| Next revision | Previous revision |
| en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup [2024/09/26 15:29] – created - external edit 127.0.0.1 | en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup [2024/12/05 14:52] (current) – elena.krasnobryzh |
|---|
| ====== FastPCRF installation and configuration ====== | ====== FastPCRF installation and configuration ====== |
| {{indexmenu_n>1}} | {{indexmenu_n>1}} |
| The Fastpcrf server application can be installed on the same server as the fastDPI or on another one. | |
| <note tip>[[en:dpi:dpi_components:pcrf|We recommend moving the fastPCRF process to a separate virtual machine]] | |
| for fault-tolerance and multi fastDPI management (BRAS).</note> | |
| |
| The configuration is set in the file ///etc/dpi/fastpcrf.conf//. Minimal configuration: | - [[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup:pending_queue]] |
| | - [[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup:fastpcrf_logs]] |
| | - [[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup:radius_auth_fastpcrf_setup_full]] |
| | - [[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup:persistent_queue]] |
| | - [[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup:radius_server_reservation]] |
| | |
| | FastPCRF provides proxying of requests from fastDPI towards the RADIUS server and is included in the default SSG installation package: by default, fastPCRF is installed on the same server as fastDPI. |
| | |
| | <note tip>To implement the [[en:dpi:bras_bng:replication|]] scheme, it is necessary to [[en:dpi:dpi_components:pcrf|move the fastPCRF process to a separate virtual machine]] to ensure fault tolerance and manage multiple fastDPI (BRAS).</note> |
| | |
| | The configuration is set in the file ''[[en:dpi:bras_bng:radius_integration:radius_auth_fastpcrf_setup:radius_auth_fastpcrf_setup_full|/etc/dpi/fastpcrf.conf]]''. Minimal configuration: |
| <code bash> | <code bash> |
| # For SSG 8.3+: two fastDPI servers work with one fastpcrf | # For SSG 8.3+: two fastDPI servers work with one fastpcrf |
| * ''port'' - [[en:dpi:dpi_components:platform:subscriber_management:subsman_dpi|management port]] fastDPI (usually 29000) | * ''port'' - [[en:dpi:dpi_components:platform:subscriber_management:subsman_dpi|management port]] fastDPI (usually 29000) |
| * ''name=value'' - additional attributes of this fastdpi server: | * ''name=value'' - additional attributes of this fastdpi server: |
| * ''attr_nas_ip'' - IPv4 address for Radius attribute ''NAS-IP-Address''; if not set, the fastdpi IP address is used (''ip''); | * ''attr_nas_ip'' - IPv4 address for RADIUS attribute ''NAS-IP-Address''; if not set, the fastdpi IP address is used (''ip''); |
| * ''attr_nas_ipv6'' - the value of the ''NAS-IPv6-Address'' Radius attribute for this fastdpi; | * ''attr_nas_ipv6'' - the value of the ''NAS-IPv6-Address'' RADIUS attribute for this fastdpi; |
| * ''attr_nas_id'' - the value of the ''NAS-Identifier'' attribute for this fastdpi | * ''attr_nas_id'' - the value of the ''NAS-Identifier'' attribute for this fastdpi |
| |
| * ''ip'' - fastDPI server IP address, | * ''ip'' - fastDPI server IP address, |
| * ''dev'' - on which local interface to create a fastDPI connection, | * ''dev'' - on which local interface to create a fastDPI connection, |
| * ''port'' - [[en:dpi:dpi_components:platform:subscriber_management:subsman_dpi|control port]] fastDPI (usually 29000). | * ''port'' - [[en:dpi:dpi_components:platform:subscriber_management:subsman_dpi|management port]] fastDPI (usually 29000). |
| <note important>The control port must be the same in fastdpi.conf (parameter ''ctrl_port'') and in fastpcrf.conf.</note> | <note important>The control port must be the same in fastdpi.conf (parameter ''ctrl_port'') and in fastpcrf.conf.</note> |
| <note important>FastDPI only listens on the control port on the interface specified by the ''ctrl_dev'' parameter in the fastdpi.conf configuration file. If fastPCRF is being installed on a standalone server, the ''ctrl_dev'' parameter must be properly configured with an interface name other than ''lo'' for fastDPI and fastPCRF communication</note> | <note important>FastDPI only listens on the control port on the interface specified by the ''ctrl_dev'' parameter in the fastdpi.conf configuration file. If fastPCRF is being installed on a standalone server, the ''ctrl_dev'' parameter must be properly configured with an interface name other than ''lo'' for fastDPI and fastPCRF communication</note> |
| |
| • ''radius_server'' - specifies one radius server. Each radius server (usually two of them - main and backup) is specified in a separate radius_server parameter. \\ | • ''radius_server'' - specifies one RADIUS server. Each RADIUS server (usually two of them - main and backup) is specified in a separate ''radius_server'' parameter. \\ |
| Format: ''secret@ip%dev:port'' where: | Format: ''secret@ip%dev:port'' where: |
| * ''secret'' - Radius secret, | * ''secret'' - RADIUS secret, |
| * ''ip'' - Radius server IP address, | * ''ip'' - RADIUS server IP address, |
| * ''dev'' - name of the local interface on which to establish a connection, | * ''dev'' - name of the local interface on which to establish a connection, |
| * ''port'' - Radius auth port. It is possible to specify up to 16 Radius servers, while the first one in the order of declaration in fastpcrf.conf is considered the main one, the rest are reserve ones. | * ''port'' - RADIUS auth port. It is possible to specify up to 16 RADIUS servers, while the first one in the order of declaration in fastpcrf.conf is considered the main one, the rest are reserve ones. |
| <note important>A connection is created with only one radius server from the list, backup servers are activated only when the main one is unavailable.</note> | <note important>A connection is created with only one RADIUS server from the list, backup servers are activated only when the main one is unavailable.</note> |
| |
| ''fastpcrf.conf'' has many other configuration parameters related to fine-tuning the interaction with Radius servers. | ''fastpcrf.conf'' has many other configuration parameters related to fine-tuning the interaction with RADIUS servers. |
| |
| |
| <note warning>After configuring, don't forget to enable fastPCRF autorun when starting the server with the command: | <note warning>After configuring, don't forget to enable fastPCRF autorun when starting the server with the command: |
| <code> | <code> |
| chkconfig fastpcrf on | systemctl enable fastpcrf |
| </code> | </code> |
| </note> | </note> |
