FastDPI in the DHCP proxy mode [Документация VAS Experts]

FastDPI in the DHCP proxy mode

When the FastDPI receives the DHCP-Discover request from the user equipment it sends it "as is" to the fastPCRF for further processing. If the IP address is successfully assigned then the fastPCRF will respond by the DHCP-Offer, simultaneously informing the Radius server about opening the Accounting Start session. FastDPI saves all the DHCP-Offer parameters in its internal database. During the bras_dhcp_request_delay time (specified in the fastdpi.conf, the default value is 600 seconds), all the subsequent DHCP-Request requests from the user equipment being sent for the confirmation or for the IP address leasing prolongation are handled by the fastDPI: it passes stored from the DHCP-Offer parameters to the DHCP-Ack.

The response timeout (in seconds) from the fastPCRF to DHCP-Discover is specified by the bras_dhcp_timeout option in the fastdpi.conf, its default value is 7 seconds.

Having received the DHCP-Release/DHCP-Decline requests the fastDPI marks in its internal database that the IP address leasing is expired and sends a notification to the Radius server (via the fastPCRF) about session termination as the Accounting Stop. After the session is terminated all the packets from this user IP address will be dropped.

Also the fastDPI monitors the session duration (the session duration is specified in the DHCP-Offer): if the session is obsolete and the user doesn't extend the leasing (i.e. did not send the DHCP-Request), then the session is considered to be overdue and all packets being sent from this user IP address will be dropped.

Thus, the main load on the Radius server (via fastPCRF) is created by the DHCP-Discover requests.

With such an algorithm, the duration of the user DHCP session can be virtually unlimited if the user equipment properly sends DHCP-Request requests for the IP address lease renewal. This can be a problem for the provider, so the fastDPI has the bras_max_session_duration configuration option specifying the maximum user session length in seconds. The default value for this option is 604800 seconds (1 week). If the maximum session duration is exceeded then the fastDPI responds to the DHCP-Request request intended to prolongate the IP address leasing with the DHCP-Nak denial, thereby forcing the user equipment to start a new session by sending the DHCP-Discover.

DHCP-Inform

The fastDPI also handles the DHCP-Inform requests. Remember that the DHCP-Inform is designed for equipment with a statically assigned and non-changing IP address, that is, the equipment a priori knows its IP address.

In fact, DHCP-Inform represents the request like "give me the network configuration for the specified IP address". Conceptually, the fastDPI handles such requests in the same way as DHCP-Discover, i.e. sends such requests to the fastPCRF, which generates a Radius request with slightly different parameters to distinguish the DHCP-Inform from the DHCP-Discover.

If the DHCP-Inform is not used in the provider's network, then the Radius server should be configured such a way that it will respond to the DHCP-Inform with the Access-Reject error without specifying the Framed-IP-Address attribute. Then any DHCP response will not be generated in response to DHCP-Inform which is equivalent to denial (remember that that according to the RFC-2131, the response to DHCP-Inform can be only the DHCP-Ack acknowledgment).

««« DHCP Radius proxy