[j-nsp] Ascend-??? radius attributes on Juniper ERX
Goldschmidt, Bernd
bernd.goldschmidt at siemens.com
Fri Mar 31 05:40:20 EST 2006
Test where successful in my lab!
I've tested it with a freeradius _and_ also with a radiator (2.19).
In both cases the filter and the DNS is working fine.
What software version is running on the ERX?
Attached:
---------
- user file freeradius
- aaa test from the ERX
- user file radiator
- aaa test from the ERX
from a real subscriber:
- sh subscribers
- sh ip int atm 4/0.2133.1
- sh policy-list plin_1D4C2
- sh policy-list plin_1D4C2
- sh policy-list plout_1D4C2
Gruß
Bernd.
###################################################################################
Freeradiustest:
===============
Here my dictionary file:
------------------------
I made two changes:
- there was a missing comma behind the X-Ascend-Client-Secondary-DNS
- In my dictinary was no value assigned for "DNS-Assign-Yes", so I set it to "1"
ascend5 Auth-Type := local, User-Password == "ascend"
Framed-Routing = None,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Service-Type = Framed-User,
Idle-Timeout = 1800,
X-Ascend-Client-Primary-DNS = 212.18.32.10,
X-Ascend-Client-Secondary-DNS = 212.18.32.12,
X-Ascend-Client-Assign-DNS = 1,
X-Ascend-Data-Filter = "ip in forward tcp est",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 135",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 137",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 138",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 139",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 445",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 593",
X-Ascend-Data-Filter += "ip in drop udp dstport = 135",
X-Ascend-Data-Filter += "ip in drop udp dstport = 137",
X-Ascend-Data-Filter += "ip in drop udp dstport = 138",
X-Ascend-Data-Filter += "ip in drop udp dstport = 139",
X-Ascend-Data-Filter += "ip in forward",
X-Ascend-Data-Filter += "ip out forward tcp est",
X-Ascend-Data-Filter += "ip out drop tcp dstport = 135",
X-Ascend-Data-Filter += "ip out drop tcp dstport = 137",
X-Ascend-Data-Filter += "ip out drop tcp dstport = 138",
X-Ascend-Data-Filter += "ip out drop tcp dstport = 139",
X-Ascend-Data-Filter += "ip out drop tcp dstport = 445",
X-Ascend-Data-Filter += "ip out drop tcp dstport = 593",
X-Ascend-Data-Filter += "ip out drop udp dstport = 135",
X-Ascend-Data-Filter += "ip out drop udp dstport = 137",
X-Ascend-Data-Filter += "ip out drop udp dstport = 138",
X-Ascend-Data-Filter += "ip out drop udp dstport = 139",
X-Ascend-Data-Filter += "ip out forward"
As you can see, all filter are attachted to the subscriber and also the the DNS settings are working.
burkhard#test aaa ppp ascend5 ascend
************ user attributes *************
Authentication Grant
idle Timeout - 1800
session Timeout - 0
accounting Timeout - 600
Client IP Address - 100.1.1.8
Client IP Netmask - 255.255.255.255
Client IPv6 Interface Id - 0:0:0:0
primary DNS IP Address - 212.18.32.10
secondary DNS IP Address - 212.18.32.12
primary IPv6 DNS IP Address - ::
secondary IPv6 DNS IP Address - ::
primary WINS IP Address - 192.168.2.176
secondary WINS IP Address - 192.168.2.176
SA Validate - disabled
IGMP - disabled
router context - default
local interface - loopback 0
IPv6 router context - default
IPv6 local interface - <NULL>
filter command 1 1 1 0 0 0 0 0 0 0 0 0 0 0 6 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 87 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 89 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8a 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8b 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 1 bd 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 2 51 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 87 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 89 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8a 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8b 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
filter command 1 1 0 0 0 0 0 0 0 0 0 0 0 0 6 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 87 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 89 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8a 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8b 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 1 bd 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 2 51 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 87 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 89 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8a 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8b 0 2 0 0 0 0 0 0 0 0 0 0
