[RADIATOR] Simultaneous Use, Redback SE

Horsington, Colin colin.horsington at transact.com.au
Thu Oct 2 02:43:53 CDT 2008


Hi All,

Operating Radiator 4.2 on Debian with RedBack SE400 release 6.1.3.x.

We are performing strict simultaneous use checks, first with the online
session table (SQL) then via SNMP.

A few issues:

1. The isOnline (Nas.pm) hook does not pass the whole packet, which would be
desirable.  Redback with their SE series mask the MIB tables based on the
context which is encoded into the community string.  For example the SNMP
get community string would be:

snmpget -v 2c -c public at context redback1 enterprises.x.y.z

Which would retrieve subscriber information connected to context "context".
This can be worked around by performing a lookup (SQL) on the session and
retrieving this attribute %{RB-Context-Name}.


2. When we perform a check via SNMP and the session "has gone away" the
delete query is called.  But it appears to be called with the wrong
attributes.  Could this be a bug?

For example in the below output there are two sessions in the online table
already...refer inline comments (#########)

============================================================================
===
Thu Oct  1 11:11:00 2008: DEBUG: Packet dump:
*** Received from 192.168.178.122 port 1812 ....
Code:       Access-Request
Identifier: 103
Authentic:  f<188>^vv<226>+<207><169><131> <245>kU<136><145>
Attributes:
        User-Name = "test at isp.com"
        User-Password =
"<148><213>dx<136><142><149>B<154>@<213><131><133><216><156><23>"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Identifier = "SE400"
        NAS-Port = 33620032
        RB-NAS-Real-Port = 554107174
        NAS-Port-Type = Virtual
        NAS-Port-Id = "2/1 vpi-vci 7 294 pppoe 266"
        RB-Medium-Type = DSL
        RB-MAC-Address = "00-11-24-85-4c-66"
        RB-Platform-Type = SE-400
        Acct-Session-Id = "0100003F680000ED-48E41121"

Thu Oct  1 11:11:00 2008: DEBUG: Handling request with Handler
'Realm=isp.com'
Thu Oct  1 11:11:00 2008: DEBUG: ISP_Generic_Session Deleting session for
test at isp.com, 192.168.178.122, 33620032
Thu Oct  1 11:11:00 2008: DEBUG: do query is: 'delete from online where
NASIdentifier='SE400' and AcctSessionId='0100003F680000ED-48E41121' and
UserName='test at isp.com'':
Thu Oct  1 11:11:00 2008: DEBUG: Query is: 'select
NASIdentifier,NASPortId,AcctSessionId from isp_online where
UserName='test at isp.com'':
########## First stale session check
Thu Oct  1 11:11:00 2008: DEBUG: Checking if user is still online: Redback2,
test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 241, 0100003F680000D4-48E3CD10
Thu Oct  1 11:11:00 2008: DEBUG: Running command `/usr/bin/snmpget -v 2c -c
"public at test" SE400
.iso.org.dod.internet.private.enterprises.2352.2.27.1.1.1.1.3.116.101.115.11
6.64.115.116.97.102.102.46.116.114.97.110.115.97.99.116.46.110.101.116.46.97
.117.25.48.49.48.48.48.48.51.70.54.56.48.48.48.48.68.52.45.52.56.69.51.67.68
.49.48 2>&1`
Thu Oct  1 11:11:00 2008: DEBUG: Result =
SNMPv2-SMI::enterprises.2352.2.27.1.1.1.1.3.116.101.115.116.64.115.116.97.10
2.102.46.116.114.97.110.115.97.99.116.46.110.101.116.46.97.117.25.48.49.48.4
8.48.48.51.70.54.56.48.48.48.48.68.52.45.52.56.69.51.67.68.49.48 = No Such
Instance currently exists at this OID

