====== Policing by session and overriding traffic classes ====== {{indexmenu_n>4}} [[en:dpi:dpi_components:dpiui:user_guide:ssg_control_section:services:session_policing|Configuring Session Policing via GUI]] Policing by session and traffic class override is implemented using connection 18 services for Subscriber and Virtual Channel (vChannel). The service extends the possibilities of policing by determining the traffic rate for a particular session. It is also possible to override the traffic class for a specific Subscriber or Virtual Channel. Recall that global traffic class markup is described in [[en:dpi:dpi_options:opt_priority|]]. \\ Important: Directional priority overrides protocol priority, so if traffic already has [[en:dpi:dpi_options:opt_priority:priority_config_as|]], this service will not override the traffic class. ===== SSG Configuration ===== The service **requires additional RAM** (compared to standard requirements), which is reserved by a setting in **/etc/dpi/fastdpi.conf**: support_service_18=1 To apply the settings, you must restart the service: **service fastdpi restart** **SSG 12.4+** For vchannel DSCP is defined **only** if the ''support_service_18'' parameter is set! ===== Setting up and managing the service ===== ==== Configuring Policing by Session ==== It is necessary to create a file describing the speed for a particular protocol and convert it using the lst2tbf utility. * rate - session polysing rate for outgoing traffic * inbound.rate - polysing rate by session for incoming traffic * burst - short-term excess rate * inbound.burst - short-term excess inbound.rate speedtest tbf rate 16mbit inbound.rate 16mbit bittorrent tbf rate 8Mbit TCP Unknown tbf rate 8Mbit burst 1Mbit inbound.rate 8Mbit inbound.burst 1Mbit cat tbf_prof_1.txt|lst2tbf /tmp/tbf_prof_1.tbf **[SSG v13+]** in input files of the lst2tbf utility, it is now possible to add comments (#) and empty lines. Reverse conversion tbf2lst /tmp/tbf_prof_1.tbf ==== Configuring traffic class overrides ==== It is necessary to create a file describing traffic classes using the lst2dscp utility. [[en:dpi:dpi_options:opt_statistics:statistics_info|Full list of protocols.]]\\ The DSCP value is specified [[en:dpi:dpi_options:opt_priority:dscp_table|in numeric (10-, 16-, or 8-character) format or with a text abbreviation.]] The key word means: * drop - packets should not be transmitted further (they should be discarded)\\ * keep - the priority value should not be changed, i.e. keep its current value (usually 0).\\ * default - means "for all other protocols" and it allows to significantly simplify and shorten the process of creating a configuration file File creation procedure ''dscp_prof_1.dscp'': speedtest cs1 default keep cat dscp_prof_1.txt|lst2dscp /tmp/dscp_prof_1.dscp Reverse conversion: ''dscp2lst /tmp/dscp_prof_1.dscp'' ==== Creating a service profile ==== fdpi_ctrl load profile --service 18 --profile.name test_dscp --profile.json '{ "dscp" : "/tmp/dscp_prof_1.dscp", "tbf" : "/tmp/tbf_prof_1.tbf" }' You should always specify the path to both files, even if you only want to set session polyscing or only override traffic classes. Specify an empty file if no customization is required. ==== Connecting a service profile ==== For the subscriber: fdpi_ctrl load --service 18 --profile.name test_dscp --ip 10.10.10.10 fdpi_ctrl load --service 18 --profile.name test_dscp --login DEMO For a virtual channel (vChannel): fdpi_ctrl load --service 18 --profile.name test_dscp --vchannel 1 ==== Deleting a service profile ==== For the subscriber: fdpi_ctrl del --service 18 --profile.name test_dscp --ip 10.10.10.10 fdpi_ctrl del --service 18 --profile.name test_dscp --login DEMO For a virtual channel (vChannel): fdpi_ctrl del --service 18 --profile.name test_dscp --vchannel 1 ==== Display of information on service profiles ==== Get a list of IP addresses connected to the 18 service fdpi_ctrl list all --service 18 Get information on a specific IP/LOGIN/vChannel fdpi_ctrl list --service 18 --ip 192.168.0.1 fdpi_ctrl list --service 18 --login DEMO fdpi_ctrl list --service 18 --vchannel 1 Get a list of all profiles of 18 services fdpi_ctrl list all profile --service 18 ==== Increasing the number of profiles ==== An error occurs when the limit on the number of profiles is reached: ierr_code=5 (too many profiles) : 'service_18' : too many records, num_allocs=16, max_num_profies=16/16 To increase the number of available profiles, you must set the following parameter in the DPI configuration: max_profiles_serv18=