Redis IP Pool Module
The redis_ippool
module implements a fast and scalable IP
allocation system using Redis.
The module supports both IPv4 and IPv6 address and prefix allocation, and implements pre-allocation for use with DHCPv4.
Lease allocation throughput scales with the number of members in the Redis cluster.
Configuration Settings
Al configuration items at this level (below the redis
block)
are polymorphic, meaning xlats
, attribute references, literal values
and execs may be specified.
For example pool_name
could be pool_name = 'my_test_pool'
if only a
single pool were being used.
- pool_name
-
Name of the pool from which leases are allocated.
- offer_time
-
How long a lease is reserved for after making an offer.
If no value is provided, the value from lease_time is used for initial allocations.
No value should be provided for PPP/VPNs, this is mainly for the DORA flow in DHCP. |
- lease_time
-
How long a lease is allocated.
- wait_num
-
How many slaves we want to acknowledge allocations or updates.
- wait_timeout
-
How long we wait for slaves to acknowledge writing.
- gateway
-
Gateway identifier, usually
NAS-Identifier
or the actual Option 82 gateway. Used for bulk lease cleanups. - owner
-
The unique owner identifier to which an IP is assigned.
This is used as the lookup key to determine the IP address that has been allocated to a owner. It MUST therefore be something unique to each "owner" to which an IP address may be assigned.
For DHCP it is often simply the MAC address of the owner.
RFC 2132 specifies that the DHCP client may supply a unique identifier ("uid") using Option 61 (Client-Identifier) in which case it must be used as the lookup key for configuration data. Otherwise the client hardware address must be used. To comply with this requirement use the following:
For purposes such as IP assignment using a RADIUS Framed-IP-Address
attribute the "owner" identifier could be a User-Name
or a
certificate serial number provided that the number of sessions is
limited to one per user/serial.
On a hostile network it SHOULD include a component that you trust, arranged such that the overall key cannot be spoofed by manipulation of the user-controlled data. For example you might determine that Vendor-Specific.ADSL-Forum.Agent-Circuit-ID is trusted but that Calling-Station-Id is formatted as a user-controlled MAC address:
- requested_address
-
The IP address being renewed or released.
- ipv4_integer
-
Whether IPv4 addresses should be cast to integers, for renew operations.
- allocated_address_attr
-
List and attribute where the allocated address is written to.
- range_attr
-
List and attribute where the
IP-Pool.Range
ID (if set) is written to.
The idea of the IP-Pool.Range
is that it provides a key into other datastores
or caches, which store the additional options associated with the range an
IP address belongs to.
There may be multiple ranges of IP address contained within any given pool, which is why this is provided in addition to the pool name.
- expiry_attr
-
If set - the list and attribute to write the remaining lease time to.
This attribute can be populated on alloc, or renew, if an IP address was available for the alloc.
- copy_on_update
-
If true - Copy the value of ip_address to the attribute specified by
allocated_address_attr
when performing an update/renew.
This behavior is needed for DHCP where we need to send back
Your-IP-Address
in ACKs.
- redis { … }
-
Redis connection settings.
Identical to all other Redis based modules.
See the redis module for more information.
|
Default Configuration
redis_ippool {
pool_name = &control.IP-Pool.Name
offer_time = 30
lease_time = 3600
# wait_num = 10
# wait_timeout = 2
# gateway = &NAS-Identifier
owner = &Client-Hardware-Address
# owner = "%{&Client-Identifier || &Client-Hardware-Address}"
# owner = "%{Vendor-Specific.ADSL-Forum.Agent-Circuit-ID} %{Calling-Station-Id}"
requested_address = "%{&Requested-IP-Address || &Net.Src.IP}"
# ipv4_integer = yes
allocated_address_attr = &reply.Your-IP-Address
range_attr = &reply.IP-Pool.Range
expiry_attr = &reply.IP-Address-Lease-Time
copy_on_update = yes
redis {
server = localhost
pool {
start = 0
min = 0
# max = 1
spare = 1
uses = 0
lifetime = 0
retry_delay = 30
idle_timeout = 60
}
}
}