[rbak-nsp] high aaad load because of automatically redial modem

Navin Nepali navin_n at yahoo.com
Tue Nov 9 11:41:38 EST 2010 

I am using :
pppoe circuit padr per-mac count 3 allow-time 120 drop-time 120
pppoe circuit padi per-mac count 3 allow-time 120 drop-time 120
 
Thanks

 

--- On Tue, 11/9/10, Frans Legdeur <frans at falco-networks.com> wrote:


From: Frans Legdeur <frans at falco-networks.com>
Subject: Re: [rbak-nsp] high aaad load because of automatically redial modem
To: "Ahmad Rifai" <ahmad.rifai at gmail.com>, redback-nsp at puck.nether.net
Date: Tuesday, November 9, 2010, 3:26 PM


Hi Ahmed,

To move subscribers to the other context might not be necessary, but it’s the easiest way:
Radius would normally reply:

Request: John at ISP1  Password = “letmein”
Reply:  Service-Type = Framed-User,
             Framed-IP-Address = 80.85.34.55,
             Framed-IP-Netmask = 255.255.255.255,
             RB-Context-Name = “INTERNET”

Now, this subscriber doesn’t pay for his connection, so lets put him somewhere else:

Request: John at ISP1  Password = “letmein”
Reply:  Service-Type = Framed-User,
             Framed-IP-Address = 80.85.34.55,
             Framed-IP-Netmask = 255.255.255.255,
             RB-Context-Name = “BLACKHOLE”

You can have the same subscriber interface at context “BLACKHOLE” as on context “INTERNET”, the difference between them is the fact that context “BLAKHOLE” is going nowhere, it holds only one interface with NO route out! (Unless if you connect a web server with catch all capabilities.) Be aware that you have to lookup the Context-Name VSA in the dictionary.redback under free-radius for the correct spelling!

The radius configuration is not the issue, as you could see, it only needs this RB-Context-Name to be set. 
here is what the radius setup “should” look like, to my humble opinion.

Radius is nothing than a mediator between the requestor (ie. Redback) and the database (ie. Text file or any sql like db)
So if this context name is part of the reply items, it could come from the database.
If not, you could have set this by default, so you need an override meganism , that will set this when subscriber are in a need to be set apart.

Let me know if this is helping you, if not or not enough, provide me your free-radius configuration file so that we could dig deeper.


Kind regards,


Frans.





From: Ahmad Rifai <ahmad.rifai at gmail.com>
Date: Tue, 9 Nov 2010 16:27:43 +0700
To: <redback-nsp at puck.nether.net>
Subject: Re: [rbak-nsp] redback-nsp Digest, Vol 35, Issue 3

Hi Frans, do you have specific configuration in the radius that force the subscriber to specific context that has no route to anywhere, my company use free radius, i really apreciate ur help, thx before

@Navin : thx pal, what number r u use to do this throttling, since i dont know what the effect if the number is to high or too low, for now i have about 32K subscriber in my radius, and the auth part is about 400 more or less

here's the capture

[local]BRAS-D3-BDG#sho subs sum
--------------------------------------------------------------------------------
Total=29679

Type            Authenticating          Active          Disconnecting
PPP                          0               0                      0
PPPoE                      369           32447                     44
DOT1Q                        0               0                      0
CLIPs                        0               0                      0
ATM-B1483                    0               0                      0
ATM-R1483                    0               0                      0
Mobile-IP                    0               0                      0

On Tue, Nov 9, 2010 at 12:00 AM,  <redback-nsp-request at puck.nether.net> wrote:

Send redback-nsp mailing list submissions to
        redback-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://puck.nether.net/mailman/listinfo/redback-nsp
or, via email, send a message with subject or body 'help' to
        redback-nsp-request at puck.nether.net

You can reach the person managing the list at
        redback-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of redback-nsp digest..."


Today's Topics:

   1. high aaad load because of automatically redial modem (Ahmad Rifai)
   2. Re: high aaad load because of automatically redial modem
      (Frans Legdeur)
   3. Re: high aaad load because of automatically redial modem
      (Navin Nepali)


----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Nov 2010 13:02:22 +0700
From: Ahmad Rifai <ahmad.rifai at gmail.com>
To: redback-nsp at puck.nether.net
Subject: [rbak-nsp] high aaad load because of automatically redial
        modem
Message-ID:
        <AANLkTimOxMyJM_vXq3GVjWYF+zUOxJ2SYXmARCExg+HM at mail.gmail.com <mailto:AANLkTimOxMyJM_vXq3GVjWYF%2BzUOxJ2SYXmARCExg%2BHM at mail.gmail.com> >
Content-Type: text/plain; charset="iso-8859-1"

hi guys, i have issue about redback se-800,
when each first date of the month we have enourmous fail authentication
issue and its because we have blocked bad debt customer (the customer didn't
pay for their last month usage so we blocked them with a flag in radius),
but since the customer using pppoe connection and their modem is
automatically redial, they keep authenticating and bras keep rejecting. This
situation make the bras aaad process so high (about 60%) and sometimes make
it halt and collapsed the bras so it cant process anymore request and
trafic. do you have the solution about this problem ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/80daf663/attachment-0001.html>

