The additional СОРМ licenses purchase is needed eventually to serve increasing number of subscribers and increase of speed in billing plans.
SKAT allows reduction of traffic that is mirrored to СОРМ. This is achieved by filtering of components that СОРМ does not analyse. For example: p2p (torrent), video traffic and so on. The expected traffic reduction is from 40% to 70%, depending on the traffic's structure and filtering list.

Pre-filter license purchase peculiarities:

• The BASE license is sufficient to filter the traffic.
• In case of using SKAT to filter the traffic between 10 Gb/s and 20 Gb/s (the traffic is received by 2 SPAN ports with subsequent merge and transfer to the third port for СОРМ) you need the license SKAT-40 BASE. However it is charged as SKAT-20 BASE license. The usage of SKAT-40 Base license is limited to the filter in this case.

The usage diagram:

Configuration example to filter the torrent traffic. The traffic is between 10 Gb/s and 20 Gb/s:

First we create the file protocols.dscp:

echo "bittorrent drop" > protocols.txt
cat protocols.txt|lst2dscp /etc/dpi/protocols.dscp

Change configuration in the file /etc/dpi/fastdpi.conf:

  in_dev=dna0:dna1
  out_dev=dna2:dna2
  only_tcp=0
  mem_preset=1

Check filtering results:

Execute

tail -200 /var/log/dpi/fastdpi_stat.log

In statistics lines

  IF dna1 :
  ...
     Drop: [8054507798 bytes][68.92 %]
           [9406449 pkts ][67.16 %]
  ...

we find the percentage and volume of filtered traffic.