[AusNOG] DHCP server suitable for NBN

Philip Loenneker Philip.Loenneker at tasmanet.com.au
Mon Aug 29 08:55:54 EST 2016


Hi all,

For those interested, I ended up going with the second option listed below. I now have our BNG using our Mikrotik router as a DHCP server, which sends RADIUS requests to a minimal FreeRADIUS installation that only re-writes the requests and forwards it to our customer management system. It appears to be working well.

Regards,
Philip Loenneker | Network Engineer | TasmaNet
40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
P: 03 6165 2542 | M: 0404 097 816
philip.loenneker at tasmanet.com.au<mailto:philip.loenneker at tasmanet.com.au>
www.tasmanet.com.au<http://www.tasmanet.com.au/>

From: Philip Loenneker
Sent: Wednesday, 24 August 2016 10:52 AM
To: ausnog at lists.ausnog.net
Subject: RE: [AusNOG] DHCP server suitable for NBN

Your comment makes me wonder if I misunderstood - is the suggestion to:

a)      Have a new FreeRADIUS server as a DHCP server pointing to the existing FreeRADIUS server for AAA, or

b)      Use the Mikrotik DHCP server as we used to, but point it to a middleman FreeRADIUS server which proxies and rewrites the request to the existing FreeRADIUS instance so that the Circuit-ID is the username

That second option sounds nice from the point of view that it would be doing a single task and not need any additional maintenance... and our techs are already familiar with Mikrotik management including DHCP leases...

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joseph Goldman
Sent: Wednesday, 24 August 2016 10:43 AM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] DHCP server suitable for NBN

This was my thought, i've seen instances where a RADIUS 'proxy' is handy to do these kind of re-writes and other things. Should be very easy and simple (but a shout-out to Radiator, non-free though but very flexible and scriptable)
On 24/08/16 10:39, Damien Gardner Jnr wrote:
What about putting your own FreeRadius server in front of the vendor one, and pop together some quick functions to re-map the circuit ID into the username before passing the query on to the vendor FreeRadius? :)

On 24 August 2016 at 10:35, Philip Loenneker <Philip.Loenneker at tasmanet.com.au<mailto:Philip.Loenneker at tasmanet.com.au>> wrote:
Hi Craig,

I have looked at that option, but because FreeRADIUS is integrated with our customer management product, the vendor would have to implement that change. I asked them about it, and they said it is not a priority because they see it as an edge case, not a common feature their customers are after.

Regards,
Philip Loenneker | Network Engineer | TasmaNet
40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
P: 03 6165 2542 | M: 0404 097 816
philip.loenneker at tasmanet.com.au<mailto:philip.loenneker at tasmanet.com.au>
www.tasmanet.com.au<http://www.tasmanet.com.au/>

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Craig Askings
Sent: Wednesday, 24 August 2016 10:31 AM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] DHCP server suitable for NBN

I've not tried it in that particular configuration, but Freeradius can act directly as a DHCP server.


On 24 Aug 2016, at 9:53 AM, Philip Loenneker <Philip.Loenneker at tasmanet.com.au<mailto:Philip.Loenneker at tasmanet.com.au>> wrote:

Hi all,

We have used a couple of different DHCP servers for NBN IPoE sessions over the last few years, all talking to a RADIUS back end to look up the static IP address information based on circuit-ID (AVC). Initially we used a Mikrotik router, but with a change in RADIUS server we need the DHCP server to use the circuit-ID as the AAA username, and the Mikrotik only uses the MAC address. I found that the DHCP server in our Cisco ASR could send the circuit-ID as the AAA username, but it has a "feature" where AAA-based DHCP sessions have a maximum life (defined by Cisco AVPair session-duration, which has to exist and can't be zero) after which the DHCP lease is forced to be released and has to be renewed from scratch. This causes a brief outage to the service while they have no IP address, and causes some of our clients to failover to an alternate connection. After a chat with Cisco, I was told that it was by design and would not be changed or allowed to be overridden.

Our RADIUS server is FreeRADIUS, but it's integrated with a customer management system, and it doesn't allow us to use DEFAULT as the username and pick up the circuit-ID as an additional check.

Does anyone have any suggestions of a DHCP server that leverages RADIUS and can use circuit-ID as the AAA username, but is otherwise standard and allows unlimited renewals?

Regards,
Philip Loenneker | Network Engineer | TasmaNet
40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
P: 03 6165 2542 | M: 0404 097 816
philip.loenneker at tasmanet.com.au<mailto:philip.loenneker at tasmanet.com.au>
www.tasmanet.com.au<http://www.tasmanet.com.au/>

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



--

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net<mailto:rendrag at rendrag.net> -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder



_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160828/a2da4ffa/attachment.html>


More information about the AusNOG mailing list