Menu

YfiTechPrimeNormal

Anonymous

WARNING: THIS IS UNDER ACTIVE DEVELOPMENT!!!!

Differentiation between prime time and normal hours

Terms used

To clarify the terms used on this page

  • Prime time: This will usually be office hours when everyone is at work and Internet usage is high.
  • Normal hours: The opposite of prime time. When Internet usage is lower.

Requirement

One of our users (Muffy) had a request for the following:

  • User is only allowed Internet access for two hours during prime time.
  • User is allowed unlimited Internet access time during normal hours.

This then lead to additional requirements

  • Give a user limited bandwidth (speed) during prime time.
  • Give a user better bandwidth (speed) during normal hours.
  • Limit data usage during prime time.
  • Limit date usage during normal hours

Solution

Supported NAS devices

  • Initial support will only be for CoovaChilli.
  • There are plans to also include Mikrotik after the Beta-4 release.

Create Special FreeRADIUS dictionary attributes

  • We will start off by adding the following attributes to the /usr/local/share/freeradius/dictionary.chillispot file. 

    #YFi Prime time - Normal Time differentiation
ATTRIBUTE       Yfi-Prime-Start                         140     string
ATTRIBUTE       Yfi-Prime-End                           141     string
ATTRIBUTE       Yfi-Prime-Total-Octets                  142     integer
ATTRIBUTE       Yfi-Prime-Session                       143     integer
ATTRIBUTE       Yfi-Normal-Total-Octets                 144     integer
ATTRIBUTE       Yfi-Normal-Session                      145     integer
ATTRIBUTE       Yfi-Prime-Bandwidth-Max-Up              146     integer
ATTRIBUTE       Yfi-Normal-Bandwidth-Max-Down           148     integer
ATTRIBUTE       Yfi-Prime-Bandwidth-Max-Down            149     integer
ATTRIBUTE       Yfi-Normal-Bandwidth-Max-Up             150     integer

  • Taking the above attributes in account we can now specify per user or per profile the following:

Description
Attribute
Check/Reply
Sample Value

Start of prime time
Yfi-Prime-Start
Check
08:00

End of Prime time
Yfi-Prime-End
Check
17:00

Data usage - prime time
Yfi-Prime-Total-Octets
Check
10485760 (10Meg)

Time usage - prime time
Yfi-Prime-Session
Check
3600 (1Hour)

Data usage - normal time
Yfi-Normal-Total-Octets
Check
10485760 (10Meg)

Time usage - normal time
Yfi-Normal-Session
Check
3600 (1Hour)

Bandwidth - prime time
Yfi-Prime-Bandwidth-Max-Up and Yfi-Prime-Bandwidth-Max-Down
Check
131072 (128Kb/s)

Bandwidth - normal time
Yfi-Normal-Bandwidth-Max-Up and Yfi-Normal-Bandwidth-Max-Down
Check
131072 (128Kb/s)

Add a times SQL table

  • We add a table to the database which will keep track when a session is in prime time or normal time.
  • It will be used to measure against the check values - be it time or data based during prime time and normal time.

  • The table will be as follows 

    DROP TABLE IF EXISTS `times`;
SET @saved_cs_client     = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `times` (
  `id` bigint(21) NOT NULL auto_increment,
  `acctsessionid` varchar(64) NOT NULL default '',
  `username` varchar(64) NOT NULL default '',
  `time` bigint(20) default NULL,
  `data` bigint(20) default NULL,
  `type` enum('Prime','Normal') default 'Normal',
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;

Modify rlm_perl

  • YFi Hotspot Manager changes FreeRADIUS to use custom Perl modules when doing authentication and authorization of users.
  • It also uses Perl in conjunction with the sql module for accounting.
  • This enable us to do checks upon each accounting request received from a NAS device.

With the above in mind we can do the following:

  • Create an additional Prime.pm Perl module to be used by rlm_perl.
  • If a user has Yfi-Prime-Start and Yfi-Prime-End check attributes attached to their name Prime.pm's code will handle the authentication and authorization requests.
  • This will then verify if there are limits specified on the amount of time and/or data that can be used during a period in the day.
  • If these limits are crossed, the user will be disconnected and subsequent authentication requests will fail until the period passed.
  • (Still to finish) If there are adjustments to bandwidth to be during the start of a period, it will send the request to the NAS device to do adjustments.

Activate Prime.pm

  • To activate the above functionality you can use the /var/www/c2/yfi_cake/setup/radius/raddb.tar.gz tar file included in SVN 261 and higher.

This functionality is disabled by default, to activate it, uncomment the following in _/usr/local/etc/raddb/rlm: _

  • Include the authentication request. 

    #---- Comment out for Prime time / Normal time function ---
my $prime_return = prime_auth($username);
if ($prime_return != 1){
   $RAD_REPLY{'Reply-Message'} = "$prime_return";
   return 0;
}
#----------------------------------------------------------

  • Include the accounting request. 

    #---- Comment out for Prime time / Normal time function ---
prime_accounting(\%RAD_REQUEST);
#----------------------------------------------------------

  • Restart FreeRADIUS 

    sudo /etc/init.d/radiusd restart

Prime.pm

This section will discuss detail around the workings of Prime.pm.

Authentication Requests

  • When an authentication request comes in to FreeRADIUS, and there's Yfi-Prime-Start and Yfi-Prime-End check attributes defined for the user we handle the request.
  • Code determines if we are now in prime time or normal hours.
  • Should a defined quota for a defined period (be it prime time or normal hours) be reached, the authentication request will be rejected with accompanying feedback message.

Accounting Requests

  • This is the tricky part - Accounting request will arrive between transition times.
  • We have to determine whether a transition happened between prime-time and normal time.
  • We than have to start new calculations based on whether we are in prime time or normal time.
  • We also need to feedback info (bandwidth control) info to the NAS device if there is a difference in bandwidth specified during the transition.
  • Should a limit (for data or time ) imposed be reached (based on latest calculations from accounting request) the user needs to be disconnected from the NAS device.

Conclusion

  • (Still outstanding): Bandwidth limitations will be imposed by contacting the NAS device directly (via SSH and Key pairs)and instructing a new limitation for a period of time.
  • (Still outstanding): Change in bandwidth - if required - will be requested by the FreeRADIUS server to the NAS device.
  • When data and/or time restrictions are reached, a disconnect request will be send to the NAS device to terminate a user's connection.

Test It Out

NOTE: This is a very quick draft

The following can be used as a test to determine if the differentiation between prime time and normal time happens as intended.

  • Take a test user and add the following Personal Attributes to the user.

Attribute
Check/Reply
Typical value

Yfi-Prime-Start
Check
08:00

Yfi-Prime-End
Check
08:30

Yfi-Prime-Total-Octets
Check
10485760

Yfi-Normal-Total-Octets
Check
20485760

Then:

  • Ensure the module is activates in the authentication and accounting sections.
  • Ensure that you kick the user off using the boot icon in the activity viewer tab.
  • Start FreeRADIUS in bebug mode just after 08:00 and download something bigger than 10Meg.
  • Very soon after the 10Meg is downloaded (on the next accounting request coming in from the NAS) FreeRADIUS should tell the NAS to kick the user off.
  • Try and log in again - you should not be able to log in up until 08:30 - Thats when prime time is over.
  • Then you have from 08:30 until 00:00 the next day to consume the 20485760 bytes.
  • When the clock strikes 00:00, then new normal time begins, and you once again have 20485760 bytes to spend (as long as its not between 08:00 and 08:30).

Related

Wiki: Home