Accel-Ppp Documentation: Release Latest
Accel-Ppp Documentation: Release Latest
Accel-Ppp Documentation: Release Latest
Release latest
1 Installation 3
1.1 Generic Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Install on Debian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Install on Ubuntu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.4 Install on Centos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Configuration 11
2.1 [modules] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2 [core] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3 [common] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.4 [radius] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.5 [chap-secrets] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.6 [ppp] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.7 [pppoe] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.8 [pptp] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.9 [l2tp] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.10 [ipoe] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.11 [dns] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.12 [ipv6-dns] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.13 [ipv6-pool] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.14 [ipv6-nd] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.15 [ipv6-dhcp] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.16 [shaper] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.17 [log] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.18 [cli] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.19 [pppd-compat] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3 Control features 37
3.1 accel-cmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.2 telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.3 radius CoA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.4 snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4 Recommendations 41
4.1 Enable forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.2 MTU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.3 Increase ARP cache size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
i
5 BRAS tuning 43
5.1 Network tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
6 Examples 45
6.1 Lua examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7 Debugging 47
ii
accel-ppp Documentation, Release latest
Contents: 1
accel-ppp Documentation, Release latest
2 Contents:
CHAPTER 1
Installation
1.1.1 Requirment
Make sure you have configured kernel headers in /usr/src/linux, or specify other location via KDIR.
Download accel-ppp source code with git client, tree master . Master tree contain actual patches last release.
mkdir /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build/
3
accel-ppp Documentation, Release latest
˓→DRADIUS=TRUE] [-DNETSNMP=FALSE] ..
make
make install
1.1.3 Run
1.1.4 Control
Preparation
Before compile and build package need satisfy some dependencies
• cmake - open-source system that manages the build process
• gcc - GNU Compiler Collection (GCC) is a compiler system
• linux-headers-‘uname -r‘ - source code of current installing linux kernel, need for build ipoe and vlan_mon
modules. If you don‘t need these modules, you may don‘t install this
• git - version-control system for tracking changes, (need for downloading source code)
• libpcre3-dev - source code of pcre lib, accel-ppp need it for use reg expression
• libssl-dev - source code of pcre lib, accel-ppp need it for use regular expression
• liblua5.1-0-dev - this need for create custom username (IPoE) from packet. Script write on lua language
4 Chapter 1. Installation
accel-ppp Documentation, Release latest
After install dependencies, download accel-ppp source code with git client, tree master . Master tree contain actual
patches last release.
mkdir /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build/
Notice:
ended symbols .. sets path to accel-ppp source code, not delete this! Or you can replace it full path to accel-ppp-code
like /opt/accel-ppp-code/
Compile:
make
cpack -G DEB
Install package:
dpkg -i accel-ppp.deb
mv /etc/accel-ppp.conf.dist /etc/accel-ppp.conf
Preparation
Before compile and build package need satisfy some dependencies
• cmake - open-source system that manages the build process
• gcc - GNU Compiler Collection (GCC) is a compiler system
• linux-headers-‘uname -r‘ - source code of current installing linux kernel, need for build ipoe and vlan_mon
modules. If you don‘t need these modules, you may don‘t install this
• git - version-control system for tracking changes, (need for downloading source code)
• libpcre3-dev - source code of pcre lib, accel-ppp need it for use reg expression
• libssl-dev - source code of pcre lib, accel-ppp need it for use regular expression
• liblua5.1-0-dev - this need for create custom username (IPoE) from packet. Script write on lua language
After install dependencies, download accel-ppp source code with git client, tree master . Master tree contain actual
patches last release.
mkdir /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build/
6 Chapter 1. Installation
accel-ppp Documentation, Release latest
Notice:
ended symbols .. sets path to accel-ppp source code, not delete this! Or you can replace it full path to accel-ppp-code
like /opt/accel-ppp-code/
Compile:
make
cpack -G DEB
Install package:
dpkg -i accel-ppp.deb
mv /etc/accel-ppp.conf.dist /etc/accel-ppp.conf
For compile with modules vlan_mon and ipoe on centos need install vanilla linux kernel or elrepo_kernel_inst . If
that not needed, just set -DBUILD_IPOE_DRIVER=FALSE and -DBUILD_VLAN_MON_DRIVER=FALSE on
cmake.
