Upload
ethan-franklin
View
215
Download
1
Embed Size (px)
Citation preview
RADIUS Prepaid Extensiondraft-lior-radius-prepaid-extensions-05.txt
Avi Lior, Yong Li, Bridgewater SystemsParviz Yegani, Cisco SystemsKuntal Chowdhury Nortel Networks
Requirements
• Provide support for Prepaid User.– Quota management– Usage metering– Session control
• Support Prepaid business models.– Time based, Volume based, “Token” based
(unit less)– Simple rating and complex rating– Session based and single event based.
Key Features
• Quota based.– Quotas are initially exchanged in Access-
Request/Accept; and are refreshed in Authorize-Only exchanges.
• Use RADIUS accounting messages only to record what has happened for audit and billing purposes.
What is New
• Simplified the Architecture model (draft 4)• Added support for Multi-Services (draft 5)
– Functionally aligned with Diameter CC.
• Cleanup and incorporation of comments received on list and privately.– Joel Halpern– Mark Grayson– Nagi Reddy Jonnala– Mike Santoro– Farid Adrangi– Damien Galand– Lothar Reith– Stefaan.de Cnodder
Prepaid Architecture
RADIUS Client
RADIUSServer
Prepaid Client Prepaid Server
RADIUS
Use
r D
evic
e
Router/Gateway Internet
Prepaid attributes carried by RADIUS
NAS
Multi-Services
• Main service or “Access Service”– This is what we traditionally authenticate and
authorize.
• Operators what to differentiate between IP-flows– Some flows are more valuable.– Some flows are metered differently.– Some flows have different QoS.
• Additional flows only require authorization only.
Prepaid for Multi-Services
• Service defined by a Service-ID (string)– A Service can be an IP-Flow defined by IP-tuples.– “Access Service” is the default or initial service. 3GPP2 it
corresponds to the Main-Service-Instance.• Quota allocated
– To one Service at a time; or– A group of Services using Rating-Groups:
• Rating-Group preconfigured in the Service Access Device.• Define the rating (complex rating) and the Services that are
associated with that Rating-Group.
• Pools– Associate quotas assigned to Services or Rating- Groups to
Pools. – Minimize message.– Help when services are not drawing on quotas equally.
Multi-Service ExampleA: A user is Authenticated and Authorized as
prepaid and assigned quota to the “Access Service” of 2MB.
B: NAS wants to Authz another Service (eg VoIP). Sends an Access-Request (AuthOnly) with PPAQ specifying SID =Service-A.
Session-Id needed to tie this Authorize-Only to previous AuthN/AuthZ.
C: PPS replies with Access-Accept with a PPAQ for Service-A containing Volume of 1 MB.
D: “Access Service” and Service-A request more quota. Report what they used.
Update-Reason Quota-RefreshE: PPS authorize more quota to both. Access
Service (+2MB) has 4 MB,Service-A (+1MB) 2MB
F: User logs off. Report used quota. “Access-Service” 3MB, Service-A 1.5 MB. We know that it’s the end because the PPAQ indicates the cause for reporting Update-Reason User-Termination.
NAS/PPC PPS
AuthN/AuthZ “Access Service”
Session-Id, [PPAQ SID=Service-A]
A
B
C[PPAQ QID Service-A, I MB]
Access-Request Authz Only
Access-Accept Authz Only
D
E
F
Access-Request Authz Only
[PPAQ QID 2 MB] [PPAQ QID Service-A, I MB]
Access-Accept Authz Only
[PPAQ QID 4 MB] [PPAQ QID Service-A, 2 MB]
Access-Request Authz Only
[PPAQ QID 3 MB] [PPAQ QID Service-A, I.5 MB]
Access-Accept Authz Only
What is next
• Add support for single event.– Scenarios:
• Single Event Prepaid Authorization with Authentication.
• Single Even Prepaid Authorization only – user has already been authenticated.
• Mapping to Diameter