Description
The module performs the following functions:
- Authorization and authentication of users connected via BRAS (the mechanism allows providing user service based on third-party vendors' access points).
- Accumulation of accounting for all authorization mechanisms and transferring it to a database.
- Controlling the number of Wi-Fi users' simultaneous sessions for all authorization mechanisms.
- Deauthentication of Wi-Fi users authorized via WPA-enterprise modes and BRAS.
- License control and notifying an administrator of the approaching the time limit (every day at exceeding 90%) or the session number limit (every hour at exceeding 90%).
Service management
Operation | Command | Response |
Status check | service eltex-pcrf status | Service is running
|
Service start |
| Service has been started * Starting eltex-pcrfThe service is already running * eltex-pcrf is already running |
Service stop |
| Service has been stopped successfully
Service has not been stopped, as it was not started
|
Service restart |
| Service has been restarted successfully
|
Configuration
/etc/default/eltex-pcrf
Contains basic parameters for application launch. Default configuration example:
Parameter | Description |
Location of java binary JAVA=/usr/bin/java | Java machine location |
JAVA_INIT_HEAP=256m JAVA_MAX_HEAP=512m | The amount of memory allocated for application operation |
/etc/eltex-pcrf/eltex-pcrf.json
{
"auth.address" : "0.0.0.0",
"auth.port" : 31812,
"auth.mac.open.timeout.s" : 3600,
"auth.mac.welcome.service" : "WELCOME",
"acct.address" : "0.0.0.0",
"acct.ports" : [1813, 31813],
"lease.saver.address" : "0.0.0.0",
"lease.saver.port" : 4381,
"aaa.instances" : 5,
"aaa.host" : "127.0.0.1",
"aaa.secret" : "testing123",
"aaa.auth.port" : 1812,
"aaa.acct.port" : 1813,
"aaa.rest.port" : 7080,
"aaa.timeout" : 10,
"aaa.attempts" : 1,
"web.monitoring.port" : 7070,
"cluster.enable" : false,
"cluster.eventBusPort" : 5801,
"radius" : {
"url" : "jdbc:mysql://localhost/radius?useUnicode=true&characterEncoding=utf8&relaxAutoCommit=true&connectTimeout=5000&autoReconnect=true",
"user" : "javauser",
"password" : "javapassword",
"max_pool_size" : 16
},
"mongo.pcrf" : {
"connection_string": "mongodb://localhost:27017/pcrf?waitQueueMultiple=500&connectTimeoutMS=10000&socketTimeoutMS=0",
"db_name": "pcrf"
},
"mongo.ott" : {
"connection_string": "mongodb://localhost:27017/ott?waitQueueMultiple=500&connectTimeoutMS=10000&socketTimeoutMS=0",
"db_name": "ott"
},
"session.storage" : {
"session.check.period.s" : 300,
"unauth.store.time.s" : 600,
"interval.number.expired" : 3,
"min.interval.s" : 45,
"default.interval.s" : 600
},
"bras.coa" : {
"coa.timeout" : 10,
"coa.attempts" : 1,
"remote.coa.port" : 3799,
"executor.size" : 100,
"log.clean.period.s" : 600,
"log.store.period" : {
"period" : 14,
"unit" : "D"
}
},
"sql.ems" : {
"url" : "jdbc:mysql://localhost/eltex_ems?useUnicode=true&characterEncoding=utf8&relaxAutoCommit=true&connectTimeout=5000&autoReconnect=true",
"user" : "javauser",
"password" : "javapassword",
"max_pool_size" : 16
},
"sql.wireless" : {
"url" : "jdbc:mysql://localhost/wireless?useUnicode=true&characterEncoding=utf8&relaxAutoCommit=true&connectTimeout=5000&autoReconnect=true",
"user" : "javauser",
"password" : "javapassword",
"max_pool_size" : 16
},
"ngw" : {
"host" : "localhost",
"port" : 8040
},
"language" : "en",
"radius.nbi" : {
"wdsl.url" : "http://localhost:8080/axis2/services/RadiusNbiService?wsdl",
"username" : "admin",
"password" : "password",
"connection.timeout.ms" : 30000,
"request.timeout.ms" : 120000
},
"tariffs.update.interval" : {
"interval" : 1,
"unit" : "hours"
}
}
Parameter | Description |
Authorization settings | |
| Server interface expecting authorization requests |
| Server port receiving authorization requests |
| Default "open authorization" timeout which is used if not redefined in portal settings |
| Default welcome service which is used if not redefined in tariff settings |
Accounting settings | |
| Server interface expecting accounting |
| Server port receiving accounting packets |
