RADIUS Attributes [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsBNG/BRASIntegration with Radius-serverAccounting – traffic accounting (service 9)RADIUS Attributes

    RADIUS Attributes

    FastPCRF transmits the following attributes in Accounting-Request:

    VasExperts-L2-SubsId – L2-subscriber identifier.

    Framed-IP-Address – (IPv4 only) subscriber’s IPv4 address; for NAT 1:1 the value of this attribute can be configured.

    Framed-IPv6-Prefix – (IPv6 only) subscriber’s IPv6 subnet prefix.

    Framed-IPv6-Address – (IPv6 only) subscriber’s IPv6 address. Only the higher bits of the address, as defined by the IPv6 prefix, are significant. For example, for prefix 2001:1::/64 the value of this attribute will be 2001:1::.

    Delegated-IPv6-Prefix – (IPv6 only) PD-prefix assigned to the subscriber.

    Acct-Session-Id – RADIUS accounting session identifier.

    Acct-Status-Type – request type:

    • [1] start – beginning of the accounting session. No statistics are transmitted in this request, only the session Id is announced.
    • [2] stop – termination of the accounting session. This request carries the final session statistics.
    • [3] interim-update – intermediate statistics.

    Acct-Delay-Time – timeout in seconds between receiving the latest billing netflow statistics from fastdpi and sending this Accounting-Request. In practice, this is a measure of data “staleness.”

    Acct-Session-Time – session duration in seconds. The attribute is added to interim update and stop packets.

    Event-Timestamp – [SSG 8.3] current time.

    Class – if there is a Class attribute in Access-Accept/Access-Reject during authorization, it is transmitted in all accounting requests.

    NAS-IP-Address, NAS-Identifier – IP address or identifier of the fastDPI server that originated this session. Taken from the fdpi_server setting.

    [SSG 8.3] With the support of multi-sessions, the following attributes were added:

    Acct-Multi-Session-Id – identifier of the multi-session to which this session belongs.

    Acct-Link-Count – number of Start events in this multi-session. Note that this is not the number of active sessions, but the number of Start events in the multi-session, i.e., how many sessions were created in the multi-session since its beginning.

    VASExperts-Service-Type – authorization type. Possible values:

    • 0 (Auth in dictionary.vasexperts) – L3 authorization — a type of authorization where the client has statically configured on its equipment an IP address designated as “local” and requests Internet access.
    • 1 (DHCP) – DHCP authorization — authorization is initiated when the SSG system receives a DHCP Request from the client.
    • 2 (PAP) – PAP authorization — authorization using the PAP (Password Authentication Protocol), which is the first authentication protocol for PPP connections.
    • 3 (CHAP) – CHAP authorization — authorization using the CHAP (Challenge-Handshake Authentication Protocol), a challenge-response authentication protocol for PPP connections.
    • 4 (MS_CHAPv2) – MS-CHAPv2 authorization — authorization using the MS-CHAPv2 (Microsoft CHAP Version 2) protocol, which is an improved and more secure version of CHAP for PPP connections.
    • 6 (ARP) – ARP authorization — a type of authorization where the system processes an ARP request from the client to the gateway.
      :!: The use of this type is not recommended. For details, see ARP request authorization.
    • 7 (DHCPv6) – DHCPv6 authorization — authorization is initiated when the SSG system receives a DHCPv6 Solicit request from the client.
    • 8 (GTP_auth) – GTP authorization — the SSG system processes GTP-C packets. Upon successful GTP session start, BRAS sends an L3 authorization request to the PCRF node.
    • 9 (DHCP-Dual) – DHCP-Dual authorization — Access-Request from SSG is always sent either by IPv4 or by IPv6 address, but the response (Access-Accept) may contain addresses of both IP stacks (IPv4 and IPv6).
    Values 2, 3, 4 are used for PPPoE. When using one of these authorization types, it is recommended to specify all three for proxying on the PPPoE server.

    Accounting data, defined in RFC-2866, is transmitted only for Acct-Status-Type=2 or 3:

    • Acct-Input-Packets – number of packets to the subscriber (inet → subs direction).
    • Acct-Output-Packets – number of packets from the subscriber (subs → inet direction).
    • Acct-Input-Octets – number of bytes to the subscriber (inet → subs direction).
    • Acct-Output-Octets – number of bytes from the subscriber (subs → inet direction).
    • Acct-Input-Gigawords (RFC-2869).
    • Acct-Output-Gigawords (RFC-2869).