filter command 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
IPv6 inhibited
************ no ppp attributes *************
pausing 5 seconds before disconnecting test user, ascend5
burkhard#
Radiatortest:
=============
ascend5 Password = "ascend5"
Framed-Routing = None,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Service-Type = Framed-User,
Idle-Timeout = 1800,
Ascend-Client-Primary-DNS = 212.18.32.10,
Ascend-Client-Secondary-DNS = 212.18.32.12,
Ascend-Client-Assign-DNS = DNS-Assign-Yes,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in drop tcp dstport = 135",
Ascend-Data-Filter = "ip in drop tcp dstport = 137",
Ascend-Data-Filter = "ip in drop tcp dstport = 138",
Ascend-Data-Filter = "ip in drop tcp dstport = 139",
Ascend-Data-Filter = "ip in drop tcp dstport = 445",
Ascend-Data-Filter = "ip in drop tcp dstport = 593",
Ascend-Data-Filter = "ip in drop udp dstport = 135",
Ascend-Data-Filter = "ip in drop udp dstport = 137",
Ascend-Data-Filter = "ip in drop udp dstport = 138",
Ascend-Data-Filter = "ip in drop udp dstport = 139",
Ascend-Data-Filter = "ip in forward",
Ascend-Data-Filter = "ip out forward tcp est",
Ascend-Data-Filter = "ip out drop tcp dstport = 135",
Ascend-Data-Filter = "ip out drop tcp dstport = 137",
Ascend-Data-Filter = "ip out drop tcp dstport = 138",
Ascend-Data-Filter = "ip out drop tcp dstport = 139",
Ascend-Data-Filter = "ip out drop tcp dstport = 445",
Ascend-Data-Filter = "ip out drop tcp dstport = 593",
Ascend-Data-Filter = "ip out drop udp dstport = 135",
Ascend-Data-Filter = "ip out drop udp dstport = 137",
Ascend-Data-Filter = "ip out drop udp dstport = 138",
Ascend-Data-Filter = "ip out drop udp dstport = 139",
Ascend-Data-Filter = "ip out forward"
burkhard#test aaa ppp ascend5 ascend5
************ user attributes *************
Authentication Grant
idle Timeout - 1800
session Timeout - 0
accounting Timeout - 600
Client IP Address - 100.1.1.11
Client IP Netmask - 255.255.255.255
Client IPv6 Interface Id - 0:0:0:0
primary DNS IP Address - 212.18.32.10
secondary DNS IP Address - 212.18.32.12
primary IPv6 DNS IP Address - ::
secondary IPv6 DNS IP Address - ::
primary WINS IP Address - 192.168.2.176
secondary WINS IP Address - 192.168.2.176
SA Validate - disabled
IGMP - disabled
router context - default
local interface - loopback 0
IPv6 router context - default
IPv6 local interface - <NULL>
filter command 1 1 1 0 0 0 0 0 0 0 0 0 0 0 6 1 0 0 0 0 0 0 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 87 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 89 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8a 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8b 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 1 bd 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 2 51 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 87 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 89 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8a 0 2 0 0
filter command 1 0 1 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8b 0 2 0 0
filter command 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
filter command 1 1 0 0 0 0 0 0 0 0 0 0 0 0 6 1 0 0 0 0 0 0 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 87 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 89 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8a 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 8b 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 1 bd 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 2 51 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 87 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 89 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8a 0 2 0 0
filter command 1 0 0 0 0 0 0 0 0 0 0 0 0 0 11 0 0 0 0 8b 0 2 0 0
filter command 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
IPv6 inhibited
************ no ppp attributes *************
pausing 5 seconds before disconnecting test user, ascend5
burkhard#
burkhard#sh subscribers
Subscriber List
---------------
Virtual
User Name Type Addr|Endpt Router Interface
