Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring the Home Agent and DHCP Server Assignment

 

There are several ways SBR Carrier can assign the home agent and DHCP server. This section provides a configuration overview for each method.

Note

Only IPv4 addresses are supported.

Define the List of Home Agents and DHCP Servers

Define the List of Home Agents and DHCP Servers

You need to define a list of NAS-Identifiers for each home agent and DHCP server that sends Access-Requests to Steel-Belted Radius Carrier. These are defined in the [HAs] section and [DHCPServers] section of the wimax.ini file. If these lists are not defined, Access-Requests from any home agents and DHCP servers are processed.

Configuring Return List Attributes to Assign the Home Agent and DHCP Server

Configuring Return List Attributes to Assign the Home Agent and DHCP Server

SBR Carrier can assign the home agent and DHCP server addresses by returning the WiMAX-HA-IP-MIP4 and WiMAX-DHCPv4-Server attributes in the Access-Accept message. This is configured by defining these attributes in the return list of a user or profile entry.

The address assignment process and configuration differs depending on whether the server is acting as the HAAA or VAAA. Steel-Belted Radius Carrier can be configured to perform either role.

Note

For DHCP server keys to be generated, the DHCP server IP address needs to be returned as part of the ASNGW Access-Accept either through a profile or filter. We recommend using a filter so that based on the user@NAI, the appropriate DHCP server IP address is returned.

Assignment When Acting as the HAAA Server

Assignment When Acting as the HAAA Server

When you want Steel-Belted Radius Carrier (acting as the HAAA) to assign the home agent and DHCP server IP addresses, you need to configure it to return the WiMAX-hHA-IP-MIP4 and WiMAX-hDHCPv4-Server attributes in the Access-Accept message. This is configured using Web GUI and defining these attributes in the return list of either a user of profile entry. When Steel-Belted Radius Carrier HAAA server receives an Access-Request, it returns these attributes (containing the IP addresses) in the Access-Accept message. For more information about adding these attributes to the return list, see Adding a Profile.

Assignment When Acting as the VAAA Server

Assignment When Acting as the VAAA Server

Optionally, when Steel-Belted Radius Carrier is acting as the VAAA server, it can assign the IP addresses of the home agent and DHCP server. This requires configuration on both the VAAA and HAAA Steel-Belted Radius Carrier servers. The Steel-Belted Radius Carrier acting as the VAAA must be configured to add the WiMAX-hHA-IP-MIP4 and WiMAX-hDHCPv4-Server attributes to the Access-Request before it proxies the request to the Steel-Belted Radius Carrier HAAA. The Steel-Belted Radius Carrier acting as the HAAA must be configured to allow the VAAA to assign the home agent and DHCP server.

Configuring the VAAA

To configure the Steel-Belted Radius Carrier VAAA to add the WiMAX-hHA-IP-MIP4 and WiMAX-hDHCPv4-Server attributes to Access-Request messages, you need to specify an attribute filter to be applied to authentication requests before the VAAA proxies the requests to the Steel-Belted Radius Carrier HAAA. Defining this filter is a multi-step process:

  1. Define a filter using the Filters List page in Web GUI:

    1. Filter name=wimaxVisitedFilter

    1. Set the filter Default Rule=Allow

    2. Add WiMAX-hHA-IP-MIP4 attribute

  2. In the proxy.ini file, define a proxy realm < the realm name should be the name of the *.pro file> in the [Realms] section.

  3. In *.pro file, assign the FilterOut = wimaxVisitedFilter in the [Auth] section.

  4. Define the proxy target (HAAA server) using the Proxy Targets List page in Web GUI:

  5. In *.pro file, set the proxy target name to 1 in the [AuthTargets] section.

  6. In *.pro file, set the proxy target name to 1 in the [AcctTargets] section

Configuring the HAAA

You must the configure Steel-Belted Radius Carrier (HAAA) to allow the VAAA to assign the home agent and DHCP server addresses. To do this you set Allow-VAAA-To-Assign-Home-Agent-And-DHCP-Server=1 in the [ASNGW-Requests] section of the wimax.ini file. If this parameter is set to 1 and the VAAA server attaches the WiMAX-hHA-IP-MIP4 attributes to the Access-Request, then the HAAA server will echo the WiMAX-hHA-IP-MIP4 as WiMAX-vHA-IP-MIP4 attribute to the Access-Accept, along with the following additional attributes: vHA-IP-MIP4, MN-vHA-MIP4-KEY, and MN-vHA-MIP4-SPI.

Configuring Statically Weighted Round-Robin Groups to Assign the Home Agent and DHCP Server

Configuring Statically Weighted Round-Robin Groups to Assign the Home Agent and DHCP Server

The round-robin feature enables you to configure a home agent round-robin group and assign fixed weights to each home agent or DHCP server in the group. SBR Carrier then assigns the home agent or DHCP server to a session based on a weighted round-robin method. This feature load-balances the assignment of home agents in a round-robin fashion by selecting the home agent from a pool of IP addresses.

