Thanks for the explanation, Alan. The benefit for 15s would be to identify users that have overstayed their welcome and kick them out sooner. preacct { update control { &Current-Timestamp := "%l" } update request { &Expires-Timestamp := "%{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}" } if (&control:Current-Timestamp > &request:Expires-Timestamp) { update disconnect { &User-Name = "%{User-Name}" } } I suppose 300 seconds is still fair. Expired users can still enjoy their stay for a few more minutes but get eventually disconnected. Having said that my NAS works fine in the test environment with even 10 seconds. But I was worried that I'm overdoing it, hence I thought I double-check with you here. Thanks, Houman On Wed, 16 Oct 2019 at 22:37, Alan DeKok <aland@deployingradius.com> wrote:
On Oct 16, 2019, at 2:58 PM, Houman <houmie@gmail.com> wrote:
Maybe I'm overthinking it, but we have currently the interval set to 300 seconds. What happens if I set this permanently to 15 seconds?
Most NASes will ignore it. From RFC 2869:
The Value field contains the number of seconds between each interim update to be sent from the NAS for this session. The value MUST NOT be smaller than 60. The value SHOULD NOT be smaller than 600, and careful consideration should be given to its impact on network traffic.
Most NASes will set 300s as the minimum. There is very little benefit to setting it lower than that.
Based on currently logged in users (around 700 users at a time), the database, as well as the freeradius process (CPU/Memory), will be a lot more utilised than before due to an increased number of updates.
post-auth { update reply { Acct-Interim-Interval = 15 }
Is there an industry standard value that is considered fair? Or can I go as low as 15 seconds without fearing scalability issues?
Why would it be 15s? There's no real benefit.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html