[rbak-nsp] high aaad load because of automatically redial modem

Frans Legdeur frans at falco-networks.com
Tue Nov 9 04:56:43 EST 2010


Hi Ahmed,

To move subscribers to the other context might not be necessary, but it¹s
the easiest way:
Radius would normally reply:

Request: John at ISP1  Password = ³letmein²
Reply:  Service-Type = Framed-User,
             Framed-IP-Address = 80.85.34.55,
             Framed-IP-Netmask = 255.255.255.255,
             RB-Context-Name = ³INTERNET²

Now, this subscriber doesn¹t pay for his connection, so lets put him
somewhere else:

Request: John at ISP1  Password = ³letmein²
Reply:  Service-Type = Framed-User,
             Framed-IP-Address = 80.85.34.55,
             Framed-IP-Netmask = 255.255.255.255,
             RB-Context-Name = ³BLACKHOLE²

You can have the same subscriber interface at context ³BLACKHOLE² as on
context ³INTERNET², the difference between them is the fact that context
³BLAKHOLE² is going nowhere, it holds only one interface with NO route out!
(Unless if you connect a web server with catch all capabilities.) Be aware
that you have to lookup the Context-Name VSA in the dictionary.redback under
free-radius for the correct spelling!

The radius configuration is not the issue, as you could see, it only needs
this RB-Context-Name to be set.
here is what the radius setup ³should² look like, to my humble opinion.

Radius is nothing than a mediator between the requestor (ie. Redback) and
the database (ie. Text file or any sql like db)
So if this context name is part of the reply items, it could come from the
database.
If not, you could have set this by default, so you need an override meganism
, that will set this when subscriber are in a need to be set apart.

Let me know if this is helping you, if not or not enough, provide me your
free-radius configuration file so that we could dig deeper.


Kind regards,


Frans.




From: Ahmad Rifai <ahmad.rifai at gmail.com>
Date: Tue, 9 Nov 2010 16:27:43 +0700
To: <redback-nsp at puck.nether.net>
Subject: Re: [rbak-nsp] redback-nsp Digest, Vol 35, Issue 3

Hi Frans, do you have specific configuration in the radius that force the
subscriber to specific context that has no route to anywhere, my company use
free radius, i really apreciate ur help, thx before

@Navin : thx pal, what number r u use to do this throttling, since i dont
know what the effect if the number is to high or too low, for now i have
about 32K subscriber in my radius, and the auth part is about 400 more or
less

here's the capture

[local]BRAS-D3-BDG#sho subs sum
----------------------------------------------------------------------------
----
Total=29679

Type            Authenticating          Active          Disconnecting
PPP                          0               0                      0
PPPoE                      369           32447                     44
DOT1Q                        0               0                      0
CLIPs                        0               0                      0
ATM-B1483                    0               0                      0
ATM-R1483                    0               0                      0
Mobile-IP                    0               0                      0

On Tue, Nov 9, 2010 at 12:00 AM,  <redback-nsp-request at puck.nether.net>
wrote:
> Send redback-nsp mailing list submissions to
>         redback-nsp at puck.nether.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://puck.nether.net/mailman/listinfo/redback-nsp
> or, via email, send a message with subject or body 'help' to
>         redback-nsp-request at puck.nether.net
> 
> You can reach the person managing the list at
>         redback-nsp-owner at puck.nether.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of redback-nsp digest..."
> 
> 
> Today's Topics:
> 
>    1. high aaad load because of automatically redial modem (Ahmad Rifai)
>    2. Re: high aaad load because of automatically redial modem
>       (Frans Legdeur)
>    3. Re: high aaad load because of automatically redial modem
>       (Navin Nepali)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 8 Nov 2010 13:02:22 +0700
> From: Ahmad Rifai <ahmad.rifai at gmail.com>
> To: redback-nsp at puck.nether.net
> Subject: [rbak-nsp] high aaad load because of automatically redial
>         modem
> Message-ID:
>         <AANLkTimOxMyJM_vXq3GVjWYF+zUOxJ2SYXmARCExg+HM at mail.gmail.com
> <mailto:AANLkTimOxMyJM_vXq3GVjWYF%2BzUOxJ2SYXmARCExg%2BHM at mail.gmail.com> >
> Content-Type: text/plain; charset="iso-8859-1"
> 
> hi guys, i have issue about redback se-800,
> when each first date of the month we have enourmous fail authentication
> issue and its because we have blocked bad debt customer (the customer didn't
> pay for their last month usage so we blocked them with a flag in radius),
> but since the customer using pppoe connection and their modem is
> automatically redial, they keep authenticating and bras keep rejecting. This
> situation make the bras aaad process so high (about 60%) and sometimes make
> it halt and collapsed the bras so it cant process anymore request and
> trafic. do you have the solution about this problem ?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/80daf663/a
> ttachment-0001.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 08 Nov 2010 08:29:56 +0100
> From: Frans Legdeur <frans at falco-networks.com>
> To: Ahmad Rifai <ahmad.rifai at gmail.com>, <redback-nsp at puck.nether.net>
> Subject: Re: [rbak-nsp] high aaad load because of automatically redial
>         modem
> Message-ID: <C8FD6585.39573%frans at falco-networks.com
> <mailto:C8FD6585.39573%25frans at falco-networks.com> >
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi Ahmed,
> 
> Why don?t you create a new context for these subscribers that has no route
> out to anywhere.
> With radius you guide that ?non-paying? customer towards this context and
> provide him any IP address from the pool.
> He?s stuck there, if you like you can add a redirct for HTTP towards a
> server which displays the message that he should pay for his use.
> 
> Kind regards,
> 
> 
> Frans.
> 
> 
> 
> From: Ahmad Rifai <ahmad.rifai at gmail.com>
> Date: Mon, 8 Nov 2010 13:02:22 +0700
> To: <redback-nsp at puck.nether.net>
> Subject: [rbak-nsp] high aaad load because of automatically redial modem

