netflow per connection

Peter Nixon listuser at peternixon.net
Tue Aug 15 19:54:52 CEST 2006 

On Tue 15 Aug 2006 19:21, Igor Smitran wrote:
> > Peter Nixon <listuser at peternixon.net> wrote:
> >> Aside from tinkering with FreeRADIUS code (and running a large number of
> >> production servers) I also tinker with and run pmacct which I highly
> >> recommend as a netflow/sflow solution. We have a number of deployments
> >> of both on the same Postgresql backend and as long as your DB server is
> >> specced
> >> correctly you shouldn't have any trouble.
> >
> >  That looks like a fantastic tool, which should be mentioned in the
> > FAQ, as "how to get protocol-specific accounting information".
> >
> >  I we were suckers for punishment, we could write a radius plugin for
> > pmacct, so that the RADIUS server could see that traffic, too.  But
> > it's probably better to integrate things at the DB layer, rather than
> > the protocol layer.
> >
> >  Alan DeKok.
>
> It would be good to have all data imidiately accessible, that way one can
> use exec-wait and do accounting imidiately upon disconnect? Or am i missing
> the point? :)
>
> i am just trying to share some ideas and do some brain storming. My idea
> was something like this:
> 1. user tries to authenticate
> 2. radius authenticates user and starts accounting
> 3. radius pulls netflow data for particular IP in some time intervals and
> inserts those into some database table
>
> I am not very familiar with freeradius. I've seted it up to do what i want
> but don't have time to learn more :( so if i am missing the point please
> let me know :)

Igor, I think you may be a little confused about how netflow works. The 
router/switch pushes the netflow data to the collector, typically for ALL 
traffic through the device (although some devices support aggregation of 
flows and/or statistical sampling). You therefore don't trigger netflow 
records for a particular IP, you need to wait for the device to send them to 
you. You can configure flow timeouts and various things but basically in any 
realistic deployment you are still likely to receive netflow records for 
several minutes (at least) after traffic stops.

I you make pmacct or other collector put flow data into the same postgresql 
database (different table of course) a simple database JOIN to the radacct 
table should give you the billing data you need whenever you want it :-)

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060815/30630d1c/attachment.pgp>

More information about the Freeradius-Users mailing list