tag:blogger.com,1999:blog-3993498847203183398.post4837143356729299300..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: Usage quotasRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-3993498847203183398.post-56865449029684052892012-11-16T15:28:44.167+00:002012-11-16T15:28:44.167+00:00You would need to check to see if you are getting ...You would need to check to see if you are getting Gigaword attributes back in your RADIUS acct packets.<br /><br />For example, this is what we see reported by a FireBrick to our FreeRADIUS setup:<br /><br />Fri Nov 16 15:14:04 2012<br /> Acct-Status-Type = Interim-Update<br /> Acct-Delay-Time = 3<br /> Event-Timestamp = "Nov 16 2012 15:14:00 GMT"<br /> Acct-Input-Octets = 305193102<br /> Acct-Input-Gigawords = 0<br /> Acct-Output-Octets = 1139388226<br /> Acct-Output-Gigawords = 2<br /> Acct-Session-Time = 112007<br /> Acct-Input-Packets = 5488461<br /> Acct-Output-Packets = 6794151<br /> [snip]<br /> NAS-Port = 205<br /> Acct-Unique-Session-Id = "9216a739606ff380"<br /> Timestamp = 1353078844<br /><br />... and from MPD5 to the same FreeRADIUS setup:<br /><br />Fri Nov 9 23:00:18 2012<br /> [snip]<br /> Acct-Session-Id = "2250857-L4-16"<br /> NAS-Port = 16<br /> NAS-Port-Type = Virtual<br /> Service-Type = Framed-User<br /> Framed-Protocol = PPP<br /> [snip]<br /> mpd-link = "L4-16"<br /> Tunnel-Type:0 = L2TP<br /> Tunnel-Medium-Type:0 = IPv4<br /> [snip]<br /> Acct-Multi-Session-Id = "2250857-B4-16"<br /> mpd-bundle = "B4-16"<br /> mpd-iface = "ng15"<br /> mpd-iface-index = 19<br /> Acct-Link-Count = 1<br /> Acct-Authentic = RADIUS<br /> Acct-Status-Type = Interim-Update<br /> Acct-Session-Time = 251163<br /> Acct-Input-Octets = 238698546<br /> Acct-Input-Packets = 2705651<br /> Acct-Input-Gigawords = 0<br /> Acct-Output-Octets = 821505488<br /> Acct-Output-Packets = 3761764<br /> Acct-Output-Gigawords = 1<br /> Acct-Unique-Session-Id = "9cea8121641c890e"<br /> Timestamp = 1352502018<br /><br />RADIUS doesn't use 64-bit counters although most L2TP implementations use them; it uses a 32-bit integer for Input and Output-Octets respectively and in order to cope with overflows, it uses 32-bit integers for Input and Output-Gigawords to count how many times each of the Input and Output-Octets values have overflowed and been reset to zero.<br /><br />You get a 64-bit counter but in the form of two 32-bit counters - a necessary hack to ensure backwards compatibility with legacy RADIUS implementations.<br /><br />FreeRADIUS has had support for Gigawords since 1.1.7 (IIRC).<br /><br />If I were you, I would check that one, the RADIUS server understands Gigawords and two, ensure that it taking those values into consideration when calculating total usage or the backend database which FreeRADIUS is storing the values in can handle values in the relevant columns of more than 32-bits.Terry F.https://www.blogger.com/profile/13969846575454712191noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-62576312611577712532012-11-16T13:39:58.064+00:002012-11-16T13:39:58.064+00:00Pre-pay data SIMS would be great for small project...Pre-pay data SIMS would be great for small projects, especially if you could accept debit card payments. My employer's admin system doesn't allow direct debits.Martinhttps://www.blogger.com/profile/03996533690674798085noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-8863525790129499772012-11-16T12:13:00.365+00:002012-11-16T12:13:00.365+00:00Obviously a quota system is not a problem here - w...Obviously a quota system is not a problem here - what could be is what happens when bouncing someone to a captive portal or some such when the reach the quota.<br /><br />The cost is, indeed, the link to BT, but it is all in the download (a single user or even a large group of users could not upload enough to ever make that dominant in costs). So it is down to us what we choose to send down the line.<br /><br />When "locked down" like this, they just get to the portal, and that will count as their usage still. The portal is likely to be a small page. They will also be clamped, probably to 128Kb/s. So yes, they could hammer that and tie up some of their usage beyond what they wanted to or paid for.<br /><br />What was more of a concern was tunnelling by DNS. We are not going to fudge the DNS (for so many good reasons), just divert the IP traffic to the portal. We should have necessary rate limiting in the DNS anyway to stop that, but also, as I say, line capped to 128Kb/s anyway.