Preparation
Before compile and build package need satisfy some dependencies
• rpm-build - open-source system that manages the build process
• cmake - open-source system that manages the build process
• gcc - GNU Compiler Collection (GCC) is a compiler system
• git - version-control system for tracking changes, (need for downloading source code)
• pcre-devel - source code of pcre lib, accel-ppp need it for use reg expression
• openssl-devel - source code of lib ssl, accel-ppp need it for use regular expression
• lua-devel - this need for create custom username (IPoE) from packet. Script write on lua language
yum -y install rpm-build make cmake gcc git pcre-devel openssl-devel lua-devel
After install dependencies, download accel-ppp source code with git client, tree master . Master tree contain actual
patches last release.
mkdir /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build/
Notice:
ended symbols .. sets path to accel-ppp source code, not delete this! Or you can replace it full path to accel-ppp-code
like /opt/accel-ppp-code/
Compile:
make
cpack -G RPM
Install package:
If accel-ppp was build with modules ipoe and vlan_mon, need next:
8 Chapter 1. Installation
accel-ppp Documentation, Release latest
mv /etc/accel-ppp.conf.dist /etc/accel-ppp.conf
10 Chapter 1. Installation
CHAPTER 2
Configuration
Accel-pppd reads options from configuration file, it usually located at /etc/accel-ppp.conf but may be redefine
daemon input arguments accel-pppd -c /path/to/accel-ppp.conf
Configuration file consists of sections in form:
[section1]
name1=val1
name2=val2
name3
[section2]
....
2.1 [modules]
Note:
There exist order which define modules priority e.g. If ippool module will defined before radius, then ip-addresses
always will assigned from [ip-pool], and Framed-IP-Adresse recived from radius server will be ignored.
• log_file - logging target which logs messages to files. It support per-session/per-user features.
• log_syslog - logging target which logs messages to syslog.
• log_tcp - logging target which logs messages over TCP/IP.
• log_pgsql - logging target which logs messages to PostgreSQL.
• pptp - PPTP controlling connection handling module.
• pppoe - PPPoE discovery stage handling module.
11
accel-ppp Documentation, Release latest
Note:
Can’t change with reload, for apply changes need daemon restart with drop active sessions.
2.2 [core]
Note:
Can’t change with reload, for apply changes need daemon restart with drop active sessions.
2.3 [common]
12 Chapter 2. Configuration
accel-ppp Documentation, Release latest
2.4 [radius]
2.4. [radius] 13
accel-ppp Documentation, Release latest
2.4.1 CoA
2.5 [chap-secrets]
Chap-secret is the module of authentication which works with user authentication data and other data (username, pass-
word, ip address, speed etc.) stored as local file. Currently accel-ppp may works only with one of the authentication
method, chap-secrets or RADIUS. RADIUS has more priority if set in [modules] section. Reomve or #comment
radius from section [modules] if you want use chap-secrets. Example:
[modules]
chap-secrets
#radius
14 Chapter 2. Configuration
accel-ppp Documentation, Release latest
2.5.1 Configuration
Note:
Encryption is incompatible with auth_chap_md5 module.
To enable chap-secrets encryption ablity accel-ppp must be compiled with -DCRYPTO=OPENSSL (which is default).
2.6 [ppp]
The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-
to-point links. PPP also defines an extensible Link Control Protocol. Section [ppp] consist common ppp prams for
PPPoE/PPtP/L2TP/SSTP.
verbose=0|1 Default value is verbose=0
Writes more detailed logs.
2.6. [ppp] 15
accel-ppp Documentation, Release latest
Note:
RADIUS may override this option by MS-MPPE-Encryption-Policy attribute.
16 Chapter 2. Configuration
accel-ppp Documentation, Release latest
2.7 [pppoe]
2.7. [pppoe] 17
accel-ppp Documentation, Release latest
Note:
Also interface may renamed if RADIUS server send attribute NAS-Port-Id with custom name. Length this value
not be more 16 characters.
