Simple solution for low cost bandwidth management

ABSTRACT


INTRODUCTION
Internet network in the current era is one of the needs of society, because the existence of the internet greatly facilitates community activities, especially in communicating, whether it's communication between individuals, or communication between organizations. The number of internet users in Indonesia, in 2017 based on data from Indonesia Internet Association Develops Platform (APJII) there were 143 million people consisting of individual users or users in organizations with details of the Java region having an amount of internet users as much as 57.70% of the total Indonesian internet users, Sumatra region as much as 19.09%, Kalimantan as much as 7.97% , Sulawesi with 6.73%, Bali-Nusra with 5.63% and Maluku-Papua with 2.49% [1]. Other data from APJII is as much as 44.16% of Indonesian internet users use smartphone devices to access networks with wireless technology. The well-known wireless network in the community caused many vendors to compete to develop innovations and technologies based on wireless networks, such as hotspots as public areas that provide wireless networks which are usually found in internet parks, universities, companies or organizations [2]. Information technology based organizations have used hotspots to facilitate process of communication and information retrieval, with the aim of smoothing the business of these organization. The hotspot technology used is generally supported by the application of the security features of wired equivalent privacy (WEP) and wi-fi protected access (WPA) but wired equivalent privacy (WEP) and wi-fi protected access (WPA) in the current era is very easy to tap and less effective in it's configuration [3]. Organizational needs the hotspot network will affect the amount of bandwidth owned by the company, so it's necessary to optimize the use of bandwidth by each hotspot client, because there are still some less productive client activities (such as accessing video-based entertainment streaming), which can later cause bandwidth waste of the organization (company) [4], [5].
The application of databases in organizations based on information technology has been carried out, the database is used for staff or client data storage and the data is used for the development of single-sign-on (SSO) systems (Single sign on, specifically handling client sessions), but has not integrated with bandwidth management of the hotspot client, even though bandwidth management has an important role in terms of the convenience of hotspot users. The handling of security and bandwidth management from an organization's hotspot can actually be completed with a professional computer network device, but the device has a price of a hundred million, so it isn't suitable for newly built organizations [6].
The application of the database in the organization provides an opportunity for the development of network security systems and low-cost client bandwidth management by integrating remote authentication dial in user service (RADIUS) server with Mikrotik RouterBoard. RADIUS server can be used as a network security because authenticating network users using the authentication, authorization, accounting (AAA) protocol, and being able to communicate with the database, so that client accounts that have been previously stored and used on the SSO system can also be used to access services hotspot. Bandwidth management for clients can be done based on accounting data stored in RADIUS server databases, so that the bandwidth management process can be more dynamic. One method for managing user bandwidth is by defining time quotas and data packages from clients and in their implementation can be helped by making hypertext preprocessor (PHP) scripts.
The development of a low-cost bandwidth management system was designed in the form of a flowchart and a system overview diagram. Implementation of the system design is done using the FreeRADIUS server as a RADIUS server application, Mikrotik RouterBoard as a hotspot server and network access server (NAS), MySQL as a database management system (DBMS), and PHP scripts for client bandwidth management and the creation of a website-based hotspot management website with the Laravel framework. Testing of bandwidth management systems is done through two scenarios, namely scripts testing and bandwidth management testing using FreeRADIUS server modules.
The purpose of developing a low-cost bandwidth management system based on RADIUS server integration is to develop an alternative solution in designing and building a service to perform bandwidth management for a company or organization, applying the SSO model in services to simplify user management and implementing a capable bandwidth management model running dynamically and continuously based on MySQL database and PHP programming language. The expected benefits of developing a low-cost bandwidth management system are for companies or organizations that are building a hotspot network on the basis of client account authentication, has a fairly secure client authentication method based on the AAA protocol

RESEARCH METHOD 2.1. Related work
Professional tools to overcome the problem of security and network bandwidth management in organizations have been widely marketed, but have hundreds of millions cost [7], [8], so it cannot be reached by newly built or developing organizations. The RADIUS server implementation on the wireless network is implemented to implement the client authentication protocol through three processes namely AAA (authentication, authorization, accounting to determine client access rights to the network) RADIUS server can also be integrated with SSO and LDAP as a legacy authentication protocol solution in simulating the provision IP address automatically to the client (which can be stored in a database) [9]- [11].
Bandwidth management can be done by limiting time and packet quota by integrating RADIUS server with captive portal chilispot, limiting download speed to the client has reached the maximum limit that is permitted to use Mikrotik, Mikrotik's simple queue feature or managing internet client access rights and activities using Mikrotik and wireleless radio [12]- [15]. Website development for network management, especially hotspots is done using the PHP programming language, MySQL server, RADIUS server to handle client authentication and RouterOS API as interfaces for communicating with Mikrotik RouterBoard through the PHP programming language [16]- [18].

