Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

Description

The module performs the following functions:

  • Authorization and authentication of users connected via BRAS (the mechanism allows providing user service based on third-party vendors' access points).
  • Accumulation of accounting for all authorization mechanisms and transferring it to a database.
  • Controlling the number of Wi-Fi users' simultaneous sessions for all authorization mechanisms.
  • Deauthentication of Wi-Fi users authorized via WPA-enterprise modes and BRAS.
  • License control and notifying an administrator of the approaching the time limit (every day at exceeding 90%) or the session number limit (every hour at exceeding 90%).


The console is available at the following link: 'http://<ip address pcrf>:7070/pcrf'.


Service management

Operation

Command

Response

Status check

service eltex-pcrf status


Service is running

* eltex-pcrf process is running

  • Service is waiting

* eltex-pcrf process is not running

Service start

service eltex-pcrf start


Service has been started 

* Starting eltex-pcrf

The service is already running 

* eltex-pcrf is already running

Service stop

service eltex-pcrf stop



Service has been stopped successfully

* Stopping eltex-pcrf


Service has not been stopped, as it was not started

* eltex-pcrf is not running

Service restart

service eltex-pcrf restart


Service has been restarted successfully

* Stopping eltex-pcrf

* Starting eltex-pcrf

* eltex-pcrf is not running

* Starting eltex-pcrf



Configuration

/etc/default/eltex-pcrf


Contains basic parameters for application launch. Default configuration example:

# Eltex.PCRF Server daemon parameters

# Location of java binary
JAVA=/usr/bin/java

# Initial size of Java heap
JAVA_INIT_HEAP=256m
# Maximum size of Java heap
JAVA_MAX_HEAP=512m

# To monitor via JMX - jconsole to host:port
#JMX_OPTS="-Dcom.sun.management.jmxremote \
#-Dcom.sun.management.jmxremote.port=8085 \
#-Dcom.sun.management.jmxremote.authenticate=false \
#-Dcom.sun.management.jmxremote.ssl=false \
#-Djava.rmi.server.hostname=127.0.0.1"

# Options for Java Garbage Collector
GC_OPTS="-XX:+UseParallelGC \
-XX:+PrintGCDateStamps \
-XX:+PrintGCDetails \
-XX:+UseGCLogFileRotation \
-XX:NumberOfGCLogFiles=7 \
-XX:GCLogFileSize=5M \
-Xloggc:/var/log/eltex-pcrf/gc.log"
# Without log
#GC_OPTS="-XX:+UseParallelGC"

# Additional arguments to pass to java
HEAP_DUMP_OPTS="-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/eltex-pcrf"

# Summary JAVA_OPTS used by daemon
JAVA_OPTS="$JMX_OPTS $GC_OPTS $HEAP_DUMP_OPTS"

# Send notification
#NOTIFICATION_ADDR="admin@mail.loc"


Parameter

Description

Location of java binary JAVA=/usr/bin/java

Java machine location

JAVA_INIT_HEAP=256m JAVA_MAX_HEAP=512m

The amount of memory allocated for application operation

/etc/eltex-pcrf/eltex-pcrf.json


{
  "auth.address" : "0.0.0.0",
  "auth.port" : 31812,
  "auth.mac.open.timeout.s" : 3600,
  "auth.mac.welcome.service" : "WELCOME",

  "acct.address" : "0.0.0.0",
  "acct.ports" : [1813, 31813],

  "lease.saver.address" : "0.0.0.0",
  "lease.saver.port" : 4381,

  "aaa.instances" : 5,
  "aaa.host" : "127.0.0.1",
  "aaa.secret" : "testing123",
  "aaa.auth.port" : 1812,
  "aaa.acct.port" : 1813,
  "aaa.rest.port" : 7080,
  "aaa.timeout" : 10,
  "aaa.attempts" : 1,

  "web.monitoring.port" : 7070,

  "cluster.enable" : false,
  "cluster.eventBusPort" : 5801,

  "radius" : {
    "url" : "jdbc:mysql://localhost/radius?useUnicode=true&characterEncoding=utf8&relaxAutoCommit=true&connectTimeout=5000&autoReconnect=true",
    "user" : "javauser",
    "password" : "javapassword",
    "max_pool_size" : 16
  },
  
  "mongo.pcrf" : {
    "connection_string": "mongodb://localhost:27017/pcrf?waitQueueMultiple=500&connectTimeoutMS=10000&socketTimeoutMS=0",
    "db_name": "pcrf"
  },

  "mongo.ott" : {
    "connection_string": "mongodb://localhost:27017/ott?waitQueueMultiple=500&connectTimeoutMS=10000&socketTimeoutMS=0",
    "db_name": "ott"
  },

  "session.storage" : {
    "session.check.period.s" : 300,
    "unauth.store.time.s" : 600,
    "interval.number.expired" : 3,
    "min.interval.s" : 45,
    "default.interval.s" : 600
  },

  "bras.coa" : {
    "coa.timeout" : 10,
    "coa.attempts" : 1,
    "remote.coa.port" : 3799,
    "executor.size" : 100,
    "log.clean.period.s" : 600,
    "log.store.period" : {
      "period" : 14,
      "unit" : "D"
    }
  },

  "sql.ems" : {
    "url" : "jdbc:mysql://localhost/eltex_ems?useUnicode=true&characterEncoding=utf8&relaxAutoCommit=true&connectTimeout=5000&autoReconnect=true",
    "user" : "javauser",
    "password" : "javapassword",
    "max_pool_size" : 16
  },