18 Chapter 2. Configuration
accel-ppp Documentation, Release latest
Note:
For use ippool need add this module to [modules] section, and sets params on section [ip-pool]
vlan-mon=[re:]name[,filter] vlan-mon needs for automatiicaly crate vlans interfaces. Support regular expression
(re:). Parameter specifies list of vlans or ranges of vlans to monitor for and may be in following form:
vlan-mon=eth1,2,5,10,20-30
vlan-timeout=n By default: vlan-timeout=60.
Specifies time on second of vlan inactivity before it will be removed.
vlan-name=pattern By default vlan-name=%I.%N
Specifies pattern of vlan interface name. Pattern may contain following macros:
• %I - name of patern interface.
• %N - number of vlan.
• %P - number of vlan of parent interface.
2.8 [pptp]
2.8. [pptp] 19
accel-ppp Documentation, Release latest
Note:
Also interface may renamed if RADIUS server send attribute NAS-Port-Id with custom name. Length this value
not be more 16 characters.
Note:
For use ippool need add this module to [modules] section, and sets params on section [ip-pool]
2.9 [l2tp]
20 Chapter 2. Configuration
accel-ppp Documentation, Release latest
By default timeout=1
Specifies timeout (in seconds) to wait message acknowledge, if elapsed message retransmition will be per-
formed. Timeout is multiplied by two after each retransmission. So if rtimeout is set to 1, first retransmission
will occur after one second, second retransmission two seconds later, third one four seconds later, and so on,
until a reply is received or the retransmit value is reached.
rtimeout-cap=n By default rtimeout-cap=16
Set the maximum interval between retransmissions. The exponential backoff interval used by rtimeout will
never grow above rtimeout-cap. rtimeout-cap must be higher than rtimeout and, according to RFC 2661, must
be no less than 8 (though accel-ppp doesn’t enforce this rule).
retransmit=n By default retransmit=5
Specifies maximum number of message retransmission, if exceeds connection will be terminated.
mppe=deny|allow|prefer|require By default is not defined.
Default behavior - don’t ask client for mppe, but allow it if client wants.
secret=string By default is not defined.
Specifies secret to connect to server.
hide-avps=0|1 By default hide-avps=0
If this option is given and hide-avps=1, then attributes sent in L2TP packets will be hidden (for AVPs that
support it).
dataseq=deny|allow|prefer|require By default dataseq=allow
Specify data sequencing negotiation algorithm:
• deny - don’t send data packets with sequence numbers
• allow - send data packets with sequence numbers if peer have requested so only
• prefer - send data packets with sequence numbers and enable same for peer
• require - send data packets with sequence numbers and enforce same for peer
reorder-timeout=n By default reorder-timeout=0
Specifies timeout in milliseconds to wait for out-of-order packets. If 0, don’t try to reorder.
use-ephemeral-ports=0|1 By default use-ephemeral-ports=0
Specifies if an arbitrary source port is used when replying to a tunnel establishment request. When this option is
deactivated, the destination port of the incoming request (SCCRQ) is used as source port for the reply (SCCRP).
ppp-max-mtu=n By default ppp-max-mtu=1420
Set the maximun MTU value that can be negociated for PPP over L2TP sessions.
ifname=ifname By default is not defined.
If this option is given ppp interface will be renamed using ifname as a template, i.e ifname=l2tp%d => l2tp0.
Note:
Also interface may renamed if RADIUS server send attribute ‘‘NAS-Port-Id with custom name. Length this value not
be more 16 characters.
avp_permissive=0|1
2.9. [l2tp] 21
accel-ppp Documentation, Release latest
dir300_quirk=0|1
2.10 [ipoe]
Methot authenication users, control sessions and dilivery without any tunnel “called” as IPoE (IP over Ethernet).
Accel-ppp support L2 and L3 topologies and start sessions on DHCP Discover or unclacified packet.
Develop auxiliary kernel module for sessions start on unclassified packet and shared interfaces. This module creates
virtual interface, an analogue of ifb and used for sessions shaper and One-to-one NAT.
