Contention in Splynx (aggregation of users)

Splynx provides the feature of contention or aggregation. This feature is used when ISP sells to the end users services with contention rate for example 1:5, 1:10 etc. Contention means that end user will share the bandwidth with other end users in his group.

Splynx operates with two types of contention: Per plan based and per router contention.

1. Plan based contention.
Let’s take a look on example.
We are selling to the end users plan 5 Mbps with contention rate 1:5. It means, that Splynx will setup the parent speed-limit of 5 Mbps and under this parent it will place 5 users with speed-limit of 5 Mbps each. What will happen in this situation: if line is free and one user starts to download/upload, he gets full 5 Mbps throughput. In case, when second user actively starts downloading, they will get 2,5 Mbps each. When all 5 users will simultaneously download with maximum speed, they will share the bandwidth.

It’s described in the image below:

Plan1

 

 

 

 

 

 

 

 

 

 

We can tune a bit sharing of speed with setting up “Limit-at” or guaranteed speed. If we place 1 Mbps to each user, then all users will always get at least 1 Mbps.

In that case all 5 users will simultaneously download with 1 Mbps speed. It’s shown on a second screenshot.

Plan2

 

 

 

 

 

 

 

 

 

 

What will happen in situation, when we will put 7 users on 1:5 contention plan ? Splynx will change the parent speed to 7 Mbps in this particular case, but will leave maximum speed of each user on 5 Mbps.

Plan4

 

 

 

 

 

 

 

 

 

 

 

 

 

If you are planning to deploy Plan-based contentions, use it on central routers to achieve high amounts of users in one tree. Compare two situations – 1:5 contention tree with 5 users and two of them are hard downloaders, it means that 3 other users will never get 5 Mbps speed, because they are all under one common parent of 5 Mbps.

If we place 20 users on this contention 1:5, then parent maximum speed will be set to 20 Mbps and then two or more high downloaders will not use the whole bandwidth.

Plan5

2. Router based contention.

Router based contention is used in this scenario:

Imagine that we have a wireless AP which is connected to backbone network with 30 Mbps speed. But we connected to that AP users with total possible bandwidth of 60 Mbps. What can happen in a peak time is that users will consume more traffic than can be sent through uplink. It means that wireless link can become overutilized and unstable. It’s shown in the picture below.

Topology-Router1

To prevent this situation, router based contention can be used. In Splynx each router has field “Sector/Speed limits”, where can be defined groups and administrator can put users under these groups. As a result we will achieve contention per router :

Router4

 

 

 

 

 

 

 

 

 

 

 

 

 

In a short video tutorial you can find how to configure Splynx and Plan based contention:

Configuration of Router based contention is shown on other video:

 

Blocking of non paying customers in Splynx

Splynx blocks non paying customers automatically. Also administrator can block the customer manually. When customer is put to Blocked or Inactive status, Splynx sends to router command to block him. If status is changed to Block – Splynx never cuts the service, but places the IP of end user to Address-list or give hime IP address from IP pool for blocked customers. Then administrator can create a rule on router for redirection of non-payers to a special page.

Splynx has 4 default blocking pages which are located at : http://yoursplynxurl:8101, http://yoursplynxurl:8102, http://yoursplynxurl:8103 and http://yoursplynxurl:8104

It’s a simple HTML file, which you can change via command line inside your splynx installation (SSH) at  /var/www/splynx/web/errors/ and folders 1,2,3,4 correspond to ports 8101, 8102, 8103 and 8104

Example of default blocking page is shown below :

2016-09-02 03.53.25 pm

Example of how the page can be customized :

2016-09-02 03.52.51 pm

There are 4 types of blocking scenarios :

1. Mikrotik API blocking
If you use Mikrotik based authentication – Hotspot, DHCP, Wireless or PPP, then as the first step, you should enable API blocking of users. It’s called “Disabled customers to Address-List” in Router API settings:

disabled

When customer is moved to status “Blocked”, his IP address is put to address list “SpLBL_blocked”. With setting up the rules for redirection, you can achieve that customer will see a special webpage with information why his access to the Internet was blocked.

