Version 10.0 Primus Maximus [Документация VAS Experts]

Version 10.0 Primus Maximus

Changes in version 10.0 Primus Maximus:

  1. Router support added, based on the following router-daemons: BIRD, FRRouting(FRR), QUAGGA, Juniper CRPD and others.
  2. Upgrade to DPDK 20.11 LTS
  3. EoMPLS parsing fixed
  4. Support for user defined signatures added.

10.0.2

Changes in version 10.0.2 Primus Maximus

  1. New mode dpdk_engine=4 added
  2. Support for * in the sni signatures added
  3. Changes in CentOS8: loading services after full initialization and assignment of network interface addresses

10.0.3

Changes in version 10.0.3 Primus Maximus

  1. Transmission of the Gateway attribute for DHCP/ARP/PPP authorization fixed
  2. Application of custom signatures based on HTTPS/QUIC fixed
  3. [dpdk] New conf parameter dpdk_max_simd added - max SIMD instruction size

10.1

Changes in version 10.1 Primus Maximus

  1. Protocols Facetime, SMPP added
  2. The order of fields in the output of the mdb_dump utility in the format of the fdpi_ctrl utility fixed
  3. [bras][dhcp-relay] Parameter bras_dhcp_opt82 is extended with the following values: 3 - add or replace existing opt82 only in broadcast requests; 4 - add or replace existing opt82 in any requests - broadcast or unicast. The bras_dhcp_opt82_format parameter is taken into account when replacing. Reason: For some Q-in-Q providers it is important that opt82 contains data in a common format, while intermediate relays can insert opt82 in their unique format.
  4. [bras][dhcp-proxy] Fixed: now does not initiate an L2 session into a releaded state.
  5. [bras][dhcp] Changes: does not initiate authorization on Radius. For DHCP subscribers, DHCP-INFORM can be sent if the subscriber needs some more data (options) but the DHCP subscriber is already authorized by DHCP-Request. For subscribers with a static address, DHPC-INFORM can be sent to get additional options. But for L2 subscribers with static IP you have to use VasExperts-L2-User=1 attribute with normal L3 auth.
  6. [bras][dhcp] Fixed: when DHCP-Release/Decline is received, the session status for the subscriber is set to released. This blocks the subscriber's access to the inet.
  7. [pcrf] Fixed: when a connection to the Radius server is broken, active acct-sessions not scheduled for sending in the future may remain.
  8. [bras][dhcp-relay] Fixed: operation in DHCP Proxy mode with fastdpi redundancy via fastpcrf: the subscriber's L2 properties were not transferred to the stand-by Stingray Service Gateway, because from the perspective of pcrf the L3-authorization was performed.
  9. [bras][dhcp-relay] Fixed: When receiving a response replica, an empty acct session from the stand-by fastdpi used to start. Now it does not.
  10. [bras] Changed: TTL exceeded responds from subscriber GW in any direction.
  11. [bras] Added: bras_transparency parameter in fastdpi.conf: Transparent (1) or not (0) SSG in L2 BRAS mode. In transparent mode, L2 BRAS does not control the TTL of the packet, it does not send ICMP Time Exceeded when the TTL is exhausted, therefore, for example, the traceroute utility will not recognize the subscriber gateway when tracing. In non-transparent mode (0) L2 BRAS corrects the TTL of the packet and sends ICMP Time Exceeded when exhausted. Default value: 1 (L2 BRAS is transparent).
  12. [bras] Added: saving subscriber GW in subscriber L2 properties (ip_prop). Previously, the gateway address was stored in the UDR as a separate entry with the Gateway "session" type. Now, since TTL processing and the need to send ICMP Time Exceeded in case of TTL packet exhaustion have been added, you need to have in ip_prop the GW address of the subscriber, from which ICMP Time Exceeded will be sent.
  13. [cli] Added to commands: subs prop show - subscriber GW output, subs prop set - subscriber GW setting.
  14. [router] LAG Support added: If one of the LAG devices has TAP interfaces (involved in routing), traffic to the TAP is captured from all LAG devices.
  15. [bras] Added: L3 auth by ARP request (by sourceIP). Works only in L2 BRAS mode. Performed if L2 ARP auth is disabled or unsuccessful (for example, targetIP is not a gateway address or this gateway is not yet recognized by the SSG).
  16. [BRAS][ARP]: Fixed: now the VLAN is taken into account when deciding whether to respond to an ARP request to a local client.
  17. [bras][l3] Added: запоминаем subnet mask в L2-свойствах, если задано VasExperts-L2-User=1
  18. [BRAS][DHCP] Changed: DHCP authorization response handlers are always connected.
  19. [router] Updating the ARP cache not only by reply, but also by requests from neighbor hosts.
  20. [router][cli] Added test CLI command - router neighbor cache refresh - forced Linux neighbor cache refresh for IPv4/IPv6.
  21. [router][CLI] Added a default route rule for the router test command
  22. [bras][pppoe] Fixed: output of traces to slave-logs when setting bras_pppoe_trace_mac
  23. [router] Changed: if the ARP cache entry has no L2 properties (MAC address), then we send ICMP dest unreachable, and the packet is dropped. In the CLI statistics, such situations are displayed separately - the counter unknown_gw_mac
  24. [router] Added: forced update of the Linux ARP cache in cases when an IP is added to our ARP cache, but the MAC and VLAN of this entry are unknown.