    In SSG 9.5.3, the following 64-bit VSA counters were also added: 

       # number of bytes to the subscriber (inet -> subs direction)
ATTRIBUTE   VasExperts-Acct-Input-Octets-64    22  integer64
   # number of bytes from the subscriber (subs -> inet direction)
ATTRIBUTE   VasExperts-Acct-Output-Octets-64   23  integer64
   # number of packets to the subscriber (inet -> subs direction)
ATTRIBUTE   VasExperts-Acct-Input-Packets-64   24  integer64
   # number of packets from the subscriber (subs -> inet direction)
ATTRIBUTE   VasExperts-Acct-Output-Packets-64  25  integer64

    These counters are fully equivalent to the standard 32-bit ones and are transmitted along with them. The use of 64-bit counters slightly simplifies logic on the RADIUS side: there is no need to calculate 64-bit values from 32-bit attributes Acct-Input/Output-Octets and Acct-Input/Output-Gigawords.

    Additionally, statistics on traffic classes cs0 - cs7 are transmitted in vendor-specific attributes (VSA). The following VSAs are defined for vendor-id=43823: 

    ATTRIBUTE VasExperts-Acct-Traffic-Class-Name            16 string
ATTRIBUTE VasExperts-Acct-Traffic-Class-Input-Octets    17 integer64
ATTRIBUTE VasExperts-Acct-Traffic-Class-Output-Octets   18 integer64
ATTRIBUTE VasExperts-Acct-Traffic-Class-Input-Packets   19 integer64
ATTRIBUTE VasExperts-Acct-Traffic-Class-Output-Packets  20 integer64

    Here, VasExperts-Acct-Traffic-Class-Name is the traffic class name, "cs0", "cs1", …, "cs7"; the other attributes contain statistics for this traffic class.

    [SSG 8.3] Using the fastpcrf.conf settings, you can specify which traffic classes to include in overall accounting, as well as disable sending accounting by traffic classes (VasExperts-Acct-Traffic-Class-* attributes):

    • acct_disable_traffic_class – setting this parameter to 1 disables sending traffic class breakdowns in Acct-Request. By default, traffic class statistics are sent.
    • acct_include_traffic_class – allows specifying a list of traffic classes to include in accounting. By default, all traffic classes cs0 - cs7 are included in accounting. In this parameter, you can list, separated by commas, which traffic classes to include in accounting. Standard counters (Acct-Input/Output-Packets and Acct-Input/Output-Octets) will then contain only the sum of the specified classes. For example, to exclude class cs2 from accounting, set:
    acct_include_traffic_class=cs0,cs1,cs3,cs4,cs5,cs6,cs7

    Example packet (only the first two traffic class statistics entries are expanded): 

    Frame 211: 576 bytes on wire (4608 bits), 576 bytes captured (4608 bits)
Ethernet II, ...
Internet Protocol Version 4, ...
User Datagram Protocol, Src Port: 41754, Dst Port: 1815
RADIUS Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0xfc (252)
    Length: 534
    Authenticator: 02495762cbcef01d257fa82eb8f320b3
    [The response to this request is in frame 233]
    Attribute Value Pairs
        AVP: l=10 t=NAS-Identifier(32): FastPCRF
        AVP: l=6 t=Framed-IP-Address(8): 192.168.0.52
        AVP: l=6 t=Service-Type(6): Framed(2)
        AVP: l=18 t=Acct-Session-Id(44): 3400a8c0311fae6b
        AVP: l=6 t=Acct-Authentic(45): RADIUS(1)
        AVP: l=6 t=Acct-Status-Type(40): Interim-Update(3)
        AVP: l=6 t=Acct-Delay-Time(41): 6
        AVP: l=6 t=Acct-Input-Packets(47): 0
        AVP: l=6 t=Acct-Output-Packets(48): 1956
        AVP: l=6 t=Acct-Input-Octets(42): 0
        AVP: l=6 t=Acct-Input-Gigawords(52): 0
        AVP: l=6 t=Acct-Output-Octets(43): 2173116
        AVP: l=6 t=Acct-Output-Gigawords(53): 0
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
            AVP Type: 26
            AVP Length: 51
            VSA: l=5 t=VasExperts-Acct-Traffic-Class-Name(16): cs0
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Input-Octets(17): 0000000000000000
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Output-Octets(18): 00000000002128bc
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Input-Packets(19): 0000000000000000
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Output-Packets(20): 00000000000007a4
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
            AVP Type: 26
            AVP Length: 51
            VSA: l=5 t=VasExperts-Acct-Traffic-Class-Name(16): cs1
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Input-Octets(17): 0000000000000000
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Output-Octets(18): 0000000000000000
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Input-Packets(19): 0000000000000000
            VSA: l=10 t=VasExperts-Acct-Traffic-Class-Output-Packets(20): 0000000000000000
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)
        AVP: l=51 t=Vendor-Specific(26) v=VAS Experts(43823)

    Was this information helpful?