| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr [2024/09/26 15:29] – external edit 127.0.0.1 | en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr [2025/09/19 08:51] (current) – elena.krasnobryzh |
|---|
| ===== Radius attributes ===== | ====== RADIUS Attributes ====== |
| {{indexmenu_n>5}} | {{indexmenu_n>1}} |
| |
| FastPCRF passes the following attributes within the Accounting-Request: | FastPCRF transmits the following attributes in Accounting-Request: |
| |
| ''VasExperts-L2-SubsId'' – L2-subscriber ID. | ''VasExperts-L2-SubsId'' – L2-subscriber identifier. |
| |
| ''Framed-IP-Address'' – (for the IPv4 only) is the subscriber IPv4 address; in case of NAT 1:1, this attribute value can be [[en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr:framed_ip_address|configured]]. | ''Framed-IP-Address'' – (IPv4 only) subscriber’s IPv4 address; for NAT 1:1 the value of this attribute can be [[en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr:framed_ip_address|configured]]. |
| |
| ''Framed-IPv6-Prefix'' - (for the IPv6 only) IPv6 subscriber subnet prefix. | ''Framed-IPv6-Prefix'' – (IPv6 only) subscriber’s IPv6 subnet prefix. |
| |
| ''Framed-IPv6-Address'' - (for the IPv6 only) IPv6 subscriber address. Only high bits of the IP address are most significant, as specified by the IPv6 prefix. For example, for the prefix 2001:1::/64, the value of this attribute is 2001:1::. | ''Framed-IPv6-Address'' – (IPv6 only) subscriber’s IPv6 address. Only the higher bits of the address, as defined by the IPv6 prefix, are significant. For example, for prefix 2001:1::/64 the value of this attribute will be 2001:1::. |
| |
| ''Acct-Session-Id'' – Radius accounting session identifier. | ''Delegated-IPv6-Prefix'' – (IPv6 only) PD-prefix assigned to the subscriber. |
| | |
| | ''Acct-Session-Id'' – RADIUS accounting session identifier. |
| | |
| ''Acct-Status-Type'' – the request type: | ''Acct-Status-Type'' – request type: |
| * [1] start – beginning of the accounting session. Statistics are not transmitted within this request, the only session id is transferred; | * [1] start – beginning of the accounting session. No statistics are transmitted in this request, only the session Id is announced. |
| * [2] stop – termination of the accounting session. This request contains the final session statistics; | * [2] stop – termination of the accounting session. This request carries the final session statistics. |
| * [3] interim-update – interim statistics. | * [3] interim-update – intermediate statistics. |
| |
| ''Acct-Delay-Time'' - is the timeout in seconds between receiving the last billing netflow statistics from the fastdpi and sending this Accounting-Request. In fact, this is a measure of data "obsolescence". | ''Acct-Delay-Time'' – timeout in seconds between receiving the latest billing netflow statistics from fastdpi and sending this Accounting-Request. In practice, this is a measure of data “staleness.” |
| |
| ''Class'' - if during authorization the Access-Accept/Access-Reject contains the Class attribute, then it will be transferred in all the accounting requests. | ''Acct-Session-Time'' – session duration in seconds. The attribute is added to interim update and stop packets. |
| |
| ''NAS-Port-Type'', ''NAS-Port'', ''NAS-IP-Address'', ''NAS-Identifier'' – are formed similarly to the [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration|Access-Request]]. | ''Event-Timestamp'' – [SSG 8.3] current time. |
| |
| Statistics (accounting data) are defined in the [[https://tools.ietf.org/html/rfc2866|RFC-2866]] and are passed only for Acct-Status-Type= 2 or 3: | ''Class'' – if there is a Class attribute in Access-Accept/Access-Reject during authorization, it is transmitted in all accounting requests. |
| * ''Acct-Input-Packets'' - the number of packets sent to the subscriber (inet -> subs direction) | |