######### Note that pppoe sesion 241 has gone away, has session id:
0100003F680000D4-48E3CD10
Thu Oct  1 11:11:00 2008: INFO: ISP_Generic_Session Session for test at isp.com
at SE400:2/1 vpi-vci 7 294 pppoe 241 has gone away
######### Now deleting session ³pppoe 241² that ³has gone away²
Thu Oct  1 11:11:00 2008: DEBUG: ISP_Generic_Session Deleting session for
test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 241
######### The actual SQL delete is different to the debug output above,
different session being deleted from the online table!
Thu Oct  1 11:11:00 2008: DEBUG: do query is: 'delete from online where
NASIdentifier='SE400' and AcctSessionId='0100003F680000ED-48E41121' and
UserName='test at isp.com'':
########## Second stale session check, same occurs.
Thu Oct  1 11:11:00 2008: DEBUG: Checking if user is still online: Redback2,
test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 265, 0100003F680000EC-48E4105F
Thu Oct  1 11:11:00 2008: DEBUG: Running command `/usr/bin/snmpget -v 2c -c
"public at test" SE400
.iso.org.dod.internet.private.enterprises.2352.2.27.1.1.1.1.3.116.101.115.11
6.64.115.116.97.102.102.46.116.114.97.110.115.97.99.116.46.110.101.116.46.97
.117.25.48.49.48.48.48.48.51.70.54.56.48.48.48.48.69.67.45.52.56.69.52.49.48
.53.70 2>&1`
Thu Oct  1 11:11:00 2008: DEBUG: Result =
SNMPv2-SMI::enterprises.2352.2.27.1.1.1.1.3.116.101.115.116.64.115.116.97.10
2.102.46.116.114.97.110.115.97.99.116.46.110.101.116.46.97.117.25.48.49.48.4
8.48.48.51.70.54.56.48.48.48.48.69.67.45.52.56.69.52.49.48.53.70 = No Such
Instance currently exists at this OID
Thu Oct  1 11:11:00 2008: INFO: ISP_Generic_Session Session for test at isp.com
at SE400:2/1 vpi-vci 7 294 pppoe 265 has gone away
Thu Oct  1 11:11:00 2008: DEBUG: ISP_Generic_Session Deleting session for
test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 265
Thu Oct  1 11:11:00 2008: DEBUG: do query is: 'delete from online where
NASIdentifier='SE400' and AcctSessionId='0100003F680000ED-48E41121' and
UserName='test at isp.com'':
Thu Oct  1 11:11:00 2008: DEBUG: Handling with Radius::AuthRADIUS
============================================================================
===

The ³sub delete² in SessSQL seems to be the culprit, it seems to get the
actual delete attributes for the SQL delete from the current packet, which
is not always true if the SQL delete is for a stale online session entry.

sub delete
{
    my ($self, $name, $nas_id, $nas_port, $p, $session_id,
        $framed_ip_address) = @_;

    # query is optional
    return unless $self->{DeleteQuery};

    # $name. $nas_id and $nas_port are ignored: we get them from the
    # current packet with format_special.
    $self->log($main::LOG_DEBUG,
               "$self->{Identifier} Deleting session for $name, $nas_id,
$nas_port", $p);
    return $self->do(&Radius::Util::format_special
              ($self->{DeleteQuery},
               $p, undef, $self->quote($name), $nas_id, $nas_port,
               $self->quote($session_id), $framed_ip_address));
}

And for those interested the code to perform the SNMP online check for a
given context (RedBack2.pm in the Radius/Nas/ directory) is below.  Redback
encode the username+deliminater+session in the oid structure which the map
does below.
=================================================================
package Radius::Nas::Redback2;
use Radius::SNMP;
use strict;

# The following OID relates to the Nas-Port
$Radius::Nas::RedbackMIB =
'.iso.org.dod.internet.private.enterprises.2352.2.27.1.1.1.1.3';

sub isOnline
{
    my ($name, $nas_id, $nas_port, $session_id, $client) = @_;

    my $oid_user = join(".", map { ord($_) } split(//, $name));
    my $oid_sess = join(".", map { ord($_) } split(//, $session_id));
    my $oid = $Radius::Nas::RedbackMIB . "." . $oid_user . ".25." .
$oid_sess;

    my $community = $client->{SNMPCommunity} . "\@test"; #Put context
here...

    my $result = &Radius::SNMP::snmpget($nas_id,$community,$oid);

    &main::log($main::LOG_DEBUG,"Result = $result\n");

    if ($result =~ /No Such Instance/i) {
        # This is normal when that session does not exist on NAS
        return 0;
    } else {
        # Session with that Acct-Session-Id exists on NAS
        return 1;
    }
}
1;
=================================================================

Regards,

Colin Horsington
SENIOR NETWORK SPECIALIST
TransACT
+61 2 6229 8052



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20081002/8b827782/attachment.html>


More information about the radiator mailing list