我们有一个直接连接到瞻博网络 MX104 BNG 的 VoD 服务器。Juniper MX104 还充当 BRAS。现在,如果任何用户访问该 VoD 服务器,所有传入和传出流量都会添加到用户的记帐详细信息中,但是,对于这个特定的 VoD 服务器,我们不希望将数据添加到用户的每月允许配额中。请建议我们如何获得这种机制。
谢谢你。
没有特定服务器的 RADIUS 记帐
网络工程
防火墙
杜松
pppoe
半径
会计
2022-02-15 08:21:32
2个回答
您需要使用瞻博网络的每服务会话记帐。
简而言之,这涉及使用防火墙过滤器定义服务,为每个订阅者应用这些服务,然后 MX 将为每个订阅者的每个服务发送独立的 RADIUS 记帐更新。
在您的情况下,您将定义一个 VoD 或通用不计费服务,使用与您的 VoD 服务器和您不希望计算的任何其他本地资源匹配的防火墙过滤器,然后将此作为服务应用到您的每个订阅者。
然后,您将应用第二个服务来覆盖所有其他流量,这就是您实际计算的内容。
由于链接失效,NE StackExchange 不鼓励链接到其他站点,但请搜索“Junos 配置每服务会话记帐”
好的,这就是我为实现特定服务器不记帐所做的工作:
- 配置服务配置文件 INTERNET 和 SERVER。
- 仅为 INTERNET 启用服务会计。MX 将为 INTERNET 启动每个服务记帐。
- SERVER 优先。因此,任何匹配 VoD 服务器的流量都不会被计算在内。防火墙配置具有 service-filter-hit 术语,这意味着与此 Service-Profile 匹配的流量应绕过 Service-Profile INTERNET。
配置
mist@ERX-MX960-II-RE0# show dynamic-profiles PPPOE-PROFILE
interfaces {
pp0 {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
targeted-distribution;
keepalives interval 30;
family inet {
unnumbered-address lo0.0;
}
}
}
}
mist@ERX-MX960-II-RE0# show dynamic-profiles SERVER
variables {
SERVER-IN uid;
SERVER-OUT uid;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$SERVER-IN" precedence 60;
output "$SERVER-OUT" precedence 60;
}
}
}
}
}
firewall {
family inet {
filter "$SERVER-IN" {
interface-specific;
term 1 {
from {
destination-address {
200.200.200.2/32;
}
}
then {
service-accounting;
service-filter-hit;
accept;
}
}
}
filter "$SERVER-OUT" {
interface-specific;
term 1 {
from {
source-address {
200.200.200.2/32;
}
}
then {
service-accounting;
service-filter-hit;
accept;
}
}
}
}
}
mist@ERX-MX960-II-RE0# show dynamic-profiles INTERNET
variables {
Bandwidth-IN mandatory;
Burst-IN mandatory;
Bandwidth-OUT mandatory;
Burst-OUT mandatory;
INTERNET-IN uid;
INTERNET-OUT uid;
Policer-IN uid;
Policer-OUT uid;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$INTERNET-IN" precedence 100;
output "$INTERNET-OUT" precedence 100;
}
}
}
}
}
firewall {
family inet {
filter "$INTERNET-IN" {
interface-specific;
term 1 {
from {
service-filter-hit;
}
then accept;
}
term 2 {
then {
policer "$Policer-IN";
service-accounting;
accept;
}
}
}
filter "$INTERNET-OUT" {
interface-specific;
term 1 {
from {
service-filter-hit;
}
then accept;
}
term 2 {
then {
policer "$Policer-OUT";
service-accounting;
accept;
}
}
}
}
policer "$Policer-IN" {
filter-specific;
if-exceeding {
bandwidth-limit "$Bandwidth-IN";
burst-size-limit "$Burst-IN";
}
then discard;
}
policer "$Policer-OUT" {
filter-specific;
if-exceeding {
bandwidth-limit "$Bandwidth-OUT";
burst-size-limit "$Burst-OUT";
}
then discard;
}
}
流量如下
- 订阅者登录 MX。
- Radius 将返回属性以激活服务器和 INTERNET 配置文件。
- MX 将激活服务,即服务器和 Internet。
- 仅对服务配置文件 INTERNET 激活记帐。
- 优先选择服务器而不是 Internet [低优先级更优先]。因此,与服务配置文件服务器匹配的流量将使用 service-filter-hit 术语绕过 Internet 服务器。
半径属性
Cleartext-Password := "mist123"
ERX-Service-Activate:1 += "SERVER",
ERX-Service-Activate:2 += "INTERNET(100M,1M,200M,2M)",
ERX-Service-Acct-Interval:2 += "600",
ERX-Service-Statistics:2 += time-volume
下面是测试
mist@ERX-MX960-II-RE0# run show subscribers extensive
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.3221225495
Interface type: Dynamic
Underlying Interface: ae0
Dynamic Profile Name: DYN-VLAN-Q-IN-Q-AE-PROFILE
Dynamic Profile Version: 1
State: Active
Session ID: 100034
PFE Flow ID: 40068
Stacked VLAN Id: 0x8100.1
VLAN Id: 0x8100.1
Login Time: 2017-04-11 13:21:34 IST
Type: PPPoE
User Name: test@erx.com
IP Address: 10.200.0.12
