en:dpi:dpi_components:platform:dpi_install:start [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsSSG componentsFastDPI (DPI, BNG, NAT functions)dpi_install

    This is an old revision of the document!

    2 Stingray Service Gateway implementation

    If you got the off-the-shelf system from us: please follow this section: System connection.

    Otherwise, you should install the CentOS 8 operating system on your server manually and provide us with remote access via SSH and root privileges for installation and initial configuration of the platform. Once the installation is completed the remote access can be closed.

    2.1 Preparing the server and installing CentOS 8

    1. Before mounting the server in a rack make sure that it meets the requirements. If inconsistencies are observed at this stage, please contact the VAS Experts technical support in order to address promptly issues that arise.
    2. Install CentOS 8.3 using the following link: ISO CentOS 8.3 minimal
    Please take a look at list of supported kernel versions.
    CentOS version 7 currently is not supported!

    2.2 Preconfiguring of CentOS 8

    1. Create the vasexpertsmnt user: 
      adduser -m -G wheel -u 3333 vasexpertsmnt
    2. Set the password for vasexpertsmnt: 
      passwd vasexpertsmnt

      For convenience, you can generate a password using openssl: 

      openssl rand -base64 15
    3. Please save vasexpertsmnt password.
    4. Set the permission the wheel group users to issue all the commands on behalf of all users. To do this, add the following line to /etc/sudoers: 
      %wheel ALL=(ALL) NOPASSWD: ALL
    5. To provide remote access via SSH and to restrict on valid IP addresses from the list:
        45.151.108.0/24, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247.170.134, 91.197.172.2, 46.243.181.242, 93.159.236.11

      just add the following lines to the /etc/ssh/sshd_config file: 

      PermitRootLogin no
AllowUsers vasexpertsmnt@94.140.198.64 vasexpertsmnt@78.140.234.98 vasexpertsmnt@5.200.43.10 vasexpertsmnt@193.218.143.187 vasexpertsmnt@93.100.47.212 vasexpertsmnt@93.100.73.160 vasexpertsmnt@77.247.170.134
PasswordAuthentication yes
    6. Set the IP address
    7. After you make sure the remote access via SSH is provided, send the password and username to the VAS Experts technical support.

    ! Save your settings since the server will be restarted during the installation process!

    Initial installation of the DPI platform has to be made by service engineers of the VAS Experts technical support or by the VAS Experts partners.
    Do not upgrade the OS kernel before upgrade system activation. This may lead to malfunction of the network card driver1).

    2.3 Configuring the VAS Experts DPI

    Once the license and the fastdpi are installed, at least 3 network interfaces will be available in the system:
    1) dna0 is used as an input port for traffic transit via DPI;
    2) dna1 is used as an output port for traffic transit via DPI (it is absent when using mirroring connection scheme);
    3) eth0 is used as management port for the VAS Experts DPI.
    It is recommended to check the IP address settings of management port after the the VAS Experts DPI initial setup.
    Next, you should edit the /etc/dpi/fastdpi.conf configuration file:

    2.3.1 Configuring of transit

    When installing the Stingray Service Gateway using INLINE installation scheme:

    in_dev=dna0
out_dev=dna1
#Scale factor is about 1 for every 1 Gigabit of bandwidth
scale_factor=10
timeout_check_dev=0
 
#FDPI Control
ctrl_port=29000
ctrl_dev=lo
 
#Turn on UDP detection
only_tcp=0
 
#Turn on UDR
udr=1

    When installing the Stingray Service Gateway using MIRRORING installation scheme:

    in_dev=dna1:dna2:dna3
asym_mode=1
#Scale factor is about 1 for every 1 Gigabit of bandwidth
scale_factor=10
timeout_check_dev=0
 
#FDPI Control
ctrl_port=29000
ctrl_dev=lo
 
#Turn on UDP detection
only_tcp=0
 
#Turn on UDR
udr=1

    2.3.2 Statistics gathering

    http_parse_reply=1
 
# Enabling the collection and export of statistics
netflow=8
# Managing the export format for a complete netflow 
netflow_full_collector_type=2
# Name of the network interface that sends netflow with statistics
netflow_dev=eth3
# Periodicity of data export in seconds 
netflow_timeout=20
# IP address and port number of the netflow collector with full statistics
netflow_full_collector=172.18.254.124:1500
# The maximum netflow in Mbit/s 
netflow_rate_limit=30
# The time in seconds after which the non-active session is considered complete
netflow_passive_timeout=40
# The length of the fragment for a long session in seconds 
netflow_active_timeout=120
 
#URL upload
# The name of the network interface for sending clickstream via ipfix 
ipfix_dev=eth3
# IP or the domain name (: port) of the clickstream header ipfix. You can specify several collectors separated by a comma.
ipfix_tcp_collectors=172.18.254.124:1501
# Unique domain (id) for the recognition by the collector 
ipfix_observation=127
 
#SIP
# IP or the domain name (: port) of the meta clickstream header ipfix. You can specify several collectors separated by a comma.
ipfix_meta_tcp_collectors=172.18.254.124:1511
rlimit_fsize=32000000000
    Additional settings are made depending on which components you are going to use, their descriptions are presented in section 3 within the relevant components.
    1)
    How to fix the problem