[cisco-nas] Routing - centralized address pool - multiple NAS

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sat Nov 20 09:43:33 EST 2004


Pierre.

> I would like to implement a configuration where a single address pool
> is hared among multiple NASes (LNS as a matter of fact).

I wouldn't, see below ;-)

> The address pool is shared among NAS through a Radius server.
> A basic way to do it would be to split the address range associated
> with the pool into several address sub-ranges, each of them allocated
> to a specific NAS. On receiving an Auth Req Radius would just return
> the IP pool identifier and each NAS would allocate an IP address
> locally associated with the IP pool identifier.

Ack, and this is the most scalable way IMHO.

> Now, I would like to allocate susbcribers IP addresses directly from
> radius from a global address range shared among the NAS.

This might work if the number of NAS is small and if they are located in
the same location. It doesn't scale to a higher number of NAS, so I
would never start with it as it might limit you later when you need to
grow.

> I have two questions with regard to such a configuration - routing and
> session control:
> - what is the best way to implement such a scheme from routing point
> of view. How the downstream router will route the subscriber returning
> traffic to the right NAS, knowing that an address may be allocated to
> one NAS then to another over a period of time.

You will always need some form of distribution-layer router which
aggregates your /32 towards the core. So you would run one routing
protocol (or one ospf area, for example) between those distribution
layer and the NAS, and aggregate towards the core IGP. 

> - how to avoid session duplication over the NAS group - two
> subscribers using the same username, resulting in having two active
> sessions active terminating on two different NASes.

This needs to be done on the Radius server using some form of session
management. So the Radius server keeps track of the connected users and
will refuse two users connecting with the same name. This is not related
to multiple-NAS-solution, even with a single NAS you can have two
sessions using the same user name..

	oli



More information about the cisco-nas mailing list