fair usage policy best practices

Ali Arslan e066377 at yahoo.com
Tue Oct 2 18:12:28 CEST 2018


Hi Alan,

>> In first option the check period should be low enough so that users wont download too much excess of their limit, this will hang server.
  >Why would it hang the server?

In first option the polling application will be part of my web service application that has complex periodic sql queries already, it serves as a service to an ISP CRM client application; Radius server with its mysql server is different. Connecting to remote radius server and making necessary queries will hang my windows server that is loaded already. I think the second option is better for my situation.

I have just made a test on my home computer, my test implementation is as follows:

1 - clients.conf file --> client localhost section --> uncomment coa_server = coa  (to make local computer listen for coa requests ) not necessary for real server
2- enable coa and orginate-co
3- Unlang code in default site --> accounting section

free radius on my home computer uses mssql, so the queries should be changed for mysql in real server,
fair usage policy related table named "fup"  coluns are

 [UserName] [nvarchar](50) NOT NULL,
 [FairUsageLimit] [int] NOT NULL,
 [MaxRate] [nvarchar](50) NOT NULL,
 [Rate] [nvarchar](50) NOT NULL,

        if ("%{sql: (SELECT SUM(AcctInputOctets)+SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{User-Name}'AND AcctStartTime >= DATEADD(m, DATEDIFF(m, 0, GETDATE()), 0))}" > "%{sql: (SELECT FairUsageLimit$
                update coa {
                        &User-Name := "%{User-Name}"
                        &Mikrotik-Rate-Limit = "%{sql: SELECT Rate FROM fup WHERE username='%{User-Name}'}"
                }
        }
        else {
                update reply {
                        &Mikrotik-Rate-Limit = "%{sql: SELECT MaxRate FROM fup WHERE username='%{User-Name}'}"
                        &Reply-Message := "You downloded is ok"
                }
        }

for Mikrotik (other vendor cases will be added) 


some parts of freeradius server debug output  for CoA request:

(0) Sent CoA-Request Id 51 from 0.0.0.0:59058 to 192.0.2.42:3799 length 51(0)   User-Name := "aaa at dinler"(0)   Mikrotik-Rate-Limit = "2M/2M"(0)   NAS-IP-Address = 192.0.2.42(0) Sent Accounting-Response Id 15 from 127.0.0.1:1813 to 127.0.0.1:59060 length 0(0) Finished request


Should the code be in accounting or preacct section?

Thanks.

a. arslan





On ‎Tuesday‎, ‎October‎ ‎2‎, ‎2018‎ ‎04‎:‎38‎:‎32‎ ‎PM‎ ‎+03, Alan DeKok <aland at deployingradius.com> wrote: 





On Oct 2, 2018, at 7:05 AM, Ali Arslan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> My radius server should handle multiple NAS devices from multiple vendors (Cisco, Mikrotik, juniper).
> I want to implement FUP (fair usage policy),
> Every user may buy different rates and fair usage limits, after he/she downloads fair usage limit quantity the rate will be lower.
> 
> I see 2 options:
> 
> 1- An application that checks periodically the download quantities of users and and send SSH command to server to request CoA  from NAS like:
>    echo "User-Name={UserName}, Rate-Limit={RateLimit}" | radclient NAS-IP:coaPort CoA secret

  That's fine.  If you're sending only a few packets a second, it will be fine.

> 2- Unlang code in default site accounting section

  That works, too.

> In first option the check period should be low enough so that users wont download too much excess of their limit, this will hang server.

  Why would it hang the server?

> I need your suggestions about  best practices for FUP, and some instructions if second option is suggested.

  Both options are fine. For the second option, see sites-available/originate-coa.  This is documented in detail.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list