Service Management [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsSSG componentsFastDPI (DPI, BNG, NAT functions)Subscriber managementService Management

    Table of Contents

    Service Management

    Subscriber management is performed using the utility fdpi_ctrl.

    We recommend using Named profiles, which will simplify service management.

    Command Syntax

    General command format: 

    fdpi_ctrl command --service service_id [IP_list] [LOGIN_list]

    Command parameter breakdown:

    Parameter Description, possible values, and format Note
    command Values:
    1. load — load data
    2. del — delete. For --service, the service_id must be specified
    3. list — show information for the specified IP_list or all information if the argument all is specified.     		In the list and del commands, instead of an IP/LOGIN list, you can specify all, which applies the command to all.
    service_id Numeric ID corresponding to a service from the list.
    IP_list Values:
    1. --file — file with IP list
    2. --ip — single IP, format: 192.168.0.1
    3. --ip_range — IP range (inclusive), format: 192.168.0.1-192.168.0.5
    4. --cidr — IP with port, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR range with excluded boundary addresses)     		The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ~ symbol at the end of the CIDR definition, e.g., --cidr 5.200.43.0/24~.
    LOGIN_list Values:
    1. --file — file with login list
    2. --login — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters)     		"USER1" — example of using login in double quotes
    'USER2' — example of using login in single quotes
    A line starting with # is a comment.

    List of Services

    When enabling blocking services (4, 16, 49), only TCP traffic is blocked. To block UDP traffic as well, you need to enable the udp_block parameter.
    ID Short Description Link to Detailed Description
    1 Bonus program Description
    2 Advertising Description
    3 Ad blocking Description
    4 Blacklist filtering Description
    5 Whitelist and Captive Portal Description
    6 HTTP redirect notification Description
    7 Caching Description
    8 Passed DDOS protection Description
    9 RADIUS accounting / netflow statistics collection for billing Description
    10 DDOS protection Description
    11 CGNAT and NAT 1:1 Description
    12 Traffic recording in PCAP Description
    13 Mini Firewall Description
    14 Traffic recording in PCAP Description
    15 Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) Description
    16 Whitelist and redirection to Captive Portal without internet access Description
    17 Traffic mirroring to a specified VLAN Description
    18 Session-based policing for certain protocols and traffic classification at channel and subscriber levels Description
    19 DNS response substitution, future plans: redirect DNS queries to the provider's DNS server Description
    49 IPv6 traffic blocking Description
    50 Participant in a marketing campaign with notification via HTTP redirect Description
    51 Reserved (internal service)
    254 VRF Description

    Examples

    1. Enable service: 
      fdpi_ctrl load --service 9 --ip 192.168.0.1
# or
fdpi_ctrl load --service 9 --login USER1
    2. Disable service: 
      fdpi_ctrl del --service 9 --ip 192.168.0.1
    3. Get list with the connected service: 
      fdpi_ctrl list all --service 9
    4. Get information for a specific IP: 
      fdpi_ctrl list --service 9 --ip 192.168.0.1
    5. When specifying the IP list, you can simultaneously specify several options: --file, --ip, --ip_range, --cidr: 
      fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1

      The operation will apply to all specified elements where no error occurred.
      :!: If an error occurs, changes are not rolled back!

    6. Enabling services with named profiles: 
      fdpi_ctrl load --service 4 --profile.name blocked --login Test

    TCP and UDP Protocol Blocking Configuration

    The parameter udp_block is responsible for blocking the UDP protocol. If the udp_block parameter is present in the DPI configuration file /etc/dpi/fastdpi.conf, both TCP and UDP will be blocked; if absent, only TCP will be blocked.

    To start blocking UDP protocols (e.g., QUIC), add the udp_block parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI. 

    udp_block=3

    Adding the parameter does not require a DPI restart; a simple reload is sufficient: 

    service fastdpi reload