fair usage policy best practices

Alan DeKok aland at deployingradius.com
Tue Oct 2 18:50:53 CEST 2018 

On Oct 2, 2018, at 12:12 PM, Ali Arslan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
>>> In first option the check period should be low enough so that users wont download too much excess of their limit, this will hang server.
>   >Why would it hang the server?
> 
> In first option the polling application will be part of my web service application that has complex periodic sql queries already, it serves as a service to an ISP CRM client application; Radius server with its mysql server is different. Connecting to remote radius server and making necessary queries will hang my windows server that is loaded already.

  Ok... that has nothing to do with FreeRADIUS then.

> I think the second option is better for my situation.
> 
> I have just made a test on my home computer, my test implementation is as follows:
> 
> 1 - clients.conf file --> client localhost section --> uncomment coa_server = coa  (to make local computer listen for coa requests ) not necessary for real server

  That's for the server *receiving* CoA packets.  Which isn't happening here.

> 2- enable coa and orginate-coa

  Just enable "originate-coa" as I said.  If it was necessary to enable the "coa" server, I would have said that.

> 3- Unlang code in default site --> accounting section

  Yes.

> free radius on my home computer uses mssql, so the queries should be changed for mysql in real server,
> fair usage policy related table named "fup"  coluns are
> 
>  [UserName] [nvarchar](50) NOT NULL,
>  [FairUsageLimit] [int] NOT NULL,
>  [MaxRate] [nvarchar](50) NOT NULL,
>  [Rate] [nvarchar](50) NOT NULL,
> 
>         if ("%{sql: (SELECT SUM(AcctInputOctets)+SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{User-Name}'AND AcctStartTime >= DATEADD(m, DATEDIFF(m, 0, GETDATE()), 0))}" > "%{sql: (SELECT FairUsageLimit$
>                 update coa {
>                         &User-Name := "%{User-Name}"
>                         &Mikrotik-Rate-Limit = "%{sql: SELECT Rate FROM fup WHERE username='%{User-Name}'}"
>                 }
>         }
>         else {
>                 update reply {
>                         &Mikrotik-Rate-Limit = "%{sql: SELECT MaxRate FROM fup WHERE username='%{User-Name}'}"
>                         &Reply-Message := "You downloded is ok"
>                 }
>         }
> 
> for Mikrotik (other vendor cases will be added) 

  That looks fine.

> 
> some parts of freeradius server debug output  for CoA request:
> 
> (0) Sent CoA-Request Id 51 from 0.0.0.0:59058 to 192.0.2.42:3799 length 51(0)   User-Name := "aaa at dinler"(0)   Mikrotik-Rate-Limit = "2M/2M"(0)   NAS-IP-Address = 192.0.2.42(0) Sent Accounting-Response Id 15 from 127.0.0.1:1813 to 127.0.0.1:59060 length 0(0) Finished request

  That looks fine.

> Should the code be in accounting or preacct section?

  It doesn't matter.

  Alan DeKok.

More information about the Freeradius-Users mailing list