------------------------ ----- -------------------- ------------ --------------------------------
ascend5 ppp 100.1.1.13/local default atm 4/0.2133:2.133
User Name Login Time
------------------------ -------------------
ascend5 06/03/31 12:27:31
burkhard#sh ip int atm 4/0.2133.1
ATM4/0.2133.1 line protocol Ppp is up, ip is up
Network Protocols: IP
Unnumbered Interface on loopback0
( IP address 6.6.6.6 )
Operational MTU = 1492 Administrative MTU = 0
Operational speed = 155520000 Administrative speed = 0
Discontinuity Time = 15126309
Router advertisement = disabled
Proxy Arp = disabled
Network Address Translation is disabled
TCP MSS Adjustment = disabled
Administrative debounce-time = disabled
Operational debounce-time = disabled
Access routing = enabled: Using 100.1.1.13
Multipath mode = hashed
Auto Configure = disabled
Auto Detect = disabled
Inactivity Timer = disabled
In Received Packets 270, Bytes 15768
Unicast Packets 270, Bytes 15768
Multicast Packets 0, Bytes 0
In Policed Packets 60, Bytes 5782
In Error Packets 0
In Invalid Source Address Packets 0
In Discarded Packets 0
Out Forwarded Packets 196, Bytes 22641
Unicast Packets 196, Bytes 22641
Multicast Routed Packets 0, Bytes 0
Out Scheduler Dropped Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
Out Discarded Packets 0
IP policy input plin_1D4C2
classifier-group clin_1D4C2_00 entry 1
180 packets, 13070 bytes
forward
classifier-group clin_1D4C2_01 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_02 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_03 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_04 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_05 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_06 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_07 entry 1
0 packets, 0 bytes
filter
classifier-group clin_1D4C2_08 entry 1
56 packets, 6754 bytes
filter
classifier-group clin_1D4C2_09 entry 1
4 packets, 948 bytes
filter
classifier-group clin_1D4C2_10 entry 1
0 packets, 0 bytes
filter
classifier-group *
28 packets, 3398 bytes
forward
IP policy output plout_1D4C2
classifier-group clout_1D4C2_12 entry 1
194 packets, 27885 bytes
forward
classifier-group clout_1D4C2_13 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_14 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_15 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_16 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_17 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_18 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_19 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_20 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_21 entry 1
0 packets, 0 bytes
filter
classifier-group clout_1D4C2_22 entry 1
0 packets, 0 bytes
filter
classifier-group *
2 packets, 1028 bytes
forward
queue 0: traffic class best-effort, bound to ip ATM4/0.2133.1
Queue length 0 bytes
Forwarded packets 196, bytes 29697
Dropped committed packets 0, bytes 0
Dropped conformed packets 0, bytes 0
Dropped exceeded packets 0, bytes 0
sh class
IP clin_1D4C2_00.1 tcp any any
IP clin_1D4C2_01.1 tcp any any eq 135
IP clin_1D4C2_02.1 tcp any any eq 137
IP clin_1D4C2_03.1 tcp any any eq 138
IP clin_1D4C2_04.1 tcp any any eq 139
IP clin_1D4C2_05.1 tcp any any eq 445
IP clin_1D4C2_06.1 tcp any any eq 593
IP clin_1D4C2_07.1 udp any any eq 135
IP clin_1D4C2_08.1 udp any any eq 137
IP clin_1D4C2_09.1 udp any any eq 138
IP clin_1D4C2_10.1 udp any any eq 139
IP clout_1D4C2_12.1 tcp any any
IP clout_1D4C2_13.1 tcp any any eq 135
IP clout_1D4C2_14.1 tcp any any eq 137
IP clout_1D4C2_15.1 tcp any any eq 138
IP clout_1D4C2_16.1 tcp any any eq 139
IP clout_1D4C2_17.1 tcp any any eq 445
IP clout_1D4C2_18.1 tcp any any eq 593
IP clout_1D4C2_19.1 udp any any eq 135
IP clout_1D4C2_20.1 udp any any eq 137
IP clout_1D4C2_21.1 udp any any eq 138
IP clout_1D4C2_22.1 udp any any eq 139
burkhard#sh policy-list plin_1D4C2
Policy Table
------ -----
IP Policy plin_1D4C2
Administrative state: enable
Reference count: 1
Classifier control list: clin_1D4C2_00, precedence 100
forward
Classifier control list: clin_1D4C2_01, precedence 100
filter
Classifier control list: clin_1D4C2_02, precedence 100
filter
Classifier control list: clin_1D4C2_03, precedence 100
filter
Classifier control list: clin_1D4C2_04, precedence 100
filter
Classifier control list: clin_1D4C2_05, precedence 100
filter
