Re: [vpp-dev] RADIUS authentication #vpp
Denis, can you point to specific commands in a Cisco or Juniper Commands Reference and/or Configuration Guide that you wish to see emulated, and provide links to publicly available documents? On Fri, Feb 23, 2018 at 8:13 AM, init via Lists.Fd.Io < dlotarev=yahoo@lists.fd.io> wrote: > I think about RADIUS, because this protocol using in huge number of large > routers (such as CISCO, Juniper, etc...) > Another one question about rate-limit policer - is this already > implemented to VPP? > And yes, i dont know who can make a RADIUS plugin to VPP, im not a > developer. > Thank > > >
Re: [vpp-dev] RADIUS authentication #vpp
I think about RADIUS, because this protocol using in huge number of large routers (such as CISCO, Juniper, etc...) Another one question about rate-limit policer - is this already implemented to VPP? And yes, i dont know who can make a RADIUS plugin to VPP, im not a developer. Thank
Re: [vpp-dev] RADIUS authentication #vpp
If you want to go in this direction: build a control-plane application. You could use a variant of the data-plane whitelist/blacklist applet to punt / drop / forward traffic from a given source-IP address. Add a policer to rate-limit punts to what the external application can handle. Its job is to do the RADIUS dance, and to program whitelist/blacklist tables to forward traffic. Adding a full RADIUS stack data plane plugin could be made to work, but I suspect that you won’t find any takers for that idea. HTH… Dave From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of init via Lists.Fd.Io Sent: Friday, February 23, 2018 12:36 AM To: vpp-dev@lists.fd.io Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] RADIUS authentication #vpp I think, RADIUS should accept following attributes: 1) Login IP address (private address, for mapping NAT 1:1) 2) Framed IP address (public address, if NAT 1:1 is required) 3) Downstream speed (for speed limit, of course, VPP should work as speed shaper, or NAT plugin should work with speed shaper) 4) Upstream speed (according to the above-mentioned) 5) State (allow, disallow) for next actions: 5.1 - redirect to another host:port (if we are talking about ISP, for redirect to a host with http page with payment) 5.2 - allow NAT to limited ip list Yep, i understand, this difficult, but this is not so bad idea for authentication, let me know if anybody know best idea to authenicate client :)
Re: [vpp-dev] RADIUS authentication #vpp
I think, RADIUS should accept following attributes: 1) Login IP address (private address, for mapping NAT 1:1) 2) Framed IP address (public address, if NAT 1:1 is required) 3) Downstream speed (for speed limit, of course, VPP should work as speed shaper, or NAT plugin should work with speed shaper) 4) Upstream speed (according to the above-mentioned) 5) State (allow, disallow) for next actions: 5.1 - redirect to another host:port (if we are talking about ISP, for redirect to a host with http page with payment) 5.2 - allow NAT to limited ip list Yep, i understand, this difficult, but this is not so bad idea for authentication, let me know if anybody know best idea to authenicate client :)
Re: [vpp-dev] RADIUS authentication #vpp
> Hi devs! I want to know will there any plans for implementation RADIUS > authentication for policing and ACL to NAT plugin? > Im telling about VPP as RADIUS client. Not as far as I know. Feel free to make a patch or submit a request with more details of how this would work. Cheers, Ole -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8310): https://lists.fd.io/g/vpp-dev/message/8310 View All Messages In Topic (2): https://lists.fd.io/g/vpp-dev/topic/12437949 Mute This Topic: https://lists.fd.io/mt/12437949/21656 New Topic: https://lists.fd.io/g/vpp-dev/post Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452 Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656 Group Home: https://lists.fd.io/g/vpp-dev Contact Group Owner: vpp-dev+ow...@lists.fd.io Terms of Service: https://lists.fd.io/static/tos Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub -=-=-=-=-=-=-=-=-=-=-=- signature.asc Description: Message signed with OpenPGP