Identification of L2 and L3 subscribers [Документация VAS Experts]

Identification of L2 and L3 subscribers

L3-subscribers

FastDPI 12 introduces support for identifying L2 subscribers by VLAN/Q-in-Q.

Previously, the way of subscriber identification was only his MAC-address, which could lead to problems if two different subscribers belonging to different VLANs, have the same MAC-address.

FastDPI 12 introduces a new fastdpi.conf setting: bras_subs_id, which is a type of L2 subscriber identification. It specifies a list, in order of preference, of what to consider to be the L2-subscriber ID.

Valid values in the list:

  • mac - The subscriber's MAC address (srcMAC of the packet from the subscriber) is the subscriber's identifier. This type is applicable to any network, including VLAN and Q-in-Q (VLANs are not counted).
  • vlan+mac - the subscriber identifier is the VLAN + subscriber's MAC. This type applies only to VLANs, but does not apply for Q-in-Q.
  • qinq - the subscriber identifier is Q-in-Q. Applicable for Q-in-Q networks only.
  • qinq+mac - subscriber identifier is Q-in-Q + subscriber's MAC. Applicable for Q-in-Q networks only.

The default value is bras_subs_id=mac (for compatibility with previous versions)

Setup example:

bras_subs_id=qinq+mac,vlan+mac,mac

is interpreted as follows:

  • If the packet is Q-in-Q - then the identifier is Q-in-Q + subscriber's MAC,
  • otherwise if the package is VLAN - then the identifier is VLAN + subscriber's MAC,
  • otherwise the identifier is the subscriber's MAC.

Instead of a list you can set it to auto:

bras_subs_id=auto

which is equal to:

bras_subs_id=qinq+mac,vlan+mac,mac

We recommend to use the auto value for bras_subs_id.

If no identification type is defined for an incoming packet, then such subscriber is not terminated, all packets of the subscriber are dropped. This is possible for the following example:

bras_subs_id=qinq+mac

when the incoming packet from the subscriber is not Q-in-Q.

Radius Authorization

In the Radius L2 authorization request, the subscriber ID is passed in the VSA attribute VasExperts-L2-SubsId as a string:

ATTRIBUTE   VasExperts-L2-SubsId           14   string

The format of the string representation of the identifiers is as follows:

  • mac: "[1]xx:xx:xx:xx:xx:xx", xx - subscriber's MAC address, e.g.: [1]02:42:89:33:7b:3e - subscriber MAC=02:42:89:33:7b:3e
  • vlan+mac: "[2]N/xx:xx:xx:xx:xx:xx", N - VLAN number, e.g., [2]56/02:42:89:33:7b:3e - subscriber MAC=02:42:89:33:7b:3e в VLAN=56
  • qinq: "[3]N.N", N - VLAN numbers, e.g.: [3]56.234 - subscriber in Q-in-Q=56.234
  • qinq+mac: "[4]N.N/xx:xx:xx:xx:xx:xx", e.g.: [4]56.234/02:42:89:33:7b:3e - subscriber MAC=02:42:89:33:7b:3e в Q-in-Q=56.234

If the subscriber's L2 identifier is unknown, then VasExperts-L2-SubsId=[0]<n/a>.

L2-subscribers