This is an old revision of the document!
Recommendations for updating to beta version, setting up and collecting logs
1. Update the service to the beta version using the command:
yum --enablerepo vasexperts-beta update fastdpi
If you use the BRAS functionality and FastPCRF is located on a separate server, you must execute the following command on the FastPCRF server to update:
yum --enablerepo vasexperts-beta update fastpcrf
Release date version 02.16., if no new version is visible, clear the cache:
yum clean all
2. In the configuration file /etc/dpi/fastdpi.conf set the following parameter value:
nat_whp_max_viewq=1 nat_dstaddr_cache_size=0
nat_dstaddr_cache_size - disables postNATport sending to IPFIX, optionally, because it affects the upload of NAT broadcasts
Optionally, if there is a shortage of ports for connections
nat_whp_lifetime=10 - defines the short queue time in seconds for NAT broadcast for TCP SYN, TCP FIN, UDP. This parameter overrides lifetime_flow only for NAT broadcasts. After this time, it is possible to reuse the port, but use occurs only when the port reaches the queue at a specific public IP address. It reduces the release time of ports.
nat_gcache_slice_k100=150 - changes the logic of port allocation, use only in the case of a small density of Private on Public less than 10:1
3. Perform a restart of SSG. Please note that if FastPCRF is placed on a separate server, the fastpcrf service should be restarted on the FastPCRF server. Restart will lead to interruption of processing of subscriber traffic.
The restart should be performed in the following order:
service fastdpi stop service fastpcrf restart service fastdpi start
4. Collect the dump flow with the command:
mkdir -p /var/log/dpi/$(date +%Y%m%d) && fdpi_cli dump flow cache > /var/log/dpi/$(date +%Y%m%d)/2_flow.txt
5. Backup fastdpi logs using the command:
tar -jcvf /var/log/dpi/BACKUPLOG_$(date +"%Y%m%d").tar.bz2 /var/log/dpi/fastdpi_*.log /var/log/dpi/fastpcrf_*.log
6. Collect statistics on all CG-NAT subscribers using the command:
fdpi_ctrl list all status --service 11 > /var/log/dpi/$(date +%Y%m%d)/all_nat.txt
7. Collect statistics on subscribers who have more than 800 TCP sessions:
fdpi_ctrl list all status --service 11 | grep -E '^[0-9]' | awk '{for(i=1;i<=NF;i++) if($i ~ /active_sess_tcp=/) {split($i,a,"="); if(a[2]+0 > 800) print}}' > /var/log/dpi/$(date +%Y%m%d)/subscriber_with_T800_nat.txt
8. Collect statistics on subscribers who have sessions of more than 800 UDP sessions:
fdpi_ctrl list all status --service 11 | grep -E '^[0-9]' | awk '{for(i=1;i<=NF;i++) if($i ~ /active_sess_udp=/) {split($i,a,"="); if(a[2]+0 > 800) print}}' > /var/log/dpi/$(date +%Y%m%d)/subscriber_with_U800_nat.txt
9. Record the conclusions of the following commands:
ll -h /var/lib/dpi/proto* ll -h /etc/dpi/as*
10. Notify us so that we can download the log archive and dump flow from the server. You can also download them yourself and transfer them to us through any convenient file sharing service.
Was this information helpful?