Splynx v3.2 Roadmap & Policy update

In our recent survey and customer feedback form, our clients shared their ideas for improving the product with us and provided their thoughts on its advantages and any improvements they think we can make. We would like to thank everyone who participated! You’ve provided us with great insight on how we can improve Splynx.

According to the UX Survey and feedback of ISPs, we were able to better determine our development strategy and finetune the improvements for the next release.

Our product is getting more advanced and versatile with every release, and as a result, our customers have noticed that several page loading speeds have become slower and the product becomes harder to understand and navigate in certain sections. This was the most prominent feedback from our customers.

Most of our customers also asked to focus on product usability rather than new features.

We have jointly decided to assign a large portion of our development resources to eliminate these inconveniences for you and your company in the next release. We have also prepared the product and the team so that we meet your needs in regards to product speed, usability, and readiness for the features you have requested and possibly even waited for for a long time. We appreciate your cooperation and we want to make the product more suitable for the growth of your business.

Therefore, here are our main goals for the Splynx v3.2 release:

  1. Improve the performance and usability of the product. In some modules, the page loading speed will be increased by up to 17 times.
  2.  The structuring of the product and its modules will be cleared up and simplified. We will also continue working on this in the v4.0 release.
  3. We will be improving the Billing flow in terms of adding new customers and in turn reducing the time this procedure takes by 50%.
  4. Several features which may be of interest to many of our customers will be implemented:Voice 3CX integration with CRM. Calls will be stored and linked to the lead’s/customer’s communication section with integration into Tickets.Traffic classes. Excluding certain networks from accounting.Netflow accounting. It will be possible to account for traffic with NetFlow.Blocked customer tracking. Easily find and activate blocked customers.

    Voice number pools. Ability to use ranges in Voice services.

  5. Better release control & automation testing of the product. We are unifying and standardizing the product even more. As a result, we expect up to 3 times fewer bugs in the initial beta release and every release after that.

Currently, the Beta release for v3.2 is scheduled for Oct 2021 followed by the commercial release in Nov/Dec 2021.

What about features you have requested in the past?
We continue to collect feedback on your ideas. We are preparing the v3.2 release and tuning it in such a way that new features will be much easier to implement in the following (v4.0) release.

Now would be a great time to see which of the features have received the most votes and vote for the new ones that you have not considered yet, here.
The feature requests that are in development for v3.2 can be seen in our roadmap here.

We’d also like to be more transparent in the process of implementing your current and new ideas.

Going forward new feature requests will be considered in the following 2 ways:

  1. Core – If the idea is consistent and relative to the core product functionality and it fits into the pre-defined priority structure. For example – in v3.2 a request to improve the Billing Flow was submitted, we then analyze all the ideas, detailed descriptions, and sub-tasks regarding this module or user path. We then check which of them are most in-demand by our customers and add them into our roadmap and development cycle for the current and next release. We will also notify the creator of the feature request along with anyone who submitted feedback on it and best of all – these feature requests/improvements will always be free to our customers.
  2. Customer-specific – If there is a certain feature or functionality that is critical for your business and you need it as soon as possible. You can always consider using our API and hire your developers to develop the add-on. Or, if it’s more convenient for you, request us to develop it for you. Here is our most recent pricing policy for the development and support of such custom development.

All add-ons, development, and support submitted to us with the deadline set to 3.2 are still ongoing and will be completed as agreed upon.

We will keep collecting more feedbacks from customers on personal meetings, allowing us to test prototypes in conjunction with our beta customers. This will enable us to simplify the product information architecture and create easier user paths/experiences going forward.

Splynx integration with vBNG netElastic

In this article, we’ll display how to properly configure virtual Broadband Network Gateway (vBNG) solution from netElastic along with its integration with Splynx ISP Framework . We’ll demonstrate how the Splynx Radius server can be used for complete AAA (Authentication, Authorization & Accounting) coverage of your customers.

So, let’s get started.

All the configuration below is done on freshly installed instances of vBNG Router, vBNG Manager, and Splynx that are up and running. In this guide, we’ll be creating a test user with certain parameters using our Splynx solution and then connect him over PPPoE session to the Internet through vBNG device.

The lab setup shows how to configure vBNG to work with PPPoE access with Radius authentication, authorization, and accounting.