Literature 2.2.1. RADIUS server
The RADIUS server is an access control mechanism that checks and authenticates clients using the challenge (response) method. RADIUS was developed in the mid 1990s by Livingstone enterprise and use port 1812. The security mechanism of the RADIUS server is to handle authentication and authorization connections made by the client, starting from data delivery client username and password to the RADIUS server, and then make the matching process, the client will be allowed access to the network, when the matching process is appropriate [19]. The protocol of the RADIUS server is called AAA which consists of Authentication (handling client authentication problems), Authorization (handling the process of checking the authority obtained by the client) and accounting (recording all client activities).

FreeRADIUS server application
FreeRADIUS server is a RADIUS server application developed by  [20]. FreeRADIUS has three main features, namely ISP authentication and accounting (performing authentication and calculating the use of services by clients), enterprise networks (reliable for network management with wired or wireless technology), educational institutions (generally used on agency-owned networks). FreeRADIUS server also has modules that can be grouped into three types, namely authentication, data store and policy. Authentication module that is usually used is rlm_pap (for matching requests data in the form of plain text with encrypted data that has been stored in a database, encryption methods supported include crypt hashes, MD5 hashes). Data store modules that are commonly used is rlm_sql_mysql (as a liaison driver between FreeRADIUS and MySQL server). Policy modules that are commonly used is rlm_counter (calculates the usage of clients connected to the hotspot network).

Router
Router is a computer networking device that sends data packets to their destination through a process called routing. The routing process occurs at layer 3 OSI, so the router has the ability to connect to different local area networks (LAN). The router has a difference with network devices that work at layer 1 OSI, which layer 1 device only has a function as a connector [21]. Routers work by looking at the origin and destination addresses of data packets that pass through it and the router can also determine the best route that data packets will pass, so that they arrive quickly at their destination.
Router devices along with the development of science and technology have undergone many developments both in terms of platforms and infrastructure. Software defined routres (SDRs) are an example of the development of software-based router devices. The hallmark of this type of router is the use of a programming language in the routing process, so that the programming language allows to embed artificial intelligence and can save in terms of network development costs [22].

Mikrotik
Mikrotik is a small company headquartered in Latvia. The initiators of the formation of the Mikrotik are John Trully and Arnis Riekstins. The beginning of the establishment of Mikrotik was around 1995. In 1996 John and Arnis began to declare the Mikrotik's mission of routing the entire world. The beginning of the mission relations was with the development of aeronet wireless-LAN (WLAN) technology with a speed of 2 Mbps in Moldova. Mikrotik in general is divided into two types, namely Mikrotik RouterOS and Mikrotik Router Board [23]. Mikrotik has several features that are reliable in terms of network management, including DHCP (giving IP addresses automatically), firewalls (securing local networks), NAT (translating local IP into one public IP), hotspots (hotspot servers), and routing. Mikrotik also has a license level that affects the ability level of Mikrotik with the highest version is level 6 as the level with the full version.

Wireless network
Wireless networks can be said to be the development of LAN networks on the mobility side. Wireless networks have higher mobility, because users are connected to the network don't need to use cable, but rather use radio frequency (RF) [24]. Wireless networks (WLANs) have outreach areas within the local area, which can be from classrooms to the entire campus or from offices to other offices and different buildings. Devices commonly used to access WLAN networks are PCs, laptops, PDAs, cellular phones, and other devices that have a WLAN scanner feature. The advantages of wireless networks are mobility, a fast, flexible installation process and low maintenance costs.

MySQL database
The database is used as a means to store data that is flexible and fast to access, both in terms of adding new data, changing existing data, or deleting data. There are many database servers available, one of the most popular database servers is MySQL. MySQL is a database that can run on various operating system platforms, such as Linux, Windows, and other. MySQL is the choice of many individuals, because it has advantages in terms of syntax that is easy to understand and has support for common programming languages, such as Java, PHP, Python [25].

