wiki

CoovaChilli RADIUS

Introduction

CoovaChilli uses RADIUS to provision access and to provide accounting.

Direction of Input and Output

The original ChilliSpot defined input and output as being data uploaded and downloaded by the client respectively. CoovaChilli, however, uses the reverse meaning (per default) making it more compatible with some other commercial access controllers.

In RFC 2866, it says:

Acct-Input-Octets: This attribute indicates how many octets have been received from the port over the course of this service being provided.
Acct-Output-Octets: This attribute indicates how many octets have been sent to the port in the course of delivering this service.

However, this is not very conclusive as it depends on what side of the port you are referring to. In the manual for a popular commercial access controller, is says:

Acct-Input-Octets: Number of octets/bytes received by the customer.
Acct-Output-Octets: Number of octets/bytes sent by the customer.

This is the definition adopted by CoovaChilli - one of the very first changes made to ChilliSpot, for use with back-end systems also supporting commercial access controllers. See Vendor Accounting Practices below for more information.

For backward compatibility, use the chilli option swapoctets to toggle back to the original meanings of input and output.

Access Provisioning

The following RADIUS attributes are used to place limits on a session authorized by a RADIUS Access-Accept response:

Session-Timeout = seconds: Standard RADIUS attribute (defined in RFC 2865) for setting the maximum session timeout. The user is logged out after this amount of time; session duration. Also see the defsessiontimeout option in chilli.conf(5).

Idle-Timeout = seconds: Standard RADIUS attribute (defined in RFC 2865) for setting the maximum idle timeout. The user is logged out after this amount of time of inactivity (no traffic). Also see the defidletimeout option in chilli.conf(5).

Acct-Interim-Interval = seconds: Standard RADIUS attributes (defined in RFC 2869) for setting the accounting interim update interval - the rate at which accounting update packets are sent. Also see the definteriminterval option in chilli.conf(5).

ChilliSpot-Max-Input-Octets = bytes ChilliSpot-Max-Output-Octets = bytes ChilliSpot-Max-Total-Octets = bytes: Chilli vendor specific attributes for setting the max in, out, or total bytes transferred for the session. See above for the meaning of input and output.

WISPr-Bandwidth-Max-Up = bits/second WISPr-Bandwidth-Max-Down = bits/second: WISPr vendor specific attributes for setting the maximum bandwidth rate in bits per second.

ChilliSpot-Bandwidth-Max-Up = kbits/second ChilliSpot-Bandwidth-Max-Down = kbits/second: Chilli vendor specific attributes for setting the maximum bandwidth rate in kbits per second. Internally, chilli multiplies this value by 1000 in converting to bits per second.

In all cases, the ChilliSpot vendor specific attributes override WISPr attribute values. However, using the WISPr attributes is perhaps the more standard way to go.

Session Accounting

In RADIUS Accounting, the following attributes are used to report session statistics:

Acct-Session-Time = seconds: Duration of session in seconds.

Acct-Input-Octets = bytes Acct-Output-Octets = bytes: The lower 32-bit value of the number of bytes of input and output (see above for a discussion of the meaning of input vs. output).

Acct-Input-Gigawords = gigawords Acct-Output-Gigawords = gigawords: The upper 32-bit value of the number of bytes of input and output; or how many times the above attributes have rolled-over the 32-bit value.

Acct-Input-Packets = num-packets Acct-Output-Packets = num-packets: The number of packets carrying input or output octets.

RADIUS Attributes

RADIUS Servers

Notes for FreeRADIUS

Vendor Accounting Practices

Vendor	Perspective	Notes
Bluesocket	Client
ChilliSpot	AC
Cisco	AC
Colubris	Client
CoovaChilli	Client	Reversible with option swapoctets
Gemtek	Client	Reversible with option Reverse Accounting set to enabled
Hostapd	AC ?
HP ProCurve	Client ?
LANCOM	Client ?
Nomadix	Client

Perspectives:

AC: Input is data from the Client to the NAS, and Output is data to the Client from the NAS
Client *: Input is data from the NAS to the Client, and Output is data to the NAS from the Client

Notes:

RFC 2866: The RADIUS Accounting RFC states that Acct-Input-Octets indicates how many octets have been received from the port over the course of this service being provided - Although not very clearly stated, port should be seen from the point of view of the AC/NAS, not the Client (* those with the Client perspective are not RFC compliant).
RFC 4005: The Diameter NAS Application RFC states that Accounting-Input-Octets contains the number of octets received from the user which also (and perhaps more clearly) takes the point of view of the AC/NAS. In some early drafts, there was a mistake where it said this attribute contains the number of octets in IP packets received by the user.
GSM WLAN Roaming Guidelines: This document defines Acct-Input-Octets as the volume of the downstream traffic of the user - not very clear in the meaning, but seems to suggest the Client point of view.
3GPP TS 29.234: This document defines Acct-Input-Octets as "the number of octets sent by the WLAN UE over the course of the session. According to IETF RFC 2866"
IETF Opinions: In the RFC 2866 clarifications thread

Related RFCs

Supported, at least partially:

RFC 2865 - Remote Authentication Dial In User Service (RADIUS)
RFC 2866 - RADIUS Accounting
RFC 2869 - RADIUS Extensions
RFC 3576 - Dynamic Authorization Extensions to RADIUS

Others of interest:

RFC 3162 - RADIUS and IPv6
RFC 3580 - IEEE 802.1X RADIUS Usage Guidelines
RFC 4372 - Chargeable User Identity
RFC 4675 - RADIUS Attributes for Virtual LAN and Priority Support
RFC 4849 - RADIUS Filter Rule Attribute

Search >>

This page has been accessed 7,133 times. This page was last modified 09:09, 19 June 2008.