> 
> hi guys, i have issue about redback se-800,?
> when each first date of the month we have enourmous fail authentication
> issue and its because we have blocked bad debt customer (the customer didn't
> pay for their last month usage so we blocked them with a flag in radius),
> but since the customer using pppoe connection and their modem is
> automatically redial, they keep authenticating and bras keep rejecting. This
> situation make the bras aaad process so high (about 60%) and sometimes make
> it halt and collapsed the bras so it cant process anymore request and
> trafic. do you have the solution about this problem ?
> 
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/144f2226/a
> ttachment-0001.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 8 Nov 2010 04:33:04 -0800 (PST)
> From: Navin Nepali <navin_n at yahoo.com>
> To: Ahmad Rifai <ahmad.rifai at gmail.com>, redback-nsp at puck.nether.net
> Subject: Re: [rbak-nsp] high aaad load because of automatically redial
>         modem
> Message-ID: <388488.80332.qm at web112711.mail.gq1.yahoo.com>
> Content-Type: text/plain; charset="utf-8"
> 
> I had same issue.?My Se800 CPU was always 99%.?I had done PADI/PADR throttling
> since then my cpu dropped to 70%.
> ?
> you can use this command to do throttling:
> ?
> 
> pppoe circuit padi/padr per-mac count padi-num allow-time allow-interval
> drop-time drop-interval
> ?
> Thanks
> --- On Mon, 11/8/10, Frans Legdeur <frans at falco-networks.com> wrote:
> 
> 
> From: Frans Legdeur <frans at falco-networks.com>
> Subject: Re: [rbak-nsp] high aaad load because of automatically redial modem
> To: "Ahmad Rifai" <ahmad.rifai at gmail.com>, redback-nsp at puck.nether.net
> Date: Monday, November 8, 2010, 12:59 PM
> 
> 
> Hi Ahmed,
> 
> Why don?t you create a new context for these subscribers that has no route out
> to anywhere.
> With radius you guide that ?non-paying? customer towards this context and
> provide him any IP address from the pool.
> He?s stuck there, if you like you can add a redirct for HTTP towards a server
> which displays the message that he should pay for his use.
> 
> Kind regards,
> 
> 
> Frans.
> 
> 
> 
> 
> From: Ahmad Rifai <ahmad.rifai at gmail.com>
> Date: Mon, 8 Nov 2010 13:02:22 +0700
> To: <redback-nsp at puck.nether.net>
> Subject: [rbak-nsp] high aaad load because of automatically redial modem
> 
> hi guys, i have issue about redback se-800,?
> when each first date of the month we have enourmous fail authentication issue
> and its because we have blocked bad debt customer (the customer didn't pay for
> their last month usage so we blocked them with a flag in radius), but since
> the customer using pppoe connection and their modem is automatically redial,
> they keep authenticating and bras keep rejecting. This situation make the bras
> aaad process so high (about 60%) and sometimes make it halt and collapsed the
> bras so it cant process anymore request and trafic. do you have the solution
> about this problem ?
> 
> 
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
> 
> -----Inline Attachment Follows-----
> 
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
> 
> 
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/efdb4cc2/a
> ttachment-0001.html>
> 
> ------------------------------
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
> 
> 
> End of redback-nsp Digest, Vol 35, Issue 3
> ******************************************



_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101109/058c9d07/attachment-0001.html>


More information about the redback-nsp mailing list