Mailing List Archive

Thomas Bridge [thomas@netsource.ie] wrote:
> We've a Cisco 7200 terminating our customer's PPPoE and PPP over L2TP
> connections for ADSL. It's running 12.2(16)B
>
> Is there anyway internal to the router to do per user accounting -

No, but I'm curious, what did you have in mind?

> radius is not over suitable for this, as it wraps at 4GB and needs
> the session to terminate, or constant monitoring of the radius logs,

In recent IOS, we support Acct-Input/Output-Gigawords which should fix
the 4GB wrapping issue. Also, what is unattractive about using
periodic accounting and montioring the RADIUS logs?

Dennis

>
> T.
>
>
> Thomas Bridge tbridge@netsource.ie
> Network and Systems Architect Support phone: +353 1 4336070
> Netsource 26 Upr Fitzwilliam St., Dublin 2
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba

--
-------------------------------------------------------------------------
|| || Dennis Peng
|| || Cisco Systems, Inc. Escalation Engineer
|||| |||| 170 West Tasman Drive Phone: (408) 526-6143
..:||||||:..:||||||:.. San Jose, CA 95134 Fax: (408) 232-2343
Cisco Systems Inc. dpeng@cisco.com
-------------------------------------------------------------------------

I find it very helpful to use an SQL-based RADIUS solution in
conjunction with periodic accounting. Obviously depends on how frequent
the updates are and how many there are in any period of time (ie, can
the RADIUS/DBMS handle the load?). Can also solve the 4GB issue if the
period is large enough.

DP


> -----Original Message-----
> From: cisco-bba-bounces@puck.nether.net
> [mailto:cisco-bba-bounces@puck.nether.net]On Behalf Of Dennis Peng
> Sent: Thursday, July 10, 2003 12:25 PM
> To: Thomas Bridge
> Cc: cisco-bba@puck.nether.net
> Subject: Re: [cisco-bba] Per user accounting
>
>
> Thomas Bridge [thomas@netsource.ie] wrote:
> > We've a Cisco 7200 terminating our customer's PPPoE and
> PPP over L2TP
> > connections for ADSL. It's running 12.2(16)B
> >
> > Is there anyway internal to the router to do per user accounting -
>
> No, but I'm curious, what did you have in mind?
>
> > radius is not over suitable for this, as it wraps at 4GB and needs
> > the session to terminate, or constant monitoring of the radius logs,
>
> In recent IOS, we support Acct-Input/Output-Gigawords which should fix
> the 4GB wrapping issue. Also, what is unattractive about using
> periodic accounting and montioring the RADIUS logs?
>
> Dennis
>
> >
> > T.
> >
> >
> > Thomas Bridge tbridge@netsource.ie
> > Network and Systems Architect Support phone: +353
> 1 4336070
> > Netsource 26 Upr Fitzwilliam
> St., Dublin 2
> >
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-bba
>
> --
> --------------------------------------------------------------
> -----------
> || || Dennis Peng
> || || Cisco Systems, Inc. Escalation Engineer
> |||| |||| 170 West Tasman Drive Phone:
> (408) 526-6143
> ..:||||||:..:||||||:.. San Jose, CA 95134 Fax:
> (408) 232-2343
> Cisco Systems Inc. dpeng@cisco.com
> --------------------------------------------------------------
> -----------
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba
>

You mentioned that Radius based is not a solution, but I would like to mention
that # of radius logs depend on the type of accounting (Num packets/Time based
and Pre-paid/post-paid based).

Cisco SSG gives functionality for all the above, but based on radius
transactions
and an external billing server to generate bills.

Thanks.

-Murali

At 04:48 PM 7/10/2003 +0100, Thomas Bridge wrote:
>We've a Cisco 7200 terminating our customer's PPPoE and PPP over L2TP
>connections for ADSL. It's running 12.2(16)B
>
>Is there anyway internal to the router to do per user accounting - radius
>is not over suitable for this, as it wraps at 4GB and needs the session to
>terminate, or constant monitoring of the radius logs,
>
>T.
>
>
>Thomas Bridge tbridge@netsource.ie
>Network and Systems Architect Support phone: +353 1 4336070
>Netsource 26 Upr Fitzwilliam St., Dublin 2
>
>_______________________________________________
>cisco-bba mailing list
>cisco-bba@puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________
Murali Kolli
Product Manager
SSG/Subscriber Edge in IOS
Office : 408-526-5228
_______________________________

At 09:25 10/07/2003 -0700, Dennis Peng wrote:

>Thomas Bridge [thomas@netsource.ie] wrote:
> > We've a Cisco 7200 terminating our customer's PPPoE and PPP over L2TP
> > connections for ADSL. It's running 12.2(16)B
> >
> > Is there anyway internal to the router to do per user accounting -
>
>No, but I'm curious, what did you have in mind?