| * ''Acct-Output-Packets'' - number of packets from the subscriber (subs -> inet direction) | ''NAS-IP-Address'', ''NAS-Identifier'' – IP address or identifier of the fastDPI server that originated this session. Taken from the [[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup|fdpi_server]] setting. |
| * ''Acct-Input-Octets'' - number of bytes sent to the subscriber (inet -> subs direction) | |
| * ''Acct-Output-Octets'' - number of bytes from the subscriber (subs -> inet direction) | [SSG 8.3] With the support of [[en:dpi:bras_bng:radius_integration:radius_accounting:multisession|multi-sessions]], the following attributes were added: |
| * ''Acct-Input-Gigawords'' ([[https://tools.ietf.org/html/rfc2869|RFC-2869]]) | |
| * ''Acct-Output-Gigawords'' ([[https://tools.ietf.org/html/rfc2869|RFC-2869]]) | ''Acct-Multi-Session-Id'' – identifier of the multi-session to which this session belongs. |
| | |
| | ''Acct-Link-Count'' – number of Start events in this multi-session. Note that this is not the number of active sessions, but the number of Start events in the multi-session, i.e., how many sessions were created in the multi-session since its beginning. |
| | |
| | ''VASExperts-Service-Type'' – authorization type. Possible values: |
| | * ''0'' (''Auth'' in ''dictionary.vasexperts'') – L3 authorization — a type of authorization where the client has statically configured on its equipment an IP address designated as “local” and requests Internet access. |
| | * ''1'' (''DHCP'') – DHCP authorization — authorization is initiated when the SSG system receives a DHCP Request from the client. |
| | * ''2'' (''PAP'') – PAP authorization — authorization using the PAP (Password Authentication Protocol), which is the first authentication protocol for PPP connections. |
| | * ''3'' (''CHAP'') – CHAP authorization — authorization using the CHAP (Challenge-Handshake Authentication Protocol), a challenge-response authentication protocol for PPP connections. |
| | * ''4'' (''MS_CHAPv2'') – MS-CHAPv2 authorization — authorization using the MS-CHAPv2 (Microsoft CHAP Version 2) protocol, which is an improved and more secure version of CHAP for PPP connections. |
| | * ''6'' (''ARP'') – ARP authorization — a type of authorization where the system processes an ARP request from the client to the gateway.\\ :!: The use of this type is not recommended. For details, see [[en:dpi:bras_bng:bras_l2_vlan:bras_l2_vlan_arp_proxy:bras_l2_vlan_arp_auth]]. |
| | * ''7'' (''DHCPv6'') – DHCPv6 authorization — authorization is initiated when the SSG system receives a DHCPv6 Solicit request from the client. |
| | * ''8'' (''GTP_auth'') – GTP authorization — the SSG system processes GTP-C packets. Upon successful GTP session start, BRAS sends an L3 authorization request to the PCRF node. |
| | * ''9'' (''DHCP-Dual'') – DHCP-Dual authorization — Access-Request from SSG is always sent either by IPv4 or by IPv6 address, but the response (Access-Accept) may contain addresses of both IP stacks (IPv4 and IPv6). |
| | <note tip>Values 2, 3, 4 are used for PPPoE. When using one of these authorization types, it is recommended to specify all three for proxying on the PPPoE server.</note> |
| | |
| | |
| | Accounting data, defined in [[https://tools.ietf.org/html/rfc2866|RFC-2866]], is transmitted only for Acct-Status-Type=2 or 3: |
| | * ''Acct-Input-Packets'' – number of packets to the subscriber (inet -> subs direction). |
| | * ''Acct-Output-Packets'' – number of packets from the subscriber (subs -> inet direction). |
| | * ''Acct-Input-Octets'' – number of bytes to the subscriber (inet -> subs direction). |
| | * ''Acct-Output-Octets'' – number of bytes from the subscriber (subs -> inet direction). |
| | * ''Acct-Input-Gigawords'' ([[https://tools.ietf.org/html/rfc2869|RFC-2869]]). |
