[c-nsp] subscriber termination issues

Scott Wolfe scott.wolfe at cybera.net
Tue Jan 13 17:46:11 EST 2009 

At the risk of making a few people on this list upset for suggesting
this, but you may also want to look into a Juniper solution.
Specifically, the E-Series routers do a great job with B-RAS services in
our network.  We bring in PPPoE sessions from ADSL circuits and it works
great.  

Also, Juniper has a product for dynamic policy creation called SDX.  We
use the product to setup walled gardens for our WiFi HotSpot solutions
for customers who have connections on our E-Series routers.


Scott Wolfe
Cybera, Inc

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mike
Sent: Tuesday, January 13, 2009 1:27 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] subscriber termination issues

Howdy,


    We are presently a PPPoE / freeRadius shop and have a custom 
in-house solution for pppoe subscriber termination (linux + custom 
scripts) that provides us with some very nice features, but at the cost 
of the risk of x86 cots hardware, no failover, and not gonna scale up as

we begin to deploy ADSL. I would like to consider a cisco solution for 
PPPoE (and DHCP) but I don't know how or if the features I depend on 
would be supported or implementable under cisco, so here I am.

    We have a walled garden system that is applied to customers for 
different reasons that intercepts web requests and displays messages, 
such as "your account is seriously past due" or "Your service is 
disconnected due to AUP violations / virus activity", and such. It works

by applying separate routing to that specific customer so that their 
packets are redirected thru the garden gateway. With cisco I think I can

apply radius attributes to specify other gateways for the customer, but 
that requires killing the PPPoE session (under cisco), and that is not 
desirable. And for DHCP customers, I wouldn't even know where to begin 
to implement the same feature unless cisco can somehow create an pseudo 
interface of some kind and let me route that too.

    Secondly, we also provide one of three separate filtering rules to 
our subscriber accounts to enforce things like no direct-to-mx virus 
spam bots / no access to internal nets, or no mx filtering at all. Under

the linux system it's radius + custom scripts to process the custom 
attributes and linux iptables to apply the filtering to the customer 
pppoe interface, but we're clueless where to start looking for a 
compatible cisco feature set.

    Lastly, we actually provide great customer support and have built in

tools (and have trained folks) to do packet captures in order to 
identify customer misconfiguration, locked up / insane home routers 
spewing garbage or disobeying protocol, and other common customer side 
troubles that keep our phones warm. My linux pppoe server lets my techs 
look people up by account name and also initiate a dump on that customer

(internally, tcpdump on their mac address). I am wondering what or if 
there are compatible or superior cisco tools for doing same or similar 
operations in order to more fully support the customer base. This is 
important - I am not willing to spend 4 hours on the phone diagnosing 
the fact that the customer has a wrong dns server statically programmed 
into some device somewhere, I want to be able to do a dump and catch him

in the act and then move on to the next call.

    Any takers?

Thanks.


   
 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list