Splynx integration with vBNG netElastic

In this article, we’ll display how to properly configure the virtual Broadband Network Gateway (vBNG) solution from netElastic along with its integration with Splynx ISP Framework. We’ll demonstrate how the Splynx Radius server can be used for complete AAA (Authentication, Authorization & Accounting) coverage of your customers.

So, let’s get started.

All the configuration below is done on freshly installed instances of vBNG Router, vBNG Manager, and Splynx that are up and running. In this guide, we’ll be creating a test user with certain parameters using our Splynx solution and then connecting him over the PPPoE session to the Internet through a vBNG device.

with Radius authentication, authorization, and accounting.

Configuration of vBNG to work with PPPoE access with RADIUS

The process of configuring PPPoE connections on the vBNG with Radius authentication, authorization, and accounting involves:

  • Configuring access interface
  • Creating a PPPoE template
  • Creating a VGI interface
  • Creating Radius Authentication group
  • Creating Radius Accounting group
  • Creating AAA Authentication template
  • Creating AAA Authorization template
  • Creating AAA Accounting template
  • Creating an IPPool
  • Creating a domain
  • Creating and configuring VCI

We’ll start with the interfaces first. As seen on the screenshot below, our vBNG is installed on a server with two 10Gb NICs:

  • The 10gei-1/1/0 interface will be used as an access interface (incoming for customer’s links), which is UNI (User-Network Interface) on the diagram.
  • The second physical interface, 10gei-1/1/1, will be used as a network interface (outgoing to the Internet), and that’s NNI (Network-to-Network Interface) accordingly.

vBNG is installed on a server with two 10Gb NICs

We assigned the following IP address 192.168.10.10 to 10gei-1/1/1, so the interface setup looks the following way:

Interface setup with IP address 192.168.10.10

Please note there is also a NAT-related parameter here, we’ll be discussing it further in this guide.

Next, moving on to RADIUS Authentication group creation, which is used for authorization as well. We created ‘demo_group’ with the following parameters:

Parameters for ‘demo_group’

Our Radius Server is at the 192.168.10.3 IP address as per the diagram, uses default port 1812 and the key above. Please change these values as per your own setup. If configured properly, you should be able to test the connection to the Radius server in vBNG Manager GUI.

Test the connection to Radius server in vBNG Manager GUI

Now we create RADIUS Accounting group ‘acc_grp’ with the following configuration. It’s similar to the Authentication group above, except it uses port 1813.

Accounting ‘acc_grp’ group configuration

We also need to enable Radius accounting under the Radius configuration.

enable Radius accounting under the Radius configuration

The next step is to create an Authentication template. For Radius authentication, we need to specify the authentication type to use Radius. Here is our configuration.

Authentication template creation

Radius authorization means vBNG will take authorization properties such as user’s IP address, QoS plan, ACL rules, etc. from the attributes carried in the Radius accept reply message instead of using locally configured properties. To achieve this, we need to create an authorization template from which to specify Radius authorization.

full-configuration bras authorization

Similarly, we create an Accounting template.

Full-configuration bran accounting

Now we need to configure an IP pool from which PPPoE access subscribers’ IP addresses will be assigned via DHCP. netElastic’s vBNG provides flexible IP pool configurations that can span multiple disjoint segments. In this example, we will configure one IP segment 192.168.100.1/24 with the gateway IP 192.168.100.1 Since we’ll be managing the IP allocation on Splynx itself, we have to reserve the IP range on vBNG, so it honors the IPs assignments obtained via Radius.

full-configuration ippool group demo_pool2

The next step is the creation of the VGI interface. Subscribers need to have an access gateway configuration on the vBNG to have network access. netElastic’s vBNG implements the concept of Virtual Gateway Interface (VGI) to configure subscriber’s access gateway. The VGI interface IP address shall match the gateway address in the IP pool configuration as described above.

Creation of VGI interface

Full-configuration bras vgi-configuration

We have created authentication, authorization & accounting templates, an IP pool, and a VGI interface. Now we need to create a domain to tie all these together and bind the domain to PPPoE access to achieve the desired access behavior. A user access domain defines user access behavior. Multiple domains can be defined for the same access method to define different behaviors. User’s access domains can be switched during operations (through Radius COA or command line) to alter access behaviors.

Full-configuration bras domain pppoe_domain

The same information is displayed in the

vBNG Manager web interface

Then, we create a PPPoE template. The parameters ppp-authentication, ac-name, default-domain should be configured according to your own setup.

Full-configuration bras pppoe template

Finally, we need to create a VCI configuration to tie the PPPoE template and the domain to the access interface so the access behavior for traffic coming to the interface will be subject to what we have defined in the PPPoE template and domain template.

VCI configuration to tie PPPoE template

In our test case, to grant users access to the Internet we need to enable NAT on both the network interface (NAT outside) and the access side user gateway (NAT inside).