Lab that displays how to configure vBNG to work with PPPoE with RADIUS

The process of configuring PPPoE connections on the vBNG with Radius authentication, authorization and accounting involves:

  • Configuring access interface
  • Creating a PPPoE template
  • Creating a VGI interface
  • Creating Radius Authentication group
  • Creating Radius Accounting group
  • Creating AAA Authentication template
  • Creating AAA Authorization template
  • Creating AAA Accounting template
  • Creating an IPPool
  • Creating a domain
  • Creating and configuring VCI

 

We’ll start with the interfaces first. As seen on the screenshot below, our vBNG is installed on a server with two 10Gb NICs:

  • The 10gei-1/1/0 interface will be used as an access interface (incoming for customer’s links), which is UNI (User-Network Interface) on the diagram.
  • The second physical interface, 10gei-1/1/1, will be used as a network interface (outgoing to Internet), and that’s NNI (Network-to-Network Interface) accordingly.

We assigned the following IP address 192.168.10.10 to 10gei-1/1/1, so the interface setup looks the following way:

Please note there is also a NAT-related parameter here, we’ll be discussing it further in this guide.

Next, moving on to RADIUS Authentication group creation, which is used for authorization as well. We created ‘demo_group’ with the following parameters:

Our Radius Server is at the 192.168.10.3 IP address as per the diagram, uses default port 1812 and the key above. Please change these values as per your own setup. If configured properly, you should be able to test the connection to Radius server in vBNG Manager GUI.

Now I create RADIUS Accounting group ‘acc_grp’ with the following configuration. It’s similar to the Authentication group above, except it uses port 1813.

We also need to enable Radius accounting under Radius configuration.

The next step is to create an Authentication template. For Radius authentication, we need to specify the authentication type to use Radius. Here is our configuration.

Radius authorization means vBNG will take authorization properties such as user’s IP address, QoS plan, ACL rules, etc. from the attributes carried in the Radius accept reply message instead of using locally configured properties. To achieve this, we need to create an authorization template from which to specify Radius authorization.

Similarly, we create an Accounting template.

Now we need to configure an IP pool from which PPPoE access subscribers’ IP addresses will be assigned via DHCP. netElastic’s vBNG provides flexible IP pool configurations that can span multiple disjoint segments. In this example, we will configure one IP segment 192.168.100.1/24 with the gateway IP 192.168.100.1 Since we’ll be managing the IP allocation on Splynx itself, we have to reserve the IP range on vBNG, so it honors the IPs assignments obtained via Radius.

Next, creating a VGI interface. Subscribers need to have an access gateway configuration on the vBNG to have network access. netElastic’s vBNG implements the concept of Virtual Gateway Interface (VGI) to configure subscriber’s access gateway. The VGI interface IP address shall match the gateway address in the IP pool configuration as described above.

We have created authentication, authorization & accounting templates, an IP pool, and a VGI interface. Now we need to create a domain to tie all these together and bind the domain to PPPoE access to achieve the desired access behavior. A user access domain defines user access behavior. Multiple domains can be defined for the same access method to define different behaviors. User’s access domains can be switched during operations (through Radius COA or command line) to alter access behaviors.

The same information is displayed in the vBNG Manager web interface.

Then, we create a PPPoE template. The parameters ppp-authentication, ac-name, default-domain should be configured according to your own setup.

Finally, we need to create a VCI configuration to tie the PPPoE template and the domain to the access interface so the access behavior for traffic coming to the interface will be subject to what we have defined in the PPPoE template and domain template.

In our test case, to grant users access to the Internet we need to enable NAT on both the network interface (NAT outside) and the access side user gateway (NAT inside).

Here is the sample NAT configuration for our case.

Also, we need to enable NAT in the authorization template.

 

Congrats! We have just completed the setup on the vBNG side and now it’s time to perform some additional configuration on the Splynx side.

First of all, let’s add our vBNG to Splynx, so they can communicate properly. Go to Config > Networking > NAS types and add a new one.

Go to Networking > Routers > Add and add our vBNG with the configuration according to our diagram.

For our test instance, we created a demo user with an assigned Internet tariff plan.

We want him to obtain an IP address from Radius, so assigned a static one for testing purposes.

Let’s say we also want him to have a certain rate limit on the internet service, for instance, 20mbit/10mbit. We’ll show you how to configure it properly on both sides, vBNG and Splynx accordingly.

