Friday, September 01, 2006

Colubris not playing the game

Many people who operate 'with' the Internet, such as the poor individuals who slave away in the background to make sure you can read this blog, know of and generally abide by RFCs.

An RFC is a 'Request For Comment'. The wikipedia definition is as follows:

In computer network engineering, Request for Comments (RFC) documents are a series of memoranda encompassing new research, innovations, and methodologies applicable to Internet technologies.
Wikipedia

These RFCs assure a level of interoperability which is what makes the Internet tick. If two entities do not know how to communicate you can be assured that nothing will be achieved. RFCs offer a way for two entities to learn how to communicate with each other. Its comparable to a language dictionary.

With that in mind imagine how surprised I was when I discovered that a these Colubris CN3200 Access Controllers I'm playing with do NOT abide by the applicable RFCs. They do something that is very sinister and anti-competitive to say the least.

What they have done is alternated the values sent back to the RADIUS. "So" you might say? These two values are AcctInputOctets and AcctOutputOctets (same for packets, but that doesn't bother me as much). These values are Uploads and Downloads - everything done upon the Internet involves a combination of these two activities. The particular RFC is 2866 if you're that bored.

Now I work with Cisco and Mikrotik software and hardware. Both of which abide by the appropriate RFCs thus playing by the rules. Toss in a Colubris unit and it complicates and undoes this harmony. Now I have to run up another RADIUS box with special modifications to allow me to translate the swapped values to the correct ones in my database. A waste of time and resources when they can simply do what is expected.

Their response when I queried them about this was that "99% of their customers don't have a problem". You can guess my reaction.

My suggestion to you is that if you are in the market for Hotspot Access Controllers - avoid Colurbis. They're welcome to do innovative things but voiding industry accepted practices is unnecessary.

UPDATE:
Well that was a whole lot of time and effort for nothing. I jumped through all the hoops identifying and providing all the evidence they wanted. Compared it against Cisco accounting methods and everything.

Got a call from their Australian product engineer saying "it's a matter of interpretation". He's referring to the RFC and from what perspecting the accounting to be taken. I guess Cisco isn't a good enough de-facto standard.

They're going to try and put it through as a 'product enhancement request' but there has to be a valid business case behind it - and apparently mine isn't particularly valid - bearing the fact that data usage is what costs money in Australia, not time.

My suggestion at this stage - DO NOT USE COLUBRIS if you wish to run multiple brands of NASs with data based accounting.

FreeRADIUS Debug Output:

Output from FreeRADIUS Debug:

Cisco Router:

rad_recv: Accounting-Request packet from host 10.2.1.160:1646, id=9, length=138
NAS-IP-Address = 10.2.1.160
NAS-Port = 4294967287
NAS-Port-Type = Virtual
User-Name = "bjohns@accessezy"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000003"
Framed-Protocol = PPP
Framed-IP-Address = 10.2.70.102
Acct-Terminate-Cause = User-Request
Acct-Input-Octets = 44538
Acct-Output-Octets = 276365
Acct-Input-Packets = 265
Acct-Output-Packets = 320
Acct-Session-Time = 61
Acct-Delay-Time = 0


Colubris CN3200 (4.1.1):

rad_recv: Accounting-Request packet from host 192.168.129.221:32770, id=181, length=219
User-Name = "bjohns@accessezy"
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "R039-00443"
NAS-IP-Address = 192.168.129.221
Acct-Status-Type = Stop
Calling-Station-Id = "00-0B-DB-1A-F7-77"
Called-Station-Id = "00-03-52-02-98-DF"
Event-Timestamp = "Sep 13 2006 04:03:39 UTC"
Acct-Delay-Time = 0
Acct-Session-Id = "171fbc13"
Acct-Authentic = RADIUS
Acct-Session-Time = 29
Acct-Input-Octets = 218357
Acct-Input-Gigawords = 0
Acct-Input-Packets = 286
Acct-Output-Octets = 34912
Acct-Output-Gigawords = 0
Acct-Output-Packets = 212
Acct-Terminate-Cause = User-Request
Framed-IP-Address = 192.168.1.2
WISPr-Location-Name = "Colubris Networks"

No comments: