If you want to go in this direction: build a control-plane application. You
could use a variant of the data-plane whitelist/blacklist applet to punt / drop
/ forward traffic from a given source-IP address.
Add a policer to rate-limit punts to what the external application can handle.
Its job is to do the RADIUS dance, and to program whitelist/blacklist tables to
Adding a full RADIUS stack data plane plugin could be made to work, but I
suspect that you won’t find any takers for that idea.
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of init via
Sent: Friday, February 23, 2018 12:36 AM
Subject: Re: [vpp-dev] RADIUS authentication #vpp
I think, RADIUS should accept following attributes:
1) Login IP address (private address, for mapping NAT 1:1)
2) Framed IP address (public address, if NAT 1:1 is required)
3) Downstream speed (for speed limit, of course, VPP should work as speed
shaper, or NAT plugin should work with speed shaper)
4) Upstream speed (according to the above-mentioned)
5) State (allow, disallow) for next actions:
5.1 - redirect to another host:port (if we are talking about ISP, for redirect
to a host with http page with payment)
5.2 - allow NAT to limited ip list
Yep, i understand, this difficult, but this is not so bad idea for
authentication, let me know if anybody know best idea to authenicate client :)