Ming-Ching Tiew wrote:
I shall not name the vendor name here. I just got some info from the vendor that the WiMAX Access Point does not do 'interim accounting', 'acctupdate' and so on. Only thing possible right now is authenticate and start/stop accounting.
That's not nice. Why would they do that?
That being the case, I wonder how one implement stuff like fair-use policy on a WiMAX user ? If the radius server does not get interim accounting, the way the users is going to "cheat" is just to power off the device at the end of his usage !!!
The ASN GW will still generate an accounting stop packet in that case. Or it *should*. If it doesn't, return it to the vendor as "horribly broken".
Am I missing something here ?
I think there's a need for a RADIUS validation test suite. The vendor should be able to state that they comply with the test suite. When that happens, you can buy equipment that *works*. In fact, I'm working on a test suite right now. It doesn't include a test for this case, but it's on the "to do" list.
The way I see it is that if one have to implement a more intelligent authentication and accounting, for WiMAX, one has to put a box, either as a bridge or as a router in front of the APs, where all the data path goes through the box. And that box will create session information and accounting on behalf of the APs.
Yes.
If one has to introduce this box, using Linux solutions, what would be the right way to do this, so that the traffic accounting can be done on each APs ?
I'm not sure. I haven't spent much time looking into such a solution. IPtables, and a "cron" job might work. However, it would *also* need to snoop the RADIUS traffic, in order to get Accounting-Session-Id attributes correct.
How does the commercial solutions work ? Anyone care to share his knowledge on this ?
Most WiMAX vendors support RADIUS. So the market for this "snooping" box is pretty small. Alan DeKok.