[cisco-bba] PPPoE Mid-session Shaping/Policing

Patrick Wu pwu828 at gmail.com
Wed Jan 7 18:11:01 EST 2009 

Thanks Jeff.

However, the IOS that the 7206VXR current uses does not have the ISG feature
set, is there any other possible ways to achieve the same result?

If not, I guess I will have to look for a new IOS that supports ISG...

Patrick

On Wed, Jan 7, 2009 at 5:36 PM, Jeff Hinds <gripen49 at gmail.com> wrote:

> Hi Patrick
>
>
> There is one possible solution that will definitely work. If you use Cisco
> ISG features on the 7206VXR you can do per-service shaping on-the-fly
> without disconnecting the parent session. This is accomplished using RADIUS
> CoA commands. I have found that you need to unapply the original service and
> then apply a new service with the shaping attributes. Some basic starter
> examples below:
>
>
> (Normal service profile)
>
> PPP_SERVICE Password == "servicecisco"
>  Auth-Type = PAP,
>  Cisco-Service-Info = "QU;1024000;D;1024000",
>  Cisco-AVPair += "ip:traffic-class=in access-group name ACL_UPSTREAM_PPP
> priority 30",
>  Cisco-AVPair += "ip:traffic-class=out access-group name
> ACL_DOWNSTREAM_PPP priority 30",
>  Cisco-AVPair += "ip:traffic-class=in default drop",
>  Cisco-AVpair += "ip:traffic-class=out default drop",
>  Acct-Interim-Interval=900,
>  Cisco-AVPair += "subscriber:accounting-list=PPP_ACCOUNTING_LIST"
>
>
> (shaped service profile)
>
> PPP_SERVICE_SHAPED Password == "servicecisco"
>  Auth-Type = PAP,
>  Cisco-Service-Info = "QU;64000;D;64000",
>  Cisco-AVPair = "ip:traffic-class=in access-group name ACL_UPSTREAM_PPP
> priority 20",
>  Cisco-AVPair += "ip:traffic-class=out access-group name
> ACL_DOWNSTREAM_PPP priority 20",
>  Cisco-AVPair += "ip:traffic-class=in default drop",
>  Cisco-AVpair += "ip:traffic-class=out default drop",
>  Cisco-AVPair += "subscriber:accounting-list=PPP_ACCOUNTING_LIST"
>
>
> Note that you can specify the accounting update interval on a per-service
> basis.
>
>
> I have tested the above and it works as expected on both the 7206 and 10008
> platforms. This will do what you need.
>
>
> I use freeradius so my CoA command is structured as follows:
>
>
> (unapply PPP_SERVICE)
>
> echo
> "Cisco-Account-Info=S172.20.1.13,Cisco-Command-Code==0x0C5050505F53455256494345
> " | /usr/bin/radclient 192.168.1.1:1812 coa isgradiussecret -x
>
>
> (apply PPP_SERVICE_SHAPED)
>
> echo
> "Cisco-Account-Info=S172.20.1.13,Cisco-Command-Code==0x0B5050505F534552564943455F
> 53 48 41 50 45 44 " | /usr/bin/radclient 192.168.1.1:1812 coa
> isgradiussecret -x
>
>
> Where (for illustration only), 172.20.1.13 is the subscriber session
> identifier (Acct-Session-Id can also be used) amd 192.168.1.1 is the IP of
> the BBA router (provided it is configured to accept RADIUS CoA using "aaa
> server radius dynamic-author"). I have used this site in the past for
> converted service names in string format to Hex (for the CoA command):
> http://www.easycalculation.com/ascii-hex.php
>
>
> Hope this helps..
>
>
> Regards,
>
> Jeff Hinds
>
>
>
>
> *From:* cisco-bba-bounces at puck.nether.net [mailto:
> cisco-bba-bounces at puck.nether.net] *On Behalf Of *Patrick Wu
> *Sent:* Wednesday, January 07, 2009 6:37 AM
> *To:* cisco-bba at puck.nether.net
> *Subject:* [cisco-bba] PPPoE Mid-session Shaping/Policing
>
>
>
> Hi Everyone,
>
> I have a L2TP/PPPoE setup in a 7206VXR and is working fine. What I now want
> to do is to implement dynamic shaping/policing on the PPPoE services. ie, I
> would like to shape/police a PPPoE service without disconnecting the
> session.
>
> I believe this can be implemented using RADIUS attributes? But not sure how
> it is done exactly if it is possible at all. I'm already using RADIUS
> attributes to shape/police PPPoE sessions when they login initially, I now
> need to change the shaper/policer rate mid-session without disconnecting.
>
> Any one with any info or point me in the right direction would be
> appreciated.
>
> Thanks!
>
> Patrick
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20090108/1e60cc41/attachment.html>

More information about the cisco-bba mailing list