Classifier control list: clin_1D4C2_06, precedence 100
filter
Classifier control list: clin_1D4C2_07, precedence 100
filter
Classifier control list: clin_1D4C2_08, precedence 100
filter
Classifier control list: clin_1D4C2_09, precedence 100
filter
Classifier control list: clin_1D4C2_10, precedence 100
filter
Classifier control list: *, precedence 100
forward
Referenced by interface(s):
ATM4/0.2133.1 input policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile references
burkhard#sh policy-list plout_1D4C2
Policy Table
------ -----
IP Policy plout_1D4C2
Administrative state: enable
Reference count: 1
Classifier control list: clout_1D4C2_12, precedence 100
forward
Classifier control list: clout_1D4C2_13, precedence 100
filter
Classifier control list: clout_1D4C2_14, precedence 100
filter
Classifier control list: clout_1D4C2_15, precedence 100
filter
Classifier control list: clout_1D4C2_16, precedence 100
filter
Classifier control list: clout_1D4C2_17, precedence 100
filter
Classifier control list: clout_1D4C2_18, precedence 100
filter
Classifier control list: clout_1D4C2_19, precedence 100
filter
Classifier control list: clout_1D4C2_20, precedence 100
filter
Classifier control list: clout_1D4C2_21, precedence 100
filter
Classifier control list: clout_1D4C2_22, precedence 100
filter
Classifier control list: *, precedence 100
forward
Referenced by interface(s):
ATM4/0.2133.1 output policy, statistics enabled, virtual-router default
Referenced by profile(s):
No profile references
> -----Original Message-----
> From: Blaz Zupan [mailto:blaz at amis.net <mailto:blaz at amis.net> <mailto:blaz at amis.net <mailto:blaz at amis.net> > ]
> Sent: Thursday, March 30, 2006 8:49 AM
> To: Goldschmidt, Bernd
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Ascend-??? radius attributes on Juniper ERX
>
> > Ok, as you can see in my lab setup it works fine.
> > Therefor further troubleshooting is needed.
> > A "log sev 7 radiusattributes" from the ERX would be helpful.
>
> Getting the log will be the hardest part as the BRAS is owned
> by the incumbent
> and they are rather hard to communicate with. If we had
> control of the BRAS
> the problem would have probably been solved by now...
>
> > If you tell me, what exact filter you try to setup I can
> verfiy it im my lab.
>
> Here is an example filter that is being used in production on
> the Cisco BRAS,
> but is completely ignored on the ERX. Also the
> Ascend-Client-Primary-DNS is
> being ignored, we have to explicitely add the
> Unisphere-Primary-Dns attribute
> for those users who connect through the ERX. Again please
> remember that the
> Ascend attributes below are automatically being converted
> into abinary type by
> our radius server.
>
> DEFAULT Auth-Type = Accept
> Framed-Routing = None,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Service-Type = Framed-User,
> Idle-Timeout = 1800,
> Ascend-Client-Primary-DNS = 212.18.32.10,
> Ascend-Client-Secondary-DNS = 212.18.32.12
> Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> Ascend-Data-Filter = "ip in forward tcp est",
> Ascend-Data-Filter = "ip in drop tcp dstport = 135",
> Ascend-Data-Filter = "ip in drop tcp dstport = 137",
> Ascend-Data-Filter = "ip in drop tcp dstport = 138",
> Ascend-Data-Filter = "ip in drop tcp dstport = 139",
> Ascend-Data-Filter = "ip in drop tcp dstport = 445",
> Ascend-Data-Filter = "ip in drop tcp dstport = 593",
> Ascend-Data-Filter = "ip in drop udp dstport = 135",
> Ascend-Data-Filter = "ip in drop udp dstport = 137",
> Ascend-Data-Filter = "ip in drop udp dstport = 138",
> Ascend-Data-Filter = "ip in drop udp dstport = 139",
> Ascend-Data-Filter = "ip in forward",
> Ascend-Data-Filter = "ip out forward tcp est",
> Ascend-Data-Filter = "ip out drop tcp dstport = 135",
> Ascend-Data-Filter = "ip out drop tcp dstport = 137",
> Ascend-Data-Filter = "ip out drop tcp dstport = 138",
> Ascend-Data-Filter = "ip out drop tcp dstport = 139",
> Ascend-Data-Filter = "ip out drop tcp dstport = 445",
> Ascend-Data-Filter = "ip out drop tcp dstport = 593",
> Ascend-Data-Filter = "ip out drop udp dstport = 135",
> Ascend-Data-Filter = "ip out drop udp dstport = 137",
> Ascend-Data-Filter = "ip out drop udp dstport = 138",
> Ascend-Data-Filter = "ip out drop udp dstport = 139",
> Ascend-Data-Filter = "ip out forward"
>
More information about the juniper-nsp
mailing list