We have a situation where we could support up to 8000 customers before
moving to second BAS for DSL connections. Most of these customers are
permanently connected, and are assigned a virtual interface. The problem
is, they disconnect and reconnect quite frequently (some users are home
users for example).

As all Virtual Interfaces must have a 1:1 mapping to a username (albeit
ones that are handled through a RADIUS server), I was thinking of something
like an internal table that contains the amount of data that customer has
downloaded - this is already in the router for the interface. It would be
like the stats gathered for a serial or ethernet interface - you could
reset to zero if you wanted.

> > radius is not over suitable for this, as it wraps at 4GB and needs
> > the session to terminate, or constant monitoring of the radius logs,
>
>In recent IOS, we support Acct-Input/Output-Gigawords which should fix
>the 4GB wrapping issue. Also, what is unattractive about using
>periodic accounting and montioring the RADIUS logs?

While some users may log on and off, others will stay permanently
connected. I suppose I need to think this through - but the problem is
that using radius will require the radius DB itself to be monitored if I'm
looking for things like "how much has this user used this week" if he's
been connected for the last month.

What I was really looking for is a way to find out today what my users have
been using for the last week. It appears, that the answer is no. What I
need to do is start gathering some data, but I'll have to think it through.

In the meantime, I've noticed that I didn't have "aaa accounting update
periodic" enabled. I've just added the command, with a time of 5
minutes. However, it appears my radius server does not seem to be
handling those packets - something I need to investigate.

T.


Thomas Bridge tbridge@netsource.ie
Network and Systems Architect Support phone: +353 1 4336070
Netsource 26 Upr Fitzwilliam St., Dublin 2

Thomas Bridge [thomas@wibble.to] wrote:
> At 09:25 10/07/2003 -0700, Dennis Peng wrote:
>
> >Thomas Bridge [thomas@netsource.ie] wrote:
> >> We've a Cisco 7200 terminating our customer's PPPoE and PPP over L2TP
> >> connections for ADSL. It's running 12.2(16)B
> >>
> >> Is there anyway internal to the router to do per user accounting -
> >
> >No, but I'm curious, what did you have in mind?
>
> We have a situation where we could support up to 8000 customers before
> moving to second BAS for DSL connections. Most of these customers are
> permanently connected, and are assigned a virtual interface. The problem
> is, they disconnect and reconnect quite frequently (some users are home
> users for example).
>
> As all Virtual Interfaces must have a 1:1 mapping to a username (albeit
> ones that are handled through a RADIUS server), I was thinking of something
> like an internal table that contains the amount of data that customer has
> downloaded - this is already in the router for the interface. It would be
> like the stats gathered for a serial or ethernet interface - you could
> reset to zero if you wanted.

Actually, in 12.2(16)B and later, there is no static mapping between a
particular user and a vaccess interface for PPPoX, so even if the
router didn't clear the vaccess counters when a user disconnected, it
would not be posssible to track the network utilization of your users
it they are constantly connecting/disconnecting.

> >> radius is not over suitable for this, as it wraps at 4GB and needs
> >> the session to terminate, or constant monitoring of the radius logs,
> >
> >In recent IOS, we support Acct-Input/Output-Gigawords which should fix
> >the 4GB wrapping issue. Also, what is unattractive about using
> >periodic accounting and montioring the RADIUS logs?
>
> While some users may log on and off, others will stay permanently
> connected. I suppose I need to think this through - but the problem is
> that using radius will require the radius DB itself to be monitored if I'm
> looking for things like "how much has this user used this week" if he's
> been connected for the last month.
>
> What I was really looking for is a way to find out today what my users have
> been using for the last week. It appears, that the answer is no. What I
> need to do is start gathering some data, but I'll have to think it through.

Yes, unfortunatley to gather the information you are looking for,
you'll probably have to dig through the RADIUS accounting logs. I
wonder if some other RADIUS user has already solved a similar problem
though, it seems like it should be a common desire.

Dennis

> In the meantime, I've noticed that I didn't have "aaa accounting update
> periodic" enabled. I've just added the command, with a time of 5
> minutes. However, it appears my radius server does not seem to be
> handling those packets - something I need to investigate.
>
> T.
>
>
> Thomas Bridge tbridge@netsource.ie
> Network and Systems Architect Support phone: +353 1 4336070
> Netsource 26 Upr Fitzwilliam St., Dublin 2

--
-------------------------------------------------------------------------
|| || Dennis Peng
|| || Cisco Systems, Inc. Escalation Engineer
|||| |||| 170 West Tasman Drive Phone: (408) 526-6143
..:||||||:..:||||||:.. San Jose, CA 95134 Fax: (408) 232-2343
Cisco Systems Inc. dpeng@cisco.com
-------------------------------------------------------------------------