[c-nsp] subscriber termination issues

Arie Vayner (avayner) avayner at cisco.com
Tue Jan 13 16:56:13 EST 2009 

Mike,

The complexity and the economics of the solution would widely vary
according to the scale you need to achieve, so if you could provide this
info, it would be helpful.

On the more general approach, this is a real whole solution, and not
just a set of features you turn in 10 minutes, so I would strongly
suggest you work with a local Cisco representative (either an
integration partner or maybe even Cisco pre sales people)

Now, to the technical details.

I think what you are mostly looking for is called ISG in Cisco
terminology (Intelligent Service Gateway), and the reference document is
here:
http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/12_2sr/isg_1
2_2sr_book.html
http://www.cisco.com/web/HR/expo08/pdf/Damjan_Marion_ISG_Deployment_Mode
ls.pdf

It's a big document, but I suggest you take a quick look in it before
going a bit deeper.

In general ISG can support both PPPoE and DHCP (called IP Sessions)
clients. It can also do other kinds of PPP, like PPP over L2TP coming
from a remote LAC.
Cisco also has support for PPPoE (but not DHCP sessions) without ISG,
but then you do not have the concept of a portal or dynamic services.
ISG brings the concept of services per session and portal redirection.
Mind you that there are other solutions for just a walled garden we can
discuss later on if you are interested.

One word about the portal solution: it is separate from the Cisco
solution and is delivered by partners.
Look at:
http://www.broadhop.com
http://www.comability.com

The later also has a full customer care solution for many of the things
you described.

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mike
Sent: Tuesday, January 13, 2009 21:27
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] subscriber termination issues

Howdy,


    We are presently a PPPoE / freeRadius shop and have a custom 
in-house solution for pppoe subscriber termination (linux + custom 
scripts) that provides us with some very nice features, but at the cost 
of the risk of x86 cots hardware, no failover, and not gonna scale up as

we begin to deploy ADSL. I would like to consider a cisco solution for 
PPPoE (and DHCP) but I don't know how or if the features I depend on 
would be supported or implementable under cisco, so here I am.

    We have a walled garden system that is applied to customers for 
different reasons that intercepts web requests and displays messages, 
such as "your account is seriously past due" or "Your service is 
disconnected due to AUP violations / virus activity", and such. It works

by applying separate routing to that specific customer so that their 
packets are redirected thru the garden gateway. With cisco I think I can

apply radius attributes to specify other gateways for the customer, but 
that requires killing the PPPoE session (under cisco), and that is not 
desirable. And for DHCP customers, I wouldn't even know where to begin 
to implement the same feature unless cisco can somehow create an pseudo 
interface of some kind and let me route that too.

    Secondly, we also provide one of three separate filtering rules to 
our subscriber accounts to enforce things like no direct-to-mx virus 
spam bots / no access to internal nets, or no mx filtering at all. Under

the linux system it's radius + custom scripts to process the custom 
attributes and linux iptables to apply the filtering to the customer 
pppoe interface, but we're clueless where to start looking for a 
compatible cisco feature set.

    Lastly, we actually provide great customer support and have built in

tools (and have trained folks) to do packet captures in order to 
identify customer misconfiguration, locked up / insane home routers 
spewing garbage or disobeying protocol, and other common customer side 
troubles that keep our phones warm. My linux pppoe server lets my techs 
look people up by account name and also initiate a dump on that customer

(internally, tcpdump on their mac address). I am wondering what or if 
there are compatible or superior cisco tools for doing same or similar 
operations in order to more fully support the customer base. This is 
important - I am not willing to spend 4 hours on the phone diagnosing 
the fact that the customer has a wrong dns server statically programmed 
into some device somewhere, I want to be able to do a dump and catch him

in the act and then move on to the next call.

    Any takers?

Thanks.


   
 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list