In Splynx we have to edit the internet plan by adding an additional field, which will be sent by Radius to vBNG QoS engine in order to define the policy applied to customers.

To make this functionality work, let’s create additional tweaks to the Radius configuration. Go to Config > Networking > Radius, under NAS Config section choose netElastic for NAS type from the drop-down menu and click on Load button.

Under netElastic Configuration scroll down to Rate-Limit attributes and enter as follows:

Here, NetElastic-Qos-Profile-Name is the parameter that tells the vBNG’s internal QoS engine which policy to apply, so essentially, we are sending from our Radius NetElastic-Qos-Profile-Name=goldPlan as per the configuration described earlier.

The QoS configuration on the vBNG side involves the following steps:

  1. Create class_map to define the flows for which QoS behaviors are intended to be applied on. class_map can be defined either directly by listing flow characteristics or by referencing defined ACL lists.
  2. Create intended behaviors for the class_map rules defined. The behaviors supported by vBNG are car, cbq, remark, etc.
  3. Create policies to create class_map and behavior pairs and setup the relative priority among them. Each policy can have up to 8 class_map/behavior pairs.
  4. QoS policies can be directly applied to interfaces.
  5. If QoS policies need to be applied to subscribers, user QoS profiles need to be created where both the upstream and downstream policies can be specified. The defined user QoS profile is then referenced in the authorization template of the user’s access domain. All users accessing through this domain are subject to the QoS policies defined in the user QoS profile.

Here is our configuration for the test instance.

The same configuration referenced in vBNG Manager

 

The QoS profile is attached to the authorization template as follows:

That’s about it.

If everything is configured properly, you should be able to see the various accounting information related to our test user in the Splynx dashboard.


Should you have questions regarding netElastic vBNG integration with Splynx feel free to contact us! If you decide to try Splynx in action, just click the button below!

Get Free Trial

Juniper Radius server configuration, updated

This is an updated version of Radius server configuration with Juniper using variables for speed limitations.

1. Number one settings and few general comments
The first and most important step before any configuration is made, use the command
set system dynamic-profile-options versioning
If this is not set, then new profiles will not be used, because JunOS will say that old settings are still active.

general comments to the configuration are :
a. Don’t use the same name for definition of different profiles – we should have one for access(Radius), one is for PPPoE template, one is for speed limits and one for applying an interface and one more if QinQ is used. This will help to split configuration in parts and have order in it.
b. Don’t use the same Download and Upload speeds, sometimes Juniper ignores speed limits with no reason. (So for example if you have 10M/10M plan, set 10M download and 9.99M upload)

2. Radius server definition in access profile RAD
set access profile RAD authentication-order radius
set access profile RAD domain-name-server 8.8.4.4
set access profile RAD domain-name-server 8.8.8.8
set access profile RAD radius authentication-server 172.16.0.35
set access profile RAD radius accounting-server 172.16.0.35
set access profile RAD radius options nas-identifier JUN
set access profile RAD radius options accounting-session-id-format decimal
set access profile RAD radius-server 172.16.0.35 secret
set access profile RAD radius-server 172.16.0.35 timeout 5
set access profile RAD accounting order radius
set access profile RAD accounting immediate-update
set access profile RAD accounting coa-immediate-update
set access profile RAD accounting update-interval 10
set access profile RAD accounting statistics volume-time

3. Dynamic PPPOE for setting up the pppoe virtual interface template
set dynamic-profiles PPPoE routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles PPPoE interfaces pp0 unit "$junos-interface-unit" no-traps
set dynamic-profiles PPPoE interfaces pp0 unit "$junos-interface-unit" ppp-options chap
set dynamic-profiles PPPoE interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles PPPoE interfaces pp0 unit "$junos-interface-unit" pppoe-options server
set dynamic-profiles PPPoE interfaces pp0 unit "$junos-interface-unit" keepalives interval 30
set dynamic-profiles PPPoE interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"

