Scheme of SSG DPI Cluster [Документация VAS Experts]

Scheme of SSG DPI Cluster

The complex is a high-performance, scalable cluster designed for real-time analysis and management of network traffic at OSI model levels L2-L7. It consists of the following elements:

  1. External optical bypass (Bypass Switch) with replaceable optical modules supporting SM (1310nm) or MM (850nm) line connections
  2. Network Packet Broker (NPB) traffic aggregator (load balancer)
  3. SSG DPI server cluster
  4. Virtualization cluster for deploying the Network Management System (NMS) with a graphical interface (DPIUI2). It also includes FTP servers, Syslog for collecting logs from system components, an HTTP server for centralized download of web lists and a Zabbix monitoring system
  5. Data storage complex (QoE Stor) for generating statistical and analytical reports, ensuring long-term storage of aggregated information
  6. Set of necessary cables for interconnection, QSFP28 and SFP+ modules
  7. Fault-tolerant switches for integrating solution components and management

The complex is designed for in-line installation and supports the following types of Ethernet interfaces:

  • 10G-BASE SR/LR
  • 25G-BASE SR/LR
  • 40G-BASE SR4/LR4
  • 100G-BASE SR4/L4

Supported encapsulations: MPLS, IPinIP, VLAN, QinQ, GRE.

The operator's links are connected "in-line" to the traffic balancing devices through an optical bypass, ensuring network protection in case of hardware component failure or software malfunction. The traffic balancer distributes flows among the nodes, ensuring symmetric session-aware load balancing (L3/L4). The entire complex functions as a transparent L2 device and generally does not require additional configuration from the operator or changes to the network's logical topology. If there is asymmetric traffic (outgoing traffic passes through one site/DPI cluster, and incoming traffic passes through another site), it is necessary to send a copy of only OUTGOING traffic from one site to another. Thus, ALL outgoing traffic gets into DPI clusters at different sites and traffic asymmetry is eliminated. Note that outgoing traffic is 10% of incoming traffic, so mirroring between sites does not require wide channels, and the load on the DPI cluster does not increase.

The cluster provides redundancy based on the N+X principle by adding additional DPI nodes. In case of failure of one or more DPI nodes, depending on the built-in redundancy, traffic will be rebalanced. The balancer will disable the faulty node and redirect traffic to the remaining DPI nodes. If a larger number of devices fail or the balancer fails, the system will switch to bypass mode (configurable behavior). Each DPI node generates heartbeat messages to the balancing devices, which, in turn, directly manage the bypass switches that monitor signal status in the line, power status, and software status, thus ensuring the operability of the DPI cluster and balancers as a whole.

1xNPB:

2xNPB:

3xNPB:

4xNPB:

A key feature of the system is its simple scalability—through the linear addition of DPI devices and balancers, the system’s throughput can be increased.

The complex is managed through a web-based DPIUI2 management subsystem. DPIUI2 provides management of subscriber or downstream operator profiles and services (including BGP signaling), traffic handling policies, including policing, filtering rules—black and white lists, custom protocols, report generation, etc. Standardized interfaces/APIs are available for integration with third-party systems. SSG DPI implements the 3GPP paradigm; additionally, profile and subscriber service management can be integrated via an embedded PCRF module supporting the RADIUS protocol and Gx DIAMETER interface as a separate technical solution.

The package includes a data storage system and a report constructor that allows building custom reports. The report constructor is designed to obtain statistics on users, operators, IP addresses, subnets, autonomous systems, network protocols, applications, and their combinations, providing the customer with full network transparency and support for Quality of Experience. The system allows storing both raw IPFIX data and aggregated data.