IPv4 Pools Support
The name of IP-addresses pool is set by the Framed-Pool attribute in Access-Accept.
Framed-IP-Address attribute has a higher priority than Framed-Pool: if both are present in the response, PCRF ignores Framed-Pool
Upon detecting the Framed-Poolattribute in the Radius response, the PCRF should:
- contact the DHCP server for the subscriber's address by passing the pool name to the DHCP server in one of the DHCP options;
- after receiving a response from the DHCP server, generate a general authorization response by combining the DHCP response options and the
Access-Acceptattribute.
FastPCRF Configuration
At least one DHCP server serving the pools must be specified in fastpcrf.conf. The server address is set in the dhcp_server parameter of the following form:
# <address> - IP-address of the DHCP-server
# <dev> - which local interface is to communicate with the DHCP-server
dhcp_server=<address>%<dev>
Each DHCP-server is set in fastpcrf.conf with a separate parameter. For example, two servers can be specified like this:
# Primary server - on the interface eth1
dhcp_server=192.168.10.10%eth1
# Stand-by server - on the interface em2
dhcp_server=10.45.78.03%em2
Setting up to 16 DHCP servers is supported. This parameter has no default value - for Framed-Pool support it is necessary to specify at least one DHCP-server in fastpcrf.conf.
In addition to DHCP servers, you should also specify in which DHCP request option to send the pool name.
It is done with dhcp_poolname_opt parameter. The following DHCP-options are supported:
dhcp_poolname_opt=1- opt77 User-Class RFC 3004. If the option already exists, its value is replaced with the pool namedhcp_poolname_opt=2- opt125 Vendor-Opts (vendorId=43823, subopt=1) RFC 3925. The option is always addeddhcp_poolname_opt=3- opt60 Class-Id RFC 2132. If the option already exists, its value is replaced with the pool name.
If dhcp_poolname_opt=0 (default) - the pool name will be added to opt125.
In SSG 12.4+ opt125 is added with the pool name as the first option. Reason: KEA parses only the first vendor when defining the client class (opt125).
FastPCRF addresses DHCP servers as a Relay (with the IP address of the local server-communication interface), so that DHCP-traffic is unicast. All DHCP-requests are sent to all servers specified in dhcp_server parameters. If multiple DHCP servers are configured, takes into account the first timed response, replies from other DHCP servers are ignored.
ISC DHCP-server Configuration Example
The DHCP server is configured differently depending on which DHCP option the pool name will come in (dhcp_poolname_opt parameter).
Below are the extracts from the configuration files /etc/dhcp/dhcpd.conf ISC DHCP, which relate to configuring the pool.
- example for option 125 (
dhcp_poolname_opt=2)
Forming a DHCP request in the DHCP Radius Proxy mode
In the DHCP Radius Proxy mode, the original DHCP request of the subscriber is transmitted to the DHCP server with the addition of the pool name in accordance with the dhcp_poolname_opt parameter.
Forming a DHCP request for PPPoE-clients
For the PPPoE-subscribers, PCRF forms a DHCP-request with the following options that identify the subscriber:
- opt61 Client-Id RFC 2132- contains type "1" (ethernet) and the subscriber's MAC address in binary form;
Forming Access-Accept
After receiving a response from the DHCP server, PCRF combines it with the Access-Accept previously received from the Radius. Access-Accept DHCP options can also be specified as special VSA. When aggregating responses, the DHCP options returned by the DHCP server have a higher priority than these VSA-attributes; for example, if a different list of DNS servers is specified in both the DHCP response and the Access-Accept, the subscriber will be sent a list of DNS servers from the DHCP server response.