Policing by session and overriding traffic classes
Policing by session and traffic class override is implemented using connection 18 services for Subscriber and Virtual Channel (vChannel).
The service extends the possibilities of policing by determining the traffic rate for a particular session. It is also possible to override the traffic class for a specific Subscriber or Virtual Channel.
Recall that global traffic class markup is described in Traffic prioritization depending on protocols and directions.
Important: Directional priority overrides protocol priority, so if traffic already has Priority assignment depending on the directions, this service will not override the traffic class.
SSG Configuration
The service requires additional RAM (compared to standard requirements), which is reserved by a setting in /etc/dpi/fastdpi.conf:
support_service_18=1
To apply the settings, you must restart the service: service fastdpi restart
support_service_18 parameter is set!
Setting up and managing the service
Configuring Policing by Session
It is necessary to create a file describing the speed for a particular protocol and convert it using the lst2tbf utility.
- rate - session polysing rate for outgoing traffic
- inbound.rate - polysing rate by session for incoming traffic
- burst - short-term excess rate
- inbound.burst - short-term excess inbound.rate
speedtest tbf rate 16mbit inbound.rate 16mbit bittorrent tbf rate 8Mbit TCP Unknown tbf rate 8Mbit burst 1Mbit inbound.rate 8Mbit inbound.burst 1Mbit cat tbf_prof_1.txt|lst2tbf /tmp/tbf_prof_1.tbf
Reverse conversion tbf2lst /tmp/tbf_prof_1.tbf
Configuring traffic class overrides
It is necessary to create a file describing traffic classes using the lst2dscp utility.
The DSCP value is specified in numeric (10-, 16-, or 8-character) format or with a text abbreviation.
The key word means:
- drop - packets should not be transmitted further (they should be discarded)
- keep - the priority value should not be changed, i.e. keep its current value (usually 0).
- default - means “for all other protocols” and it allows to significantly simplify and shorten the process of creating a configuration file
File creation procedure dscp_prof_1.dscp:
speedtest cs1 default keep cat dscp_prof_1.txt|lst2dscp /tmp/dscp_prof_1.dscp
Reverse conversion: dscp2lst /tmp/dscp_prof_1.dscp
Creating a service profile
fdpi_ctrl load profile --service 18 --profile.name test_dscp --profile.json '{ "dscp" : "/tmp/dscp_prof_1.dscp", "tbf" : "/tmp/tbf_prof_1.tbf" }'
Connecting a service profile
For the subscriber:
fdpi_ctrl load --service 18 --profile.name test_dscp --ip 10.10.10.10 fdpi_ctrl load --service 18 --profile.name test_dscp --login DEMO
For a virtual channel (vChannel):
fdpi_ctrl load --service 18 --profile.name test_dscp --vchannel 1
Deleting a service profile
For the subscriber:
fdpi_ctrl del --service 18 --profile.name test_dscp --ip 10.10.10.10 fdpi_ctrl del --service 18 --profile.name test_dscp --login DEMO
For a virtual channel (vChannel):
fdpi_ctrl del --service 18 --profile.name test_dscp --vchannel 1
Display of information on service profiles
Get a list of IP addresses connected to the 18 service
fdpi_ctrl list all --service 18
Get information on a specific IP/LOGIN/vChannel
fdpi_ctrl list --service 18 --ip 192.168.0.1 fdpi_ctrl list --service 18 --login DEMO fdpi_ctrl list --service 18 --vchannel 1
Get a list of all profiles of 18 services
fdpi_ctrl list all profile --service 18
Increasing the number of profiles
An error occurs when the limit on the number of profiles is reached:
ierr_code=5 (too many profiles) : 'service_18' : too many records, num_allocs=16, max_num_profies=16/16
To increase the number of available profiles, you must set the following parameter in the DPI configuration:
max_profiles_serv18=<necessary number of profiles>