Settings for Wi-Fi users authorization via BRAS | |
| |
| Eltex.RADIUS service address |
| RADIUS key |
| The port to which authorization requests are sent |
| The port to which accounting packets are sent |
| The port to exchange service commands with Eltex.RADIUS |
| Response timeout |
| The number of packet sending attempts |
The monitoring port | |
| The port for console operation and monitoring |
Clustering | |
| Enabling clustering |
| The port for data exchange with cluster nodes |
MySQL database connection settings ('radius', 'eltex_ems', 'wireless') | |
| MySQL database connection string |
| The login for database connection |
| The password for database connection |
| The maximum number of connections |
Mongo database connection, PCRF and OTT collection | |
| URL for Mongo connection |
| The name of the database to which the connection is made to (duplicate the content of URI) |
Mongo active session parameters | |
| Checking period of stored sessions relevance. If a session is closed during the check period, or if its storage time is up, it will be deleted from a database. |
| Storage period of unauthorized BRAS users' sessions. |
| The number of missed accounting intervals, upon the exceeding of which a session is considered to be "hanging" and should be closed. |
| The minimum accounting interval that is used to calculate hanging sessions. |
| The default accounting interval that is saved to a session right after its creation. |
CoA sending parameters | |
| Command response timeout |
| The number of resendings |
| The port to which commands will be sent |
| The number of commands executed simultaneously |
| Results storage time |
| Command execution logs storage time |
NGW interaction parameters | |
| Notification GW service's address |
| The port for receiving notification requests |
Setting a language for error messages | |
| The language used for logging, "en" by default. "ru" value can be selected as well, but not all the logs are translated to Russian. |
Setting NBI service connection | |
| The address for NBI service requests |
| Account login |
| Account password |
| Service connection timeout |
| Service request timeout |
Tariff update interval | |
| Tariff update interval |
| Measurement units ("hours" by default) |
/etc/eltex-pcrf/hazelcast-cluster-network.xml
This file contains configuration of Hazelcast cluster that is used for PCRF nodes grouping.
Example of default configuration of group and network sections (containing parameters for PCRF neighbouring nodes connection):
<hazelcast>
<!-- You can separate your clusters in a simple way by specifying group names. -->
<group>
<name>dev</name>
</group>
<network>
<!-- Write here public address of the node -->
<public-address>192.168.0.1</public-address>
<port auto-increment="false" port-count="100">5701</port>
<outbound-ports>
<ports>0</ports>
</outbound-ports>
<join>
<multicast enabled="false"/>
<tcp-ip enabled="true">
<!-- Write here IP of all members of the cluster (including this) -->
<member>192.168.0.1</member>
<member>192.168.0.2</member>
</tcp-ip>
<discovery-strategies>
</discovery-strategies>
</join>
<interfaces enabled="true">
<!-- Write here IP of the interface to use for cluster -->
<interface>192.168.0.1</interface>
</interfaces>
<ssl enabled="false"/>
<socket-interceptor enabled="false"/>
<symmetric-encryption enabled="false">
<algorithm>PBEWithMD5AndDES</algorithm>
<!-- salt value to use when generating the secret key -->
<salt>thesalt</salt>
<!-- pass phrase to use when generating the secret key -->
<password>thepass</password>
<!-- iteration count to use when generating the secret key -->
<iteration-count>19</iteration-count>
</symmetric-encryption>
</network>
</hazelcast>
Parameter | Description |
< | Node name (it should be the same for all devices). If nodes have different names, they are not grouped into a cluster. |
| Node's own address in a cluster. |
| The list of cluster members (specify both own address and all cluster nodes' addresses). |
| Address of node interface in a cluster (it usually equals public-address). |