Attribute value pools allow Steel-Belted Radius Carrier to assign and return attribute sets dynamically when an Authorization Request is processed. This functionality is supported by the use of a vendor-specific attribute (VSA) called FunkRound-Robin-Group. The value for this attribute is a string, and is set to the name of a .rr suffix file that defines an attribute value pool. This value can therefore be set for a user or profile by using the Web GUI or LDAP Configuration Interface (LCI) or by any other return list mechanism (such as database retrieval).
Attribute value pooling allows for a dynamic allocation of attribute values sets, so that attributes needed to configure changeable and complex situations do not have to be assigned in static profiles. This functionality is supported by the use of a vendor-specific attribute called Funk-Round-Robin-Group. The value for this attribute is a string, and is set to the name of a .rr suffix file that defines an attribute value pool.
A .rr file is defined as:
Steel-Belted Radius Carrier maintains round-robin statistics for each attribute value pool so that weight calculations can be performed properly. When a user who belongs to a profile that has been assigned to a particular attribute value pool logs in, the round-robin values are incremented to determine which Attribute Value set is assigned to the user. This attribute set is added to the return list of the Access-Accept.
Attribute value pooling can be used in several ways. For example, the Acme Company wants off-site employees to be able to establish tunnels to the company network. The Acme Company maintains three tunnel connection endpoints to which end users can create VPNs into the corporate network, each of these with different capacities. The company needs to define an attribute value pool of three attribute sets, each describing how to establish a tunnel with one of these connection points. These attribute sets are weighted according to the capacity of the three connection points. Figure 8 illustrates a sample acme.rr file.
To make this attribute value pool visible, the Acme Company defines a FunkRound-Robin-Group VSA and assign it to the users (or the profile assigned to these users) and make the value of the VSA point to the acme.rr file shown in Figure 8.
Funk-Round-Robin-Group = acme.rr
Refer to the SBR Carrier Administration and Configuration Guide for more information about using attribute value pooling.