Mailing List Archive: PPP: limiting number of concurrent sessions

PPP: limiting number of concurrent sessions

Dec 15, 2008, 11:22 AM

Post #1 of 3 (3779 views)

Hello all

The company I work for has a number of cisco routers acting solely as
LAC, providing wholeshale services to other ISPs that terminate the
subscriber PPP sessions in their LNS.

We plan to start terminating the PPP sessions directly to our routers.
Since we want limit the max-concurrent sessions per user to 1, we have
to make sure that the radius can reliably detect and avoid double logins.

We shall use free radius and expect to serve 100.000+ customers. Since
radius protocol is not 100% reliable, extra mechanisms are often used
when such a limit is imposed for the max concurrent sessions per user
(e.g. the radius using telnet, finger or SNMP can contact the BRAS and
verify if a particular user is already logged in or not)

I want to ask from your experience what is the prefered method for
avoiding double logins especially when such a large number of subscribers
has to served?

I am concerned that having the radius to contact the BRAS in-order to
verify each double login attempt will result to a heavy performance impact
for the BRAS

Thnx
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

PPP: limiting number of concurrent sessions [ In reply to ]

victor.lyapunov at gmail

Dec 15, 2008, 12:55 PM

Post #2 of 3 (3640 views)

Permalink

That would work but we plan to offer this service using dynamic IP addresses.
Also as you mention, probably both sessions will stop forwarding the traffic
correctly as soon as the second one is established (we would like to have
the first one continue operating and deny the second one)

Thnx
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: PPP: limiting number of concurrent sessions [ In reply to ]

dkcctc at gmail

Dec 15, 2008, 5:02 PM

Post #3 of 3 (3630 views)

Permalink

Have you looked at these commands? I have used all three at some point.

ROUTER(config-bba-group)#sessions ?
auto Sessions auto commands
per-mac Per-MAC session configuration
per-vc Per-VC session configuration
per-vlan Per-VLAN session configuration

Dan

----- Original Message -----
From: "Victor Lyapunov" <victor.lyapunov@gmail.com>
To: <cisco-bba@puck.nether.net>
Sent: Monday, December 15, 2008 2:22 PM
Subject: [cisco-bba] PPP: limiting number of concurrent sessions

> Hello all
>
> The company I work for has a number of cisco routers acting solely as
> LAC, providing wholeshale services to other ISPs that terminate the
> subscriber PPP sessions in their LNS.
>
> We plan to start terminating the PPP sessions directly to our routers.
> Since we want limit the max-concurrent sessions per user to 1, we have
> to make sure that the radius can reliably detect and avoid double logins.
>
> We shall use free radius and expect to serve 100.000+ customers. Since
> radius protocol is not 100% reliable, extra mechanisms are often used
> when such a limit is imposed for the max concurrent sessions per user
> (e.g. the radius using telnet, finger or SNMP can contact the BRAS and
> verify if a particular user is already logged in or not)
>
> I want to ask from your experience what is the prefered method for
> avoiding double logins especially when such a large number of subscribers
> has to served?
>
> I am concerned that having the radius to contact the BRAS in-order to
> verify each double login attempt will result to a heavy performance impact
> for the BRAS
>
> Thnx
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba