In version 9.4, the ability to translate VLAN has been added: the incoming VLAN of the packet is replaced with the specified outgoing VLAN. VLAN translation is specified in /etc/dpi/vlan_translation.txt text file, which has the following structure:

# subs VLAN    inet VLAN
123            1123
124            1124
125            1125
# and so on.

Each line defines the correspondence of the incoming and outgoing VLAN. A line starting with # is a comment. Leading spaces/tabs on the line are ignored.

The translation text file must be converted to a binary file /etc/dpi/vlan_translation.bin using the vlan2bin utility from dpiutils:

cat vlan_translation.txt|vlan2bin /etc/dpi/vlan_translation.bin

The reverse conversion from binary to text is performed by the bin2vlan utility:

bin2vlan /etc/dpi/vlan_translation.bin >vlan_translation.txt

VLAN translation mode is enabled simply by the presence of the file /etc/dpi/vlan_translation.bin: if this file does exist, than translation mode is enabled. The absence of the file is an indication that the VLAN translation mode is disabled. The content of the translation file can be changed on-the-fly: DPI platform periodically checks the file; if it was changed, DPI re-reads the translation table. You can turn off translation mode on-the-fly by simply deleting or renaming the translation file /etc/dpi/vlan_translation.bin.

When VLAN translation is enabled, it applies to any mode of DPI operation, not just BRAS mode.

When VLAN traslation is enabled, DPI works as follows:

• packet from the Subscriber to the Internet (subs → inet): searches the translation table for the incoming VLAN of the packet (subs VLAN); if VLAN is found, replaces it with outgoing inet VLAN. In the example above, subs VLAN=123 will be replaced with inet VLAN=1123.
• packet inet → subs: searches the translation table for the incoming VLAN of the packet (inet VLAN); if VLAN is found, replaces it with outgoing subs VLAN. In the example above, inet VLAN=1124 will be replaced with subs VLAN=124.
• If the incoming VLAN is not found in the translation table, it is not changed (this situation is not an error). Thus, the translation table does not have to be complete and list all VLANs.
• For a passthrough packet (for example, if the AS flag is set to pass), VLAN translation is not applied.

VLAN translation is applied only to the packets with one VLAN-tag. For Q-in-Q, translation is not applied. If the packet does not have a VLAN tag, translation is also not applied - the packet is sent "as it is", unchanged.

The correspondence must be one-to-one; the following settings are not valid:

# subs VLAN    inet VLAN
   # Error: two subs VLAN (64 and 65) are translated into one VLAN=200
64             200
65             200

   # Similar error: inet VLAN 202 and 203 are translated into one subs VLAN=2067
2067           202
2067           203
# ...

At the end of the file, you can add default translation recordings:

# subs VLAN    inet VLAN
123            1123
124            1124
125            1125
# then list all the other translations ...

# Statement "translate all other subs VLANs on subs->inet to inet VLAN 4012"
# There can be only one such statement in a file!
*              4012

# Statement "translate all other inet VLAN on inet->subs to subs VLAN 2089"
# There can be only one such statement in a file!
2089           *

# End of translation file

VLAN translation is also used in the L2 BRAS/BNG mode; taking into account the fact that L2 BRAS/BNG VLAN is already able to perform VLAN tag replacement, the rules are slightly different.

The VLAN translation table is used in L2 BRAS/BNG when terminating sub→inet traffic in the following cases:

1. if the subscriber is not an L2 subscriber (subscriber's L2-parameters are unknown);
2. if VLAN termination is disabled (bras_vlan_terminate=0);
3. in the replacement mode bras_vlan_terminate=2: if the subscriber does not have the outVLAN property and there is a translation record for the VLAN-tag of the packet
4. in the VLAN transformation mode bras_vlan_terminate=3: if the subscriber does not have the outVLAN property and there is a translation record for the VLAN-tag of the packet.

In other words, in bras_vlan_terminate=2 or 3 modes, the subscriber's outVLAN property has the highest priority when terminating traffic subs→inet. The next (if the subscriber does not have the outVLAN property and if the packet has only one VLAN-tag) is the search in the VLAN termination table. Then, if there are no translations found, configuration parameters are applied as described in the modes bras_vlan_terminate (see links above).

When the inet→subs traffic is originated, VLAN translation table in L2 BRAS/BNG mode is used only for unknown subscribers, that is, when DPI system does not find L2-properties of the subscriber.

There are several CLI-commands for working with the VLAN translation table.

fdpi_cli vlan translation

Lists the current translation tables subs→inet and inet→subs. In the output of this command, default values like * N and N * are unwrapped. If there are no translations, the command will report it.

fdpi_cli vlan translation reload

Immediate download of file /etc/dpi/vlan_translation.bin. If there is no such file, then VLAN translation mode is disabled. DPI checks for the existence and modification of the file /etc/dpi/vlan_translation.bin once a minute, but with this command you can force the DPI to re-read it immediately.

fdpi_cli vlan translation test [subs|inet] <vlan>

Checking VLAN translation on the specified route:

• subs - subs-VLAN translation <vlan>
• inet - inet-VLAN translation <vlan>

Examples:

  # which VLAN <VLAN=123> is translated to on the subs->inet route
fdpi_cli vlan translation test subs 123
  # command output:
VLAN=123 translation subs->inet: 123 -> 1123

  # which VLAN <VLAN=1124> is translated to on the inet->subs route
fdpi_cli vlan translation test inet 1124
  # command output:
VLAN=1124 translation inet->subs: 1124 -> 124

  # If there is no translation for the specified VLAN, the command will respond with an error:
No translation for VLAN=666 for subs->inet