fair usage policy best practices
Ali Arslan
e066377 at yahoo.com
Tue Oct 2 18:12:28 CEST 2018
Hi Alan,
>> In first option the check period should be low enough so that users wont download too much excess of their limit, this will hang server.
>Why would it hang the server?
In first option the polling application will be part of my web service application that has complex periodic sql queries already, it serves as a service to an ISP CRM client application; Radius server with its mysql server is different. Connecting to remote radius server and making necessary queries will hang my windows server that is loaded already. I think the second option is better for my situation.
I have just made a test on my home computer, my test implementation is as follows:
1 - clients.conf file --> client localhost section --> uncomment coa_server = coa (to make local computer listen for coa requests ) not necessary for real server
2- enable coa and orginate-co
3- Unlang code in default site --> accounting section
free radius on my home computer uses mssql, so the queries should be changed for mysql in real server,
fair usage policy related table named "fup" coluns are
[UserName] [nvarchar](50) NOT NULL,
[FairUsageLimit] [int] NOT NULL,
[MaxRate] [nvarchar](50) NOT NULL,
[Rate] [nvarchar](50) NOT NULL,
if ("%{sql: (SELECT SUM(AcctInputOctets)+SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{User-Name}'AND AcctStartTime >= DATEADD(m, DATEDIFF(m, 0, GETDATE()), 0))}" > "%{sql: (SELECT FairUsageLimit$
update coa {
&User-Name := "%{User-Name}"
&Mikrotik-Rate-Limit = "%{sql: SELECT Rate FROM fup WHERE username='%{User-Name}'}"
}
}
else {
update reply {
&Mikrotik-Rate-Limit = "%{sql: SELECT MaxRate FROM fup WHERE username='%{User-Name}'}"
&Reply-Message := "You downloded is ok"
}
}
for Mikrotik (other vendor cases will be added)
some parts of freeradius server debug output for CoA request:
(0) Sent CoA-Request Id 51 from 0.0.0.0:59058 to 192.0.2.42:3799 length 51(0) User-Name := "aaa at dinler"(0) Mikrotik-Rate-Limit = "2M/2M"(0) NAS-IP-Address = 192.0.2.42(0) Sent Accounting-Response Id 15 from 127.0.0.1:1813 to 127.0.0.1:59060 length 0(0) Finished request
Should the code be in accounting or preacct section?
Thanks.
a. arslan
On Tuesday, October 2, 2018 04:38:32 PM +03, Alan DeKok <aland at deployingradius.com> wrote:
On Oct 2, 2018, at 7:05 AM, Ali Arslan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> My radius server should handle multiple NAS devices from multiple vendors (Cisco, Mikrotik, juniper).
> I want to implement FUP (fair usage policy),
> Every user may buy different rates and fair usage limits, after he/she downloads fair usage limit quantity the rate will be lower.
>
> I see 2 options:
>
> 1- An application that checks periodically the download quantities of users and and send SSH command to server to request CoA from NAS like:
> echo "User-Name={UserName}, Rate-Limit={RateLimit}" | radclient NAS-IP:coaPort CoA secret
That's fine. If you're sending only a few packets a second, it will be fine.
> 2- Unlang code in default site accounting section
That works, too.
> In first option the check period should be low enough so that users wont download too much excess of their limit, this will hang server.
Why would it hang the server?
> I need your suggestions about best practices for FUP, and some instructions if second option is suggested.
Both options are fine. For the second option, see sites-available/originate-coa. This is documented in detail.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list