4. Speed limitation profile that differs from PPPOE and is called svc-inet-profile, please don’t mix the names !
set dynamic-profiles svc-inet-profile variables var-bw-upload
set dynamic-profiles svc-inet-profile variables var-bw-download
set dynamic-profiles svc-inet-profile variables var-ff-in-upload equals "'INET-' ## $var-bw-upload ## '-CLIENT-UPLOAD'"
set dynamic-profiles svc-inet-profile variables var-ff-in-upload uid
set dynamic-profiles svc-inet-profile variables var-ff-out-download equals "'INET-' ## $var-bw-download ## '-CLIENT-DOWNLOAD'"
set dynamic-profiles svc-inet-profile variables var-ff-out-download uid
set dynamic-profiles svc-inet-profile variables var-plr-upload equals "'plr-' ## $var-bw-upload"
set dynamic-profiles svc-inet-profile variables var-plr-upload uid
set dynamic-profiles svc-inet-profile variables var-plr-download equals "'plr-' ## $var-bw-download"
set dynamic-profiles svc-inet-profile variables var-plr-download uid
set dynamic-profiles svc-inet-profile interfaces pp0 unit "$junos-interface-unit" family inet filter input "$var-ff-out-download"
set dynamic-profiles svc-inet-profile interfaces pp0 unit "$junos-interface-unit" family inet filter input precedence 100
set dynamic-profiles svc-inet-profile interfaces pp0 unit "$junos-interface-unit" family inet filter output "$var-ff-in-upload"
set dynamic-profiles svc-inet-profile interfaces pp0 unit "$junos-interface-unit" family inet filter output precedence 100
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" interface-specific
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" term policer then policer "$var-plr-upload"
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" term policer then service-accounting
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" term policer then service-filter-hit
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" term policer then accept
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" term service from service-filter-hit
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-in-upload" term service then accept
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" interface-specific
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" term policer then policer "$var-plr-download"
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" term policer then service-accounting
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" term policer then service-filter-hit
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" term policer then accept
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" term service from service-filter-hit
set dynamic-profiles svc-inet-profile firewall family inet filter "$var-ff-out-download" term service then accept
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-download" logical-interface-policer
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-download" if-exceeding bandwidth-limit "$var-bw-download"
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-download" if-exceeding burst-size-limit 1m
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-download" then discard
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-upload" logical-interface-policer
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-upload" if-exceeding bandwidth-limit "$var-bw-upload"
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-upload" if-exceeding burst-size-limit 1m
set dynamic-profiles svc-inet-profile firewall policer "$var-plr-upload" then discard

5. VLAN profile that is used then to set up PPPoE server on the VLAN interface
set dynamic-profiles VLAN interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles VLAN interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles VLAN interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
set dynamic-profiles VLAN interfaces demux0 unit "$junos-interface-unit" family pppoe access-concentrator JUN
set dynamic-profiles VLAN interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile PPPoE

6. and then this is how to apply PPPOE to the VLAN physically

ae0 {
flexible-vlan-tagging;
auto-configure {
vlan-ranges {
dynamic-profile VLAN {
accept pppoe;
ranges {
any;
}
}
}
remove-when-no-subscribers;
}

7. Radius attribute should be this one with selection of Speed Limitation profile :
ERX-Service-Activate:1 = SERVICE({{ rx_rate_limit/1024/1000}}M,{{ tx_rate_limit/1024/1000}}M)

Please note that “M” was added to send the data from Splynx to Juniper in Megabits. Juniper accepts the speeds such as 1M, 2M, 20M and similar, so please be sure that the variable in the attribute will return you desired number.

A conjunction of Splynx & MailJet to launch your email marketing campaigns

Splynx is a multidimensional platform where you can send SMS and emails directly from the system.

Our main goal is to help ISPs to grow their client base and make their internet experiences even better —  How can we do it?

We have integrated Splynx with the MailJet platform to assist you in your ISP business promotion.

The add-on requires minimum configuration, the following guide fully describes how to connect Splynx and Mailjet.

Once the add-on is configured, Splynx will automatically synchronize all your customers and leads with MailJet. Further configuration of campaigns, marketing email templates, and triggered mail automation are configured inside MailJet.

 

 

Splynx can push data into 3 MailJet contact lists for further targeting and segmentation. One list should be for your existing customers, another for leads, and the third one for the newsletter.

When marketing your services to clients, a good way to get their attention is through a targeted, personalized email campaign. This marketing idea is especially useful if you can segment your subscriber base.

During the configuration, you are free to select what information from the Customer/Lead profile will be pushed to MailJet and further stored in corresponding contact properties.  This option enables you to personalize email templates and set up triggered automated emails based on property update, for instance.