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-20581539578135340262012-11-16T12:03:14.229+00:002012-11-16T12:03:14.229+00:00Where is your greatest cost for transit? Getting t...Where is your greatest cost for transit? Getting traffic back to the customer through BTs network, or traffic out onto t'internet?<br /><br />If the former, then someone could rack (you?) up a massive bill by repeatedly trying to download stuffAndrew Murphyhttps://www.blogger.com/profile/05559103554821540335noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-74991202770784287342012-11-16T10:17:09.754+00:002012-11-16T10:17:09.754+00:00That sounds like a simple matter of using 32 bit c...That sounds like a simple matter of using 32 bit counters not 64. It means you lose 4.2GB on lines each time they exceed that between RADIUS updates. If the cisco can send 64 bit counters and free radius can use them, you should be able to solve that. RADIUS should be 100% accurate.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-909139161852683352012-11-16T10:14:32.847+00:002012-11-16T10:14:32.847+00:00Personally, on our combination of FreeRADIUS/MySQL...Personally, on our combination of FreeRADIUS/MySQL and Cisco BRAS we found with the FTTC services that RADIUS accounting became increasingly unreliable the more data the user consumed.<br /><br />We started running Netflow and found that on our low end users, data matched perfectly. If RADIUS said they used 10GB in the last week, Netflow agreed. However on the high end users, we found that if RADIUS said they used 100GB in a week, Netflow would say they'd used 300GB. We ended up having to double check it and confirm it via SNMP interface monitoring to be sure.<br /><br />We're not C programmers, so we can't confirm if it was FreeRADIUS recording wrong information, or the Cisco sending wrong information(I suspect an integer overflow somewhere) but we run our user statistics from Netflow now.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-59213444831109633422012-11-16T08:29:22.130+00:002012-11-16T08:29:22.130+00:00Yes, I have been meaning to add a "kill if no...Yes, I have been meaning to add a "kill if no ack". At present we try several times, and then carry on anyway, so would mean the over usage picked up on next hour. As for graphing, the LNS makes real time graph on 100 second samples with loss, latency (min, max, ave), and tx/rx throughput.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-47167128649318342582012-11-16T07:04:23.871+00:002012-11-16T07:04:23.871+00:00Your way is clearly less demanding with with radiu...Your way is clearly less demanding with with radius, and as radius is UDP, less prone to issues in case of networking issue. That said, some implementation do kill the L2TP session if the accounting packet is not acked, so you can be sure the billing never missed - stable connection, correct billing, packet loss, pick two :)<br />We use 5 minutes sampling as we are collecting the information and then generating per DSL usage graphs our customers can consult through our portal. Have a good week-end (if you are not working :D) see you Monday.Thomas Manginhttps://www.blogger.com/profile/15136500997642323308noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-21700241659036798432012-11-15T19:03:01.630+00:002012-11-15T19:03:01.630+00:00Yeh, we have POD and COA support, but run RADIUS o...Yeh, we have POD and COA support, but run RADIUS on the hours (snapshot exactly on the hour, which is nice). We could do every 5 mins, but not really a need, especially now we have this set up... Useful feedback though Thomas. We can do 5 min RADIUS if a customer wants an LNS that does that, obviously - this is neater :-)RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-88834877351901093352012-11-15T18:37:14.920+00:002012-11-15T18:37:14.920+00:00To limit sessions, we use Radius POD (packet of di...To limit sessions, we use Radius POD (packet of disconnect). Each time we get an accounting update - every 5 minutes, we check to see if the customer has reached his transfer limit and if so, we send a packet to the LNS.<br /><br />We have our own radius server (as everyone should) but if you do not have a look at Radiator which may perhaps be extended with some perl in its configuration file to do something similar.<br /><br />The advantage is that it is a cross vendor solution.Thomas Manginhttps://www.blogger.com/profile/15136500997642323308noreply@blogger.com