If you have version of CentOS 6.x or CentOS 8.x installed, switch the repository once with the command:
sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault.centos.org/' /etc/yum.repos.d/CentOS-*.repo
Then run updates as usual:
yum update fastdpi
Module yaml error
appears during the upgrade, you should upgrade the module dnf upgrade libmodulemd
.
After updating, restart the DPI:
service fastdpi restart
and other dependent procoesses (PCRF/Radius), but only if they are actually used and their configuration is valid:
service fastpcrf restart service fdpi_radius restart
You can update the operating system components Do not update the kernel version and its dependent utilities!
For CentOS 6.x:
yum --exclude=kernel*,util-linux-ng,libuuid,libblkid update
For CentOS 8.x:
yum update
Note for users running the DPI in a virtual environment, using old CPU (release of 2009) and AMD CPU:
Run the following command before the update:
touch /etc/dpi/noprioadj
and it causes the DPI process to be launched with normal priority (not the realtime), thus significantly reducing the consumption of CPU system (sys) resourses, but slightly increasing the latency on the platform.
14.0 Shooting Stars 1)
You can check the currently installed version with the command:
yum info fastdpi
Rollback to 13.3:
yum downgrade fastdpi-13.3-0 fastpcrf-13.3-0 dpiutils-13.3 fastradius-13.3
After updating or changing the version, a service restart is required:
service fastdpi restart
If PCRF and/or Radius are used, they must also be restarted. For PCRF restart, the following order is preferred:
service fastdpi stop service fastpcrf restart service fastdpi start
Do not perform Linux kernel updates. In new kernel versions, binary compatibility with Kernel ABI may be broken, and the network driver may not load after the update. If you have already performed the update, temporarily configure the GRUB bootloader to boot the previous kernel version: in the
/etc/grub.conf
file, set the parameter default=1
.
If during the update a message appears that the update was not found or there are dependency issues, before updating, execute the command:
yum clean all
subs_id
in commands: dhcp show
, dhcp reauth
, dhcp6 show
, dhcp6 reauth
, and dhcp disconnect
. Descriptionipfix_reserved
has been added to reserve memory for enabling/changing IPFIX/Netflow parameters. If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled and parameters/new exporter types can be changed without restarting fastDPI.bind_ipv6_address
and bind_ipv6_subnet
. If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the bind_ipv6_subnet
restriction. Descriptiondev info
now includes the name of the LAG that the port belongs toClient-Id
now includes tunnel-IP
as part of the subscriber ID. For more details, see sections IPv4 Pools Support and IPv6 pools supportipfix_mtu_limit
to restrict maximum message size for IPFIX UDP packetsvrrp_enable
option changel2subs_id
+ tunnel-IP
. For PPPoE sessions, tunnel IP = 0. CLI commands that use subs_id
as a key (subs prop show
, l2tp show session
, l2tp term
, etc.) may now return multiple entries with the same l2subs_id
.hal mempool props hal mempool stat
DPDK must be built with statistics collection enabled to display mempool stats
Acct-Interim-Interval = 0
is explicitly set in the RADIUS response. For more details, see sections Subscriber authorization attributes, Access-Accept format for the PPPoE networks, Access-Reject format for PPPoE networksdpdk_emit_mempool_size
is deprecated and no longer used.vlan group
were converted and moved from UDR to SDR, with removal from UDR. Descriptionvlan rule add
- add new rule to SDRvlan rule modify
- modify existing rule in SDRvlan rule delete
- delete rule from SDRvlan rule show
- show all rules for the specified VLAN/QinQvlan rule dump
- dump all rules in SDRvlan rule purge vlan
/qinq
/all
- clear SDR for VLAN/QinQ or bothvlan rule apply
- apply rules; by default, rules are applied 5 minutes after the last SDR modificationcombined_io_direction_mode
optiontelegram_tls
WECHAT
and WECHAT_CALL
pcrf connect show
— show current status and accumulated statistics for PCRF connections.pcrf connect switch [<pcrf_index>]
, where <pcrf_indxed>
is the index of the connection line in the auth_server
parameter. If <pcrf_indxed>
is not specified — defaults to 0.ajb_save_dns
parameter'*.*' is interpreted in bash command line as a file search mask, so now instead of '*', you can specify 'any' ('*' is still supported): 'any.any' - equivalent to '*.*' 'any' - equivalent to '*' '68.any' - equivalent to '68.any' 'any.78-90' - equivalent to '*.78-90'
VASExperts-Service-Type
. Radius acct start/interim/stop sends the authorization type in the VASExperts-Service-Type
attribute.stat flow ip6
command to display IPv6 flow statisticsstat flow ip4
command to display IPv4 flow statistics. Analogous to the output in fastdpi_stat.log
.stat netflow
command. Displays general statistics for Netflow/IPFIX (same as in fastdpi_stat.log
under the "Statistics on NFLW_export" section)stat firewall
commandajb_save_vlan
parameterrouter.subnet6
settings.pending_queue
. In some cases (e.g., during state transitions of the pcrf monitor initial → connected
), sending commands from the pending_queue
was not triggered, which caused commands to "hang" in the queue indefinitely (until reconnection due to a socket error).