Local traffic interconnect
Description
FastDPI BRAS has a feature to interconnect the local (intra-network) traffic between users.
When the interconnection mode is enabled, BRAS searches its UDR database for the recipient's IP address. If it is found and the session is not expired and is not explicitly closed (there was no DHCPRELEASE), then the packet is not passed out, but sent back to the receiver's input dna interface. Since this is local traffic, no SSG features (filtering, policing, services) are applied to it.
When the local traffic is interconnected, BRAS adjusts the L2-headers of the packet: it substitutes its bras_arp_mac MAC address as the source MAC address, the destination MAC address is determined by the properties of the destination IP address, VLAN tags are changed to tags related to the destination subscriber (these tags and MAC address are remembered by BRAS in the UDR when the recipient's DHCP session starts). In this case, a different number of VLAN tags are allowed for the sender and receiver; for example, in a multi-vendor local area network, the sending subscriber may have two VLAN tags (QinQ, VLAN-per-user), and the recipient subscriber may have one VLAN tag, or vice versa.
Configuration
To enable this feature you should use the bras_terminate_local option of the fastdpi.conf configuration file:
Traffic locality is determined by the autonomous system as described
here
It is possible to disable the local traffic interconnect for a particular subscriber, see the VasExperts-Enable-Interconnect Radius Attribute. A packet from one local subscriber to another will be dropped if the interconnect feature is disabled for at least one of the subscribers.
Stingray Service Gateway prohibits local interconnect between subscribers in the same VLAN, but belonging to different subnets. This is to control the
fdb storm on some (old) switches. Starting from
SSG 8.1, this adjustment can be disabled with the
fastdpi.conf parameter
bras_skip_detect_vlan_interconnect=1
Interconnect by autonomous systems (AS)
In Stingray Service Gateway 7.4 and higher the termination by the AS mode is added: in this mode to interconnect the local traffic the receiver's IP address should belong to an autonomous system marked as term .
In networks where the core (internal servers and services available to subscribers) is in front of the SSG, you can optionally specify the options being used to interconnect the subscriber traffic to the kernel. It is assumed that the kernel servers IP addresses belong to the local AS and that the IP addresses of the servers are statically assigned.
For this purpose, for each input dna interface you should specify corresponding option in the fastdpi.conf:
bras_term_dev_inner=dev=dna0;bras_gateway_ip=10.0.1.17;bras_gateway_mac=00:1f:a0:11:53:b4;bras_vlan_subst=33
bras_term_dev_inner=dev=dna2;bras_gateway_ip=10.0.1.18;bras_gateway_mac=00:1f:a0:11:53:b5;bras_vlan_subst=35
When the local traffic is interconnected by AS the VAS Experts DPI checks whether the bras_term_dev_inner option is specified for the dna interface from which the packet was received. If the option is specified the VAS Experts DPI will apply the following rules:
| destination AS |
| source AS | non-local | local | local+term |
| non-local | pass | pass1) | dest abonent |
| local | pass | pass2) | dest abonent |
| local+term | pass | dev | dest abonent |