Using DPI for Lawful Interception [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsDPIUse CasesUsing DPI for Lawful Interception

    Using DPI for Lawful Interception

    The additional LI licenses purchase is needed eventually to serve increasing number of subscribers and increase of speed in billing plans.
    Stingray Service Gateway (SSG) allows reduction of traffic that is mirrored to LI. This is achieved by filtering of components that LI does not analyze. For example: p2p (torrent), video traffic, etc. The expected traffic reduction is from 40% to 70%, depending on the traffic's structure and filtering list.

    Pre-filter license purchase peculiarities:

    • A FLTR, BASE or COMPLETE license is sufficient to perform traffic filtering.
    • The bandwidth of the license is determined by the total traffic, the rules are described in the Licensing section.

    The usage diagram:

    Example 1: One interface per input and one per output (01-00.0 -→ 01-00.1)

    Define interface parameters in the configuration file /etc/dpi/fastdpi.conf 

    in_dev=01-00.0
out_dev=01-00.1
only_tcp=0
mem_preset=1

    Create the file protocols.dscp: 

    echo "bittorrent drop" > protocols.txt
cat protocols.txt|lst2dscp /etc/dpi/protocols.dscp
    Full list of protocols.

    Check filtering results:

    Execute 

    tail -200 /var/log/dpi/fastdpi_stat.log

    In the statistics lines we find the percentage and volume of filtered traffic 

      IF 01-00.0 :
  ...
     Drop: [8054507798 bytes][68.92 %]
           [9406449 pkts ][67.16 %]
  ...

    Example 2: Two input interfaces and one to output (01-00.0 and 01-00.1) -→ 01-00.2)

    Define interface parameters in the configuration file /etc/dpi/fastdpi.conf 

    in_dev=01-00:01-00.1 
out_dev=01-00.2:01-00.2 
only_tcp=0 
mem_preset=1

    Check filtering results:

    Execute 

    tail -200 /var/log/dpi/fastdpi_stat.log

    In the statistics lines we find the percentage and volume of filtered traffic

    On 01-00.0 

    Drop: [29472283528 bytes] [69.20%]

    On 01-00.1 

    Drop: [31027588123 bytes] [68.27%]

    Configuration: 

    root@dpi dpi]# dscp2lst / etc / protocols.dscp | grep drop
https drop
oob-ws-https drop
llsurfup-https drop
compaq-https drop
jpegmpeg drop
wap-push-https drop
appserv-https drop
wbem-https drop
wbem-exp-https drop
sun-sr-https drop
plysrv-https drop
pcsync-https drop
https-wmap drop
armcenterhttps drop
tungsten-https drop
amt-soap-https drop
commtact-https drop
Bittorrent drop
AVI drop
Flash drop
MPEG drop
QuickTime drop
smc-https drop
oracleas-https drop
sun-user-https drop
synapse-nhttps drop