Page 1 of 1

ppp interfaces in network namespace

Posted: 19 May 2020, 16:24
by proca
Dear members,

First of all I want to express my gratitude for the accel-ppp team for creating a great product.
My servers peaked 2500 pppoe users and 3Gbps in+out on a single 1x10G X710 intel card running on pcie 2.0 port.

I'm experimenting with the idea of having pppoe users redirected to a portal in certain scenarios so we can present messages to them.
iptables would be one way to go about it but I was seeing netns supported also.

My question: is there any way that I can tell accel-ppp to bring up a certain ppp interface inside a netns ?
This way I could change the default gateway inside that specific netns and route the user to a captive portal.

Thanks.

Re: ppp interfaces in network namespace

Posted: 19 May 2020, 18:15
by proca
I managed to do this via ip-up scripts so far and it seems to work. I can run a sql query in the ip-up to dertermine where the user should go. would have liked a radius option though, less stress on the db.

I do see one warning message in the accel-ppp.log:
warn: ppp0: failed to get interface statistics

I presume since the interface is in another namespace we cannot get stats, so accounting does not work:
<Acct-Session-Time 1615> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0>

can i trigger a disable for the interface statistics of a specific ppp interface so i get rid of the error ?

Re: ppp interfaces in network namespace

Posted: 21 May 2020, 06:19
by dimka88
Hi, do you use `NAS-Port-Id=ns/` or pppd_compat(ip-up) script?
viewtopic.php?f=4&t=670

Re: ppp interfaces in network namespace

Posted: 29 May 2020, 12:04
by proca
hi,

I've successfully used pppd_compat but this creates a small strain on the database as another sql query inside the ip-up script is needed to determine the routing table.
How can I use NAS-Port-Id=ns/ ? this atribute is used in the access-request and accounting.

I would need to get the NS as I get the framedipaddress for example.

Thanks

Re: ppp interfaces in network namespace

Posted: 29 May 2020, 18:30
by dimka88
Hi, you need just send `NAS-Port-Id=<name space>/ ` in Access-Accept, This is all

Re: ppp interfaces in network namespace

Posted: 03 Jun 2020, 12:06
by proca
So if I edit the radius dictionary and add a new string atribute NAS-Port-Id for the radius reply it should do the trick ?

Re: ppp interfaces in network namespace

Posted: 04 Jun 2020, 11:56
by dimka88
NAS-Port-Id this is default radius attribute, and as I remember it has type string.

Re: ppp interfaces in network namespace

Posted: 04 Jun 2020, 17:15
by proca
Thanks, it worked in the lab after sending the attribute

[2020-06-04 19:53:32.466] ens192: 015191e682973db1: recv [RADIUS(2) Access-Accept id=1 <Framed-IP-Address 1.2.3.4> <NAS-Port-Id "suspendat/">]

root@vpppoe-1:/home/proca# accel-cmd show sessions ifname,username,calling-sid,called-sid,ip,type,state,uptime,netns
ifname | username | calling-sid | called-sid | ip | type | state | uptime | netns
--------+----------+-------------------+------------+---------------+-------+--------+----------+-----------
ppp0 | Zamfir1 | 00:0c:29:db:53:ae | ens192 | 1.2.3.4 | pppoe | active | 00:00:18 | suspendat

ip netns exec suspendat ip route
default via 172.16.35.33 dev ens256
1.2.3.4 dev ppp0 proto kernel scope link src 10.0.0.3
172.16.35.32/29 dev ens256 proto kernel scope link src 172.16.35.36