2. Radius COA blocking
In Radius by default we also work with Addres-lists. Splynx uses names of address lists Reject_1, Reject_2, Reject_3 and Reject_4 for different type of errors. The names of address lists are configured under Config -> Networking -> Radius and also under field COA Block attributes:

2016-09-02 04.18.24 pm

3. Radius Session disconnection
The difference between Radius COA block and session blocking is that with COA session of customer is not disconnected, while in Session blocking his session is cut and user must reconnect his device.

The setting how to block user is defined in Config -> Networking -> Radius “Customer Block” and “FUP Block”:

2016-09-03 02.17.07 pm

4. Radius IP pool blocking
If customer gets IP from dynamic pool, or when NAS router is not a Mikrotik, Splynx gives to the blocked customer IP from Reject IP pools. By default these pools are 10.250.25x.0/24, but it can be changed in Config -> Networking -> Radius as shown on screenshot below:

2016-09-02 04.17.17 pm

If you use Mikrotik routers, there are 2 rules to redirect all TCP traffic to the blocking webpage and to cut all other traffic like Peer to peer connections (redirect them to router itself):

/ip firewall nat add action=dst-nat chain=dstnat protocol=tcp src-address-list=Reject_1 to-addresses=10.0.1.158 to-ports=8101
/ip firewall nat add action=redirect chain=dstnat protocol=!tcp src-address-list=Reject_1

All four methods of Splynx user blocking  you can find on our video tutorials:

Mikrotik API blocking of non payers

Radius COA blocking of non payers

Radius code disconnect (session reset)

Radius reject IP pool assignment

Ubiquiti EdgeRouters pppoe Radius support

UBNT EdgeRouters can act as a PPPoE server, with authentication of CPEs, providing statistics, blocking end users, and setting up speed limits and FUP rules.

Let’s divide it into parts:

1. Configure EdgeRouter pppoe server with Radius
2. Configure EdgeRouter pppoe server for incoming radius packets
3. Add EdgeRouter to Splynx
4. Connect PPPoE customer and check that everything is working fine
5. Install other usefull tools to Edgerouter

1. Configure EdgeRouter Pppoe Server with Radius support

The first step is to upgrade the system to at least the 1.5 version and higher, because support of Radius attributes was added in this version to EdgeOS. The version we describe here is EdgeOS v1.8.5
Upgrade can be achieved in CLI with commands :
add system image http://dl.ubnt.com/...
add system image new-version-1085.tar

Second step – we need to define the IP address for communication between Radius and EdgeRouter.
In my case it’s 10.0.1.166, set it up as the main IP of EdgeRouter with a command (in configure mode):

set system ip override-hostname-ip 10.0.1.166

Then I setup the PPPoE server with mandatory settings:

edit service pppoe-server
set authentication mode radius
set authentication radius-server 10.10.10.65 key 12345
set client-ip-pool start 10.5.50.2
set client-ip-pool stop 10.5.50.200
set interface eth2

Radius configuration can also be done in web browser:

Edge_Radius

2. Configure EdgeRouter PPPoE incoming packets

This is an important part because we need to change plans, disconnect customers or apply FUP rules. In all these cases Splynx Radius sends packets to Edge Router.
Default port is of UBNT is 3779. To enable incoming packet processing run these command on EdgeOS:

sudo cp /opt/vyatta/etc/pppoe-server/start-pppoe-radius-disconnect /config/scripts/post-config.d/

and reboot the router.

to debug, if packets are received use file pppoe-radius-disconnect.log:

tail /var/log/pppoe-radius-disconnect.log

example of output when packet disconnect was received by EdgeOS:

tail

3. Add EdgeRouter to Splynx and set up settings in Splynx

Just add a router to Splynx in Networking -> Routers and choose the NAS Type Ubiquiti

U1

You can add additional attributes to the configuration of NAS Type under Config -> Networking -> Radius.
By default we support radius-rate-limit attributes to setup speeds of PPPoE tunnels.

