[c-nsp] subscriber termination issues
Arie Vayner (avayner)
avayner at cisco.com
Tue Jan 13 16:56:13 EST 2009
Mike,
The complexity and the economics of the solution would widely vary
according to the scale you need to achieve, so if you could provide this
info, it would be helpful.
On the more general approach, this is a real whole solution, and not
just a set of features you turn in 10 minutes, so I would strongly
suggest you work with a local Cisco representative (either an
integration partner or maybe even Cisco pre sales people)
Now, to the technical details.
I think what you are mostly looking for is called ISG in Cisco
terminology (Intelligent Service Gateway), and the reference document is
here:
http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/12_2sr/isg_1
2_2sr_book.html
http://www.cisco.com/web/HR/expo08/pdf/Damjan_Marion_ISG_Deployment_Mode
ls.pdf
It's a big document, but I suggest you take a quick look in it before
going a bit deeper.
In general ISG can support both PPPoE and DHCP (called IP Sessions)
clients. It can also do other kinds of PPP, like PPP over L2TP coming
from a remote LAC.
Cisco also has support for PPPoE (but not DHCP sessions) without ISG,
but then you do not have the concept of a portal or dynamic services.
ISG brings the concept of services per session and portal redirection.
Mind you that there are other solutions for just a walled garden we can
discuss later on if you are interested.
One word about the portal solution: it is separate from the Cisco
solution and is delivered by partners.
Look at:
http://www.broadhop.com
http://www.comability.com
The later also has a full customer care solution for many of the things
you described.
Arie
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mike
Sent: Tuesday, January 13, 2009 21:27
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] subscriber termination issues
Howdy,
We are presently a PPPoE / freeRadius shop and have a custom
in-house solution for pppoe subscriber termination (linux + custom
scripts) that provides us with some very nice features, but at the cost
of the risk of x86 cots hardware, no failover, and not gonna scale up as
we begin to deploy ADSL. I would like to consider a cisco solution for
PPPoE (and DHCP) but I don't know how or if the features I depend on
would be supported or implementable under cisco, so here I am.
We have a walled garden system that is applied to customers for
different reasons that intercepts web requests and displays messages,
such as "your account is seriously past due" or "Your service is
disconnected due to AUP violations / virus activity", and such. It works
by applying separate routing to that specific customer so that their
packets are redirected thru the garden gateway. With cisco I think I can
apply radius attributes to specify other gateways for the customer, but
that requires killing the PPPoE session (under cisco), and that is not
desirable. And for DHCP customers, I wouldn't even know where to begin
to implement the same feature unless cisco can somehow create an pseudo
interface of some kind and let me route that too.
Secondly, we also provide one of three separate filtering rules to
our subscriber accounts to enforce things like no direct-to-mx virus
spam bots / no access to internal nets, or no mx filtering at all. Under
the linux system it's radius + custom scripts to process the custom
attributes and linux iptables to apply the filtering to the customer
pppoe interface, but we're clueless where to start looking for a
compatible cisco feature set.
Lastly, we actually provide great customer support and have built in
tools (and have trained folks) to do packet captures in order to
identify customer misconfiguration, locked up / insane home routers
spewing garbage or disobeying protocol, and other common customer side
troubles that keep our phones warm. My linux pppoe server lets my techs
look people up by account name and also initiate a dump on that customer
(internally, tcpdump on their mac address). I am wondering what or if
there are compatible or superior cisco tools for doing same or similar
operations in order to more fully support the customer base. This is
important - I am not willing to spend 4 hours on the phone diagnosing
the fact that the customer has a wrong dns server statically programmed
into some device somewhere, I want to be able to do a dump and catch him
in the act and then move on to the next call.
Any takers?
Thanks.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list