how-to block ads
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| Re: Enforcing Bandwidth caps (quotas) What I'm describing would work with PPPoE and radius, but I have no idea how wireless gear that does authentication/accounting with radius would work. Do any of the devices provide account session byte counts? If so, then the below would apply...
I'm not going to say it's easy, but as long as you timeout your sessions after say, 24 hours or whatever granularity you need, you should have the info. Each time the access server sends the accounting "stop" packet, it should include a "bytes transferred" number that will get stashed in your radius sql backend (yeah, you really want to use a sql-backed radius server like gnu-radius, freeradius, radiator). Part of your "can they auth" sql query can total up the bytes transferred and deny access, or possibly send a custom reply to your access server device to throttle them. | |
|  joeyconcrete
join:2004-10-10
| Re: Enforcing Bandwidth caps (quotas) Thanks for the reply. I understand what you're saying about the "stop" accounting messages, but as you pointed out - these are only available when a session has ended. There's the interim accounting which I understand. What I'm wondering is there a way whereby you can actively disconnect a session by sending a "message" of some sort from the RADIUS server. Almost like a "stop" message sent to the access-device. The less elegant solution of disconnecting their session very xxx hours would work - I'm presuming a session-timeout will drop the PPP connection entirely? | |
| |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: Enforcing Bandwidth caps (quotas) said by joeyconcrete  :What I'm wondering is there a way whereby you can actively disconnect a session by sending a "message" of some sort from the RADIUS server. Almost like a "stop" message sent to the access-device. The less elegant solution of disconnecting their session very xxx hours would work - I'm presuming a session-timeout will drop the PPP connection entirely? While I've seen Radius bent into some strange shapes, usually this is done when the session is started. That sounds crazy, but think of RAS gear... A user dials in, and the radius server OK's him. Along with that information, it may also specify the user has an idle-timeout of 10 minutes, a session-timeout of 8 hours, etc. So in that case, lots of the "counting" is really done on the radius client. Sometimes the radius server and the client may both be doing some neat stuff that in combination leads to something like "this user can have X bytes/month".
Now how radios implement this, I have no idea. My day job is totally wired.  | |
| | | joeyconcrete
join:2004-10-10
| Re: Enforcing Bandwidth caps (quotas) Wired/Wireless, I guess ultimately it ends up at a concentrator. After scanning the web, it appears its only possible using "special" implementations or specialist software. For example, BT's broadband in the UK limits you to 10gb @ 512kb, then once you're quota is exceeded your speed is throttled to 64k. I'm guessing this is using some specialist kit as opposed to a simple concentrator/RADIUS pairing. Google seems to throw up companies like Allot and Packeteer - they have fancy things like policy managers etc - but all look very expensive! | |
| | | |
|