The difference between L2 and L3. L2 incoming packet will be checked for the mac address set at the session start, and
outgoing packets will be sent straight to this mac address without additional ARP requests, which provides protection
against IP/mac address spoofing. In the case of L3, the outgoing packet will be routed according to the established
routing rules.
22 Chapter 2. Configuration
accel-ppp Documentation, Release latest
Note:
For use ippool need add this module to [modules] section, and sets params on section [ip-pool]
vlan-mon=[re:]name[,filter] vlan-mon needs for automatiicaly crate vlans interfaces, more often on vlan-per-user
schemas. Support regular expression (re:). Parameter specifies list of vlans or ranges of vlans to monitor for
and may be in following form: vlan-mon=eth1,2,5,10,20-30
vlan-timeout=n By default: vlan-timeout=60. Specifies time on second of vlan inactivity before it will be
removed.
2.10. [ipoe] 23
accel-ppp Documentation, Release latest
Log output:
debug: libnetlink: RTNETLINK answers: Invalid argument
24 Chapter 2. Configuration
accel-ppp Documentation, Release latest
local-net=100.64.0.0/24
local-net=192.168.0.0/24
local-net=172.16.0.0/24
attr-dhcp-client-ip=DHCP-Client-IP-Address
Note:
If set custom attribute then need add its for both (radius server and accel-ppp) dictionaries.
attr-dhcp-router-ip=DHCP-Gateway-IP-Address
Note:
If set custom attribute then need add its for both (radius server and accel-ppp) dictionaries.
attr-dhcp-mask=DHCP-Subnet-Mask
Note:
If set custom attribute then need add its for both (radius server and accel-ppp) dictionaries.
2.10. [ipoe] 25
accel-ppp Documentation, Release latest
Specifies address to be used as server ip address if radius can assign only client address. In such case if client
address is matched network and mask then specified address and mask will be used. You can specify multiple
such options. For example:
gw-ip-address=100.64.0.1/24
gw-ip-address=192.168.0.1/24
gw-ip-address=172.16.0.0/24
Note:
Need add custom attribute in both radius and accel-ppp dictionaries. By default dictionary is located at /usr/
share/accel-ppp/radius/dictionary if accel-ppp build as pkg DEB or RPM. Dictionary path may be
redefine in section [radius].
Example adding custom attribute:
Explain:
Clients from 1 to 999 take DHCP offers without delay, client from 1000 to 2499 take DHCP offers with delay 100
ms, clients from 2500 to 4999 take DHCP offers with delay 200 ms, clients from 5000 to 9999 take DHCP offers with
delay 300 ms, last client take DHCP offer with delay 400 ms and accel-ppp no more accept connections.
26 Chapter 2. Configuration
accel-ppp Documentation, Release latest
Note:
Per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received
weight.
interface=eth0,mode=L3,start=UP,shared=1
interface=^eth1\.[0-9]+\.[0-9][0-9][0-9]$,mode=L2,shared=0,start=dhcpv4,mtu=1500,
˓→ifcfg=1
The mode=L2|L3 parameter specifies client connectivity mode. If mode=L2 then it means that clients are on same
network where interface is. mode=L3 means that client are behind some router.
The shared=0|1 parameter specifies where interface is shared by multiple users or it is vlan-per-user.
The start=dhcpv4|up|auto parameter specifies which way session starts.
• dhcpv4 - start by DHCP Discover packet.
• up - start by unclassified packet.
• auto - means automatically start session with username=interface name. Use it with conjunction
vlan_mon.
The ipv6
The mtu=n parameter specifies whether accel-ppp should change MTU(maximum transmission unit) on interfaces.
By default not set and MTU value inherited from root interface. Often used for vlan-per-user (QinQ).
The range=x.x.x.x/mask parameter specifies local range of ip address to give to dhcp clients. First IP in range
is router IP. If you need more customization use ip-pool instead of range.
The ifcfg=0|1 parameter specifies whether accel-ppp should add router IP address and route to client to interface
or it is explicitly configured. By default inheris global ifcfg value.
