Configuring autonomous systems

During software updates for SSG, an up-to-date correspondence list between AS numbers (autonomous systems) and IP addresses is downloaded from the RIR (Regional Internet Registry).

The global correspondence list for IPv4 is located in the file /etc/dpi/asnum.bin, and for IPv6 — in the file /etc/dpi/asnum6.bin.

Do not modify these files to avoid disrupting the update mechanism.

Updating the AS list for IPv4 is possible dynamically during reload from the cloud. To enable this, add the parameter asnum_source=1.
Values:

0 (default) — cloud update is disabled;
1 — main list;
2, 3, etc. — reserved.

During the system's operation, there may sometimes be a need to make adjustments to this list to improve NetFlow reports and for use in other services.

The list of changes is prepared in text format. Each record is placed in a new line:

CIDR AS_number
CIDR AS_number
...

Here CIDR specifies the IP addresses range that belongs to the specified system.

In order to check whether the IP belongs to autonomous system the DPI uses classical DIR24 algorithm with limited number of /24 networks that can be splited into smaller subnets (/25…./32). There can be no more than 8192 such subnets.

This file is converted into the internal format by as2bin utility. It is placed to /etc/dpi/aslocal.bin. DPI picks up the changes from the latest file. The IP addresses' ranges are added to the global list. In case some changes overlap with the global list, the local ranges override existing ones.

cat aslocal.txt|as2bin /etc/dpi/aslocal.bin
service fastdpi reload

Loading the modifications does not require DPI restart (only reload).

In case of crossing the global list by IP the local settings will replace the existing entries in it.

Examples for IPv4

To add local addresses to the operator's autonomous system in order to improve NetFlow reports:

vi aslocal.txt
10.0.0.0/8 64511
172.16.0.0/12 64511
192.168.0.0/16 64511
cat aslocal.txt|as2bin /etc/dpi/aslocal.bin
service fastdpi reload

Here 64511 is the operator's autonomous system number.

To apply specific policies to operator's addresses 10.0.0.1 and 10.0.0.2:

vi aslocal.txt
10.0.0.1/32 64512
10.0.0.2/32 64512
cat aslocal.txt|as2bin /etc/dpi/aslocal.bin
service fastdpi reload

In order to avoid overlap of the new autonomous systems' numbers with existing ones, we advise to use the reserved numbers for new systems:

 
64496..64511 are reserved for use in documentation and examples
64512..65534 are reserved for private purposes

Examples for Ipv6

There is no analog to aslocal.bin for IPv6, as there is no way to merge these structures like in IPv4 case. It is necessary to add subnets to the general list:

convert to text
```
bin2as /etc/dpi/asnum6.bin > list.txt
```
add your subnets to text of list.txt

merge back

cat list.txt | as2bin6 /etc/dpi/asnum6.bin

To apply changes in the file asnum6.bin it is required to restart the service!