Page 1 of 1

*Smarter* Bandwidth Control and Accounting

Posted: Thu Sep 28, 2006 6:10 pm
by smacebr
Current enviroment:

We are using Mikrotik radius accounting to identify non-profitable heavy-users and for charging extra traffic. And Radius Rate-Limit parameter to bandwith control the user.

Current problems:

Local traffic is accounted and controlled as it was internet traffic. Even one connection between two users in the same router is bandwith controlled as it was made thought internet. Remember we've diferent costs between internet and local traffic. and offering a higher speed at local traffic is also one interesting tool to attract new customers. and in some cases it is even necessary for example:

The police here has several cameras around the city using our network to have access to it. To have access in real time to those cameras their speed must be faster than we normaly allow for internet traffic, one diferent speed for local traffic is need.

Atm we are packet marking it but it is confusing and complicated and is not working as expected. Before using Mikrotik we were using Linux servers that allowed FAST local traffic and SLOW internet.

It was interesting once the user could share one CD with one neighbor, once our local network is fast enought for allowing higher speeds, it has added value to the company for the time it worked that way. After installed Mk we've lost this "feature" and had a lot of complain from our users.

We keep some game servers and storage servers in the network, and some Lan Houses uses it a lot, and also generates a lot of traffic thought it. The radius accounting shows that these lan houses transfers 50gb/month. For what they pay they are not profitable and is also a very boring user to keep (for free). We want to charge them extra traffic, the point is, they do not agree to pay for the local traffic for the game servers or even storage servers. The point is mikrotik only allow not accouting local traffic for the same router. One router in local network that is just 2 hops in ETHERNET network is considered FOREIGN traffic.

Another problem we have is that the access to these storage servers should be faster than the default speed limit (once it is local). Is not acceptable taking hours to make one upload to these server, once we have a LOT of extra band there. I had to allow our webmaster one 1024kbits account just because of it. My fear is that my webmaster starts one download from internet, I've awarned him, but anyway, this kind of STUPID FIXED bandwidth control is not acceptable anymore. We need better solutions for now. If we could differ the max speed and accouting by DESTINY AREAS (areas=a group of networks) would be a nice solution.

We have a lot of free internet link from 00 to 7am. Would be interesting to incentivate the use of this band to downloads at this time. All P2P users would leave their pcs on thought the night and during the day would not bother us so much. Once the downloads thought the night would be much more efficient. But for doing this we must be able to allow diferent speeds thought the time.

I've seen one interesting resource in another comercial software that allow users to have higher speed if there is free link. It is done this way: The software gets the SNMP from the router each 5min and knows how is the availability of the link. And then it changes the speed of users to over or less. So the speed may flutuate according to it's avaiability. It works like the ADSL does here.

These features I am proposing here is already present in other comercial softwares made for ISP like ISPAdmin, MyAuth etc.

Maybe making a LOT of hacks will be possible to have everything above working, but we need one simplified way of doing it with one centralized database making our life easier. The idea of having manually access to routers and to make a lot of hacks on it for each user we add is really awfull, it starts to get confusing, and things starts to go wrong. We need one professional way of doing it. Mikrotik is professional, so we should expect professional solutions from it.

I'm sorry for any mistakes I may have made but I just want Mikrotik to be the best for we all!

Any extra comments? :-)

Posted: Thu Sep 28, 2006 6:26 pm
by jp
perhaps you should count and manage your internet traffic to/from subscribers one hop closer to the internet/ one hop further from the customers, so their local traffic won't affect that. Not sure how radius would work with that though.

Posted: Thu Sep 28, 2006 7:06 pm
by smacebr

I've thinked about it all. But it would require one linux/fbsd server with a lot of custom configuration. And I would like to avoid this kind of server. We should keep things simple. MK is simple. Would be great if MK could work on it and make our lifer much easier. It is not that hard implementing. I could make it but MK is closed. So we must only wait .. or change :-(

Posted: Fri Sep 29, 2006 3:52 pm
by pedja
I guesss your users connect using pppoe/pptp? If that is the case, then MT sets traffic limits using queues targeted on vpn connection and that affects all traffic coming from your user.

Solution would be that MT alows creating queue for user account but not targeted to vpn connection, but to WAN interface.

Posted: Fri Dec 08, 2006 6:04 pm
by gideono
I haven't looked into the traffic limiting issue. But I think excluding their local
traffic from the pppoe / pptp session is a big problem which I am trying to solve
aswell. As I need to provide free access to some of my users for local traffic
aswell as certain destinations.

Posted: Fri Dec 08, 2006 6:48 pm
by titius
maybe address lists can help

!addresslist mark packet

Posted: Sat Dec 09, 2006 12:41 am
by bjohns
I am faced with the same issue.

It would be nice to have the ability to remove accounting for certain source/destination addresses before it gets sent to the radius server.

Currently my option is to use Netflow/cgi to pull all the accounting data off the router, add up all the free traffic per user and then add that back onto the accounts. This isn't the best solution as it adds delay to the accounting - a user could use up their quota and then a period of time later have quota again when the free traffic is added back on.

Alternatively users can simply not connect to the hotspot/pppoe service to use local services but what if they're using a broadband router?

Posted: Wed Dec 13, 2006 11:44 am
by gideono
Does anyone know where the radius actually gets its accounting data from ?

Is it from the pppoe interface byte counters or from a dynamic firewall rule ?