2.10. [ipoe] 27
accel-ppp Documentation, Release latest
The relay=x.x.x.x parameter specifies DHCPv4 relay IP address to pass requests to. If specified giaddr is also
needed.
The giaddr=x.x.x.x parameter specifies relay agent IP address.
The src=x.x.x.x parameter specifies ip address to use as source when adding route to client.
The proxy-arp=0|1|2 parameter specifies whether accel-ppp should reply to arp requests.
The username=ifname|lua:function_name allow set custom LUA function to form username from packet
header information. Often used this param on varius BRAS connection type.
ipv6=0|1 will activate support ipv6 on interface. If not defined, inherit global params.
weight=n is load balancing mechanism based on weight. weight=0 has special meaning as backup (fail-over)
interface, f.e. it terminates session on any received weight.
2.11 [dns]
Note:
Params in this section also may be applied with accel-cmd reload command, but for new connections.
Also accel-ppp has very interesting way to allocate DNS addresses which sended RADIUS server. Recived RADIUS
attributes is more prior than params in config. For ppp (pppoe, pptp, l2tp, sstp) connection type used attributes
MS-Primary-DNS-Server, MS-Secondary-DNS-Server. For ipoe connection type need send attributes
DHCP-Domain-Name-Server
+----+-------------------+-------------------------+----+-------------------------+
| id | username | attribute | op | value |
+----+-------------------+-------------------------+----+-------------------------+
| 1 | user | DHCP-Domain-Name-Server | := | 100.64.254.254 |
| 2 | user | DHCP-Domain-Name-Server | := | 192.168.254.254 |
+----+-------------------+-------------------------+----+-------------------------+
| id | username | attribute | op | value |
+----+-------------------+-------------------------+----+-------------------------+
| 3 | user | MS-Primary-DNS-Server | := | 100.64.254.254 |
| 4 | user | MS-Secondary-DNS-Server | := | 192.168.254.254 |
2.12 [ipv6-dns]
28 Chapter 2. Configuration
accel-ppp Documentation, Release latest
Note:
Also DNS addresses may be described like
[ipv6-dns]
2001:4860:4860::8888
2001:4860:4860::8844
2.13 [ipv6-pool]
fc00:0:1:0::/64
fc00:0:1:1::/64
...
fc00:0:1:ffff::/64
2.14 [ipv6-nd]
2.13. [ipv6-pool] 29
accel-ppp Documentation, Release latest
2.15 [ipv6-dhcp]
2.16 [shaper]
Accel-ppp support many ways customisation rate-limit. Also limiting clients bandwidths sometimes called as QoS
(Quality of Service), but QoS has more possibilities. For enable rate-liniter, we can sets shaper in section
[modules].
vendor=Cisco
attr=Cisco-AVPair
vendor=Mikrotik
attr=Mikrotik-Rate-Limit
30 Chapter 2. Configuration
accel-ppp Documentation, Release latest
2.16. [shaper] 31
accel-ppp Documentation, Release latest
2.16.2 Examples
Fiter-Id
Cisco AVPair
Mikrotik
2.17 [log]
32 Chapter 2. Configuration
accel-ppp Documentation, Release latest
For rotation logs can be used system logrotate utility. Needs create file /etc/logrotate.d/accel-ppp and put
next:
/var/log/accel-ppp/*.log {
missingok
sharedscripts
postrotate
test -r /var/run/accel-pppd.pid && kill -HUP `cat /var/run/accel-pppd.pid`
endscript
}
Note:
For correct work logrotate utility need run accel-pppd daemon with -p /var/run/accel-pppd.pid argu-
ment.
Caution: If accel-ppp run with gdb (GNU debugger) for find bugs, you need disable logs rotation, because it will
makes to daemon crash.
2.18 [cli]
2.18. [cli] 33
accel-ppp Documentation, Release latest
34 Chapter 2. Configuration
accel-ppp Documentation, Release latest
2.19 [pppd-compat]
Configuration of pppd_compat module. Often used for creation custom shaper or other custom triks. This module
starts pppd compatible ip-up/ip-down scripts and ip-change to handle RADIUS CoA request.
