====== Configuration ====== {{indexmenu_n>2}} Policing has two connection options: - Individual profile: connects without specifying a profile, an individual profile is created for each subscriber. - Named profile: connects with the profile name. For BRAS, named profiles must be used **name specified in the Radius-Accept attributes.** ===== Individual Profile ===== An individual configuration file is used to define each bandwidth control policy. This file specifies bandwidth limits for protocol classes (groups). The method is similar to [[dpi:dpi_options:opt_shaping:shaping_settings|overall bandwidth control]]). [[dpi:dpi_components:platform:subscriber_management|fdpi_ctrl]] utility applies the configured policies to subscribers. The format of the instruction: fdpi_ctrl command --policing policing_description_file [IP_list] Instructions' syntax and IP addresses specification methods are described in details here: [[dpi:dpi_components:platform:subscriber_management:subsman_cmd|Control instructions]]. Note the use of [[dpi:dpi_components:platform:subscriber_management:subsman_profiles|named policing profiles]]\\ The tariff plan can be set in [[dpi:dpi_options:opt_bandwidth_mgmt:bandwidth_json|JSON format]] as well. ==== Example 1: torrent limiting ==== For advanced users: We recommend that you read [[dpi:dpi_options:opt_bandwidth_mgmt:bandwidth_conf|"Outgoing traffic management via feedback"]]. We intend to offer our subscribers the plan for 10 Mb/s with torrent bandwidth limit of 3 Mb/s. To accomplish the goal we create a class for torrents as described in [[dpi:dpi_options:opt_priority:priority_config|Configuring priorities]]. bittorrent cs1 default cs0 We're splitting the traffic into 2 classes for this example: * cs0 - corresponds to DSCP=0 QOS(IPP)=0 Best Effort * cs1 - corresponds to DSCP=8 QOS(IPP)=1 Priority We're creating the configuration file rateplan_1.cfg. It specifies bandwidth limits for each of 8 protocol classes (groups). We use HTB (the method of borrowing available bandwidth) and specify the bandwidth limit for torrents 3 Mb, but not smaller than 1 Mb. Unlike torrents, other traffic may take the whole available bandwidth. htb_inbound_root=rate 10mbit htb_inbound_class0=rate 8bit ceil 10mbit htb_inbound_class1=rate 1mbit ceil 3mbit htb_inbound_class2=rate 8bit ceil 10mbit htb_inbound_class3=rate 8bit ceil 10mbit htb_inbound_class4=rate 8bit ceil 10mbit htb_inbound_class5=rate 8bit ceil 10mbit htb_inbound_class6=rate 8bit ceil 10mbit htb_inbound_class7=rate 8bit ceil 10mbit htb_root=rate 10mbit htb_class0=rate 8bit ceil 10mbit htb_class1=rate 1mbit ceil 3mbit htb_class2=rate 8bit ceil 10mbit htb_class3=rate 8bit ceil 10mbit htb_class4=rate 8bit ceil 10mbit htb_class5=rate 8bit ceil 10mbit htb_class6=rate 8bit ceil 10mbit htb_class7=rate 8bit ceil 10mbit * htp_inbound_root, htb_root are the root classes that define the overall bandwidth for inbound and outbound traffic. The bandwidth is distributed within these classes. * rate - is the minimal bandwidth * ceil - is the maximum bandwidth that can be borrowed from the root class if available * class2-7 would not be used as we configure two classes only: 0 and 1. Here we assign the configured policy to subscribers that use this plan: fdpi_ctrl load --policing rateplan_1.cfg --file subscribers_with_rateplan_1.txt ==== Example 2: maximum speed for peering==== Bandwidth allocation for several classes (for example containing peer-to-peer traffic) can be deduced from the HTB (Hierarchical Token Bucket) hierarchy. It can be done by specifying the keyword **static** in the description. In this case, the restriction for this class will be applied independently regardless to htb_root. For example under the conditions noted above, we separately limit the class 6 to 100 Mbps. htb_inbound_root=rate 10mbit htb_inbound_class0=rate 8bit ceil 10mbit htb_inbound_class1=rate 1mbit ceil 3mbit htb_inbound_class2=rate 8bit ceil 10mbit htb_inbound_class3=rate 8bit ceil 10mbit htb_inbound_class4=rate 8bit ceil 10mbit htb_inbound_class5=rate 8bit ceil 10mbit htb_inbound_class6=rate 100mbit static htb_inbound_class7=rate 8bit ceil 10mbit htb_root=rate 10mbit htb_class0=rate 8bit ceil 10mbit htb_class1=rate 1mbit ceil 3mbit htb_class2=rate 8bit ceil 10mbit htb_class3=rate 8bit ceil 10mbit htb_class4=rate 8bit ceil 10mbit htb_class5=rate 8bit ceil 10mbit htb_class6=rate 100mbit static htb_class7=rate 8bit ceil 10mbit ==== Example 3: assigning policing for multisubscribers ==== Let's assign the plan from the previous example to a subscriber with several IPs. Check that database support is enabled in DPI **///etc/dpi/fastdpi.conf//**: udr=1 If it is not enabled: we enable it and restart DPI: service fastdpi restart Reserve for corporative subscriber all his IPs: fdpi_ctrl load --bind_multi --user OOO_PizzaJohnes:192.168.0.1-192.168.0.5,192.168.1.10-192.168.1.25 The subscriber's IP list can be modified [[dpi:dpi_components:platform:subscriber_management:dpi_ipmulti|dynamically]] (i.e. add new IPs and delete it). Let's assign the bandwidth limits according to the plan: fdpi_ctrl load --policing rateplan_1.cfg --login PizzaJohnes_LLC Setting the schedule for tariff plans: {{youtube>IQa_3T0jJ38?}}