What are the consequences of a low Acct-Interim-Interval?

Houman houmie at gmail.com
Wed Oct 16 21:28:11 CEST 2019 

Thanks for the explanation, Alan.

The benefit for 15s would be to identify users that have overstayed their
welcome and kick them out sooner.

preacct {
        update control {
            &Current-Timestamp := "%l"
        }
        update request {
            &Expires-Timestamp := "%{sql:SELECT UNIX_TIMESTAMP(expires_at)
FROM main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}"
        }
        if (&control:Current-Timestamp > &request:Expires-Timestamp) {
            update disconnect {
                    &User-Name = "%{User-Name}"
            }
        }

I suppose 300 seconds is still fair. Expired users can still enjoy their
stay for a few more minutes but get eventually disconnected.
Having said that my NAS works fine in the test environment with even 10
seconds. But I was worried that I'm overdoing it, hence I thought I
double-check with you here.

Thanks,
Houman

On Wed, 16 Oct 2019 at 22:37, Alan DeKok <aland at deployingradius.com> wrote:

> On Oct 16, 2019, at 2:58 PM, Houman <houmie at gmail.com> wrote:
> >
> > Maybe I'm overthinking it, but we have currently the interval set to 300
> > seconds.
> > What happens if I set this permanently to 15 seconds?
>
>   Most NASes will ignore it.  From RFC 2869:
>
>       The Value field contains the number of seconds between each
>       interim update to be sent from the NAS for this session. The value
>       MUST NOT be smaller than 60.  The value SHOULD NOT be smaller than
>       600, and careful consideration should be given to its impact on
>       network traffic.
>
>   Most NASes will set 300s as the minimum.  There is very little benefit
> to setting it lower than that.
>
> > Based on currently
> > logged in users (around 700 users at a time), the database, as well as
> the
> > freeradius process (CPU/Memory), will be a lot more utilised than before
> > due to an increased number of updates.
> >
> > post-auth {
> >        update reply {
> >                Acct-Interim-Interval = 15
> >        }
> >
> > Is there an industry standard value that is considered fair? Or can I go
> as
> > low as 15 seconds without fearing scalability issues?
>
>   Why would it be 15s?  There's no real benefit.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list