| | * ''Acct-Output-Gigawords'' ([[https://tools.ietf.org/html/rfc2869|RFC-2869]]). |
| | |
| | In SSG 9.5.3, the following 64-bit VSA counters were also added: |
| | <code> |
| | # number of bytes to the subscriber (inet -> subs direction) |
| | ATTRIBUTE VasExperts-Acct-Input-Octets-64 22 integer64 |
| | # number of bytes from the subscriber (subs -> inet direction) |
| | ATTRIBUTE VasExperts-Acct-Output-Octets-64 23 integer64 |
| | # number of packets to the subscriber (inet -> subs direction) |
| | ATTRIBUTE VasExperts-Acct-Input-Packets-64 24 integer64 |
| | # number of packets from the subscriber (subs -> inet direction) |
| | ATTRIBUTE VasExperts-Acct-Output-Packets-64 25 integer64 |
| | </code> |
| | These counters are fully equivalent to the standard 32-bit ones and are transmitted along with them. The use of 64-bit counters slightly simplifies logic on the RADIUS side: there is no need to calculate 64-bit values from 32-bit attributes ''Acct-Input/Output-Octets'' and ''Acct-Input/Output-Gigawords''. |
| |
| in addition, statistics on the cs0-cs7 [[en:dpi:dpi_options:use_cases:qs_rateplans|traffic classes]] are transmitted in vendor-specific-attributes (VSA). | Additionally, statistics on [[en:dpi:dpi_options:use_cases:qs_rateplans|traffic classes]] cs0 - cs7 are transmitted in vendor-specific attributes (VSA). |
| The following VSAs are defined for the vendor-id=43823: | The following VSAs are defined for vendor-id=43823: |
| <code bash> | <code bash> |
| ATTRIBUTE VasExperts-Acct-Traffic-Class-Name 16 string | ATTRIBUTE VasExperts-Acct-Traffic-Class-Name 16 string |
| </code> | </code> |
| |
| here the ''VasExperts-Acct-Traffic-Class-Name'' is the traffic class name, "cs0", "cs1", ..., "cs7", | Here, ''VasExperts-Acct-Traffic-Class-Name'' is the traffic class name, "cs0", "cs1", ..., "cs7"; the other attributes contain statistics for this traffic class. |
| the rest attributes contain statistics for this traffic class. Below is the example pf the packet (only the first two traffic statistics are unfolded): | |
| | [SSG 8.3] Using the fastpcrf.conf settings, you can specify which traffic classes to include in overall accounting, as well as disable sending accounting by traffic classes (VasExperts-Acct-Traffic-Class-* attributes): |
| | * ''acct_disable_traffic_class'' – setting this parameter to 1 disables sending traffic class breakdowns in Acct-Request. By default, traffic class statistics are sent. |
| | * ''acct_include_traffic_class'' – allows specifying a list of traffic classes to include in accounting. By default, all traffic classes cs0 - cs7 are included in accounting. In this parameter, you can list, separated by commas, which traffic classes to include in accounting. Standard counters (Acct-Input/Output-Packets and Acct-Input/Output-Octets) will then contain only the sum of the specified classes. For example, to exclude class cs2 from accounting, set: |
| | <code bash> |
| | acct_include_traffic_class=cs0,cs1,cs3,cs4,cs5,cs6,cs7 |
| | </code> |
| | |
| | **Example** packet (only the first two traffic class statistics entries are expanded): |
| <code bash> | <code bash> |
| Frame 211: 576 bytes on wire (4608 bits), 576 bytes captured (4608 bits) | Frame 211: 576 bytes on wire (4608 bits), 576 bytes captured (4608 bits) |
| [The response to this request is in frame 233] | [The response to this request is in frame 233] |
| Attribute Value Pairs | Attribute Value Pairs |
| AVP: l=6 t=NAS-Port-Type(61): Virtual(5) | |
| AVP: l=6 t=NAS-Port(5): 0 | |
| AVP: l=10 t=NAS-Identifier(32): FastPCRF | AVP: l=10 t=NAS-Identifier(32): FastPCRF |
| AVP: l=6 t=Framed-IP-Address(8): 192.168.0.52 | AVP: l=6 t=Framed-IP-Address(8): 192.168.0.52 |
| AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823) | AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823) |
| </code> | </code> |
| |
| |
