In version 9.4, the ability to translate VLAN has been added: the incoming VLAN of the packet is replaced with the specified outgoing VLAN.
VLAN translation is specified in /etc/dpi/vlan_translation.txt
text file, which has the following structure:
# subs VLAN inet VLAN 123 1123 124 1124 125 1125 # and so on.
Each line defines the correspondence of the incoming and outgoing VLAN.
A line starting with #
is a comment. Leading spaces/tabs on the line are ignored.
The translation text file must be converted to a binary file /etc/dpi/vlan_translation.bin
using the vlan2bin utility from dpiutils:
cat vlan_translation.txt|vlan2bin /etc/dpi/vlan_translation.bin
The reverse conversion from binary to text is performed by the bin2vlan utility:
bin2vlan /etc/dpi/vlan_translation.bin >vlan_translation.txt
VLAN translation mode is enabled simply by the presence of the file /etc/dpi/vlan_translation.bin
: if this file does exist, than translation mode is enabled. The absence of the file is an indication that the VLAN translation mode is disabled. The content of the translation file can be changed on-the-fly: DPI platform periodically checks the file; if it was changed, DPI re-reads the translation table. You can turn off translation mode on-the-fly by simply deleting or renaming the translation file /etc/dpi/vlan_translation.bin
.
When VLAN translation is enabled, it applies to any mode of DPI operation, not just BRAS mode.
When VLAN traslation is enabled, DPI works as follows:
VLAN translation is applied only to the packets with one VLAN-tag. For Q-in-Q, translation is not applied. If the packet does not have a VLAN tag, translation is also not applied - the packet is sent "as it is", unchanged.
The correspondence must be one-to-one; the following settings are not valid:
# subs VLAN inet VLAN # Error: two subs VLAN (64 and 65) are translated into one VLAN=200 64 200 65 200 # Similar error: inet VLAN 202 and 203 are translated into one subs VLAN=2067 2067 202 2067 203 # ...
At the end of the file, you can add default translation recordings:
# subs VLAN inet VLAN 123 1123 124 1124 125 1125 # then list all the other translations ... # Statement "translate all other subs VLANs on subs->inet to inet VLAN 4012" # There can be only one such statement in a file! * 4012 # Statement "translate all other inet VLAN on inet->subs to subs VLAN 2089" # There can be only one such statement in a file! 2089 * # End of translation file
VLAN translation is also used in the L2 BRAS/BNG mode; taking into account the fact that L2 BRAS/BNG VLAN is already able to perform VLAN tag replacement, the rules are slightly different.
The VLAN translation table is used in L2 BRAS/BNG when terminating sub→inet traffic in the following cases:
bras_vlan_terminate=0
);bras_vlan_terminate=2
: if the subscriber does not have the outVLAN property and there is a translation record for the VLAN-tag of the packetbras_vlan_terminate=3
: if the subscriber does not have the outVLAN property and there is a translation record for the VLAN-tag of the packet.
In other words, in bras_vlan_terminate
=2 or 3 modes, the subscriber's outVLAN property has the highest priority when terminating traffic subs→inet. The next (if the subscriber does not have the outVLAN property and if the packet has only one VLAN-tag) is the search in the VLAN termination table. Then, if there are no translations found, configuration parameters are applied as described in the modes bras_vlan_terminate
(see links above).
When the inet→subs traffic is originated, VLAN translation table in L2 BRAS/BNG mode is used only for unknown subscribers, that is, when DPI system does not find L2-properties of the subscriber.
There are several CLI-commands for working with the VLAN translation table.
fdpi_cli vlan translation
Lists the current translation tables subs→inet and inet→subs. In the output of this command, default values like * N
and N *
are unwrapped. If there are no translations, the command will report it.
fdpi_cli vlan translation reload
Immediate download of file /etc/dpi/vlan_translation.bin
. If there is no such file, then VLAN translation mode is disabled.
DPI checks for the existence and modification of the file /etc/dpi/vlan_translation.bin
once a minute, but with this command you can force the DPI to re-read it immediately.
fdpi_cli vlan translation test [subs|inet] <vlan>
Checking VLAN translation on the specified route:
subs
- subs-VLAN translation <vlan>
inet
- inet-VLAN translation <vlan>
Examples:
# which VLAN <VLAN=123> is translated to on the subs->inet route fdpi_cli vlan translation test subs 123 # command output: VLAN=123 translation subs->inet: 123 -> 1123 # which VLAN <VLAN=1124> is translated to on the inet->subs route fdpi_cli vlan translation test inet 1124 # command output: VLAN=1124 translation inet->subs: 1124 -> 124 # If there is no translation for the specified VLAN, the command will respond with an error: No translation for VLAN=666 for subs->inet