  "sql.wireless" : {
    "url" : "jdbc:mysql://localhost/wireless?useUnicode=true&characterEncoding=utf8&relaxAutoCommit=true&connectTimeout=5000&autoReconnect=true",
    "user" : "javauser",
    "password" : "javapassword",
    "max_pool_size" : 16
  },

  "ngw" : {
    "host" : "localhost",
    "port" : 8040
  },

  "language" : "en",

  "radius.nbi" : {
    "wdsl.url" : "http://localhost:8080/axis2/services/RadiusNbiService?wsdl",
    "username" : "admin",
    "password" : "password",
    "connection.timeout.ms" : 30000,
    "request.timeout.ms" : 120000
  },

  "tariffs.update.interval" : {
    "interval" : 1,
    "unit" : "hours"
  }

}

Parameter

Description

Authorization settings


auth.address

Server interface expecting authorization requests

auth.port

Server port receiving authorization requests

auth.mac.open.timeout.s

Default "open authorization" timeout which is used if not redefined in portal settings

auth.mac.welcome.service

Default welcome service which is used if not redefined in tariff settings

Accounting settings


acct.address

Server interface expecting accounting

acct.port

Server port receiving accounting packets

Settings for Wi-Fi users authorization via BRAS


aaa.instances


aaa.host

Eltex.RADIUS service address

aaa.secret

RADIUS key

aaa.auth.port

The port to which authorization requests are sent

aaa.acct.port

The port to which accounting packets are sent

aaa.rest.port

The port to exchange service commands with Eltex.RADIUS

aaa.timeout

Response timeout

aaa.attempts

The number of packet sending attempts

The monitoring port


web.monitoring.port

The port for console operation and monitoring

Clustering


cluster.enable

Enabling clustering

cluster.eventBusPort

The port for data exchange with cluster nodes

MySQL database connection settings ('radius', 'eltex_ems', 'wireless')


url

MySQL database connection string

user

The login for database connection

password

The password for database connection

max_pool_size

The maximum number of connections

Mongo database connection, PCRF and OTT collection


connection_string

URL for Mongo connection

db_name

The name of the database to which the connection is made to (duplicate the content of URI)

Mongo active session parameters


session.check.period.s

Checking period of stored sessions relevance. If a session is closed during the check period, or if its storage time is up, it will be deleted from a database.

unauth.store.time.s

Storage period of unauthorized BRAS users' sessions.

interval.number.expired

The number of missed accounting intervals, upon the exceeding of which a session is considered to be "hanging" and should be closed.

min.interval.s

The minimum accounting interval that is used to calculate hanging sessions.

default.interval.s

The default accounting interval that is saved to a session right after its creation.

CoA sending parameters


coa.timeout

Command response timeout

coa.attempts

The number of resendings

remote.coa.port

The port to which commands will be sent

executor.size

The number of commands executed simultaneously

log.store.period

Results storage time

log.store.period

Command execution logs storage time

NGW interaction parameters


host

Notification GW service's address

port

The port for receiving notification requests

Setting a language for error messages


language

The language used for logging, "en" by default. "ru" value can be selected as well, but not all the logs are translated to Russian.

Setting NBI service connection


wdsl.url

The address for NBI service requests

username

Account login

password

Account password

connection.timeout.ms

Service connection timeout

request.timeout.ms

Service request timeout

Tariff update interval


interval

Tariff update interval

unit

Measurement units ("hours" by default)

/etc/eltex-pcrf/hazelcast-cluster-network.xml

This file contains configuration of Hazelcast cluster that is used for PCRF nodes grouping.


Example of default configuration of group and network sections (containing parameters for PCRF neighbouring nodes connection):

<hazelcast>

    <!-- You can separate your clusters in a simple way by specifying group names. -->
    <group>
        <name>dev</name>
    </group>

    <network>
        <!-- Write here public address of the node -->
        <public-address>192.168.0.1</public-address>
        <port auto-increment="false" port-count="100">5701</port>
        <outbound-ports>
            <ports>0</ports>
        </outbound-ports>
        <join>
            <multicast enabled="false"/>
            <tcp-ip enabled="true">
                <!-- Write here IP of all members of the cluster (including this) -->
                <member>192.168.0.1</member>
                <member>192.168.0.2</member>
            </tcp-ip>
            <discovery-strategies>
            </discovery-strategies>
        </join>
        <interfaces enabled="true">
            <!-- Write here IP of the interface to use for cluster -->
            <interface>192.168.0.1</interface>
        </interfaces>
        <ssl enabled="false"/>
        <socket-interceptor enabled="false"/>
        <symmetric-encryption enabled="false">
            <algorithm>PBEWithMD5AndDES</algorithm>
            <!-- salt value to use when generating the secret key -->
            <salt>thesalt</salt>
            <!-- pass phrase to use when generating the secret key -->
            <password>thepass</password>
            <!-- iteration count to use when generating the secret key -->
            <iteration-count>19</iteration-count>
        </symmetric-encryption>
    </network>
</hazelcast>


Parameter

Description

<name>dev</name>

Node name (it should be the same for all devices). If nodes have different names, they are not grouped into a cluster.

<public-address>192.168.0.1</public-address>

Node's own address in a cluster.

<member>192.168.0.1</member>
<member>192.168.0.2</member>

The list of cluster members (specify both own address and all cluster nodes' addresses).

<interface>192.168.0.1</interface>

Address of node interface in a cluster (it usually equals public-address).

  • Нет меток