This article has been archived.
This guide explains the main entities in UCRM and the interactions between them.
Table of Contents
Understanding the Network and Suspension Feature
UCRM facilitates two main sections: Billing (service plans, services, invoices, payments, etc.) and Network control (suspension, and more in future releases). For the system to be configured properly, it is necessary to understand the UCRM entities and their relationship.
The site is a geographical place where routers or other devices are physically located. Provide the location of the site in UCRM's Network > Sites section.
Within a site you can add a device, for example: a router. Each device should contain some interfaces with IP addresses which some of them can be labeled as accessible. If you want to enable the suspension feature on this device, you must provide:
- Username and password (device settings)
- Vendor name (device settings)
- An accessible IP (device interface settings)
When you are done with the Network setup you can proceed to these steps:
- Connect a client service
- Enable the suspension feature
Connecting a client service to a device
- Make sure you have specified at least one accessible IP address in the device interface settings (at least one IP address per device). Always specify IP address in CIDR format (IP/NETMASK)
- In service settings choose a device to which you want to connect the client service and set up a client service IP. Note: this IP will be validated against the IP range defined in the related device.
Enabling the Suspension Feature
- First, you should set up your network (create sites, device, interfaces with IP, connect service to device and set up a client service IP). Make sure you provided:username, password and vendor in the device settings at least one interface assigned to the device and at least one accessible interface ip in the interface settings
- Make sure you have provided the System IP in System > Settings > Application. This IP should point to the server where the UCRM application is located because all the suspended clients are redirected to this server on port 81 by default unless you have changed this default port manually in your UCRM system settings and docker container, for example to 8081.
- Make sure the suspension is enabled in the system settings: System > Billing > Suspension
- The suspension must be turned On in the system settings
- In client settings the suspension must be turned On too. You should also check the parameters such as invoice maturity days and suspension delay in the client settings.
- Finally, go the Network > Devices and choose the device which should handle the suspension. In device settings, turn On the "Suspension enabled" option.
How does the suspension feature work?
- Overdue invoices are automatically found out in the system.
- Services linked to these invoices are identified and marked as suspended.
- Devices linked to these services are synchronized with a list of suspended IP addresses (i.e. IPs provided in the service settings). This step requires you to have provided the following:
- The service IP (what should be suspended)
- The device authentication attributes with accessible interface IP (where the suspended ip list should be propagated to).
Notes on Service Suspension
- In current implementation, a list of all suspended IP addresses are synchronized with all network routers.
- Synchronization with EdgeOs is done via SSH (tcp port 22).
- Synchronization with RouterOs is done via Mikrotik API which must be enabled on the router (default)
- In EdgeOS, only firewall address-lists are synchronized. You can find a list of suspended IP addresses under firewall list BLOCKED_USERS. You must enter your own firewall rules to block these users. You can redirect all tcp dst port 80 traffic from these IP addresses to IP address of UCRM server and port 81 typically. Note that your installation can be set up with another port number such as 8081. This port contains Suspension info page.
- In RouterOs, UCRM synchronizes not only firewall address lists but also firewall NAT and filter rules. UCRM creates own chains and will add/remove/update rules only to these chains. UCRM will never add/update/delete any item which doesn’t starts with “ucrm_” in item comment.