General description
DPI platform runs under VEOS. The standard administration approaches of this OS are applicable to DPI software.
This chapter describes the platform's installation and operation features that are important for the system administrator.
The main process is named fastdpi. It uses CPU resources even in an idle state (no data transmission). This mode is essential to minimize network delays and relates to peculiarities of LAN cards operation. The system treats this process as a service. The latest is controlled by common service commands.
DPI settings are located in the /etc/dpi directory:
- fastdpi.conf - configuration file
- fastdpi.lic and fastdpi.sig - licenses for platform options
There are hot and cold configuration file parameters:
The "hot" parameters take effect immediately with no need to restart the service. The "cold" parameters require the service to be restarted to become effective.
For example, to restart the service:
service fastdpi restart
For example: modification of "hot" parameters without restart1):
service fastdpi reload
This process is monitored by the system watchdog. It restarts the process in case of abnormal termination. The process has internal self-monitoring means. They support some failure conditions. The process is self terminated in case of critical errors or suspension2) and then restarted by the watchdog. The latest is configured by the file: /etc/watchdog.d/wd_fastdpi.sh.
DPI supports the Bypass functionality that is available in some LAN cards. If the LAN cards support such functionality, the platform temporary falls into direct traffic bypass in case of failure, suspension, power failure or scheduled termination of the service.
/etc/pf_ring directory holds licenses for DNA and Libzero. The service runs for 5 minutes only if some of these licenses are missed.
DPI logs are stored in /var/log/dpi:
- fastdpi_alert.log messages' and errors' log file
- fastdpi_stat.log statistics' log file
Log files' rotation is handled by the standard tool logrotate. The logs are stored for 24 hours by default. The logrotate is configured by the file: /etc/logrotate.d/fastdpi
The available disk space must be checked before modification of logs' storage time by an administrator.
The auxiliary data files can be loaded due to interaction with the cloud service. For example, the URL and IP list files are loaded to support filtration by Roscomnadzor and Minust lists. These files are loaded to /var/lib/dpi directory.
The outbound Internet access is required on DPI computer via service network interface to support cloud services.
The inbound SSH access can be required for remote support functionality.
The exact time synchronization by ntpd service is implemented on the DPI computer. The ntpd configuration file is: /etc/sysconfig/ntpd
2)
Packet counters on network ports are used to detect the suspension. Therefore, switching off of the one port of the pair is interpreted as traffic loss. This leads to the process restart and creation of the diagnostic core file. This feature may be inconvenient in case you frequently move the platform: the problems include disk overflow by core files and pauses in service during their creation. It is advised to switch off self detection of suspension by adding the parameter timeout_check_dev=0 to configuration file /etc/dpi/fastdpi.conf. One has to monitor new core files in /home directory. The old core files must be deleted. Please send these files to our tech support if you suspect the system malfunction.