[RADIATOR] RADIUS limit on accounting data

Wallner Martin Martin.Wallner at etel.at
Mon Jan 12 02:39:42 CST 2009


Hello, guys... 

I was doing some testing with this hook a while ago, and found that on high load  systems(doing 100-200 RADIUS transactions in a second on a server) doing the conversion of the data during injecting it into the DB (on a differnet machine) was a lot more effective than letting it do by Radiator and then transfer it to the Database.

I also found that (at least in my case) a bitshift and addition done on the data is more efficient than a multiplikation and an addition (I'm running PostGreSQL, both preparations done by rules in the database 'INSERT' or 'UPDATE' functions for the table)

regards
=mw=


-----Ursprüngliche Nachricht-----
Von: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] Im Auftrag von Hugh Irvine
Gesendet: Freitag, 09. Jänner 2009 23:25
An: Michael Harlow
Cc: radiator at open.com.au
Betreff: Re: [RADIATOR] RADIUS limit on accounting data


Hello Michael -

You can just put the PreClientHook in your configuraiton file, and have the code bail if the request is not an accounting request.

See the examples in "goodies/hooks.txt".

regards

Hugh


On 10 Jan 2009, at 02:42, Michael Harlow wrote:

> Hi Joe (and Martin), thanks for the pointer to the gigawords stuff.  
> That goodies directory is a treasure trove if you know where to look.
>
> I've got a couple of issues still, and I'm also now unable to test 
> this until Monday.
>
> Do you need to turn it on on Cisco switches and routers? Or is it 
> default these days?
>
> I use ClientListSQL and I cannot put a PreClientHook in there, but I 
> think this was changed a couple of days ago, so I'll get the latest 
> patch set applied again.
>
> However using a PreClientHook means that every packet goes thru this 
> hook, including Auth packets. I'd rather put it in the Handler that 
> does just the accounting, as a PreProcessingHook, but I already have 
> one (eap-anon-hook thingy). Is there a way to have two hooks in a 
> Handler, or do I need to create a perl file, with both functions 
> wrapped into a single perl subroutine?
>
>> From reading some RFCs I can see that the gigawords stuff has an 
>> attribute value of 52 and 53 (34 and 35 hex?)
>
> I did not see these gigwords in the debug for an "Alive" packet from 
> earlier today, but I don't have a debug of a stop packet to see if it 
> is in that packet until I get back to work.
>
> The RFC says "This attribute indicates how many times the Acct- 
> Output-Octets
>      counter has wrapped around 2^32 in the course of delivering this
>      service, and can only be present in Accounting-Request records
>      where the Acct-Status-Type is set to Stop or Interim-Update.
>
> Cisco claim the Wism complies with this RFC 2869
>
> Is not an "Alive" the same as an Interim-Update? Below is the alive 
> that has wrapped past 4G.
>
> #######################
> Output octets should be about 4.8Gb in this debug Viz Packet length = 
> 200
> 04 2e 00 c8 46 c5 a2 94 66 7e a9 b3 7c cf 63 e8 4a 4c 03 76 01 06 6d 
> 69 6b 65 05 06 00 00 00 1d
> 04 06 ac 1f 03 02 08 06 0a c8 05 eb 20 08 57 69
> 73 6d 42 31 1a 0c 00 00 37 63 01 06 00 00 00 02 2c 20 34 39 36 36 39 
> 31 62 39 2f 30 30 3a 31 62 3a 37 37 3a 39 33 3a 34 37 3a 39 38 2f 34 
> 30 35 2d 06 00 00 00 01 40 06 00 00 00 0d 41 06 00 00 00 06 51 06 32 
> 30 30 35 28 06 00 00 00 03 2a 06
> 07 d7 3c 7f 2b 06 03 9a b0 94 2f 06 00 19 1d 07 30 06 00 32 1a ec 2e 
> 06 00 00 0d 67 29 06 00 00 00 00 1f 13 30 30 2d 31 62 2d 37 37 2d 39 
> 33 2d
> 34 37 2d 39 38 1e 13 30 30 2d 31 37 2d 65 30 2d 30 63 2d 36 31 2d 36 
> 30
> Code:       Accounting-Request
> Identifier: 46
> Authentic:  F<197><162><148>f~<169><179>|<207>c<232>JL<3>v
> Attributes:
> 	User-Name = "mike"
> 	NAS-Port = 29
> 	NAS-IP-Address = 172.31.3.2
> 	Framed-IP-Address = 10.200.5.235
> 	NAS-Identifier = "WismB1"
> 	Airespace-WLAN-Id = 2
> 	Acct-Session-Id = "496691b9/00:1b:77:93:47:98/405"
> 	Acct-Authentic = RADIUS
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 2005
> 	Acct-Status-Type = Alive
> 	Acct-Input-Octets = 131546239
> 	Acct-Output-Octets = 60469396
> 	Acct-Input-Packets = 1645831
> 	Acct-Output-Packets = 3283692
> 	Acct-Session-Time = 3431
> 	Acct-Delay-Time = 0
> 	Calling-Station-Id = "00-1b-77-93-47-98"
> 	Called-Station-Id = "00-17-e0-0c-61-60"
>
> ########################
>
> Cheers, Michael
>
>
>
>
>
> -----Original Message-----
> From: Joe Hughes [mailto:joeyconcrete at gmail.com]
> Sent: Friday, 9 January 2009 8:45 PM
> To: Michael Harlow
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] RADIUS limit on accounting data
>
> We use Cisco kit and, like you, I discovered the same issue early on!
> I use 'gigawords-hook.pl' which sorts it out for you.
>
> PreClientHook file:"%D/gigawords-hook.pl"
>
>
>
> 2009/1/9 Michael Harlow <Michael.Harlow at utas.edu.au>:
>> Hi,
>>
>> I've struck an issue with my accounting data, where it wraps.  
>> Initially the database refused the INSERT  once it exceeded a signed 
>> 4-byte integer (2Gb). I changed the database to bigint, and so it can 
>> now handle 8-byte integers. Now however it wraps at unsigned 4-byte 
>> integer (4G). I've traced it down to the value in the RADIUS packet 
>> coming into Radiator. My NAS is doing the wrap.
>>
>> Before I hassle the vendor (Cisco WiSM), does the RADIUS protocol 
>> allow for a larger accounting attribute, or does all NAS have this 4G 
>> limit?
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

--
Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator



More information about the radiator mailing list