Note

Separate round-robin groups are required to load balance the assignment of both the home agent and DHCP server IP addresses.

You can only use round-robin groups to assign the home agent or DHCP server when Steel-Belted Radius Carrier is acting as the HAAA.

To enable this capability, you need to configure attribute value pools. Attribute value pooling allows for dynamic allocation of attribute values sets, so that attributes needed to configure changeable and complex situations do not have to be assigned in static profiles. Attribute value pools enable Steel-Belted Radius Carrier to assign and return attribute sets dynamically when an Access-Request is processed. Attribute value pooling is configured by using the VSA called Funk-Round-Robin-Group. This attribute is placed in the return list of a user or profile entry to dynamically assign an attribute set from an attribute value pool at log in time.

The value of this attribute must be set to the name of the  .rr file which defines the attribute value pool. This value is set for a user or profile by using the Web GUI or LDAP Configuration Interface (LCI), or by any other return list mechanism (such as database retrieval).

Each home agent (and DHCP server) is identified by its IP address. The round-robin group functionality used to assign the home agent is based on weights specified in the round-robin (*.rr) file. A round-robin group is a group of RADIUS attributes listed under a section in the .rr file. Each section is associated with a weight. Selection of a particular section is based on the section’s relative weight as shown in this example .rr file:

 

For more information, see Attribute Value Pooling in this guide, and the sample.rr file, in the SBR Carrier Reference Guide.

Note

You cannot use round-robin group load balancing to assign IP addresses to the home agent or DHCP server when SBR Carrier is acting as the VAAA.

On receiving the SIGHUP (1) signal, SBR Carrier reads the configuration files and updates the round-robin groups. To use the smart dynamic home agent assignment feature, you create a file that defines the round-robin groups and another file that defines the weights for the round-robin group. The smart dynamic home agent assignment feature works by creating a configuration file for the round-robin group and creating round-robin groups as specified in those files. You can assess the load status of the home agents in your network and populate the associated configuration files in a way that balances the load across home agents. By sending a SIGHUP (1) signal to SBR Carrier, you can dynamically update the configuration. On receiving the SIGHUP (1) signal, SBR Carrier reads the configuration files and updates the round-robin groups.

By using dynamically updated round-robin groups, SBR Carrier can load balance the IP address assignment of multiple home agents and DHCP servers are in the network.

Note

You can only use these round-robin methods when SBR Carrier is acting as the HAAA.

 

Configuring the Smart Dynamic Home Agent Assignment Feature

Configuring the Smart Dynamic Home Agent Assignment Feature

The smart dynamic home agent assignment feature works by reading various configuration files and creating round-robin groups as specified in those files. You can assess the load status of the home agents in your network and populate the associated configuration files in a way that balances the load across home agents. When SBR Carrier receives a SIGHUP (1) signal, it reads these configuration files and updates the round-robin groups.

Smart Dynamic Home Agent Assignment Configuration Overview

Smart Dynamic Home Agent Assignment Configuration Overview

SBR Carrier uses two files to configure the smart dynamic home agent assignment feature. The first file (dynamic_ha.ini) defines the home agent IP addresses for the round-robin groups. A second file defines, and dynamically updates the weights for the round-robin groups.

dynamic_ha.ini File

The dynamic_ha.ini file defines the home agent IP addresses for the round-robin groups. For example:

 

Each section in the dynamic_ha.ini file contains a list of IP addresses that form a round-robin group. The file can contain any number of sections and therefore can define any number of round-robin groups. This file is not dynamically updated. A single IP address may be contained in more than one section.

The Funk-hHA-IP-MIP4-Group and Funk-vHA-IP-MIP4-Group attributes indicate which group (visited or home) assigns the home agent. These attributes contain the name of the section in dynamic_ha.ini file that is used. The SBR Carrier WiMAX subsystem determines whether to use the visited or the home attribute. This attribute is available to filters and profiles. These attributes are stripped and do not go out over the network.

Customer-Written Dynamically Updated File

A customer-written file with a format similar to the .rr file is dynamically updated and contains pairs of IP addresses and weights. The file is read by SBR Carrier upon the receipt of a signal (either SIGHUP (1) or SIGUSR2 (17), as defined in update.ini file).

The HA-Dynamic-Addr-Weight-File parameter in the [Settings] section of the wimax.ini defines the name and path to this file as follows:

 

Use of the smart dynamic home agent assignment feature requires you to write this file and the application that:

  • Monitors home agents

  • Based on load and availability, determines the list of IP addresses and their associated weights

  • Writes to the file

  • Immediately signals SBR Carrier servers when a home agent does down

This file uses the following format:

 

For example:

 

This example contains four round-robin sets, where each set contains an IP address. The attribute that carries that IP address is not defined in this file, but is either WiMAX-hHA-IP-MIP4 or WiMAX-vHA-IP-MIP4, as determined by the SBR Carrier WiMAX subsystem. Because the WiMAX subsystem determines which attribute to use (home or visited), this mechanism is used only for WiMAX home agent assignment and is not a general alternative to .rr files.

