Bundle layer commands

Mpd 3.18 User Manual : Configuring Mpd : Bundle layer commands
Previous: General mpd commands
Next: Interface layer commands

4.2. Bundle layer commands

This chapter describes commands that configure the bundle layer. All of these commands (except new) apply to the currently active bundle, i.e., the bundle shown at the command line prompt.

new [ -i iface ] bundle link1 [ link2 ... ]

This command creates a new bundle named bundle. The bundle will be associated with system interface iface, which should be the name of a netgraph interface, i.e., ng0, ng1, etc. If an interface is specified but does not exist yet, mpd will create it (and any lower numbered ng* interfaces as well). If no iface is specified, mpd will create a new one. Specifying an interface explicitly is advised, as otherwise a new interface will be created on your system every time mpd is invoked.

The links that constitute the bundle are created and named link1, link2, etc. For each link, there must be a corresponding entry with the same name (i.e., label) in mpd.links. This entry must at the very least define the type of the link (via the set link type command).

set bundle period seconds set bundle hiwat percent set bundle lowat percent set bundle min-con seconds set bundle min-dis seconds

These commands are only meaningful when bandwidth management is enabled. Mpd will attempt to bring up a new link or take down an existing link when the utilization goes above hiwat or below lowat percent, respectively. The utilization is sampled every period divided by 6 seconds, and is averaged over the past period seconds.

Mpd will not attempt to reconnect a link unless it has been disconnected for at least min-dis seconds. Similarly, mpd will not bring down a link unless it has stayed connected for at least min-con seconds. These latter two parameters help prevent oscillations, but cause slower response time.

set bundle authname login

This command sets the authentication login name associated with the bundle (in multi-link PPP, though each link is authenticated individually, they all must use the same login name). The login must have a corresponding entry in mpd.secrets. The login and password are used when the peer requires us to authenticate ourselves.

set bundle password password

This command is normally not necessary. It causes mpd to not lookup the password corresponding to login in mpd.secrets, but rather to use password instead. If you're too lazy to set up mpd.secrets and are only dialing out, you can use this command instead.

set bundle retry seconds

This sets the finite state machine (FSM) retry interval for all FSM's on this bundle. The default is 2 seconds. This command should only be used in exceptional situations, such as doing PPP over high-latency satellite links.

set bundle accept option ... set bundle deny option ... set bundle enable option ... set bundle disable option ... set bundle yes option ... set bundle no option ...

These commands configure various bundle options. Most options are bi-directional in that they can be independently enabled and disabled in each direction.

The enable and disable commands determine whether we want the corresponding option. The accept and deny commands determine whether we will allow the peer to request the corresponding option.

The yes command is the same as enable and accept. The no command is the same as disable and deny.

The options available at the bundle layer are:

bw-manage

This command enables bandwidth management, in which mpd attempts to dynamically adjust the number of connected links depending on the traffic load.

The proper functioning of bandwidth management depends on the correct latency and bandwidth information configured for each link; see the set link latency and set link bandwidth commands.

The default for this option is off -- mpd connects the links ``all or none.''

multilink

This command enables multi-link PPP on the bundle. This option is required in both directions if there is more than one link in the bundle. However, multi-link PPP is sometimes useful on single links when the link MTU is low; multi-link PPP allows arbitrarily long packets to go over a link in fragments.

This option defaults to enable and accept unless there is only one link in the bundle, in which case it defaults to disable and deny (i.e., normal non-multilink PPP).

shortseq

This option is only meaningful if multi-link PPP is negotiated. It proscribes shorter multi-link fragment headers, saving two bytes on every frame. It defaults to enable and accept.

compression

When compression support is compiled into mpd, this option must be enabled in order to activate it.

encryption

When encryption support is compiled into mpd, this option must be enabled in order to activate it.

crypt-reqd

Require encryption. When encryption support is compiled into mpd, this option causes mpd to drop the link if encryption cannot be succesfully negotiated in both directions. This means in effect, ``use encryption or don't connect at all.''

round-robin

When multilink PPP is enabled and there are two or more links connected, this option enables round robin packet scheduling across the links. That is, instead of breaking each packet into fragments and delivering the individual fragments over all the links in the bundle, each packet is delivered whole over single link. The link is chosen by rotating in round-robin fashion over all the links in the bundle.

This option normally would result in higher latency and possible delays due to TCP packets being received out of order; however, it may help in certain situations of high packet loss or broken peer equipment.

The default for this option is off.

noretry

This tells mpd to not attempt to reconnect a bundle whose last link has closed. This is needed for dialin-only bundles, where mpd doesn't know how to initiate an outgoing connection.

radius-auth

Enable authentication via RADIUS. All authentication methods are supported (PAP, CHAP, MS-CHAPv1, MS-CHAPv2). When using IAS as RADIUS server you can not use CHAP, because CHAP needs a plaintext password on the server, and Windows servers only store the NT-HASH. Password changing is currently not supported.

radius-fallback

This option is only relevant when radius-auth is enabled. If disabled, authentication is only attempted via RADIUS. Otherwise, if authentication via RADIUS fails, mpd will attempt to authenticate using the traditional method using mpd.secrets.

radius-acct

Enable accounting via RADIUS. Accounting is implemented at bundle-level (in BundJoin() and BundLeave()). Accounting is done per link. There are some minor problems:

If user enters quit on the console, Account-stop will not be sent.
If CCP fails but is required, Account-start and Account-stop are sent, but they shouldn't be.

Note: Its possible to use RADIUS-accounting without RADIUS-authentication.

The following attributes are set when doing accounting requests:

RAD_FRAMED_IP_ADDRESS RAD_ACCT_STATUS_TYPE RAD_ACCT_SESSION_ID RAD_ACCT_MULTI_SESSION_ID RAD_USER_NAME RAD_ACCT_LINK_COUNT RAD_ACCT_AUTHENTIC RAD_ACCT_TERMINATE_CAUSE RAD_ACCT_INPUT_OCTETS RAD_ACCT_INPUT_PACKETS RAD_ACCT_OUTPUT_OCTETS RAD_ACCT_OUTPUT_PACKETS RAD_ACCT_INPUT_GIGAWORDS RAD_ACCT_OUTPUT_GIGAWORDS RAD_ACCT_SESSION_TIME

tcp-wrapper

With this option mpd uses /etc/hosts.allow everytime a connection is made from the client. This is useful if you would like to restrict access to mpd. This option affects all TCP connections, including PPTP and the TCP device layer.

The console is also affected, but a bug requires this option to be set consistently on all bundles for it to work reliably.

max-logins num

Limit the max. amount of concurrent logins with the same username. If set to zero, then this feature is disabled.

Mpd 3.18 User Manual : Configuring Mpd : Bundle layer commands
Previous: General mpd commands
Next: Interface layer commands