For Ubiquiti Unifi APs, is there a radius attribute that terminates the session when the set accounting quote is reached? I am want to use it for wireless clients, not hotspot or ppoe. Something like Mikrotik-Recv-Limit.
For example, a wireless network user is given 10 G a month. If the quota is reached, Unifi AP will terminate the session.
My current implementation is to set the session timeout to 1 hour. Check the quota when the session authenticates. If the quota is reached, do not authorise connection.
Jake He
I guess, you need to have a customized RADIUS server which can do that. since there are no such RADIUS attributes available you either need to send Session-Timeout to your NAS (Network Access Server) once the user reaches quota or disconnect using CoA (Change of Authorization).
Related
What is difference of Deliver from, Input Stream Vs RAM on Solace Appliance under Queue Client Flow Information ?
What is difference between Status Update, Not Requested vs Synchronized on Solace Appliance under Queue Client Flow Information ?
When Guaranteed messages are being delivered to the client immediately after being spooled, the egress flow is in the delivered from ‘input stream’ state. If the client cannot receive the message right away, the guaranteed messages are delivered once the client is ready, thus requiring further processing. The egress flow shows either delivered from ‘RAM’ or ‘ADB or disk’ in this case.
The Status Updates field indicates whether a client is up to date with the state of the flow if the client has requested 'Active Flow Indication'. A value of "Not Requested" means that the 'Active Flow Indication' property is disabled for that particular flow. A value of "Synchronized" means that the client has the 'Active Flow Indication' property enabled and the client is up-to-date with the state of the flow.
Currently, I pushed 600 message to Solace. And then tried subscribe all the messages. But it is retrieving 264 messages within 2.8 seconds. So my question is this default time-out of Session
I am looking for default time-out of session or how many messages we can get at a time.
It looks like you are using Direct Messaging and are hitting the rate limits of your system. There will be lost messages when your system cannot send or receive fast enough.
What are the size of your messages? For a saturated 1Gbps link, your message size would be something like
1000 * 1000 * 1000 / 8 / (264/2.8) / 1024 ≈ 1.2KB
If you are using PERSISTENT delivery mode for sending messages and receiving them with an endpoint, there would not be any lost messages. You can refer to the tutorial on Guaranteed Messaging
http://dev.solacesystems.com/docs/core-concepts/#message-delivery-modes, especially on message promotion and demotion. If you're using JMS, having the direct-transport property set to "true" and default-delivery-mode property set to "non-persistent" will result in DIRECT delivery mode.
There are keep-alive mechanisms on both sides of the appliance and the API layer, where the default interval is 3 seconds. This prevents connection breaks even when there were no messages. Reconnection happens automatically at API, if set. These reconnect, keepalive settings can be found both in the client-profile or JMS Connection Factory (appliance side) and the API side. See
https://sftp.solacesystems.com/Portal_Docs/Solace_Messaging_APIs_Developer_Guide/Creating_Client_Sessions.html#ww649852
https://sftp.solacesystems.com/Portal_Docs/SolAdmin_User_Guide/Configuring_Clients.html#ww1053564
https://sftp.solacesystems.com/Portal_Docs/Solace_Messaging_APIs_Developer_Guide/Creating_Client_Sessions.html#ww596947
There is no "max messages per session" or similar setting. That simply doesn't make sense.
My main question is how to detect the application termination by the end user when it was in the background (Suspended) to be able to send logout request to the server ?
We already have a timeout interval in the server to kill the session, but assume that the interval is 5 minutes so this means that the session will be alive for 5 minutes after the user terminated the app and anyone can sniff on the data and reuse it.
Notes:
We use HTTPS connection and SSL Certificate Pining.
We also implemented a heartbeat web service to be called by client app every fixed interval to tell the server to keep the session alive for this interval, if this web service didn't call for specific session, the server will kill this session.
Once your app is suspended you don't get any further notice before you are terminated. There is no way to do what you want.
Plus, the user could suspend your app to do something else (like play a game) and then not go back to your app for DAYS.
If you want to log out when the user leaves your app, do it on the willBeSuspended message. Ask for more background time and send a logout right then and there.
Mohamed Amer,
Here is an approach used by Quickblox Server and I feel its pretty much solid though it involves a little overhead.
Once the client application (either iOS android) establishes the session with quickblox server, quickblox server expects the client application to send the presence information to server after a regular interval continuously.
Sending the presense information is pretty much simple. They have written a api which we keep hitting after a interval of 5 mins with session id that we have. They validate the session id and once found valid they will extend the expiration time for the user ascociated with that id for 5 mins more.
What they will do I believe is that,
Approach 1 : they maintain the last hit time and for all the subsequesnt request they check if the request time is within the the time frame of 5 min if yes simply process it. If the request comes after 5 min they will delete the session id for the user and respond saying you have timeout the session.
Approach 2 : Because they provide online and offline info as well they cant simply depend on the incoming request to delete the session id from server so they probably create a background thread which swipes over the db to find the entry with last hit time greater then 5 min and removes it from DB. and declares the user session expired.
Though this involves client apps continously hitting the server and increases the burden on the server for the app like chat application in which presense information is so vital this overhead is still fine i believe.
Hope I have provided you with some idea at least :)
My application is communicating with a service. The service provides user login , registration , update functionality (IAM Service) . Since, this feature is critical & we don't want to impact user performance, we set the timeout 500 millisec, considering the fact that both my application & the IAM service are in the same data center.
On analysis, we found that the IAM service on an average takes 10 - 12 millisecs & my application which simply sends the request takes 1 - 2 millisecs. Also, it does not happen for every request, just a few request.
The network engineer says the network is good & there are no leaks.
Request your inputs to understand, how should I proceed to analyze the root cause to recognize which component is taking time.
Make sure the Application and the Service are synchronized (have the same time stamp)
Log the Time stamp of request being sent by the App
Observe the time stamp when the request hits the wire
Log the Time stamp when the Request is being received by the Service
Log the time stamp when the Service sends out the response
Observe the time stamp when the response hits the wire
Log the time stamp when the app receives the response
The next time the timeout occurs - check the log to find out which two laterally adjacent time stamps have a difference of more than the 500ms. Now once you have the profiled information - focus on the particular segment that causes the timeout.
I was wondering if someone could help clear something up for me.
I am currently using Freeradius with a Cisco NAS. I have control fo the free Radius, but I do not have control of the Cisco.
I am noticing that when a user reboots their equipment, a termination message is sent to FreeRadius/the Nas to release the IP and kill the connection. This seems to be working as expected and the next client can simply pick up this IP. However, should a user simply unplug their equipment or have a power cut, this termination message is never sent and effectively we have an IP allocated to a dead user. Obviously if we had say 300 IPs and 250 people, if they all had power cuts, only 50 would be able to get back online as the other 250 Ips are currently allocated albeit not in use.
Can someone tell me where I can locate the settings to specify when to release an IP if the user is idle or where the attribute needs to be specified, ie check every 2 minutes and if the user is idle, disconnect their session and release the IP for the next user.
There's nothing bundled with FreeRADIUS to do this. The recommended way to perform dead session detection is to record the interval between accounting start/accounting interval packets, and to turn on interim updates on the NAS.
If the session goes stale (no interims received) then the radclient binary can be used to send a fake accounting stop to close out the session.
If your NAS supports Session-Timeout and Idle-Timeout you can return those, but it doesn't help in the case of a power failure that takes out the NAS as well.