> Bullshit it is simple. You need to look at it from our side - we have
> all kinds of users with very wide ranges of scalability needs.
> Every patch out there that I have seen has major failure modes. How do
> you address having more than one RADIUS server when it falls over?
1. Distributed shared database. (kinda like the radius concept?)
> What
> about when the PM reboots?
2. delete from table utmp where host = 'crashed host'
(already running at my site). Smart bumper program also knows
how to handle this.
> What about when a RADIUS sever crashes?
3. Good point. I have implemented a 'loadup' that rebuilds the
database by querying the running NAS's. I could add this to the /etc/rc
of each radius server, but I won't bother just yet. Since my radius
servers have each both been up over 100 days now, I don't think it's a
huge issue.
> What
> about network outages or blocks?
4. Smart bumper program runs external to the radius server. If the network is
blocked, the user's not going anywhere anyway (can't log in). In any
case, it doesn't have to be "perfect". It can be a little loose, as
long as it never kills the current login session. Perfection is not
required, just pretty good detection and deterrance.
> How does it scale to large users with
> hundreds of PMs and several RADIUS servers?
5. Ought to scale well. Since it's a shared network database. How many
of these 'huge' users do you have anyway? The largest providers in the
northwest (7 - 10K users) have 'only' 45 PM's. (500 - 1000 lines).
An mSQL query in a database of 1000 is still a sub-second response.
Sorting and checking for dups takes about 5 seconds (on a slow box).
That's good enough for me. When/if i get to 100 NAS's, I'll probably
rewrite mSQL to be faster, or change the database backend altogether.
> So why aren't you billing them for each simultaneous login? Can be easily
> done right now with stock RADIUS and many other sites are doing this.
Really. In a competitive flat-rate environment? If we charged by the hour
this would not even be an issue. Here in Seattle, there is 1, count 'em 1
hourly provider (of about 70).
> 'Unlimited use' doesn't mean 'login as many times as you like' - put it
> right in the contract and start billing.
It is in the contract. Tell me how to detect and bill it in a flat rate
environment, using radius.
> You might be surprised at how
> fast people change their passwords when they get huge bills. And if they
> don't pay they're deadbeats and you shut off access.
I come to Livingston for reliable equipment, not business advice. I'll
decide how to run my business, thank you.
The features have taken about 6 hours of my time so far. And yes, I am
a professional software developer (one of my many hats).
Later,
-----------------------------------------------------------------------------
Joe Portman - Alternate Access Inc. Affordable, Reliable Internet
baron@aa.net Seattle: (206) 443-3408 Seattle: (206) 777-7777
Tacoma: (206) 927-6010 Federal Way: (206) 838-8457
Bellevue: (206) 455-8414 Olympia: (360) 458-7279
Enumclaw: (206) 862-9423 Black Diamond : (206) 288-8809
To setup your account: set modem to 8-n-1, login as "new"
For questions or support, call our voice line (206) 728-9585.
-----------------------------------------------------------------------------