On 3.2.2023 18.09, Garret Peirce via radiator wrote:
I'm looking at this feature and I was curious if the MaxRateResult uses
an OR between MaxRates 1 and 2 or an AND ? The goodies file seems to
indicate it's an OR.
The two run one after another. Something like this:
Policer 1 measures its traffic
If number of requests within window > MaxRate1
return MaxRateResult
Then policer 2 measures its traffic
If number of requests within window > MaxRate2
return MaxRateResult
Therefore I'd say the answer is OR; if one or the other exceeds, then
MaxRateResult is returned.
I desire to rate limit requests from a given Calling-Station to an
individual Client to (ex.) 10 requests in 10 seconds.
I think with the config below no end user (Calling-Station-Id) can send
more than 10 req/s and if there are, for example, two end users
connected to the same NAS (<Client ...> Identifier), only 10 req/s are
allowed from the NAS and the end users together can't exceed the per NAS
limit.
Hopefully this clarifies the behaviour. Please let us know how it works.
ex.
<AuthBy RATELIMITSOURCE>
Identifier auth-ratelimitsource
# Policer1
SourceKey1 %{Request:Calling-Station-Id}
MaxRate1 10
Policer1_Size 1
TimeWindow1 10
# Policer2
SourceKey2 %{Client:Identifier}
MaxRate2 10
Policer2_Size 1
TimeWindow2 10
# Result to use when MaxRate1 or MaxRate2 is exceeded
MaxRateResult REJECT
</AuthBy>
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
