VAS Experts documentation VAS Experts documentation-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsBNG/BRASOptions BRAS L2Local traffic interconnect

    Table of Contents

    Local traffic interconnect

    Description

    FastDPI BRAS has a feature to interconnect the local (intra-network) traffic between users. When the interconnection mode is enabled, BRAS searches its UDR database for the recipient's IP address. If it is found and the session is not expired and is not explicitly closed (there was no DHCPRELEASE), then the packet is not passed out, but sent back to the receiver's input dna interface. Since this is local traffic, no SSG features (filtering, policing, services) are applied to it.

    When the local traffic is interconnected, BRAS adjusts the L2-headers of the packet: it substitutes its bras_arp_mac MAC address as the source MAC address, the destination MAC address is determined by the properties of the destination IP address, VLAN tags are changed to tags related to the destination subscriber (these tags and MAC address are remembered by BRAS in the UDR when the recipient's DHCP session starts). In this case, a different number of VLAN tags are allowed for the sender and receiver; for example, in a multi-vendor local area network, the sending subscriber may have two VLAN tags (QinQ, VLAN-per-user), and the recipient subscriber may have one VLAN tag, or vice versa.

    Configuration

    To enable this feature you should use the bras_terminate_local option of the fastdpi.conf configuration file:

    • Value 0 – the feature is disabled (the default value)
    • Value 1 – the local traffic interconnection is enabled
    Traffic locality is determined by the autonomous system as described here

    It is possible to disable the local traffic interconnect for a particular subscriber, see the VasExperts-Enable-Interconnect Radius Attribute. A packet from one local subscriber to another will be dropped if the interconnect feature is disabled for at least one of the subscribers.

    If you add a QinQ-header, there is a Double VLAN EtherType problem.
    Stingray Service Gateway prohibits local interconnect between subscribers in the same VLAN, but belonging to different subnets. This is to control the fdb storm on some (old) switches. Starting from SSG 8.1, this adjustment can be disabled with the fastdpi.conf parameter 
    bras_skip_detect_vlan_interconnect=1

    Interconnect by autonomous systems (AS)

    In Stingray Service Gateway 7.4 and higher the termination by the AS mode is added: in this mode to interconnect the local traffic the receiver's IP address should belong to an autonomous system marked as term .

    In networks where the core (internal servers and services available to subscribers) is in front of the SSG, you can optionally specify the options being used to interconnect the subscriber traffic to the kernel. It is assumed that the kernel servers IP addresses belong to the local AS and that the IP addresses of the servers are statically assigned. For this purpose, for each input dna interface you should specify corresponding option in the fastdpi.conf: 

    bras_term_dev_inner=dev=dna0;bras_gateway_ip=10.0.1.17;bras_gateway_mac=00:1f:a0:11:53:b4;bras_vlan_subst=33
bras_term_dev_inner=dev=dna2;bras_gateway_ip=10.0.1.18;bras_gateway_mac=00:1f:a0:11:53:b5;bras_vlan_subst=35

    When the local traffic is interconnected by AS the VAS Experts DPI checks whether the bras_term_dev_inner option is specified for the dna interface from which the packet was received. If the option is specified the VAS Experts DPI will apply the following rules:

    destination AS
    source AS non-local local local+term
    non-local pass pass1) dest abonent
    local pass pass2) dest abonent
    local+term pass dev dest abonent
    1) , 2)
    The local traffic is interconnected only for LAN to WAN direction, so the packets of this kind should not be accepted by the SSG at all, they have to be routed by means of other facilities located in front of the SSG.
    here:
    1. pass — the packet is further processed (is routed outside)
    2. dest abonent — the packet is routed back to the subscriber-recipient to the local network. If the subscriber-recipient is unknown to the SSG, the package is dropped.
    - srcMAC = bras_arp_mac
    - destMAC = subscriber MAC address
    - VLAN tags are derived from the subscriber properties
    3. dev — the packet is routed back to the local network using the options from the bras_term_dev_inner configuration option:
    - srcMAC = bras_arp_mac
    - destMAC = bras_gateway_mac for the given input interface (from the bras_term_dev_inner for the interface)
    - VLAN tag = bras_vlan_subst for the given input interface (from the bras_term_dev_inner for the interface)