To implement BRAS, this section provides an example of creating two tariff plans (policing):
After blocking, the subscriber is assigned (Service 5) my_white_list - Allow list of resources to which he has access to pay for the service. It also redirects HTTP resources to the Captive Portal.
To mark the priorities, use the option Assigning priorities depending on the protocol.
1. Create a protocols.txt file with a description of the protocol groups that we want to separate from the general traffic, and the priorities (classes) assigned to them:
dns cs0 ICMP cs0 http cs0 https cs0 QUIC cs1 default cs2 bittorrent cs7
where
2. We convert it to DSCP format, which fastDPI understands
cat protocols.txt | lst2dscp /etc/dpi/protocols.dscp
3. Apply the settings
service fastdpi reload
To organize the subscriber bandwidth according to the tariff plan, use the option Distribution of the access channel between subscribers.
1. For each tariff plan of the subscriber in the billing, create a configuration file with a description of its settings for DPI.
An example of a description for the 10mbit tariff, the name in the billing "rate_10M"
Create a file rate_10M.cfg
htb_inbound_root = rate 10mbit htb_inbound_class0 = rate 4mbit ceil 10mbit htb_inbound_class1 = rate 3mbit ceil 10mbit htb_inbound_class2 = rate 8bit ceil 10mbit htb_inbound_class3 = rate 8bit ceil 10mbit htb_inbound_class4 = rate 8bit ceil 10mbit htb_inbound_class5 = rate 8bit ceil 10mbit htb_inbound_class6 = rate 8bit ceil 10mbit htb_inbound_class7 = rate 8bit ceil 10mbit htb_root = rate 10mbit htb_class0 = rate 4mbit ceil 10mbit htb_class1 = rate 3mbit ceil 10mbit htb_class2 = rate 8bit ceil 10mbit htb_class3 = rate 8bit ceil 10mbit htb_class4 = rate 8bit ceil 10mbit htb_class5 = rate 8bit ceil 10mbit htb_class6 = rate 8bit ceil 10mbit htb_class7 = rate 8bit ceil 10mbit
Notes:
2. Create a tariff plan named rate_10M
fdpi_ctrl load profile --policing /path/to/rate_10M.cfg --profile.name rate_10M
3. So that our settings for subscribers, which we will make in the future, do not disappear when the DPI is rebooted, we connect UDR database
udr=1
4. Apply settings via fastDPI restart
service fastdpi restart
1.Create a description of the tariff plan for subscribers in blocked.cfg blocking. Allow only cs0 traffic (read more).
htb_inbound_root=rate 10mbit htb_inbound_class0=rate 1mbit ceil 10mbit htb_inbound_class1=rate 8bit ceil 8bit htb_inbound_class2=rate 8bit ceil 8bit htb_inbound_class3=rate 8bit ceil 8bit htb_inbound_class4=rate 8bit ceil 8bit htb_inbound_class5=rate 8bit ceil 8bit htb_inbound_class6=rate 8bit ceil 8bit htb_inbound_class7=rate 8bit ceil 8bit htb_root=rate 10mbit htb_class0=rate 1mbit ceil 10mbit htb_class1=rate 8bit ceil 8bit htb_class2=rate 8bit ceil 8bit htb_class3=rate 8bit ceil 8bit htb_class4=rate 8bit ceil 8bit htb_class5=rate 8bit ceil 8bit htb_class6=rate 8bit ceil 8bit htb_class7=rate 8bit ceil 8bit
2. Create a tariff plan named blocked for a blocked subscriber
fdpi_ctrl load profile --policing /path/to/blocked.cfg --profile.name blocked
3. Create a list of sites available in the Captive Portal mode. More details in the description of the Allow list option.
Create a file my_white_list.txt from the url of payment system sites. Each line of the file contains one url (without the http:// prefix), it is recommended to include subdomains as well, for example:
online.bank.com *.online.bank.com
List of payment systems
List of banks prepared by our partners.
The list is ready for uploading to SKAT. The link is updated periodically.
4. Conversion to internal format:
cat my_white_list.txt | url2dic my_url_list.bin cat my_white_list.txt | url2dic my_cn_list.bin cat my_white_list.txt | url2dic my_sni_list.bin
5. Create a named profile for the Allow list
fdpi_ctrl load profile --service 5 --profile.name my_white_list --profile.json '{"url_list": "/path/to/my_url_list.bin", "sni_list": "/path/to/my_sni_list.bin", "cn_list": "/path/to/my_cn_list.bin", "redirect": "mysite.com/block"} '
where
1. We carry out integration with billing
The integration option depends on whether the billing system has the ability to control equipment by events or not.
1a. Billing can control equipment by events: creating a subscriber, changing a tariff plan, blocking
In this case, select the type of equipment controlled via SSH / RSH 4) Or by executing local scripts and enter it into settings of the corresponding commands (or scripts) of the command for connecting (changing) the tariff plan:
fdpi_ctrl load --policing $ {rateplan} .cfg --ip $ {ip_address} or fdpi_ctrl load --policing $ {rateplan} .cfg --login $ {login}
where
1b. Billing cannot control equipment by events
Let's configure the upload of data from billing on a schedule to crontab. In files with the names of_plan_name.lst, we unload the list of subscribers with the corresponding tariff plans from the billing system (the list may contain ip or login) and start loading this data into dpi
fdpi_ctrl load --policing rate_10M.cfg --file rate_10M.lst fdpi_ctrl load --policing rate_20M.cfg --file rate_20M.lst ... or (for all at once) for rateplan in * .cfg; do fdpi_ctrl load --policing "$ rateplan" --file "$ {rateplan %%. *}". lst; done
2. We place the subscriber in the Captive Portal 5)
fdpi_ctrl load --policing blocked.cfg --ip $ {ip_address} fdpi_ctrl load --service 5 --ip $ {ip_address}
3. After payment, we turn off the Captive Portal for the subscriber and restore his tariff plan
fdpi_ctrl load --policing $ {rateplan} .cfg --ip $ {ip_address} fdpi_ctrl del --service 5 --ip $ {ip_address}