====== Version 10.0 Primus Maximus ======
{{indexmenu_n>11}}

Changes in version 10.0 Primus Maximus:

  - [[dpi:dpi_components:router:start|Router support]] added, based on the following router-daemons: [[https://bird.network.cz|BIRD]], [[https://frrouting.org|FRRouting(FRR)]], [[https://www.quagga.net|QUAGGA]], [[https://www.juniper.net/documentation/product/en_US/crpd|Juniper CRPD]] and others.
  - Upgrade to DPDK 20.11 LTS
  - EoMPLS parsing fixed
  - Support for user defined signatures added.

===== 10.0.2 =====
Changes in version 10.0.2 Primus Maximus 

  - New mode dpdk_engine=4 added
  - Support for * in the sni signatures added
  - Changes in CentOS8: loading services after full initialization and assignment of network interface addresses

===== 10.0.3 =====
Changes in version 10.0.3 Primus Maximus 

  - Transmission of the Gateway attribute for DHCP/ARP/PPP authorization fixed
  - Application of custom signatures based on HTTPS/QUIC fixed
  - [dpdk] New conf parameter dpdk_max_simd added - max SIMD instruction size

===== 10.1 =====
Changes in version 10.1 Primus Maximus 

  - Protocols Facetime, SMPP added
  - The order of fields in the output of the ''mdb_dump'' utility in the format of the ''fdpi_ctrl'' utility fixed
  - [bras][dhcp-relay] Parameter [[dpi:bras_bng:bras_l2_vlan:bras_l2_vlan_dhcp:bras_l2_vlan_dhcp_relay:start#advanced_settings|bras_dhcp_opt82]] is extended with the following values:  3 - add or replace existing opt82 only in broadcast requests; 4 - add or replace existing opt82 in any requests - broadcast or unicast. The bras_dhcp_opt82_format parameter is taken into account when replacing. Reason: For some Q-in-Q providers it is important that opt82 contains data in a common format, while intermediate relays can insert opt82 in their unique format.
  - [bras][dhcp-proxy] Fixed: now does not initiate an L2 session into a releaded state.
  - [bras][dhcp] Changes: does not initiate authorization on Radius. For DHCP subscribers, DHCP-INFORM can be sent if the subscriber needs some more data (options) but the DHCP subscriber is already authorized by DHCP-Request. For subscribers with a static address, DHPC-INFORM can be sent to get additional options. But for L2 subscribers with static IP you have to use VasExperts-L2-User=1 attribute with normal L3 auth.
  - [bras][dhcp] Fixed: when DHCP-Release/Decline is received, the session status for the subscriber is set to released. This blocks the subscriber's access to the inet.
  - [pcrf] Fixed: when a connection to the Radius server is broken, active acct-sessions not scheduled for sending in the future may remain.
  - [bras][dhcp-relay] Fixed: operation in DHCP Proxy mode with fastdpi redundancy via fastpcrf: the subscriber's L2 properties were not transferred to the stand-by Stingray Service Gateway, because from the perspective of pcrf the L3-authorization was performed.
  - [bras][dhcp-relay] Fixed: When receiving a response replica, an empty acct session from the stand-by fastdpi used to start. Now it does not.
  - [bras] Changed: TTL exceeded responds from subscriber GW in any direction.
  - [bras] Added: [[dpi:bras_bng:bras_l2_vlan_term:ttl|bras_transparency]] parameter in fastdpi.conf: Transparent (1) or not (0) SSG in L2 BRAS mode. In transparent mode, L2 BRAS does not control the TTL of the packet, it does not send ICMP Time Exceeded when the TTL is exhausted, therefore, for example, the traceroute utility will not recognize the subscriber gateway when tracing. In non-transparent mode (0) L2 BRAS corrects the TTL of the packet and sends ICMP Time Exceeded when exhausted. Default value: 1 (L2 BRAS is transparent).
  - [bras] Added: saving subscriber GW in subscriber L2 properties (ip_prop). Previously, the gateway address was stored in the UDR as a separate entry with the Gateway "session" type. Now, since TTL processing and the need to send ICMP Time Exceeded in case of TTL packet exhaustion have been added, you need to have in ip_prop the GW address of the subscriber, from which ICMP Time Exceeded will be sent.
  - [cli] Added to commands: subs prop show - subscriber GW output, subs prop set - subscriber GW setting.
  - [router] [[dpi:dpi_components:router:start#lag_support|LAG Support]] added: If one of the LAG devices has TAP interfaces (involved in routing), traffic to the TAP is captured from all LAG devices.
  - [bras] Added: L3 auth by ARP request (by sourceIP). Works only in L2 BRAS mode. Performed if L2 ARP auth is disabled or unsuccessful (for example, targetIP is not a gateway address or this gateway is not yet recognized by the SSG).
  - [BRAS][ARP]: Fixed: now the VLAN is taken into account when deciding whether to respond to an ARP request to a local client.
  - [bras][l3] Added: запоминаем subnet mask в L2-свойствах, если задано VasExperts-L2-User=1
  - [BRAS][DHCP] Changed: DHCP authorization response handlers are always connected.
  - [router] Updating the ARP cache not only by reply, but also by requests from neighbor hosts.
  - [router][cli] Added test CLI command - router neighbor cache refresh - forced Linux neighbor cache refresh for IPv4/IPv6.
  - [router][CLI] Added a default route rule for the router test command
  - [bras][pppoe] Fixed: output of traces to slave-logs when setting bras_pppoe_trace_mac
  - [router] Changed: if the ARP cache entry has no L2 properties (MAC address), then we send ICMP dest unreachable, and the packet is dropped. In the CLI statistics, such situations are displayed separately - the counter unknown_gw_mac
  - [router] Added: forced update of the Linux ARP cache in cases when an IP is added to our ARP cache, but the MAC and VLAN of this entry are unknown.