Show full-configuration interface

Here is the sample NAT configuration for our case.

The sample NAT configuration for our case

Also, we need to enable NAT in the authorization template.

Enable NAT in the authorization template

Congrats! We have just completed the setup on the vBNG side and now it’s time to perform some additional configuration on the Splynx side.

First of all, let’s add our vBNG to Splynx, so they can communicate properly. Go to Config > Networking > NAS types and add a new one.

Adding vBNG to Splynx

Go to Networking > Routers > Add and add our vBNG with the configuration according to our diagram.

Splynx > Networking > Routers > Add

For our test instance, we created a demo user with an assigned Internet tariff plan.

Splynx demo user with an assigned Internet tariff plan

Splynx demo user with an assigned Internet tariff plan 2

We want him to obtain an IP address from Radius, so assigned a static one for testing purposes.

 

Assignment of a static IP address for testing purposes

 

Let’s say we also want him to have a certain rate limit on the internet service, for instance, 20mbit/10mbit. We’ll show you how to configure it properly on both sides, vBNG and Splynx accordingly.

In Splynx we have to edit the internet plan by adding an additional field, which will be sent by Radius to vBNG QoS engine in order to define the policy applied to customers.

Edit Splynx internet plan

Adding new field to Splynx internet plan

To make this functionality work, let’s create additional tweaks to the Radius configuration. Go to Config > Networking > Radius, under NAS Config section choose netElastic for NAS type from the drop-down menu and click on Load button.

NAS Config section Splynx

Under netElastic Configuration scroll down to Rate-Limit attributes and enter as follows:

netElastic Rate-Limit attributes in Splynx

 

Here, NetElastic-Qos-Profile-Name is the parameter that tells the vBNG’s internal QoS engine which policy to apply, so essentially, we are sending from our Radius NetElastic-Qos-Profile-Name=goldPlan as per the configuration described earlier.

 

The QoS configuration on the vBNG side involves the following steps:

  1. Create class_map to define the flows for which QoS behaviors are intended to be applied on. class_map can be defined either directly by listing flow characteristics or by referencing defined ACL lists.
  2. Create intended behaviors for the class_map rules defined. The behaviors supported by vBNG are car, cbq, remark, etc.
  3. Create policies to create class_map and behavior pairs and set up the relative priority among them. Each policy can have up to 8 class_map/behavior pairs.
  4. QoS policies can be directly applied to interfaces.
  5. If QoS policies need to be applied to subscribers, user QoS profiles need to be created where both the upstream and downstream policies can be specified. The defined user QoS profile is then referenced in the authorization template of the user’s access domain. All users accessing through this domain are subject to the QoS policies defined in the user QoS profile.

Here is our configuration for the test instance.

Test instance configuration

Test instance configuration 2

The same configuration referenced in vBNG Manager

QoS profiles in vBNG Manager

The QoS profile is attached to the authorization template as follows:

QoS profile is attached to the authorization template

That’s about it.

If everything is configured properly, you should be able to see the various accounting information related to our test user in the Splynx dashboard.

Test user Internet usage statistics Splynx

More in Network management

Network management Hotspot add-on in Splynx 4.0

Hotspot add-on in Splynx 4.0

The Hotspot add-on was built to help businesses from low-income communities grow and earn more.

Network management How to configure Juniper Radius

Juniper Radius configuration with variables

This article is the second part of the Juniper MX Radius configuration tutorial.

Network management How to configure Radius Juniper MX

How to configure Radius Juniper MX

Juniper Networks is one of the leading vendors producing networking equipment. Together with Cisco, Juniper defines wher...

Network management Mikrotik ipv6 configuration

How to configure Mikrotik IPv6

This blog post describes how to configure the Mikrotik router to act as a PPPoE server with IPv6 enabled.

Network management How to configure Cisco IOS XR Radius in Splynx

How to configure Cisco IOS XR Radius (ASR 9000 series)

We've implemented PPPoE Radius authentication on Cisco one of the most powerful BRASes ASR 9000, that runs the IOS XR op...

Network management How to configure Juniper Radius server in Splynx

How to configure Juniper Radius server (updated)

This is an updated version of the Radius server configuration with Juniper using variables for speed limitations.

Network management How to configure Huawei NE (NetEngine) router Radius

How to configure Huawei NE (NetEngine) router Radius

We'll tackle the configuration of the Huawei NE20 and Huawei NE40 router with the Radius server. We will be using Splynx...

Network management

IPv6 CPE and home routers support

This article shows examples of 3 different CPEs from 3 other vendors. We have selected IPv6 routers that are used in net...

Network management

Splynx IPv6 support

Starting from the 3.0 version, Splynx has native IPv6 support. In this topic we will cover three main areas of IPv6 depl...

Network management Huawei GPON configuration

Huawei GPON configuration

In this article, you can find useful commands that help during Huawei GPON configuration.

Find out how Splynx helps ISPs grow

Learn more