en:dpi:dpi_bestpractice:dpi_bestpractice_brasl2radiusproxy [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
    • Stingray Service Gateway by VAS Expertsdpi_bestpracticedpi_bestpractice_brasl2radiusproxy

    This is an old revision of the document!

    BRAS L2 DHCP Radius Proxy Example

    Description

    BRAS DHCP L2 mode means that the subscriber recieves an IP-address via DHCP Proxy and proceeds to ААА in the Billing system. Then the subscriber is terminated by VAS Experts DPI and transferred to border equipment.

    The following elements are involved in the VAS Experts DPI operation scheme in BRAS L2 DHCP Radius Proxy mode:

    1. Client with Q-in-Q access type
    2. FastDPI - traffic processing and policing
    3. FastPCRF - proxying requests between fastDPI and Radius
    4. Radius server - accepts requests from fastPCRF and generates responses with specified attributes
    5. Router - is responsible for packets transmission to the Internet and the backward routing. It is necessary to specify the Static Route, since VAS Experts DPI does not support OSPF and BGP at the moment.

    Scenario

    FastDPI Setup

    Editing the DPI Configuration File

    First, you need to uncomment (add) the following lines to the /etc/dpi/fastdpi.conf configuration file. 

        #enabling internal database of user properties
udr=1
    #enabling the authorization by IP mode
enable_auth=1
    #enabling L2 BRAS mode
bras_enable=1

    #"virtual" IP address of DPI (must be unique on the network)
bras_arp_ip=192.168.1.2
    #"virtual" MAC address of DPI (use the real MAC address of any of the DNA interfaces)
bras_arp_mac=a0:36:9f:77:26:58

    #IP address of the border
bras_gateway_ip=192.168.1.1
    #MAC address of the interface to which DPI is connected on the border
bras_gateway_mac=c4:71:54:4b:e7:8a

    #server data which Fastpcrf is installed on (if it is the same where Fastdpi is installed, do not change)

auth_servers=127.0.0.1%lo:29002

	#enabling of DHCP Relay Agent mode
bras_dhcp_mode=1

	#192.168.10.2 – IP-address of DHCP-server
	#veth0 – the name of the network interface that communicates with the DHCP server
	#67 – port, default value: 68
	#arp_proxy - lag in response to ARP requests for the DHCP-server IP-address
	#alias_ip - DHCP server alias
	#reply_port - port that recieves for responses from the DHCP server
bras_dhcp_server=192.168.10.2%veth0:67;arp_proxy=1;alias_ip=192.168.1.4;reply_port=67

    #vlan termination (in this case the tag will be cut out)
bras_vlan_terminate=1
    #MAC spoofing
bras_terminate_l2=1
    #local traffic interconnection
bras_terminate_local=1

    #enabling accounting
enable_acct=1
    #subscribers billing statistics
netflow=4
    #timeout for sending statistics
netflow_timeout=60
    You should set your own values for the following parameters
    • bras_arp_ip
    • bras_arp_mac
    • bras_gateway_ip
    • bras_gateway_mac

    If the session is successfully started and the L3 authorization mode is enabled (enable_auth = 1), fastDPI BRAS immediately sends a Radius request for subscriber authorization and gets an up-to-date list of subscriber's enabled services and the policy profile.