Re: IP Accounting and 2.4

To: Russell Coker <russell@coker.com.au>
Cc: "Chad C. Walstrom" <chewie@wookimus.net>, debian-isp@lists.debian.org
Subject: Re: IP Accounting and 2.4
From: "Chad C. Walstrom" <chewie@wookimus.net>
Date: Thu, 5 Jul 2001 11:53:12 -0500
Message-id: <[🔎] 20010705115312.D29967@wookimus.net>
Mail-followup-to: "Chad C. Walstrom" <chewie@wookimus.net>, Russell Coker <russell@coker.com.au>, debian-isp@lists.debian.org
In-reply-to: <[🔎] 20010705145845.63D485533@lyta.coker.com.au>

On Thu, Jul 05, 2001 at 04:58:45PM +0200, Russell Coker wrote:
> Sounds like you wrote your own mgetty type program to do it.  I did
> the same in 1997 and am still in the process of migrating the
> clients who use it to Portslave...

No.  You didn't read between the lines.  Not all of our customers use
dialup/isdn.  Not all of our customers have the ability to
authenticate against the current Livingston RADIUS server.  End of
sentance.

> Why develop a new RADIUS server when the Cistron one is quite good
> and the FreeRADIUS project will be even better when they fix the
> last few bugs.

You misunderstand me.  If we need to use a RADIUS server, believe you
me, I won't reinvent the wheel.

> Also a kernel-space RADIUS server makes no sense.  On a network with
> 500,000 users you still only get about 400 RADIUS packets per second
> which is not enough to need a kernel version.

If I understand this correctly, Cisco routers provide accounting
packets.  They do not run RADIUS servers.  RADIUS servers run on
servers; they authenticate and collect data.  If my Linux router is
not a server, or acting as one, why would it be a bad thing to provide
the same features as a Cisco router, i.e. sending account/RADIUS
packets to a radius server?  We've got so many hacks to do IP
accounting for Linux to fill an obvious need, why not standardize?

Please understand this: we cannot use RADIUS for all of our users.  We
could care less what the dialup users do for bandwidth consumption.
The limits of a dialup connection alone are sufficient for bandwidth
limitation.  The only viable solution to cover those clients we really
care about is for IP accounting on the core router.  End of problem
domain.  Association of byte counts of IP addresses to user accounts
will be resolved at the database level.  Collection of bandwidth
useage data is what is important here.  How it's done is limited to
the Linux kernel in one way or another: iptables, iptables+userspace
daemon, ethernet tap device (ntop) + MySQL/Postgresql database
storage, etc.

-- 
Chad Walstrom <chewie@wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD

Attachment: pgpK3gyoOP0hz.pgp
Description: PGP signature

Reply to:

References:
- Re: IP Accounting and 2.4
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: IP Accounting and 2.4
Next by Date: Debian: PAM LDAP + OpenLDAP 2.x solution
Previous by thread: Re: IP Accounting and 2.4
Next by thread: Re: IP Accounting and 2.4
Index(es):
- Date
- Thread