4 files changed, 335 insertions, 0 deletions
diff --git a/_sources/guides/BRAS_tuning.rst.txt b/_sources/guides/BRAS_tuning.rst.txt
new file mode 100644
index 0000000..14395eb
--- /dev/null
+++ b/_sources/guides/BRAS_tuning.rst.txt
@@ -0,0 +1,138 @@
+BRAS tuning
+===========
+
+Recommendations for BRAS (Broadband Remote Access Server) performance.
+
+
+Network tuning
+--------------
+
+Disable kernel mitigations to maximize performance
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Edit file ``/etc/default/grub``
+
+.. code-block:: sh
+
+  GRUB_CMDLINE_LINUX_DEFAULT="intel_idle.max_cstate=0 processor.max_cstate=1 idle=poll quiet mitigations=off"
+
+Additional GRUB CMD arguments:
+
+  * ixgbe.allow_unsupported_sfp=1 - Allow to use not original Intel SFP+ modules
+  * pcie_aspm=off - Disable Active-State Power Management
+
+After saving, please update grub settings 
+
+.. code-block:: sh
+
+  $sudo update-grub
+
+Warning! Enabling the idle loop  (``idle=poll``) parameter can cause 100% CPU utilization on your VM (if you're using virtual enviroments like ProxMox, VMWare, etc.)
+
+
+Disable NIC offloads
+^^^^^^^^^^^^^^^^^^^^
+Disable hardware offloads,increase Tx/Rx buffers and queue length on your NICs to prevent speed problems.
+Please note, that GSO offload changed to tx-gso-partial in Linux kernels 4.15 and later.
+
+Debian ``/etc/network/interfaces``:
+
+
+.. code-block:: sh
+  
+    allow-hotplug eth0
+    iface eth0 inet manual
+        up ethtool -K eth0 tso off gso off gro off rxvlan off txvlan off rx-vlan-filter off ntuple on &> /dev/null
+        up ethtool -K eth0 tx-gso-partial off &> /dev/null
+        up ethtool -G eth0 rx 4096 tx 4096 &> /dev/null
+        up ip link set eth0 txqueuelen 10000 &> /dev/null
+
+Please determine your NIC queue and buffers limit before increase:
+
+.. code-block:: sh
+
+
+  ethtool -g eth0
+
+
+Fix Download speed problem (shaper)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Change shaper from htb to tbf
+
+.. code-block:: sh
+
+  [shaper]
+  …
+  down-limiter=tbf 
+
+
+Default rate limits (shaper)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If radius-server Access-Accept answer has no compatible speed attributes - to prevent unlimited session speed you can add default rate-limits (in Kbps).
+
+``nano /etc/accel-ppp.conf``
+
+.. code-block:: sh
+
+  [shaper]
+  rate-limit=888/888
+
+
+Change PPPoE MTU
+^^^^^^^^^^^^^^^^
+
+You can adjust allowed PPPoE min/max MTU/MRU settings:
+``nano /etc/accel-ppp.conf``
+
+.. code-block:: sh
+
+  [ppp]
+  verbose=1
+  min-mtu=1280
+  mtu=1492
+  mru=1492
+
+Hotplug optimization
+^^^^^^^^^^^^^^^^^^^^
+To generate hotplug events on IPoE interfaces (Debian 10):
+
+``nano /lib/udev/ifupdown-hotplug``
+
+.. code-block:: sh
+
+    case "$ACTION" in
+    add)
+    # these interfaces generate hotplug events *after* they are brought up
+    case $INTERFACE in
+        ppp*|ippp*|isdn*|plip*|lo|irda*|ipsec*
+
+just add ``|ipoe*`` after ``|ipsec*``
+
+repeat with file ``/lib/udev/net.agent``
+
+SYSTEMD-UDEV optimizations
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. Delete ``99-default.link`` from ``/lib/systemd/network/`` directory
+
+.. code-block:: sh
+
+    rm /lib/systemd/network/99-default.link
+
+2. Change ``/lib/udev/rules.d/99-systemd.rules``
+
+.. code-block:: sh
+
+    ACTION=="add", SUBSYSTEM=="net", KERNEL!="lo|ppp*|ipoe*", RUN+="/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/$name --prefix=/net/ipv4/neigh/$name --prefix=/net/ipv6/conf/$name --prefix=/net/ipv6/neigh/$name"
+
+Add ``|ppp*|ipoe*`` to ``KERNEL!="lo"``
+
+3. Change ``/lib/udev/rules.d/80-ifupdown.rules``
+
+.. code-block:: sh
+
+    SUBSYSTEM=="net", ACTION=="add|remove", KERNEL!="ppp*|ipoe*", RUN+="ifupdown-hotplug"
+
+Add ``KERNEL!="ppp*|ipoe*"``
diff --git a/_sources/guides/control_features.rst.txt b/_sources/guides/control_features.rst.txt
new file mode 100644
index 0000000..cc0e46d
--- /dev/null
+++ b/_sources/guides/control_features.rst.txt
@@ -0,0 +1,97 @@
+Control features
+================
+
+Accel-ppp support next features for control daemon and sessions:
+
+	* ``accel-cmd``
+
+	* ``telnet``
+	
+	* ``snmp``
+	
+	* ``RADIUS COA``
+	
+Common available commands for ``accel-cmd`` and ``telnet``. Also possible show this help message with one of commands  ``accel-cmd help`` and ``telnet 127.0.0.1  2000`` then run ``help``.
