en:dpi:dpi_options:use_cases:dpi_prefilter [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsDPIUse Casesdpi_prefilter

    This is an old revision of the document!

    Using DPI for Lawful Interception

    The additional LI licenses purchase is needed eventually to serve increasing number of subscribers and increase of speed in billing plans.
    Stingray Service Gateway (SSG) allows reduction of traffic that is mirrored to LI. This is achieved by filtering of components that LI does not analyse. For example: p2p (torrent), video traffic, etc. The expected traffic reduction is from 40% to 70%, depending on the traffic's structure and filtering list.

    Pre-filter license purchase peculiarities:

    • The BASE license is sufficient to filter the traffic.
    • In case of using the SSG to filter the traffic between 10 Gb/s and 20 Gb/s (the traffic is received by 2 SPAN ports with subsequent merge and transfer to the third port for Lawful Interception) you need the license SSG-40 BASE. However it is charged as SSG-20 BASE license. The usage of SSG-40 Base license is limited to the filter in this case.

    The usage diagram:

    Configuration example to filter the torrent traffic. The traffic is between 10 Gb/s and 20 Gb/s:

    First we create the file protocols.dscp: 

    echo "bittorrent drop" > protocols.txt
cat protocols.txt|lst2dscp /etc/dpi/protocols.dscp
    Full list of protocols.

    Change configuration in the file /etc/dpi/fastdpi.conf: 

      in_dev=dna0:dna1
  out_dev=dna2:dna2
  only_tcp=0
  mem_preset=1

    Check filtering results:

    Execute 

    tail -200 /var/log/dpi/fastdpi_stat.log

    In statistics lines 

      IF dna1 :
  ...
     Drop: [8054507798 bytes][68.92 %]
           [9406449 pkts ][67.16 %]
  ...

    we find the percentage and volume of filtered traffic.

    Example 1: Two input interfaces (dna0, dna1) → dna2) at the output

    On dna0 

    Drop: [29472283528 bytes] [69.20%]

    On dna1 

    Drop: [31027588123 bytes] [68.27%]

    Configuration: 

    root@dpi dpi]# dscp2lst / etc / protocols.dscp | grep drop
https drop
oob-ws-https drop
llsurfup-https drop
compaq-https drop
jpegmpeg drop
wap-push-https drop
appserv-https drop
wbem-https drop
wbem-exp-https drop
sun-sr-https drop
plysrv-https drop
pcsync-https drop
https-wmap drop
armcenterhttps drop
tungsten-https drop
amt-soap-https drop
commtact-https drop
Bittorrent drop
AVI drop
Flash drop
MPEG drop
QuickTime drop
smc-https drop
oracleas-https drop
sun-user-https drop
synapse-nhttps drop

    Example 2:

    6 interfaces are translated into 2: 

    dna0 -> dna2: Drop: [5137046066 bytes] [28.22
dna1 -> dna2: Drop: [8101857673 bytes] [19.26
dna3 -> dna2: Drop: [12787251863 bytes] [52.18
dna4 -> dna6: Drop: [6354960583 bytes] [42.20
dna5 -> dna6: Drop: [13143567397 bytes] [51.23
dna7 -> dna6: Drop: [7089187511 bytes] [17.96

    Configuration: 

    root@dpi dpi]# dscp2lst / etc / protocols.dscp | grep drop
Bittorrent drop