FastPCRF settings

Radius Accounting packages are sent by default to 1813 Radius server port. You can specify a different port globally for all the radius servers or specifically for a given radius server:

  • radius_acct_port option defined in the fastpcrf.conf configuration file specifies the default accounting port
  • acct_port option is applied for a given radius server:

radius_server=secret@192.168.200.1%eth1:1812;acct_port=34567

You can also specify a secret for Radius accounting for each server separately; this can be done using the acct_secret option of radius_server parameter:

radius_server=qwerty@192.168.200.1%eth1:1812;acct_port=34567;acct_secret=123456

The qwerty secret will be used for authorization requests in the example above, and 123456 will be used for the accounting ones.

  • radius_max_acct_connect_count – the maximum number of connections used to transfer the accounting data, the default value is 2. Each connection can be used to handle no more than 256 requests simultaneously.
    This parameter limits the maximum Radius server load.
  • radius_acct_interim_interval – the time interval, in seconds, for sending the interim accounting. The default value is 1800 seconds. The minimum allowed value is 60 seconds.
    It should be noted that the time interval for sending interim statistics can be specified for each user separately using the Acct-Interim-Interval attribute containing within the Access-Accept/Access-Reject response to the Access-Request authorization request. Value 0 means that interim statistics will not be sent.
  • radius_acct_idle_timeout - [is added in the VAS Experts DPI 7.3] the time interval, in seconds, during which the data is unchanged. If within this time interval, there was no change in accounting data being sent by the fastdpi,then the accounting-session is considered to be closed since the idle time-out is exceeded. The default value is 1800 seconds. It should be noted that it is meaningless to set the parameter value less than netflow_timeout one.
  • acct_check_idle_mode - [is added in the VAS Experts DPI 7.4] The stop event control mode, is used to control the event when the data will be changed.
    Valid values are the following:
    • 0 - within the radius_acct_idle_timeout there is no changes in the incoming and outgoing traffic (this is the default value)
    • 1 - within the radius_acct_idle_timeout there is no changes only in the outgoing traffic (there is no subscriber's activity).
      The acct_check_idle_mode=1 mode allows to detect when the accounting session terminates even if the subscriber IP address is flooded with superfluous requests (for example, DDoS-attack).
  • acct_start_point - [is added in the VAS Experts DPI 7.4] The starting point of the accounting statistics:
    • 0 - since the last Stop (default value). This is the most accurate statistics;
    • 1 - since the Start event.
      When the acct_start_point=0 is used within the acct_check_idle_mode=1 mode all the "parasite" traffic being accumulated since the last Stop event will fall into new accounting session.
      When the acct_start_point=1 is used instead all the "parasite" traffic being accumulated since the last Stop event will be ignored.
      Also, due to the time delays between accounting "activating" and the actual netflow statistics gathering, the outgoing traffic statistics may be slightly distorted (downwards).
  • acct_auth_sync - [SSG 8.1+] authorization and account synchronization. Disabled by default (no synchronization). Some billing systems (e.g. LanBilling) require the current account session to be closed before sending an Access-Request.
    The acct_auth_sync=1 setting synchronizes the accting and authorization: when an auth-request arrives, the SSG closes the current acct session (sends acct Stop), waits for a response from Radius to acct Stop, and only then sends an Access-Request auth-request with the new acct sessionId. In addition, [SSG 9.2+] when closing an account session by idle timeout PCRF sends a notification to SSG about session closure; in this case SCAT resets the authorization status, which further leads to subscriber reauthorization - sending Access-Request.
  • acct_disable_interim_update - prohibiting the sending of Interim-Updates.
    • acct_disable_interim_update=0 — by default, Interim-Update is sent
    • acct_disable_interim_update=1 — do not send an Interim-Update