Table of Contents
Updated by Alex Moore
To control (rate-limit) the speed of a CPE device on your network edge, you will first require an active RADIUS server that is configured to provide AAA services to your network. If you haven't done so yet, please follow this link to learn how to configure a RADIUS server for use with Sonar.
To effectively manage your network edge policies, Sonar uses RADIUS groups that aggregate user accounts, device types and account statuses with custom RADIUS attributes and or Vendor Specific Attributes (VSAs).
You can find an article here about configuring RADIUS groups for generic uses. This article will show the example of rate limiting for different data services.
The examples below are specific to MikroTik devices, they use different RADIUS attributes to rate limit compared to other vendors. Please look up your vendor specific attributes for whichever vendors NAS device or appliance you will be using.
Be sure to set your Change Of Authority settings in your RADIUS / Sonar configuration in order to propagate delinquency rules appropriately.
Rate Limiting Based on Data Service
Scenario: Your ISP sells different internet packages, and you want to apply different rate limits with RADIUS policies for customers with a particular package.
Please refer to this article for building your desired data services, once you're services are defined follow the rest of the instructions here to apply RADIUS based rate limits.
For our example, we will use a data service named Gold Internet
- Navigate to Settings > Networking > RADIUS, and click on the CREATE button.
- Give the group an appropriate name, in our example we'll use 'Gold Internet Rate Limit'
- Assign a priority to the group, in the event multiple policies apply that might conflict, the lower priority number will take precedence.
- Ensure Fall through is enabled to continue processing rules after evaluation.
- Set the Account Status to 'All account statuses'.
- Set Delinquency to 'Current' as the rate limit will typically only apply to accounts in good standing.
- Select the data service to apply the RADIUS Group to, in our case, Gold Internet Data.
- Click the 'CREATE' button to create the new policy.
Now that the policy is created, we will need to specify the appropriate rate limiting property for your NAS device, you will need to look up your vendors particular attributes as they're not standardized. For the sake of our example we will tailor it to a MikroTik NAS.
- Click the 'Create RADIUS Group Reply Attribute' for the new group.
- Set the name to your vendors rate-limiting attribute (google your vendors RADIUS VSA's for a dictionary of supported attributes for your NAS). In our case, it's rx-rate
- Set the operator to =, consult this document for more information of FreeRADIUS operators.
- Set the value to the desired limited bit rate (in bits/sec). Consult your vendor documentation for formatting.
- Click the Create button.
Sonar will apply the policy immediately to the defined data services package.
Example Attributes by Vendor
Below is a short list of Vendors and their default rate shaping attribute names:
in bits/sec, or append k or m
lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop
The three sets of numbers are bps, burst-normal, burst-max.