===== 10.1.1 =====
Changes in version 10.1.1 Primus Maximus 

  - RTP detector fix
  - [router] Fixed bug with IPv6 packets when IPv6 analysis is disabled
  - [dpdk] Fixed dpdk_engine=4 mode 

===== 10.2 =====
Changes in version 10.2 Primus Maximus

  - WhatsApp detection improved.
  - Support for Mellanox cards improved.
  - [router] Added: [[dpi:dpi_components:router:start#multi-path_routing_ecmp|support multi-path (ECMP)]].
  - [bras][auth] Changed: сalculation of L3-session time for rejected L2-subscribers (e.g. for DHCP Relay mode). Now if the ''Session-Timeout'' attribute is explicitly specified, it is taken into account for the duration of the rejected L3-session.
  - [pcrf][acct] Workaround for the situation when unplanned acct-sessions appear in the started state.
  - [bras][pppoe] Added: Ability to set ''Service-Name'' on the SSG side when setting up a PPPoE session - added the [[dpi:bras_bng:bras_pppoe:bras_pppoe_conf:start|bras_pppoe_service_name]] parameter to fastdpi.conf.
  - [router] Fixed: consideration of the ''nat_exclude_private=1'' parameter when deciding whether or not [[dpi:dpi_components:router:start#subscriber_announcements_and_nat_pool|to announce a client's private address]] in the inet.
  - [bras] Added: support for the ''Framed-Route'' attribute for L3 authorization with the ''VasExperts-L2-User=1'' flag.
  - [pcrf] Fixed: consideration of the ''Idle-Timeout'' attribute for the PPP authorization.
  - [pcrf] Added additional logging of VLAN, MAC for errors in DHCP requests.
  - [BRAS][DHCP] [[dpi:bras_bng:ip_pool:ipv4:start|Framed-Pool]] Fixed: adding VasExperts opt125 with the pool name to an existing opt125, if there is one
  - [bras] Added: consideration of the ''VasExperts-Enable-Interconnect=0'' attribute for local interconnect. Previously, this attribute was only taken into account for ports that had the ''bras_term_dev_inner'' option explicitly set in fastdpi.conf.
  - [pcrf][acct] Fixed: idle was not detected if after starting the acct-session there were no data changes at all and all counters were zero, and idle control is performed on the data coming from the subscriber (fastpcrf.conf ''acct_check_idle_mode=1'').
  - [dpdk][CLI] Added the current port speed and signs of full-duplex and autoneg to the output of the ''dev link state show'' command.
  - [router] Added: handling the deletion of the default route rule.
  - [bras][auth] Changes on [[dpi:dpi_components:router:start#announcement_of_l3_subscriber_addresses|subscriber's IP-address announcements for L3-authorization]].
  - Fixed: failure due to DDOS from the operator's internal network.
===== Upgrade Instructions =====
You can check the current installed version with the command
<code>
yum info fastdpi
</code>

 
Downgrade to 10.1.1:

<code>
yum downgrade fastdpi-10.1-1 fastpcrf-10.1-1 fastradius-10.1-0
</code>

After the version is changed, a service restart is required:

<code>
service fastdpi restart
</code>

:!: If PCRF and/or Radius are used, they also require a restart in the following order:
<code>
service fastdpi stop
setvice fastpcrf restart
service fastdpi start
</code>


:!: Do not upgrade the Linux kernel. In newer versions of the kernel binary compatibility with Kernel ABI may be broken and the network driver will not boot after the update. If you did update, then temporarily (during solving the problem) configure the grub boot loader to load the previous kernel version (in the /etc/grub.conf file please set the following option: default = 1).

If there is a warning that the update is not found or problems with dependencies are found, then run the command before updating:
<code>
yum clean all
</code>

See what was new in the [[dpi:update:previous:ver_9_0:start|previous version]].