Service management. Named service profiles
Service profiles are created, modified, and deleted using the fdpi_ctrl utility.
Services are divided into three types:
- Without a profile — the service settings are described in the DPI configuration or do not require a description, for example, Service 9 (billing NetFlow/RADIUS Accounting export)
- Anonymous (unnamed) profiles — the service is not created in advance; its parameters are specified when the service is assigned to a subscriber in JSON format
- Named profiles — the service is created before being assigned to a subscriber and is stored in the internal DPI database — Database Administration: UDR and SDR
Named profiles have the following advantages over anonymous profiles:
- Simplify subscriber administration
- Allow finding subscribers with a required profile by profile name
- Allow updating the profile for all subscribers using a given profile simply by changing the profile parameters
- Allow controlling the limit on the number of unique profiles (maximum 65535)
Anonymous (unnamed) profiles, in turn, have the following advantages:
- No profile management is required (there is no need to create or delete profiles); the profile is automatically removed when the subscriber or the subscriber's profile is deleted
- No profile name needs to be invented
Command syntax
General command format:
fdpi_ctrl command --service service_identifier [IP_list] [LOGIN_list]
Command parameter description:
| Parameter | Description, possible values, and format | Note |
|---|---|---|
command | Values: 1. load — load data2. del — delete. For –service, service_identifier must be specified3. list — display information for the specified IP_list or all information if the all argument is specified. | In the list and del commands, all can be specified instead of an IP/LOGIN list, meaning the command is applied to all entries. |
service_identifier | Numeric ID corresponding to a service from the list | |
IP_list | Values: 1. –file — file containing a list of IP addresses2. –ip — single IP address, format: 192.168.0.13. –ip_range — IP address range (inclusive), format: 192.168.0.1-192.168.0.54. –cidr — CIDR notation, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR notation with excluded boundary addresses) | The first and last addresses can be excluded from a CIDR range (according to classless addressing conventions, these are the gateway and broadcast addresses) by adding the ~ character to the end of the CIDR definition, for example: –cidr 5.200.43.0/24~ |
LOGIN_list | Values: 1. –file — file containing a list of logins2. –login — single login, format: USER1, "FIRST_NAME LAST_NAME" (login specified with escaped special characters) | "USER1" — login specified in double quotes 'USER2' — login specified in single quotes |
# character is treated as a comment.
Service list
udp_block parameter.
| ID | Brief description | Link to detailed description |
|---|---|---|
| 1 | bonus program | Description |
| 2 | advertising | Description |
| 3 | ad blocking | Description |
| 4 | blacklist filtering | Description |
| 5 | whitelist and Captive Portal | Description |
| 6 | notification via HTTP redirect | Description |
| 7 | caching | Description |
| 8 | DDoS protection passed | Description |
| 9 | RADIUS accounting / NetFlow statistics collection for billing | Description |
| 10 | DDoS protection | Description |
| 11 | CGNAT and NAT 1:1 | Description |
| 12 | PCAP traffic recording | Description |
| 13 | mini Firewall | Description |
| 14 | traffic diversion to a TAP interface | Description |
| 15 | special subscriber (all traffic is assigned to cs0; filtering (Service 4) is not applied for the vChannel and the common channel) | Description |
| 16 | whitelist and redirection to the Captive Portal without Internet access | Description |
| 17 | traffic mirroring to the specified VLAN | Description |
| 18 | session policing for specific protocols and traffic class identification at the channel and subscriber levels | Description |
| 19 | DNS response substitution; planned: redirecting DNS queries to the provider's DNS server | Description |
| 49 | IPv6 traffic blocking | Description |
| 50 | marketing campaign participant with notification via HTTP redirect | Description |
| 51 | reserved (internal service) | |
| 254 | VRF | Description |
Creating, enabling, and disabling services
profile_name_1 for Service 4 (blacklist) is different from profile_name_1 for Service 5 (whitelist).
Creating a named profile for Service 6 (one-time redirect), operator news notification, and assigning this service with the profile to a subscriber:
fdpi_ctrl load profile --service 6 --profile.name redir_to_news --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' fdpi_ctrl load --service 6 --profile.name redir_to_news --ip 192.168.0.1 fdpi_ctrl load --service 6 --profile.name redir_to_news --login test
Assigning Service 6 without a profile (the service parameters are taken from the DPI configuration file):
fdpi_ctrl load --service 6 --ip 192.168.0.1 fdpi_ctrl load --service 6 --login test
Assigning Service 6 with an anonymous profile (an unnamed profile that exists until the service is disabled for the subscriber):
fdpi_ctrl load --service 6 --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' --ip 192.168.0.1 fdpi_ctrl load --service 6 --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' --login test
Disabling Service 6 for a specific subscriber:
fdpi_ctrl del --service 6 --ip 192.168.0.1 fdpi_ctrl del --service 6 --login test
Service management commands
Get a list of all subscribers with Service 6 enabled:
fdpi_ctrl list all --service 6
Find subscribers with Service 6 assigned using a specific named profile:
fdpi_ctrl list all --service 6 --profile.name redir_to_news
Get information for a specific IP address for Service 6:
fdpi_ctrl list --service 6 --ip 192.168.0.1
Delete a named profile (the profile must not be assigned to any subscribers before deletion):
fdpi_ctrl del profile --service 6 --profile.name redir_to_news
Modify the settings of a service with a named profile (the new settings will be applied to all subscribers using the specified service profile):
fdpi_ctrl load profile --service 6 --profile.name redir_to_news --profile.json '{ "redirect" : "http://mysite.com/ips_news_new", "check" : true }'
Display all created profiles for all services:
fdpi_ctrl list all profile --service
When specifying an IP list, multiple options can be used simultaneously: –file, –ip, –ip_range, –cidr:
fdpi_ctrl list --service 6 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1
The operation will be applied to all specified entries for which no error occurred.
If an error occurs, previously applied changes are not rolled back!
Was this information helpful?