------------------------------

Message: 2
Date: Mon, 08 Nov 2010 08:29:56 +0100
From: Frans Legdeur <frans at falco-networks.com>
To: Ahmad Rifai <ahmad.rifai at gmail.com>, <redback-nsp at puck.nether.net>
Subject: Re: [rbak-nsp] high aaad load because of automatically redial
        modem
Message-ID: <C8FD6585.39573%frans at falco-networks.com <mailto:C8FD6585.39573%25frans at falco-networks.com> >
Content-Type: text/plain; charset="iso-8859-1"

Hi Ahmed,

Why don?t you create a new context for these subscribers that has no route
out to anywhere.
With radius you guide that ?non-paying? customer towards this context and
provide him any IP address from the pool.
He?s stuck there, if you like you can add a redirct for HTTP towards a
server which displays the message that he should pay for his use.

Kind regards,


Frans.



From: Ahmad Rifai <ahmad.rifai at gmail.com>
Date: Mon, 8 Nov 2010 13:02:22 +0700
To: <redback-nsp at puck.nether.net>
Subject: [rbak-nsp] high aaad load because of automatically redial modem

hi guys, i have issue about redback se-800,?
when each first date of the month we have enourmous fail authentication
issue and its because we have blocked bad debt customer (the customer didn't
pay for their last month usage so we blocked them with a flag in radius),
but since the customer using pppoe connection and their modem is
automatically redial, they keep authenticating and bras keep rejecting. This
situation make the bras aaad process so high (about 60%) and sometimes make
it halt and collapsed the bras so it cant process anymore request and
trafic. do you have the solution about this problem ?


_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/144f2226/attachment-0001.html>

------------------------------

Message: 3
Date: Mon, 8 Nov 2010 04:33:04 -0800 (PST)
From: Navin Nepali <navin_n at yahoo.com>
To: Ahmad Rifai <ahmad.rifai at gmail.com>, redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] high aaad load because of automatically redial
        modem
Message-ID: <388488.80332.qm at web112711.mail.gq1.yahoo.com>
Content-Type: text/plain; charset="utf-8"

I had same issue.?My Se800 CPU was always 99%.?I had done PADI/PADR throttling since then my cpu dropped to 70%.
?
you can use this command to do throttling:
?

pppoe circuit padi/padr per-mac count padi-num allow-time allow-interval drop-time drop-interval
?
Thanks
--- On Mon, 11/8/10, Frans Legdeur <frans at falco-networks.com> wrote:


From: Frans Legdeur <frans at falco-networks.com>
Subject: Re: [rbak-nsp] high aaad load because of automatically redial modem
To: "Ahmad Rifai" <ahmad.rifai at gmail.com>, redback-nsp at puck.nether.net
Date: Monday, November 8, 2010, 12:59 PM


Hi Ahmed,

Why don?t you create a new context for these subscribers that has no route out to anywhere.
With radius you guide that ?non-paying? customer towards this context and provide him any IP address from the pool.
He?s stuck there, if you like you can add a redirct for HTTP towards a server which displays the message that he should pay for his use.

Kind regards,


Frans.




From: Ahmad Rifai <ahmad.rifai at gmail.com>
Date: Mon, 8 Nov 2010 13:02:22 +0700
To: <redback-nsp at puck.nether.net>
Subject: [rbak-nsp] high aaad load because of automatically redial modem

hi guys, i have issue about redback se-800,?
when each first date of the month we have enourmous fail authentication issue and its because we have blocked bad debt customer (the customer didn't pay for their last month usage so we blocked them with a flag in radius), but since the customer using pppoe connection and their modem is automatically redial, they keep authenticating and bras keep rejecting. This situation make the bras aaad process so high (about 60%) and sometimes make it halt and collapsed the bras so it cant process anymore request and trafic. do you have the solution about this problem ?



_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp

-----Inline Attachment Follows-----


_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101108/efdb4cc2/attachment-0001.html>

------------------------------

_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp


End of redback-nsp Digest, Vol 35, Issue 3
******************************************




_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp

-----Inline Attachment Follows-----


_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101109/88bcd833/attachment-0001.html>

More information about the redback-nsp mailing list