[cisco-bba] PPPoE Mid-session Shaping/Policing

Jeff Hinds gripen49 at gmail.com
Wed Jan 7 01:36:44 EST 2009 

Hi Patrick


There is one possible solution that will definitely work. If you use Cisco
ISG features on the 7206VXR you can do per-service shaping on-the-fly
without disconnecting the parent session. This is accomplished using RADIUS
CoA commands. I have found that you need to unapply the original service and
then apply a new service with the shaping attributes. Some basic starter
examples below:


(Normal service profile)

PPP_SERVICE Password == "servicecisco"
 Auth-Type = PAP,
 Cisco-Service-Info = "QU;1024000;D;1024000",
 Cisco-AVPair += "ip:traffic-class=in access-group name ACL_UPSTREAM_PPP
priority 30",
 Cisco-AVPair += "ip:traffic-class=out access-group name  ACL_DOWNSTREAM_PPP
priority 30",
 Cisco-AVPair += "ip:traffic-class=in default drop",
 Cisco-AVpair += "ip:traffic-class=out default drop",
 Acct-Interim-Interval=900,
 Cisco-AVPair += "subscriber:accounting-list=PPP_ACCOUNTING_LIST"


(shaped service profile)

PPP_SERVICE_SHAPED Password == "servicecisco"
 Auth-Type = PAP,
 Cisco-Service-Info = "QU;64000;D;64000",
 Cisco-AVPair = "ip:traffic-class=in access-group name ACL_UPSTREAM_PPP
priority 20",
 Cisco-AVPair += "ip:traffic-class=out access-group name  ACL_DOWNSTREAM_PPP
priority 20",
 Cisco-AVPair += "ip:traffic-class=in default drop",
 Cisco-AVpair += "ip:traffic-class=out default drop",
 Cisco-AVPair += "subscriber:accounting-list=PPP_ACCOUNTING_LIST"


Note that you can specify the accounting update interval on a per-service
basis.


I have tested the above and it works as expected on both the 7206 and 10008
platforms. This will do what you need.


I use freeradius so my CoA command is structured as follows:


(unapply PPP_SERVICE)

echo
"Cisco-Account-Info=S172.20.1.13,Cisco-Command-Code==0x0C5050505F53455256494345
" | /usr/bin/radclient 192.168.1.1:1812 coa isgradiussecret -x


(apply PPP_SERVICE_SHAPED)

echo
"Cisco-Account-Info=S172.20.1.13,Cisco-Command-Code==0x0B5050505F534552564943455F
53 48 41 50 45 44 " | /usr/bin/radclient 192.168.1.1:1812 coa
isgradiussecret -x


Where (for illustration only), 172.20.1.13 is the subscriber session
identifier (Acct-Session-Id can also be used) amd 192.168.1.1 is the IP of
the BBA router (provided it is configured to accept RADIUS CoA using "aaa
server radius dynamic-author"). I have used this site in the past for
converted service names in string format to Hex (for the CoA command):
http://www.easycalculation.com/ascii-hex.php


Hope this helps..


Regards,

Jeff Hinds




*From:* cisco-bba-bounces at puck.nether.net [mailto:
cisco-bba-bounces at puck.nether.net] *On Behalf Of *Patrick Wu
*Sent:* Wednesday, January 07, 2009 6:37 AM
*To:* cisco-bba at puck.nether.net
*Subject:* [cisco-bba] PPPoE Mid-session Shaping/Policing



Hi Everyone,

I have a L2TP/PPPoE setup in a 7206VXR and is working fine. What I now want
to do is to implement dynamic shaping/policing on the PPPoE services. ie, I
would like to shape/police a PPPoE service without disconnecting the
session.

I believe this can be implemented using RADIUS attributes? But not sure how
it is done exactly if it is possible at all. I'm already using RADIUS
attributes to shape/police PPPoE sessions when they login initially, I now
need to change the shaper/policer rate mid-session without disconnecting.

Any one with any info or point me in the right direction would be
appreciated.

Thanks!

Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20090107/396d9e61/attachment.html>

More information about the cisco-bba mailing list