How to manage internet clients of an ISP with PPPoE and MikroTik. For centralized AAA (Authentication, Authorization and Accounting), freeRadius is used.

1. Managing Internet Connections
PPPoE, MikroTik and Radius
Dashamir Hoxha <dashohoxha@gmail.com>
Artur Nurja <tatanka@albaniaonline.net>
● How to manage internet clients of an ISP
● With PPPoE and MikroTik and Radius
● Based on the work done at AlbaniaOnline

2. Managing PPPoE Connections
with Mikrotik is Easy
● PPPoE = Point-to-Point Protocol
over Ethernet
● Why PPPoE and not Ethernet?
● Configuring Mikrotik for PPPoE
1.Install package PPP
2. Create PPP profiles
3. Create a PPPoE service and
enable it
4. Create user accounts

3. However it Doesn't Scale Up Well
● A single Mikrotik can serve only a limited
number of clients (400-500).
● Managing clients and their profiles in Mikrotik
cannot be integrated easily with CRM apps.
● Managing clients manually in more than one
Mikrotik server is difficult and error prone.
● If a Mikrotik fails, the service to the clients is
interrupted, until a new Mikrotik is prepared
and a backup of the clients is restored.

4. Centralized AAA is Required

5. Centralized AAA is Required
● AAA = Authentication, Authorization, Accounting
● FreeRadius is used to check username/password, to
provide client profiles, and to get usage statistics.
● Client details are stored in a MySql database.
● Mikrotik-s are dumb gateways with simple configs.
No client details are stored on them!
● Mikrotik-s use the central Radius for authentication,
authorization, and for storing usage statistics.
● Clients can connect through any Mikrotik available.

6. Clients are Managed by an
External CRM Application
● CRM = Customer Relationship
Management
● SugarCRM is used to keep all the
client details
● SugarCRM is integrated with the
database of freeRadius
● Decisions about clients are taken
by Customer Care on SugarCRM
● They are automatically enforced by
applying them on Radius

7. We Need Also High Availability
and Load Balancing

8. We Need Also High Availability
and Load Balancing
● There are 2 MySQL databases, replicating in
Master-->Slave mode; if the first one fails, it is
replaced by the second one, in order to minimise
the service down time.
● Each Mikrotik is configured with a primary and a
secondary Radius server; if the primary server does
not reply, the second one is tried. This provides HA.
● Almost half of mikrotiks have the first radius as
primary, and the others have the second one. This
provides Load Balancing.

9. Implementation Steps
1. Install freeRadius
2. Test freeRadius installation
3. Set up freeRadius to use a MySQL database
4. Test freeRadius with MySQL backend
5. Configure Mikrotik for being a PPPoE server
6. Test the PPPoE Service
7. Get Mikrotik to work with Radius
8. Add a second Radius server in Mikrotik
9. Replicate MySQL databases of freeRadius

10. SQL API for Radius Manager
● API = Application Programing Interface
● Helps to access the database of Radius Manager
from an outside program (SugarCRM).
● Encapsulates (hides) the complexity of the database
from the outside programmer.
● Makes simpler the code of the outside program.
● The programmer is relived from the fear of touching
something inappropriately in the database.
● If structure of DB is modified in future releases, only
the API needs to take them into account.

11. SQL API for Radius Manager
● user_get(user);
● user_add(user, passwd, service_id, nr_conn, expiration_date);
● user_update(user, service_id, nr_conn, expiration_date);
● user_set_password(user, passwd);
● user_change_service(old_srvid, new_srvid);
● user_del(user);
● service_get(service_id, service_name);
● service_add(service_name, download_rate, upload_rate);
● service_update(service_id, service_name, download_rate,
upload_rate, enabled);
● service_del(service_id);

12. Managing Internet Connections
PPPoE, MikroTik and Radius
Dashamir Hoxha <dashohoxha@gmail.com>
Artur Nurja <tatanka@albaniaonline.net>
Thank you for your attention!
Are there any questions?