[RADIATOR] Limiting Bandwidth after some Bytes Usage achieved
Joe Hughes
joeyconcrete at gmail.com
Tue May 26 03:19:44 CDT 2009
Hi Indrajaya
We developed a similar system for our DSL customers, we took a similar
approach but a slightly different solution when it came to limiting
users traffic. You could use SNMP, NetFlow or RADIUS - I'm guessing
because you're asking here you want to use the latter.
We store the data in MSSQL in a way whereby we can view the usage to a
granularity of 1 hour - with this we can then summarise data by
day\week\month\year. Each user has a policy (or multiple policies) in
the database with a given cap (e.g. 4GB). We have a scheduled task
that checks every minute to see if a user has exceeded their quota, if
they have, the database adds a row to an 'actions' table (e.g. add
cap, remove cap). This task also runs during user logon events. We
have an external system which then processes these actions.
This is where our solution is slightly different to the one Hugh
proposed. We explored using (POD) commands with dynamic access-lists
on the NAS - but unfortunately for us, the NAS is part of a wholesale
providers network and they don't support either. In the end we opted
for inline traffic management boxes, basically acting as ethernet
bridges. It was then relatively trivial to call commands on the boxes
when an 'action' occurred to dynamically add\remove IP addresses from
each group. Some systems have documented APIs, toolkits or you can
just use the CLI and SSH.
We had some success with Mikrotik's RouterOS on x86 hardware during
testing - their traffic queuing is very simple yet very effective - at
the time we called the necessary CLI commands through an SSH session
although I believe their HTTP API has come on a bit since then.
Ultimately we opted for a high-end traffic management box that
supported things like DPI - and also had a external command toolkit
that allowed us to modify policies on the fly. If we didn't have a
requirement for DPI etc - then a Mikrotik easily would have sufficed
(Incidentally, i believe RouterOS supports POD)
Regards
Joe
> Hello Indrajaya Pitra Perdana -
>
> Radiator itself can be used to update the user account details with the
> total of bytes in / bytes out, but dealing with the totals must be done
> outside of Radiator.
>
> Typically your authentication would check the user data allowance and return
> the required bandwidth limits in the reply attributes, and interim
> accounting would be used to maintain the running totals. You would then need
> some periodic cron job or similar to scan the in-month totals and terminate
> those sessions that exceed their limits. You can use "radpwtst" to send the
> required session termination commands (POD) if supported by your NAS
> equipment.
More information about the radiator
mailing list