Handling RADIUS Disconnect Request Messages
Dynamic Authorization Client (DAC) sends Disconnect-Request packet to RADIUS endpoint (radius-ep) through UDP port. DAC sends this packet to terminate the user session(s) on Network Access Server (NAS). It also discards all the associated session contexts.
The Disconnect-Request packet contains the following session identification attributes to identify the sessions to be terminated.
-
3GPP-IMSI + 3GPP-NSAPI
-
ACCT-SESSION-ID
-
CALLED-STATION-ID (DNN) + FRAMED-IP-ADDR
-
CALLED-STATION-ID (DNN) + FRAMED-IPV6-PREFIX
The RADIUS endpoint validates the Disconnect-Request packet. If the validation fails, the endpoint rejects the packet and sends Disconnect-NAK message with appropriate cause code to DAC. If the validation is successful, the endpoint performs affinity lookup based on the session identification keys or attributes. Then, the endpoint forwards the Disconnect-Request packet to the particular SMF service instance. The SMF processes the packet and triggers pdu-release or pdn-disconnect procedure. The SMF sends the Disconnect ACK response with the appropriate cause code if the session is identified, removed, and no longer valid. The SMF sends a Disconnect-NAK message with appropriate cause code if the session context is not found. The SMF does not wait for the completion of release procedure to send the Disconnect ACK or NAK response.
In the roaming scenario, the RADIUS Disconnect-Request is supported for home-routed subscribers when the roaming status is roamer. The hSMF acts as the SMF service and initiates the session release procedure.
Note | Roaming with 4G and EpsInterworkingIndication is not supported. Hence, a combination of IMSI and NSAPI keys is not supported. |
This feature uses a combination of the session identification keys or attributes to identify the sessions for termination.
Important | If multiple key combination is provided for the same session, it is accepted. However, if the multiple key combination leads to multiple session contexts or non-existing session context, the behavior is non-deterministic. |
The SMF supports only one session context per Disconnect-Message (DM) request. The SMF supports the following attributes in the DM request to identify the NAS and the user sessions to be terminated.
Attribute | Reference Specification | Encoding Type |
---|---|---|
3GPP-IMSI | 3GPP 29.061 - 16.4.7.2-1 | String |
3GPP-NSAPI |
3GPP 29.061 - 16.4.7.2-10 3GPP 29.561 – 11.3 |
String |
Accounting-Session-Id | RFC 2866 | String |
FRAMED-IP | RFC 2865 - 5.1 | IPv4 Address |
FRAMED-IPV6-PREFIX |
RFC 3162 |
PrefixLen and String |
CALLED-STATION-ID (DNN) |
RFC 2865 - 5.30 |
String |
NAS-IP-Address |
RFC 2865 – 5.4 (optional) |
String |
NAS-Identifier |
RFC 2864 – 5.32 (optional) |
String |
The SMF silently discards other attributes present in the DM request if the packet decoding is successful.
The SMF supports the following attributes in the DM ACK or NAK response.
Attribute | Reference Specification | Encoding Type |
---|---|---|
ERROR-CAUSE | RFC 5176 – 3.5 | Integer |
REPLY-MESSAGE | RFC 2865 – 5.18 | String |
The RADIUS endpoint pod supports the following error codes if the Disconnect Request is rejected by radius-ep:
-
402 (Missing Attribute) - Triggered due to invalid key combination
-
403 (NAS Identification Mismatch) - Triggered if NAS-IP attribute in DM request does not match the endpoint COA-NAS VIP-IP or if NAS-Identifier attribute in the request does NAS identifier configuration within RADIUS Dynamic Authorization or CoA configuration
-
407 (Invalid Attribute) - Triggered due to format error, encode error, and so on
-
405 (Unsupported Service) - Triggered if the request is not a disconnect request
-
503 (Session Context Not Found) - Triggered if the session cannot be located
For more information on configuring this feature, see the Configuring the Session Disconnect Feature section.