PHP
PHP a language (script) that runs on the server side (server-side scripting). PHP has support for several database servers, including MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC. PHP files can have the extension .php, .php3 or .phtml. The advantage of PHP as a scripting language is that it can run on a variety of operating system platforms (Windows, Linux, MacOS), compatible with almost all servers, open source (free to download from the official PHP website), easy to learn and able to run efficiently on the server side [26]. PHP programming is generally made by being designed based on functions (statement blocks that manipulate data). Programming in this way is called procedure-oriented programming. PHP programming for developing web applications is generally made by applying the concept of model view controller (MVC).

Research method
The development of a low-cost bandwidth management system begins with the analysis phase, which is carried out through observation and search of previous research related to security and bandwidth management on the network, and is followed by an interview process with teachers and administrators from one of the state universities in Bali. The results of the analysis phase are the bandwidth management of an organization is generally done by implementing Mikrotik on the network owned by the organization, where Mikrotik is the central regulator of the client bandwidth (with a simple queue and queue tree method) and Mikrotik as a data storage center for all hotspot client accounts (there are possibility of Mikrotik experiencing overload storage, because generally playing storage from Mikrotik is still in the megabyte range) [4], [5] as well as the formulation of the concept of bandwidth management based on time quota and data packages and security using RADIUS server AAA protocol. Based on the results of the analysis phase a comparison can be made about the features of bandwidth management with the simple queue method and the queue tree with bandwidth management features developed in this study. Simple queue is a bandwidth management feature that is simple and very easy to use, because bandwidth sharing can be done for upload and download activities from each IP address, client and queue tree is a bandwidth management feature that is flexible and quite complex, because it is able to manage bandwidth based on packets sent by the client (allows for bandwidth management of activities such as browsing or streaming to all network clients) [27].
System workflow design in the form of the flowchart and database design is the stage after analysis. The implementation of the system design, begins with the RADIUS server configuration so that it can be connected to the database, hotspot server configuration on Mikrotik, integration between the RADIUS server and Mikrotik and the creation of PHP scripts for bandwidth management and the creation of a hotspot management website using the Laravel framework. The last step is testing, which is done through two scenarios, namely bandwidth management using PHP scripts and bandwidth management using the SQL counter modules belonging to the FreeRADIUS server, and followed by testing the hotspot management website. Figure 1 is an overview of the bandwidth management system at a cost-effective price. The system workflow begins with sending data request from client (in the form of username and password) to the RADIUS server via Mikrotik RouterBoard. Request data received by RADIUS server will enter the matching process with the client data stored in the database, matching also done to the time quota and data package that has been used by the client. The client can use the network when the data request according to the client data stored in the database as well as the usage of time quota and data package has not reached the maximum limit. Table 1 explains the addressing used by each device used in system development. The workflow of the system can be differentiated into two, namely a client authentication mechanism, checking the usage quota and reset client's quota. The workflow of a client authentication mechanism can be seen in Figure 2.
User authentication begins with the connection request from the client, which then the client is asked to input the username and password as data for authentication, after which Mikrotik will send the request data to the RADIUS of the server. RADIUS Server will check username, password, and profile user in a database owned by RADIUS server. The client is allowed to access the internet, if the user profile is not the same as Disabled. The process of checking the time quota and the user data package require input-a date (with the format Y-m-d H:i), then the process will be followed by checking the active client account limit equal to the date input or check data package comparison with the maximum data package owned by each client account. 1423 RADIUS of the server will send a request to Mikrotik to disconnect the username found during the checking process and change the profile username to Disabled. The workflow of process checking time quota and data package mechanism can be seen in Figure 3.

RESULTS AND ANALYSIS 3.1. Mikrotik configuration
The first phase Mikrotik configuration is the naming of interfaces and addressing interfaces in accordance with the built-in addressing plan, then the configuration process continues with the gateway configuration, so that Mikrotik is connected to the internet. The next step in the Mikrotik configuration is the network address translation (NAT) configuration, so that the internet that belongs to it can be desiring to all the interfaces owned by Mikrotik. The last phase of Mikrotik configuration is the creation of a hotspot server.

RADIUS server configuration
Configuring RADIUS server is initiated by configuring IP address in accordance with the design of device addressing. Configure the RADIUS on the server and then proceed with the necessary package installation, such as FreeRADIUS, MySQL, PHP and Apache2. The next step is the configuration of the SQL counter RADIUS server modules. The RADIUS server configuration is then followed by enabling SQL and SQL counters in the authentication client RADIUS Server section.