+
+.. code-block:: text
+
+	show stat - shows various statistics information
+	terminate if <interface> [soft|hard]- terminate session by interface name
+		[match] username <username> [soft|hard]- terminate session by username
+		ip <address> [soft|hard]- terminate session by ip address
+		csid <id> [soft|hard]- terminate session by calling station id
+		sid <id> [soft|hard]- terminate session by session id
+		all [soft|hard]- terminate all sessions
+	reload - reload config file
+	restart [hard] - restart daemon
+			hard - restart immediatly
+			default action - terminate all connections then restart
+	shutdown [soft|hard|cancel]- shutdown daemon
+			default action - send termination signals to all clients and wait everybody disconnects
+			soft - wait until all clients disconnects, don't accept new connections
+			hard - shutdown now, don't wait anything
+			cancel - cancel 'shutdown soft' and return to normal operation
+	exit - exit cli
+	show sessions [columns] [order <column>] [match <column> <regexp>] - shows sessions
+		columns:
+			netns - network namespace name
+			ifname - interface name
+			username - user name
+			ip - IP address
+			ip6 - IPv6 address
+			ip6-dp - IPv6 delegated prefix
+			type - VPN type
+			state - state of session
+			uptime - uptime (human readable)
+			uptime-raw - uptime (in seconds)
+			calling-sid - calling station id
+			called-sid - called station id
+			sid - session id
+			comp - compression/encryption method
+			rx-bytes - received bytes (human readable)
+			tx-bytes - transmitted bytes (human readable)
+			rx-bytes-raw - received bytes
+			tx-bytes-raw - transmitted bytes
+			rx-pkts - received packets
+			tx-pkts - transmitted packets
+			ipoe-type - IPoE session type
+			rate-limit - rate limit down-stream/up-stream (Kbit)
+	pppoe mac-filter reload - reload mac-filter file
+	pppoe mac-filter add <address> - add address to mac-filter list
+	pppoe mac-filter del <address> - delete address from mac-filter list
+	pppoe mac-filter show - show current mac-filter list
+	pppoe interface add <name> - start pppoe server on specified interface
+	pppoe interface del <name> - stop pppoe server on specified interface and drop his connections
+	pppoe interface show - show interfaces on which pppoe server started
+	pppoe set verbose <n> - set verbosity of pppoe logging
+	pppoe set PADO-delay <delay[,delay1:count1[,delay2:count2[,...]]]> - set PADO delays (ms)
+	pppoe set Service-Name <name> - set Service-Name to respond
+	pppoe set Service-Name * - respond with client's Service-Name
+	pppoe set AC-Name <name> - set AC-Name tag value
+	pppoe show verbose - show current verbose value
+	pppoe show PADO-delay - show current PADO delay value
+	pppoe show Service-Name - show current Service-Name value
+	pppoe show AC-Name - show current AC-Name tag value
+	shaper change <interface> <value> [temp] - change shaper on specified interface, if temp is set then previous settings may be restored later by 'shaper restore'
+	shaper change all <value> [temp] - change shaper on all interfaces, if temp is set also new interfaces will have specified shaper value
+	shaper restore <interface> - restores shaper settings on specified interface made by 'shaper change' command with 'temp' flag
+	shaper restore all - restores shaper settings on all interfaces made by 'shaper change' command with 'temp' flag
+
+accel-cmd
+^^^^^^^^^
+
+This application is very powerful and often used if you have `cli` connection. Be default accel-ppp listen *TCP* port *2000*  for input/output with accel-cmd. However `telnet` has same functions, but `accel-cmd` is more comfortable, allow send command without enter in to another environment. Detail about cli you may read at :ref:`cli_configuration` .Let's revise `accel-cmd` possible commands.
