Additional PPPoE BRAS settings
You can specify the following additional options related to PPPoE in the fastdpi.conf:
bras_pppoed_timeout
- sets the PPPoE session timeout in seconds, the default value is 2 seconds.
Since the PPPoE Discovery protocol is vulnerable to DOS attacks, this option is designed to restrict the internal resources usage when the PPPoE is under the DOS attack.
bras_pppoe_restore_on_startup
- Enable (1) or disable (0) restoring PPPoE sessions on SSG restart. For details, see: Restore PPPoE sessions during Stingray Service Gateway restart
bras_ppp_mru_max
- MRU size - the maximum size of a PPP packet wrapped in the PPPoE. The default value is 1492.
Change this parameter with caution!
You can specify greater value than the default one [RFC 4638] if the ethernet payload size (MTU) is established greater than 1500 in your network.
Calculation: MTU - 6 (=PPPoE header size) - 2 (=PPP Protocol Id).
If your network has another VLAN/QinQ, then you also need to subtract the length of the VLAN/QinQ headers.
This option have to be consistent with the snaplen
option.
bras_ppp_mac_auth
- the Radius-authorization permission flag by MAC-address.
The default value: 0 (MAC address authorization is forbidden).
This option is used when the PPP protocol failed to negotiate an authorization algorithm. If authorization by MAC address is disabled and the authorization protocol is not selected, you can not establish the PPP session.
bras_ppp_restart_timeout
- timeout for resending LCP requests cfg-req and term-req, in seconds.
The default value is 3 [RFC1661]
bras_ppp_ping_timeout
- ping timeout of the PPP session, in seconds.
The default value is 60.
0 - do not use ping.
Ping is sending LCP Echo-Request when there are no incoming client-side packets
bras_ppp_max_terminate
- the maximum number of attempts to send Terminate-Request without Terminate-Ack being received.
The default value is 2 [RFC1661].
bras_ppp_max_configure
- the maximum number of attempts to send Configure-Request without Cfg-Ack, Cfg-Nak or Cfg-Reject being received.
The default value is 10 [RFC1661].
bras_ppp_max_failure
- the maximum number of Configure-Nak in succession. When this threshold is reached, it is assumed that the parties were not able to agree on the connection parameters and then Cfg-Reject will be sent instead of Cfg-Nak.
The default value is 5 [RFC1661].
This option also regulates the maximum number of echo requests that were not replied: if there are no packages from the subscriber and there are no replies to the bras_ppp_max_failure
pings, the session is teminated as a result of subscriber inactivity.
bras_ppp_idle_timeout
- [SSG 8.1+] control of PPPoE subscriber inactivity. Inactivity interval (no packets from subscriber) is specified by Idle-Timeout radius attribute. If there is no such attribute in Access-Accept, this parameter is used. If there are no packets from the subscriber during idle-timeout, a ping (LCP Echo Request) is sent to the subscriber at bras_ppp_ping_timeout
interval of seconds. If on bras_ppp_max_failure
pings in a row there is no response from the subscriber - the session is considered finished by subscriber inactivity. Default value: 300 seconds.
bras_pppoe_ac_name
- string, AC-Name tag value when setting up a PPPoE session. If not specified, it is transferred to fastDPI
bras_pppoe_service_name
- [SSG 10.2+] string, Service-Name tag value when PPPoE session is set (passed to subscriber in PADO). If not specified - Service-Name tag is not included in PADO.