Community discussions

MikroTik App
 
User avatar
natanielklug
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Mon Apr 02, 2007 6:09 pm
Location: Cascavel/PR/Brasil

Freeradius and multiple PPPoE NAS (redundant) using checkrad

Tue Aug 06, 2013 2:57 pm

Hello all,

I need help setting up an environment to deliver the best solution to my internal network. Now I have several Freeradius running and all of them are redundant. They use SQL as authentication, authorization and accounting purpose and I am running a SQL IPPool for my NAS. I need sqlippool and I net SQL as well. I also need to have several Mikrotik PPPoE NAS running in an array where they can respond redundantly. This is my actual network layout (I am not lining up my physical network so the drawing is not too big):

Image

For the layout I have in the same physical area the communication running over ethernet or fiber. I am using Simultaneous-Use and it's working fine. My problem is to identify if that simultaneous check is true! Why? Because for some reasons some times Mikrotik shutdown (power problems, for example, or a person take the power cord off the NAS). I know, this is extreme, but I need to be prepared for that.

So I tough on using checkrad. It works fine (SNMP, telnet is not working and I am not a Perl programmer so I was not able to solve the problem) when I have some connections running one after another, like, 10 PPPoE tunnels and I can start them one at a time. When they all start together (even thou they are just 10 sessions) checkrad hangs and let people connect simultaneously. Worse than the simultaneous connections is that Freeradius/Checkrad takes too much time to let people connect. Without checkrad it takes like 6 seconds to let 10 sessions in writing down Accouting-Request as fast as it can. When I use checkrad it takes 50/55 seconds to let people in and they all have simultaneous connections. Besides that my sqlippool get all missed up, I think, because the accounting is taking too long to write down so I have the same IP set to two different users.

What else can I do to solve the problem when my customers come from one NAS and they got stuck there because a power failure, for example, and they need to connect to another NAS? This would be the scenario:

Image

So all the customers connected to NAS01 are able to connect to NAS02-04 but they are blocked on Simultaneous-Use until NAS01 returns online and send an Accounting-On.

The second problem is physical too and imagine for some reason that NAS04 loses it's ethernet connection to the internet and to the Freeradius AT THE SAME TIME - remember those servers are all in the same physical space - (like an ethernet cable unplugged or a mistaken setup of a VLAN in a switch or anything else can make NAS loses it's connection to the physical network). In this case my customers tunnels would be still on but they can not reach the internet or Freeradius and if they drop their connection (reboot a customer device) they will be stuck in RadAcct and Simultaneous-Use will block them. This would be the layout:

Image

So, what can I do to solve the problem? Is there anyone with the same problem?

Freeradius 2.x
Mikrotik 6.2

PS.: There is a guy with a lot of topics on checkrad (savage) who could help me but I am not being able to get direct contact.

Best Regards,

Nataniel Klug
Certto - Cascavel/PR/Brazil
 
maxfava
Member Candidate
Member Candidate
Posts: 222
Joined: Mon Oct 17, 2005 12:30 am

Re: Freeradius and multiple PPPoE NAS (redundant) using chec

Sat Nov 16, 2013 3:32 am

I m looking if with dhcp relay i can give address pool instead of freeradius dhcp
How did you solved?
 
User avatar
natanielklug
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Mon Apr 02, 2007 6:09 pm
Location: Cascavel/PR/Brasil

Re: Freeradius and multiple PPPoE NAS (redundant) using chec

Mon Nov 18, 2013 2:11 pm

Hello max,

Assuming that I ever had a solution for that (hehehehe)... I solved the problem by using Freeradius with PostgreSQL for the IP Pool and running them with a new tag so my Freeradius can see if a connection is still open for a NAS (I've set up a new column on lippool and radacct tables where I write the name of the NAS so this column is checked every time a new connection arrives).
---
Best regards,

José Nataniel Centeno Klug
Operation Manager Certto Telecom
+55 45 3333 2135 | www.certto.com.br
Image
 
maxfava
Member Candidate
Member Candidate
Posts: 222
Joined: Mon Oct 17, 2005 12:30 am

Re: Freeradius and multiple PPPoE NAS (redundant) using chec

Tue Nov 19, 2013 11:59 pm

Thanks.
I have found differeten solution just divided the ip subnet as i have available enough
But of course when one pppoe does not work there is a risk of taking all the pools.

I have played sometime with freeradius, not an expert, but i saw dhcp feature from 2.0 version
I was wondering for my employ as i have not found a clear gui, which i should develop, but time is 24 hours per day only...
 
User avatar
natanielklug
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Mon Apr 02, 2007 6:09 pm
Location: Cascavel/PR/Brasil

Re: Freeradius and multiple PPPoE NAS (redundant) using chec

Wed Nov 20, 2013 12:32 pm

Hello max,

If you want to understand better this solution in the future, feel free to contact me.
---
Best regards,

José Nataniel Centeno Klug
Operation Manager Certto Telecom
+55 45 3333 2135 | www.certto.com.br
Image

Who is online

Users browsing this forum: AlexanderK, jcla416 and 95 guests