2.19. [pppd-compat] 35
accel-ppp Documentation, Release latest
36 Chapter 2. Configuration
CHAPTER 3
Control features
37
accel-ppp Documentation, Release latest
shaper change all <value> [temp] - change shaper on all interfaces, if temp is set
˓→also new interfaces will have specified shaper value
shaper restore all - restores shaper settings on all interfaces made by 'shaper change
˓→' command with 'temp' flag
3.1 accel-cmd
This application is very powerful and often used if you have cli connection. Be default accel-ppp listen TCP port
2000 for input/output with accel-cmd. However telnet has same functions, but accel-cmd is more comfortable, allow
send command without enter in to another environment. Detail about cli you may read at [cli] .Let’s revise accel-cmd
possible commands.
• accel-cmd show stat - one of more important command, allow display accel-ppp daemon statistics and infor-
mation about connections types and something counters such as RADIUS auth, acct summary and lost queries.
Detail below:
3.2 telnet
3.4 snmp
3.2. telnet 39
accel-ppp Documentation, Release latest
Recommendations
To enable packet forwarding need edit /etc/sysctl.conf and add or uncomment next:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
For apply this params now, use command sysctl -p or after reboot server this params will be applied automatically.
4.2 MTU
If used vlan-per-user often required 802.1ad standard also called as QinQ or Q-in-Q, then need to set MTU on main
interface and S-VLAN, because adding to headed one more field. Interface which using QinQ usualy consist of
<interface_name>.<S-VLAN>.<C-VLAN>. S-VLAN (Service VLAN) is TAG which wrap C-VLAN (Cus-
tomer VLAN).
As example:
MTU
1514
| 1514
| | 1500
| | |
eth0.2001.101
| | |
| | C-VLAN
| S-VLAN
Interface
41
accel-ppp Documentation, Release latest
Note:
If used bonding need change MTU on bonding (bond0) and slaves (eth0, eth1 . . . ) interfaces.
If accel-ppp used as DHCP BRAS important to increase ARP cache size, otherwise you can cache overflow and clients
have lost connections. Edit /etc/sysctl.conf and add next:
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 12288
net.ipv6.neigh.default.gc_thresh1 = 4096
net.ipv6.neigh.default.gc_thresh2 = 8192
net.ipv6.neigh.default.gc_thresh3 = 12288
For apply this params now, use command sysctl -p or after reboot server this params will be applied automatically.
42 Chapter 4. Recommendations
CHAPTER 5
BRAS tuning
5.1.1 RSS
5.1.2 RPS
43
accel-ppp Documentation, Release latest
Examples
Important that accel-ppp was built with lua support cmake -DLUA=TRUE or if system has more modern lua version,
need this sets, for example cmake -DLUA=5.3
Example accel-ppp configuration:
[ipoe]
lua-file=/etc/accel-ppp.lua
username=lua:username_func
Create /etc/accel-ppp.lua and edit. Example for D-link switches with Option 82:
#!lua
function username_func(pkt)
v,b1,b2,b3,b4=string.unpack(pkt:agent_remote_id():sub(-4),'bbbb')
ip=b1..'.'..b2..'.'..b3..'.'..b4
v,port=string.unpack(string.sub(pkt:agent_circuit_id(),'-1'),'b')
local username=ip..'-'..port
-- print(username)
return username
end
45
accel-ppp Documentation, Release latest
Note:
All function return type string, except for options()
Also to accel-ppp includes packet lpack for disassemble binary data. It add to object string aditional function
unpack(binary, fmt), where binary is string which contain binary data, and fmt is data format. To fmt
may be sets next data types:
z - zero terminated string
p - string precended by length byte
P - string precended by length word
f - float
d - double
c - int8_t
b - uint8_t
h - int16_t
H - uint16_t
i - int32_t
I - uint32_t
l - int64_t
L - uint64_t
< - little endian
> - big endian
= - native endian
46 Chapter 6. Examples
CHAPTER 7
Debugging
kernel.core_uses_pid = 1
kernel.core_pattern = /root/core-%e-%p
int main() {
*(char *)0 = 0;
return 0;
}
47
accel-ppp Documentation, Release latest
48 Chapter 7. Debugging