BNG/BRAS
Posted: 20 Sep 2023, 16:11
Hello to you all:
I'm testing accel-ppp's ipoe support. My goal is to use it to authorize and shape GEPON services, without relying on pppoe and with as few special purpose hardware as possible. The host labeled BNG runs accel-ppp in debian 12. It also runs freeradius and kea.
In this test setup, ipoe's start parameter must be up. If set to dhcpv4 then the DHCP service does not work. Also ipoe's mode parameter must be L3. If set to L2 traffic flows unchecked and unshaped through the BNG host.
Is my stated goal feasible? Am I on the right track to achieve it?
I will thankfully receive your comments.
The contents of accel-ppp's configuration file is shown below. Sections ip-pool, common, ppp, auth, pptp, pppoe, l2tp, sstp, dns, wins, log-pgsql, pppd-compat, chap-secrets, ipv6-pool, ipv6-dns and ipv6-dhcp contain no configuration lines.
The contents of the top lines of freeradius user configuration file is as follows. It authorizes 8 Mbps downstream and 2 Mbps upstream service to customer using ONU having MAC address AA:AA:AA:AA:AA:AA and 4 Mbps downstream and 1 Mbps upstream service to customer using ONU having MAC address BB:BB:BB:BB:BB:BB.
I'm testing accel-ppp's ipoe support. My goal is to use it to authorize and shape GEPON services, without relying on pppoe and with as few special purpose hardware as possible. The host labeled BNG runs accel-ppp in debian 12. It also runs freeradius and kea.
Code: Select all
+-------+ +-------+ +-------+
| GEPON | 1 | | 254 1 | ISP |
| OLT |--------------| BNG |-----------------| ROUTER|
| | 192.0.2.0/24 | | 198.51.100.0/24 | |
+-------+ eth0 +-------+ eth1 +-------+
Is my stated goal feasible? Am I on the right track to achieve it?
I will thankfully receive your comments.
The contents of accel-ppp's configuration file is shown below. Sections ip-pool, common, ppp, auth, pptp, pppoe, l2tp, sstp, dns, wins, log-pgsql, pppd-compat, chap-secrets, ipv6-pool, ipv6-dns and ipv6-dhcp contain no configuration lines.
Code: Select all
# Beginning of /etc/accel-ppp.conf
[modules]
log_file
ipoe
auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap
radius
shaper
net-snmp
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[ipoe]
username=lua:if_mac
password=empty
ifcfg=0
mode=L3
start=up
lua-file=/etc/accel-ppp.lua
idle-timeout=900
local-net=192.0.2.0/24
interface=eth0
[radius]
dictionary=/usr/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1
dae-server=127.0.0.1:3799,testing123
[client-ip-range]
0.0.0.0/0
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
log-debug=/var/log/accel-ppp/debug.log
copy=1
level=5
[shaper]
attr=Filter-Id
ifb=ifb0
up-limiter=htb
down-limiter=htb
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
# End of /etc/accel-ppp.conf
Code: Select all
# Beginning of /etc/freeradius/3.0/users
"AA:AA:AA:AA:AA:AA" Auth-Type := Accept
Filter-ID := "8000/2000"
"BB:BB:BB:BB:BB:BB" Auth-Type := Accept
Filter-ID := "4000/1000"
# End of first lines of /etc/freeradius/3.0/users.