[Kea-users] Authenticate cable modems
Francis Dupont
fdupont at isc.org
Thu Dec 29 11:31:29 UTC 2016
Nick Urbanik writes:
> >> We authenticate cable modems using ISC dhcp patched to look up the MAC
> >> address from the DHCPDISCOVER in LDAP to determine what profile the
> >> modem should have.
> >>
> >> I'd like to change to using Kea, if that is sensible.
> >>
> >> We need to find a way to authenticate the modems to provide the
> >> service that the customer is paying for. Can anyone suggest a
> >> strategy for doing that sort of thing with Kea?
> >
> >=> you can use classification for simple cases and a hook for
> >complex cases, both without a patch in the code.
>
> Do you think this scales nicely to 500,000 users? Would we provision
> the MAC addresses and profiles into mariadb, or would we be able to
> hook in LDAP?
=> the problem is on the LDAP side, in particular the request/response
should be synchronous, i.e., Kea/hook will block waiting for it.
Direct database should be faster even if the constraint remains.
BTW ISC DHCP is not very different so if it worked well with it the
same design should stay good.
> We aren't scared of a bit of coding to write the hooks. We like
> writing in Perl, but we can do C++ and other languages if necessary.
=> not perl as it has to be linked with Kea. Usually hooks are written
in C++ but I pushed on github an experiment with hooks written in
Python, OCaml, Lua and v8.
Regards
Francis.Dupont at fdupont.fr
More information about the Kea-users
mailing list