IP Netmask: 255.255.255.255
Domain name server inet: 8.8.4.4
Domain name server inet6: 2001:4860:4860::8844
Logical System: default
Routing Instance: default
Interface: pp0.3221225496
Interface type: Dynamic
Underlying Interface: demux0.3221225495
Dynamic Profile Name: PPPOE-PROFILE
Dynamic Profile Version: 1
MAC Address: 00:16:01:00:00:01
State: Active
Radius Accounting ID: 100035
Session ID: 100035
PFE Flow ID: 40069
Stacked VLAN Id: 1
VLAN Id: 1
Login Time: 2017-04-11 13:21:34 IST
Service Sessions: 2
IP Address Pool: ipv4-pool
Accounting interval: 600
Service Session ID: 100036
Service Session Name: SERVER
Service Session Version: 1
State: Active
Family: inet
IPv4 Input Filter Name: SERVER-IN_UID4030-pp0.3221225496-in
IPv4 Output Filter Name: SERVER-OUT_UID4031-pp0.3221225496-out
Service Activation time: 2017-04-11 13:21:35 IST
Dynamic configuration:
SERVER-IN: SERVER-IN_UID4030
SERVER-OUT: SERVER-OUT_UID4031
Service Session ID: 100037
Service Session Name: INTERNET
Service Session Version: 1
State: Active
Family: inet
IPv4 Input Filter Name: INTERNET-IN_UID4033-pp0.3221225496-in
IPv4 Output Filter Name: INTERNET-OUT_UID4035-pp0.3221225496-out
Service Activation time: 2017-04-11 13:21:35 IST
Accounting interval service: 600
Dynamic configuration:
Bandwidth-IN: 100M
Bandwidth-OUT: 200M
Burst-IN: 1M
Burst-OUT: 2M
INTERNET-IN: INTERNET-IN_UID4033
INTERNET-OUT: INTERNET-OUT_UID4035
Policer-IN: Policer-IN_UID4032
Policer-OUT: Policer-OUT_UID4034
mist@ERX-MX960-II-RE0# run show interfaces pp0.3221225496 extensive
Logical interface pp0.3221225496 (Index 536910981) (SNMP ifIndex 200040069) (Generation 40042)
Flags: Up Point-To-Point Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 1,
Session AC name: MX960, Remote MAC address: 00:16:01:00:00:01,
Underlying interface: demux0.3221225495 (Index 536910980)
Traffic statistics:
Input bytes : 62560176
Output bytes : 63087314
Input packets: 82050
Output packets: 82061
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 62560176 107112 bps
Output bytes : 63087314 36288 bps
Input packets: 82050 10 pps
Output packets: 82061 10 pps
Keepalive settings: Interval 30 seconds, Up-count 3, Down-count 3
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
CHAP state: Closed
PAP state: Success
Protocol inet, MTU: 1492, Generation: 0, Route table: 0
Flags: Unnumbered
Donor interface: lo0.0 (Index 322)
Input Filters: SERVER-IN_UID4030-pp0.3221225496-in (60), INTERNET-IN_UID4033-pp0.3221225496-in (100)
Output Filters: SERVER-OUT_UID4031-pp0.3221225496-out (60), INTERNET-OUT_UID4035-pp0.3221225496-out (100)
Addresses, Flags: Is-Primary
Destination: Unspecified, Local: 10.200.0.1, Broadcast: Unspecified, Generation: 0
mist@ERX-MX960-II-RE0# run show firewall
Filter: __default_bpdu_filter__
Filter: SERVER-IN_UID4030-pp0.3221225496-in
Counters:
Name Bytes Packets
__junos-dyn-service-counter 60341436 78894
Filter: SERVER-OUT_UID4031-pp0.3221225496-out
Counters:
Name Bytes Packets
__junos-dyn-service-counter 60848755 78905
Filter: INTERNET-IN_UID4033-pp0.3221225496-in
Counters:
Name Bytes Packets
__junos-dyn-service-counter 0 0
Policers:
Name Bytes Packets
Policer-IN_UID4032-pp0.3221225496-in 0 0
Filter: INTERNET-OUT_UID4035-pp0.3221225496-out
Counters:
Name Bytes Packets
__junos-dyn-service-counter 0 0
Policers:
Name Bytes Packets
Policer-OUT_UID4034-pp0.3221225496-out 0 0
其它你可能感兴趣的问题