+
+  * `accel-cmd show stat` - one of more important command, allow display  *accel-ppp* daemon statistics and information about connections types and something counters such as RADIUS auth, acct summary and lost queries. Detail below:
+
+telnet
+^^^^^^^^^
+
+
+radius CoA
+^^^^^^^^^^
+
+Example, terminate session by username: ``echo User-Name=username | radclient -x 127.0.0.1:3799 disconnect testing123``.
+
+snmp
+^^^^
diff --git a/_sources/guides/radius_features.rst.txt b/_sources/guides/radius_features.rst.txt
new file mode 100644
index 0000000..1f602d9
--- /dev/null
+++ b/_sources/guides/radius_features.rst.txt
@@ -0,0 +1,38 @@
+RADIUS and DM/CoA features
+==========================
+
+Since from commit version 385c403 accel-ppp support VRF (Virtual Routing and Forwarding).
+
+Usually, this feature is useful to isolate clients e.g. put client interface to some context with different routing and firewall rules.
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA.
+
+Accel-ppp uses own RADIUS vendor dictionary https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel and RADIUS attribute ``Accel-VRF-Name``
+
+All VRFs should be manually created in advance:
+
+.. code-block:: sh
+
+  ip link add VRF_NAME type vrf table RT_TABLE_ID
+  ip link set dev VRF_NAME up
+
+Linux VRF documentation https://www.kernel.org/doc/Documentation/networking/vrf.txt 
+
+If ``Accel-VRF-Name`` is used in Access-Accept message, but VRF was not created then the session will not be established.
+
+Set VRF via CoA
+---------------
+
+Put user interface to some VRF context
+
+.. code-block:: sh
+
+  echo 'User-Name=bob, Accel-VRF-Name="red"' | radclient -x 127.0.0.1:3799 coa testing123
+
+Delete user interface from VRF context
+
+.. code-block:: sh
+
+  echo 'User-Name=bob, Accel-VRF-Name="0"' | radclient -x 127.0.0.1:3799 coa testing123
+  
+If ``Accel-VRF-Name`` is used in CoA message and VRF does not exist then CoA-NAK will be sent.
+
diff --git a/_sources/guides/recommendations.rst.txt b/_sources/guides/recommendations.rst.txt
new file mode 100644
index 0000000..d94cd56
--- /dev/null
+++ b/_sources/guides/recommendations.rst.txt
@@ -0,0 +1,62 @@
+Recommendations
+===============
+
+Enable forwarding
+-----------------
+To enable packet forwarding need edit /etc/sysctl.conf and add or uncomment next:
+
+.. code-block:: sh
+
+  net.ipv4.ip_forward=1
+  net.ipv6.conf.all.forwarding=1
+  
+For apply this params now, use command ``sysctl -p`` or after reboot server this params will be applied automatically.
+
+MTU
+---
+
+If used vlan-per-user often required 802.1ad standard also called as QinQ or Q-in-Q, then need to set MTU on main interface and S-VLAN, because adding to headed one more field.
+Interface which using QinQ usually consist of ``<interface_name>.<S-VLAN>.<C-VLAN>``.
+S-VLAN (Service VLAN) is TAG which wrap C-VLAN (Customer VLAN).
+
+As example: 
+
+.. code-block:: sh
+
+  MTU
+             1504
+               |   1504
+               |   |   1500
+               |   |   |
+            eth0.2001.101
+               |   |   |
+               |   |   C-VLAN
+               |   S-VLAN
+               Interface
+   
+Set up MTU on interface eth0 and interface with S-VLAN
+
+.. code-block:: sh
+
+  ip link set eth0 mtu 1504
+  ip link set eth0.2001 mtu 1504
+
+.. admonition:: Note:
+
+  If used ``bonding`` need change MTU on *bonding* (bond0) and *slaves* (eth0, eth1 ...) interfaces.
+
+Increase ARP cache size
+-----------------------------
+
+If accel-ppp used as DHCP BRAS important to increase ARP cache size, otherwise you can cache overflow and clients have lost connections. Edit /etc/sysctl.conf and add next:
+
+.. code-block:: sh
+
+  net.ipv4.neigh.default.gc_thresh1 = 4096
+  net.ipv4.neigh.default.gc_thresh2 = 8192
+  net.ipv4.neigh.default.gc_thresh3 = 12288
+  net.ipv6.neigh.default.gc_thresh1 = 4096
+  net.ipv6.neigh.default.gc_thresh2 = 8192
+  net.ipv6.neigh.default.gc_thresh3 = 12288
+
+For apply this params now, use command ``sysctl -p`` or after reboot server this params will be applied automatically.