10.1.1

Changes in version 10.1.1 Primus Maximus

  1. RTP detector fix
  2. [router] Fixed bug with IPv6 packets when IPv6 analysis is disabled
  3. [dpdk] Fixed dpdk_engine=4 mode

10.2

Changes in version 10.2 Primus Maximus

  1. WhatsApp detection improved.
  2. Support for Mellanox cards improved.
  3. [router] Added: support multi-path (ECMP).
  4. [bras][auth] Changed: сalculation of L3-session time for rejected L2-subscribers (e.g. for DHCP Relay mode). Now if the Session-Timeout attribute is explicitly specified, it is taken into account for the duration of the rejected L3-session.
  5. [pcrf][acct] Workaround for the situation when unplanned acct-sessions appear in the started state.
  6. [bras][pppoe] Added: Ability to set Service-Name on the SSG side when setting up a PPPoE session - added the bras_pppoe_service_name parameter to fastdpi.conf.
  7. [router] Fixed: consideration of the nat_exclude_private=1 parameter when deciding whether or not to announce a client's private address in the inet.
  8. [bras] Added: support for the Framed-Route attribute for L3 authorization with the VasExperts-L2-User=1 flag.
  9. [pcrf] Fixed: consideration of the Idle-Timeout attribute for the PPP authorization.
  10. [pcrf] Added additional logging of VLAN, MAC for errors in DHCP requests.
  11. [BRAS][DHCP] Framed-Pool Fixed: adding VasExperts opt125 with the pool name to an existing opt125, if there is one
  12. [bras] Added: consideration of the VasExperts-Enable-Interconnect=0 attribute for local interconnect. Previously, this attribute was only taken into account for ports that had the bras_term_dev_inner option explicitly set in fastdpi.conf.
  13. [pcrf][acct] Fixed: idle was not detected if after starting the acct-session there were no data changes at all and all counters were zero, and idle control is performed on the data coming from the subscriber (fastpcrf.conf acct_check_idle_mode=1).
  14. [dpdk][CLI] Added the current port speed and signs of full-duplex and autoneg to the output of the dev link state show command.
  15. [router] Added: handling the deletion of the default route rule.
  16. Fixed: failure due to DDOS from the operator's internal network.

Upgrade Instructions

You can check the current installed version with the command

yum info fastdpi

Downgrade to 10.1.1:

yum downgrade fastdpi-10.1-1 fastpcrf-10.1-1 fastradius-10.1-0

After the version is changed, a service restart is required:

service fastdpi restart

:!: If PCRF and/or Radius are used, they also require a restart in the following order:

service fastdpi stop
setvice fastpcrf restart
service fastdpi start

:!: Do not upgrade the Linux kernel. In newer versions of the kernel binary compatibility with Kernel ABI may be broken and the network driver will not boot after the update. If you did update, then temporarily (during solving the problem) configure the grub boot loader to load the previous kernel version (in the /etc/grub.conf file please set the following option: default = 1).

If there is a warning that the update is not found or problems with dependencies are found, then run the command before updating:

yum clean all

See what was new in the previous version.