 

Email marketing is a highly effective tool that should be in your digital marketing strategy. We recommend considering this integration to launch your winning email campaign.

Huawei NE (NetEngine) router Radius configuration

Hello, in this article we will tackle the configuration of Huawei NE20 and Huawei NE40 router with the Radius server. We will be using Splynx Radius server to authenticate PPPoE customers that are connecting to Huawei BRAS.

Here is the OS version of HUAWEI NE20E- where tests have been made :
display version

Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.120 (NE20E)
Copyright (C) 2012-2017 Huawei Technologies Co., Ltd.

First of all, the Radius server data should be configured. 10.0.0.1 is the IP address of the Radius server and 12345 is a secret.

radius-server group splynx
radius-server shared-key-cipher 12345
radius-server authentication 10.0.0.1 1812 weight 0
radius-server accounting 10.0.0.1 1813 weight 0
undo radius-server user-name domain-included
radius-attribute hw-user-password simple coa-request

authentication-scheme radius
accounting-scheme radius
accounting interim interval 3

When this is configured, we can set up domain – settings that will be used for customer’s authentication. We can define a Pool of IP addresses, that Huawei will assign to users, or the IPs can be assigned to end-user sessions by Splynx Radius server.

domain pppoe
authentication-scheme radius
accounting-scheme radius
radius-server group splynx
ip-pool my_pool

And if we use the pool my_pool, then it’s needed to define a pool. It’s configured under the NAT section together with IP addresses that will be used as public IPs for NAT/PAT translations :

nat instance my_nat id 1
nat address-group address group-id 1 109.205.245.1 109.205.245.10
ip pool my_pool bas local
gateway 192.168.0.1 255.255.255.0
section 0 192.168.0.10 172.16.200.100
dns-server 8.8.8.8

Then we add the “bas” settings – activate PPPoE server on physical interface or VLAN.

interface GigabitEthernet0/0/0.50
user-vlan 50
bas

All commands were entered under the mode and confirmed by “commit” to save to the configuration.

When all these settings are done, the next step is to configure the Radius server. Few steps are needed for it :
1. Inside Splynx Configuration, please add a new NAS type Huawei.
2. Edit the configuration of the Radius under Networking and load Huawei settings.
3. Set several values in the configuration :

Allow with no account balance – to allow customers with a negative balance to be authenticated. Actually, it is any customer that has an invoice that was not paid, that’s why it is better to have it always enabled.

Inverse accounting – Huawei considers customer’s PPPoE session as an interface, so Download for customers is Upload for Huawei OS.

The same thing is applied for the definition of speed limits, where you can see that Input-Peak takes the variable “tx_rate_limit” from Splynx’s tariff plan.

There are two basic attributes to set up speed limitation of the customer PPPoE sessions :

  • Huawei-Input-Peak-Rate = {{ tx_rate_limit}}
  • Huawei-Output-Peak-Rate = {{ rx_rate_limit }}

Two more Radius attributes can be used to define bursts.

  • Huawei-Input-Burst-Size
  • Huawei-Output-Burst-Size

All these attributes mentioned above are standard attributes supported by dictionary.huawei that is located at /usr/share/freeradius folder of the Splynx Radius server.

Below is the example of adding a new NAS to Splynx and setting its parameters

When a PPPoE customer is connected, we should check his configuration on our Huawei router using a command display access-user domain pppoe verbose

The output on CLI should be similar to what is shown below, with an important part of ACL, that says that speed limits have been applied

Basic:
State : Used
User name : splynx-test
Domain name : pppoe
User backup state : No
User access interface : GigabitEthernet0/0/0.50
User access PeVlan/CeVlan : 50/-
User access slot : 0
User MAC : abcd-1234-9876
User IP address : 192.168.0.95
User IP netmask : 255.255.255.255
User gateway address : 192.168.0.1

ACL&QoS:
Inbound qos configuration : User-CAR
Inbound cir : 0(kbps)
Inbound pir : 512(kbps)(Radius)
Inbound cbs : 0(bytes)
Inbound pbs : 95744(bytes)
Outbound qos configuration : User-queue
Outbound cir : 0(kbps)
Outbound pir : 1024(kbps)(Radius)

It will be also useful to check the related guide about Huawei GPON configuration in Splynx.