A ‘0’ as the weight indicates that the home agent is offline and not to use it. The default weight is ‘0’, so an IP address with an empty weight field is not used.

[HAs] Section of the wimax.ini File

The [HAs] section of the wimax.ini file contains a list of IP addresses for allowed home agents (home or visited).

Access-Requests from home agents not listed in the [HAs] section of wimax.ini file are rejected. Values under the [HAs] section can be either:

  • All NAS-Identifiers

  • All IPv4 addresses

When using the smart dynamic home agent assignment feature, the values under the [HAs] section must be IPv4 addresses.

If the [HAs] section contains one or more IPv4 addresses, and if an IP address in the dynamic file is not in the [HAs] section, then the weight of that IP address in the dynamic file will be forced to zero. In other words, if the [HAs] section contains one or more IPv4 addresses then any IP address not under the [HAs] section will not be assigned.

If the [HAs] section contains no entries then the weights are read from the file without modification.

Operation of the Smart Dynamic Home Agent Assignment Feature

Operation of the Smart Dynamic Home Agent Assignment Feature

This section describes the processing that occurs in Steel-Belted Radius Carrier for the Smart Dynamic Home Agent Assignment feature.

Processing on Startup

On startup, SBR Carrier:

  1. Reads the dynamic_ha.ini file.

  2. Reads the dynamically updated file as specified in the HA-Dynamic-Addr-Weight-File parameter in the [Settings] section of the wimax.ini file.

  3. Reads the [HAs] section of the wimax.ini file.

  4. If an IP address specified in the HA-Dynamic-Addr-Weight-File is not listed in the dynamic_ha.ini file, or is not in the [HAs] section of the wimax.ini file, then it is ignored.

  5. One round-robin processing object is created for each group that contains one or more addresses. If a group contains IP addresses, a warning is logged.

Processing on a Signal

Upon receiving a signal from the customer-written application, SBR Carrier:

  1. Reads the dynamically updated file as specified in the HA-Dynamic-Addr-Weight-File parameter in the [Settings] section of the wimax.ini file.

  2. Reads the [HAs] section of the wimax.ini file.

  3. If an IP address specified in the HA-Dynamic-Addr-Weight-File is not listed in the dynamic_ha.ini file, or is not in the [HAs] section of the wimax.ini file, then it is ignored.

  4. One round-robin processing object is created for each group that contains one or more addresses. If a group contains IP addresses, a warning is logged. The round-robin processing objects are reference-counted so that any object in use at the time of the signal is not destroyed until after it is no longer in use.

Access-Request Processing

Access-Request Processing

This section describes the Access-Request processing when SBR Carrier is acting as either the VAAA or HAAA server.

Access-Request Processing When Acting as the VAAA

If SBR Carrier determines that it must proxy the Access-Request, then it is acting as a VAAA.

When acting as the VAAA and processing the initial Access-Request:

  1. The dynamic_ha.ini section name (group name) is read from the Funk-vHA-IP-MIP4-Group attribute. The Funk-vHA-IP-MIP4-Group needs to be attached using the SBR Carrier filter capability.

  2. The value of the WiMAX-hHA-IP-MIP4 attribute is obtained from the named round-robin processing object.

  3. WiMAX-hHA-IP-MIP4 is attached to the Access-Request.

  4. The Funk-vHA-IP-MIP4-Group attribute is stripped from the Access-Request.

When processing the final Access-Accept:

  1. If a WiMAX-vHA-IP-MIP4 and WiMAX-MN-vHA-MIP4-Key are attached to the Access-Accept message returned from the downstream HAAA server, and if the WiMAX-vHA-IP-MIP4 value is the same as the value assigned by the VAAA server, then:

    1. The VAAA server allows WiMAX-vHA-IP-MIP4 and WiMAX-MN-vHA-MIP4-Key to be passed back to the ASN-GW in the Access-Accept.

    2. The VAAA server attaches WiMAX-vHA-RK and related attributes to the Access-Accept.

  2. Else WiMAX-vHA-IP-MIP4 and WiMAX-MN-vHA-MIP4-Key are stripped from the Access-Accept.

Access-Request Processing When Acting as the HAAA

If the SBR Carrier determines that it does not need to proxy the Access-Request then it is acting as a HAAA.

When processing the final Access-Accept:

  1. If WiMAX-hHA-IP-MIP4 was attached to the Access-Request and if configured to allow the VAAA to assign the home agent then attach the WiMAX-vHA-IP-MIP4 and WiMAX-MN-vHA-MIP4-Key attribute to the Access-Accept.

  2. The dynamic_ha.ini section name (group name) is read from the Funk-hHA-IP-MIP4-Group attribute (which is attached to the Access-Accept).

  3. The value of the WiMAX-hHA-IP-MIP4 attribute is obtained from the named round-robin processing object.

  4. WiMAX-hHA-IP-MIP4 is attached to the Access-Accept.

  5. The Funk-hHA-IP-MIP4-Group attribute is stripped from the Access-Accept.