Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| radius:rad_fup [2024/02/12 21:47] – created system | radius:rad_fup [2024/02/13 15:20] (current) – system | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| * [[: | * [[: | ||
| </ | </ | ||
| + | |||
| + | ====== Fair Usage Policy (FUP) ====== | ||
| + | ===== Introduction ===== | ||
| + | * As of January 2023, RADIUSdesk now includes a powerful FUP package. | ||
| + | * In collaboration with our customers, we have developed an innovative and flexible implementation that packs a punch. | ||
| + | * This document first discusses the various FUP requirements that are met with this implementation. | ||
| + | * Then we will create a practical FUP profile. | ||
| + | * Finally, we will show you where you can tweak things if necessary for your specific environment or implementation. | ||
| + | |||
| + | ===== FUP implementation ===== | ||
| + | * In South Africa some of the major ISPs implement multiple layers of service for their FUP. | ||
| + | * Bandwidth is reduced when a certain amount of data is consumed over the course of a month. | ||
| + | * A further bandwidth reduction occurs when a second data usage milestone is reached. | ||
| + | * Finally, when a third milestone is reached, bandwidth is throttled to a trickle. | ||
| + | * When the new month begins, everything reverts back to normal speed. | ||
| + | * Another requirement is the ability to assign an IP pool to a specific service level. | ||
| + | * This is typically the case with ISPs that use Mikrotik PPPoE servers. | ||
| + | * For example, there is a Premium IP Pool and a Best Effort IP Pool. | ||
| + | * A user starts in the premium IP pool up to the point where their specified FUP is triggered. | ||
| + | * After that, they are moved to the best-effort IP pool. | ||
| + | * Communities using RADIUSdesk wanted to provide more bandwidth to their users between midnight and 7am, as uplink utilization is very low during this time, which can promote more even usage. | ||
| + | * With these various requirements in mind we formulated the FUP package in RADIUSdesk. | ||
| + | |||
| + | ===== Practical FUP profiles ===== | ||
| + | * To configure the FUP part of a profile, go to **RADIUS** -> **Profiles**. | ||
| + | * The editing option of a profile contains **FUP**. | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * There are two sections for a FUP based profile. | ||
| + | * The first section specifies the base speed if no restrictions are imposed. | ||
| + | * The second section contains a list of the FUP restriction components to be applied. | ||
| + | |||
| + | ==== Base speed limit - No restrictions imposed | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | |||
| + | ==== FUP Components to be applied ==== | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * In the screenshot above we see two stage throttling. | ||
| + | * When the user's total usage reaches 100Gb, we halve their bandwidth. (reduction to 50Mb/s) | ||
| + | * If the user then reaches 200Gb usage, we reduce their bandwidth further. (reduce to 25Mb/s) | ||
| + | * The FUP component is made up of the following elements. | ||
| + | * Descriptive name. | ||
| + | * **If condition**. Options include **Time of day**, **Daily usage**, **Weekly usage**, **Monthly usage**. | ||
| + | * For **Time of day** there is a start time and an end time. | ||
| + | * For **data usage** there is a data amount. | ||
| + | * **Action**. When the trigger is reached, we can **block the data traffic**, **decrease the speed** or **increase the speed**. | ||
| + | * An optional IP pool to be used when the component is triggered. | ||
| + | * You can combine different types of FUP components. | ||
| + | * The logic it applies uses the following rules. | ||
| + | * Blocking traffic has priority. | ||
| + | * Components that reduce the speed use the slowest (largest percentage reduction) | ||
| + | * Components that increase the speed use the slowest (smallest percentage increase) | ||
| + | * This essentially means that the strictest action of the component is applied. | ||
| + | |||
| + | ===== Important points on FUP ===== | ||
| + | * For FUP to work correctly, two important points must be present and working. | ||
| + | ==== Timezone setting on RADIUS Client ==== | ||
| + | * To determine the exact start of the day, week or month, the time zone in which a RADIUS client is used must be specified. | ||
| + | * If this is not the case, it will fall back on the time zone to which the RADIUSdesk installation is set. | ||
| + | |||
| + | ==== Ability to disconnect a RADIUS user from RADIUSdesk ==== | ||
| + | * In order for the system to recognize and activate an FUP restriction, | ||
| + | * The RADIUS client should then re-authenticate the client to which the restriction is to be applied. (This is the standard procedure for PPPoE connections) | ||
| + | |||
| + | ===== Nuts and bolts of FUP ===== | ||
| + | * This section is intended for readers who would like to know how everything works and fits together. | ||
| + | * When you use the FUP editor for a RADIUS profile, a few things happen behind the scenes. | ||
| + | * The system creates a profile component with a naming convention that starts with **FupAdd_< | ||
| + | * This Profile Component contains one or more of the following FreeRADIUS custom check attributes. | ||
| + | <code bash> | ||
| + | ATTRIBUTE Rd-Fup-Bw-Up | ||
| + | ATTRIBUTE Rd-Fup-Bw-Down | ||
| + | ATTRIBUTE Rd-Fup-Comp-Count | ||
| + | ATTRIBUTE Rd-Fup-Profile-Id | ||
| + | ATTRIBUTE Rd-Fup-Burst-Limit | ||
| + | ATTRIBUTE Rd-Fup-Burst-Time | ||
| + | ATTRIBUTE Rd-Fup-Burst-Threshold 3172 integer | ||
| + | ATTRIBUTE Rd-Fup-Ip-Pool | ||
| + | </ | ||
| + | * FreeRADIUS is configured to use a combination of unlang and a Perl module to formulate the response to an access request that a RADIUS client sends to the FreeRADIUS server. | ||
| + | * The Perl module searches for all entries in the DB table **profile_fup_components** that are linked to the RADIUS profile. | ||
| + | * It then attempts to determine which restriction, | ||
| + | * The Perl module can be found in /// | ||
| + | * It establishes a connection to the database and the login information with which the connection to the database is to be established is also specified in this file. | ||
| + | * If there is an FBD component that is to be applied to a user, we record it in the **applied_fup_components** table. | ||
| + | * We then run a cron **script cd / | ||
| + | * If they are different, we send a disconnect request to all RADIUS clients for that username (all RADIUS clients the user might be connected to) | ||
| + | * This should initiate a re-authentication that synchronizes the applied FBD component with the current active FBD component. | ||
| + | |||
| + | |||