a feature to interconnect the local (intra-network) traffic between users.
When the interconnection mode is enabled, BRAS searches its UDR database for the recipient's IP address. If it is found and the session is not expired and is not explicitly closed (there was no DHCPRELEASE), then the packet is not passed out, but sent back to the receiver's input dna interface. Since this is local traffic, no SSG features (filtering, policing, services) are applied to it.
When the local traffic is interconnected, BRAS adjusts the L2-headers of the packet: it substitutes its ''bras_arp_mac'' MAC address as the source MAC address, the destination MAC address is determined by the properties of the destination IP address, VLAN tags are changed to tags related to the destination subscriber (these tags and MAC address are remembered by BRAS in the UDR when the recipient's [[en:dpi:bras_bng:bras_l2_vlan:bras_l2_vlan_session|DHCP session]] starts). In this case, a different number of VLAN tags are allowed for the sender and receiver; for example, in a multi-vendor local area network, the sending subscriber may have two VLAN tags (QinQ, VLAN-per-user), and the recipient subscriber may have one VLAN tag, or vice versa.
===== Configuration =====
To enable this feature you should use the ''bras_terminate_local'' option of the ''fastdpi.conf'' configuration file:
* Value 0 – the feature is disabled (**the default value**)
* Value 1 – the local traffic interconnection is enabled
Traffic locality is determined by the autonomous system as described [[en:dpi:bras_bng:general_setup#fastdpi_l3_bras_setup|here]]
It is possible to disable the local traffic interconnect for a particular subscriber, see the [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response#VasExperts-Enable-Interconnect|VasExperts-Enable-Interconnect]] Radius Attribute. A packet from one local subscriber to another will be dropped if the interconnect feature is disabled for at least one of the subscribers.
If you add a QinQ-header, there is a [[en:dpi:bras_bng:bras_l2_vlan_term:bras_l2_vlan_qinqtype|Double VLAN EtherType]] problem.
Stingray Service Gateway prohibits local interconnect between subscribers in the same VLAN, but belonging to different subnets. This is to control the ''fdb storm'' on some (old) switches. Starting from SSG 8.1, this adjustment can be disabled with the ''fastdpi.conf'' parameter
bras_skip_detect_vlan_interconnect=1
==== Interconnect by autonomous systems (AS) ====
In Stingray Service Gateway 7.4 and higher the [[en:dpi:bras_bng:bras_l2_vlan_term:bras_l2_vlan_term_as|termination by the AS]] mode is added: in this mode to interconnect the local traffic the receiver's IP address should belong to an autonomous system marked as '' term ''.
In networks where the core (internal servers and services available to subscribers) is in front of the SSG, you can optionally specify the options being used to interconnect the subscriber traffic to the kernel. It is assumed that the kernel servers IP addresses belong to the local AS and that the IP addresses of the servers are statically assigned.
For this purpose, for each input dna interface you should specify corresponding option in the fastdpi.conf:
bras_term_dev_inner=dev=dna0;bras_gateway_ip=10.0.1.17;bras_gateway_mac=00:1f:a0:11:53:b4;bras_vlan_subst=33
bras_term_dev_inner=dev=dna2;bras_gateway_ip=10.0.1.18;bras_gateway_mac=00:1f:a0:11:53:b5;bras_vlan_subst=35
When the local traffic is interconnected by AS the VAS Experts DPI checks whether the ''bras_term_dev_inner'' option is specified for the dna interface from which the packet was received. If the option is specified the VAS Experts DPI will apply the following rules:
^ destination AS ^^^^
^ source AS ^ non-local ^ local ^ local+term ^
|**non-local** | pass | pass((The local traffic is interconnected only for LAN to WAN direction, so **the packets of this kind should not be accepted by the SSG at all**, they have to be routed by means of other facilities located in front of the SSG.\\ here:\\ 1. ''pass'' — the packet is further processed (is routed outside)\\ 2. ''dest abonent'' — the packet is routed back to the subscriber-recipient to the local network. If the subscriber-recipient is unknown to the SSG, the package is dropped.\\ - ''srcMAC = bras_arp_mac''\\ - ''destMAC = subscriber MAC address''\\ - VLAN tags are derived from the subscriber properties\\ 3. ''dev'' — the packet is routed back to the local network using the options from the ''bras_term_dev_inner'' configuration option:\\ - ''srcMAC = bras_arp_mac''\\ - ''destMAC = bras_gateway_mac'' for the given input interface (from the ''bras_term_dev_inner'' for the interface)\\ - VLAN tag = ''bras_vlan_subst'' for the given input interface (from the ''bras_term_dev_inner'' for the interface) )) | dest abonent |
|**local** | pass | pass((The local traffic is interconnected only for LAN to WAN direction, so **the packets of this kind should not be accepted by the SSG at all**, they have to be routed by means of other facilities located in front of the SSG.\\ here:\\ 1. ''pass'' — the packet is further processed (is routed outside)\\ 2. ''dest abonent'' — the packet is routed back to the subscriber-recipient to the local network. If the subscriber-recipient is unknown to the SSG, the package is dropped.\\ - ''srcMAC = bras_arp_mac''\\ - ''destMAC = subscriber MAC address''\\ - VLAN tags are derived from the subscriber properties\\ 3. ''dev'' — the packet is routed back to the local network using the options from the ''bras_term_dev_inner'' configuration option:\\ - ''srcMAC = bras_arp_mac''\\ - ''destMAC = bras_gateway_mac'' for the given input interface (from the ''bras_term_dev_inner'' for the interface)\\ - VLAN tag = ''bras_vlan_subst'' for the given input interface (from the ''bras_term_dev_inner'' for the interface) )) | dest abonent |
|**local+term** | pass | dev | dest abonent |