U2
4. Connect PPPoE customer and check that everything is working fine

Now we can connect the PPPoE user to EdgeRouter and check that everything went fine.
With the „show pppoe-server“ command we can see how many users are connected to the PPPoE server.

Show_pppoe

In Splynx we can see whether a customer is online and get his stats.

Online

When we click the disconnect button, the customer should dissapear from the online list and reconnect with a new session, which means that EdgeRouter accepted the incoming packet from Splynx Radius server.

5. Install other usefull tools to EdgeRouter

PPPoE client tunnels are dynamically created and are not shown in the web dashboard. We need to get statistics of customer throughput, and a simple way to do it is to install the software bwm-ng. It’s located in the Debian repository, which means we need to add new repositories first and then install bwm-ng.
Add new repositories :

configure
set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy url http://http.us.debian.org/debian
set system package repository wheezy-security components main
set system package repository wheezy-security distribution wheezy/updates
set system package repository wheezy-security url http://security.debian.org
commit
save
exit

and install the tool

apt-get install bwm-ng

Now you can run bwm-ng -u bits to get the actual Kbps throughput of pppoe clients
Example of output of bwm-ng is in picture below:

BWM-NG

Now you can configure Splynx Radius server with UBNT EdgeRouter and benefit from a fast router that delivers 1 million packets per second routing performance in a compact and affordable unit!

If you face any difficulties, use our forum – https://splynx.com/forums/ or submit us a ticket – https://splynx.com/my-tickets/

UBNT AirOS wireless Radius authentication

Ubiquiti access points have the ability to authenticate radius via Radius server. This means the admin doesn’t have to maintain local passwords for wireless authentication, each CPE/radio can have its own account in the Splynx ISP Framework and our Radius server will authenticate UBNT CPEs.

Usually ISP already has a PPPoE or similar authentication mechanism, which is why wireless Radius authentication is added in Splynx to existing customers as one new (empty) service.

In the first step we define a Plan in Splynx with 0 price and 0 in all other fields.

2016-07-07 04.09.07 pm

Then, we should add a wireless service to the customer and enter his login and password.

New_service

It is also important to add AP to splynx.

U_router

In the last step we should enable Wireless Radius authentication EAP on the UBNT router and setup a Radius server IP address and secret.

UBNT_wireless

Now we can connect a UBNT radio CPE to a UBNT Access Point

U_CPE

Smart bandwidth management – FUP module

Many ISPs use a Fair User Policy (FUP). This means if a customer downloads or uploads more than a certain amount of data, his speed is reduced. We’ve moved this idea on to a different level and made it as configurable as it can be. Splynx is also very powerful RADIUS server, please check this out here.

In the Splynx ISP Framework we have smart bandwidth management. You can define customer speed based on the amount of traffic consumed per month, per week, or even per day. You can also set up maximum online time in hours per customer.

Do you want to give your users double speed at night, dounlimited traffic on the weekends, or set up a speed limit for downloaders who exceed the daily download limit? Do it with Splynx right now!

PlansFUP settings are located in Plan under the arrow button

Let’s create an example. We have a 5 Mbps download and upload plan. I’ve decided there will be unlimited traffic for customers on weekends and they will get 7 Mbps on Saturdays and Sundays. The first rules have been created below. The first rule is “Unlimited traffic on weekends”:

Don't count weekends

Increased speed from 5 Mbps to 40% more on Saturdays and Sundays:

7Mb on weekends

Then we can check what rule will be applied on Saturday:

2016-04-01 08.38.44 pm

 

The next step is to set up a rule for downloaders with transfers of 10GB per day – I will reduce their speed to 2 Mbps after they reach 10 GB in one day.

high_download

I’ll set up a total Monthly usage limit of 100 GB; after  this limit is reached, we will give the user 1 Mbps. When the user reaches 110 GB, we will block him and charge additional data.

Total

As you can see in the last picture, we have created a full comprehensive policy for bandwidth management for a 5 Mbps plan. You can use our FUP builder and create your own rules! Speed limitation is done via Radius using CoA attributes on any supporting equipment or via Mikrotik API on RouterOS.