Mikrotik integration with RADIUS server
RADIUS server integration with Mikrotik begins with the addition of IP address Mikrotik in RADIUS server. The integration process is then followed by adding the server RADIUS IP address in Mikrotik. The rules table will be stored in a MySQL database so that it can be configured easily.

Testing and result
The testing phase of the bandwidth management system is done through two scenarios that are testing the bandwidth management with PHP scripts and bandwidth management testing with the SQL counter modules. Bandwidth management with PHP scripts requires a date parameter, so the given date is '2020-03-05 23:37'. Data client that has an active limit until that date is a data client with username user1. The data client will be disconnected from the network hotspot and the profile client will be changed to disable, after the Quota usage script is executed. User Profile change to disable. A client with disable profile is not able to use network hotspot and will be displayed error message. Clients with the disable profile cannot access the hotspot again after the script has reset the client's quota. The client quota reset script will update the client's time quota and data plan, and change the client's profile to actively. Testing bandwidth management based on data packages with SQL counter gives not optimal results, because the client is still connected and can use hotspots when the data packet quota has exceeded the maximum limit. Bandwidth management based on time quota with SQL counter gives the results the maximum, because the client will be disconnected when the timeout from the session time out has reached number 0 and cannot be reconnected to the hotspot network, before the quota update process is carried out.
Continuous bandwidth management testing with PHP scripts is carried out with the aim of ensuring that PHP scripts that have been running on the crontab service are able to carry out bandwidth management continuously on several client accounts. There are 20 client accounts registered for the continuous testing process with various time quotas and data packet quotas. The minimum time quota for the account is one day, the maximum time quota is 60 days. The minimum data package quota for the client account is 50 Mb, the maximum data package quota is 5 GB.
Continuous testing was carried out over fourteen days, from 16 May 2020 until 29 May 2020. Analysis of the results of bandwidth management using PHP scripts continuously starting from 16 May 2020 to on May 29, 2020 it was carried out with the aim of knowing the rate (percentage) of success of PHP scripts in managing bandwidth for hotspot clients based on time quota and data packet quota. The results of the test analysis are shown in Table 2.
Website testing is done directly by the author. Website development has two levels of access, namely network administrator permissions and client permissions. One of the website features owned by the network administrator is the addition of client hotspot data. Features of the website owned by the client's permissions have several features, one of which is to see the usage quota time and package can be in the form of charts.

Product comparison
The comparison of the bandwidth management system that is generated with similar product needs to be done, with the aim to know the difference from main features, type of product, and price. The first comparator is done with the S5000-AC-I Sangfor IAM device with the key features of bandwidth management and SSO-based user authentication and has the price of RP. 650.000.000 [28]. The Second product is TekRADIUS which supports Windows and Microsoft SQL Server at a price of $239.00 [29]. The ClearBox RADIUS Server is the third benchmarking product with the use of SQL scripting to control the authentication process and the accounting client has a price of $599.00 [30]. The fourth product is a cloud-based product with a time-based client limitation and data packet, which has a cost of $10 and $15 per client per month, called IronWifi [31]. This comparison shows that the results of this research are able to provide a relatively cheaper implementation solution.

CONCLUSION
Bandwidth management with cheap cost can be done through of integration between the RADIUS server with Mikrotik RouterBoard. The purpose of the integration between the RADIUS server and Mikrotik RouterBoard, in addition to developing a bandwidth management system with a cheap cost is to increase the security of the hotspot network, especially in terms of legal user authentication. The use of databases as data storage, allows the integration of systems with SSO, either by utilizing a database belonging to RADIUS server or using other methods, so that the client data from the RADIUS server database can be synced to other databases. Testing of the bandwidth management system is done through two scenarios, namely with PHP scripts and SQL counters, with the main objective to test the effectiveness of the way bandwidth management, so that the way management is more maximal bandwidth is with PHP scripts. The bandwidth management Website is divided into two permissions, namely administrator permissions to need client hotspot management and client hotspot permitted for the purposes of checking quota usage and quota history. The development of this research is needed in further research, especially in terms of data security on the RADIUS server, with the aim of increasing the protection of client accounts. The development of the hotspot management website features also needs to be done, so that hotspot management activities can be carried out more quickly. Development is also needed in terms of testing, especially testing in more complex environments, to determine the overall of system performance and effectiveness.