Handling RADIUS Disconnect Request Messages

Dynamic Authorization Client (DAC) sends Disconnect-Request packet to RADIUS endpoint (radius-ep) through UDP port. DAC sends this packet to terminate the user session(s) on Network Access Server (NAS). It also discards all the associated session contexts.

The Disconnect-Request packet contains the following session identification attributes to identify the sessions to be terminated.

  • 3GPP-IMSI + 3GPP-NSAPI

  • ACCT-SESSION-ID

  • CALLED-STATION-ID (DNN) + FRAMED-IP-ADDR

  • CALLED-STATION-ID (DNN) + FRAMED-IPV6-PREFIX

The RADIUS endpoint validates the Disconnect-Request packet. If the validation fails, the endpoint rejects the packet and sends Disconnect-NAK message with appropriate cause code to DAC. If the validation is successful, the endpoint performs affinity lookup based on the session identification keys or attributes. Then, the endpoint forwards the Disconnect-Request packet to the particular SMF service instance. The SMF processes the packet and triggers pdu-release or pdn-disconnect procedure. The SMF sends the Disconnect ACK response with the appropriate cause code if the session is identified, removed, and no longer valid. The SMF sends a Disconnect-NAK message with appropriate cause code if the session context is not found. The SMF does not wait for the completion of release procedure to send the Disconnect ACK or NAK response.

In the roaming scenario, the RADIUS Disconnect-Request is supported for home-routed subscribers when the roaming status is roamer. The hSMF acts as the SMF service and initiates the session release procedure.

Note

Roaming with 4G and EpsInterworkingIndication is not supported. Hence, a combination of IMSI and NSAPI keys is not supported.

This feature uses a combination of the session identification keys or attributes to identify the sessions for termination.

Important

If multiple key combination is provided for the same session, it is accepted. However, if the multiple key combination leads to multiple session contexts or non-existing session context, the behavior is non-deterministic.

The SMF supports only one session context per Disconnect-Message (DM) request. The SMF supports the following attributes in the DM request to identify the NAS and the user sessions to be terminated.

Attribute Reference Specification Encoding Type
3GPP-IMSI 3GPP 29.061 - 16.4.7.2-1 String
3GPP-NSAPI

3GPP 29.061 - 16.4.7.2-10

3GPP 29.561 – 11.3

String
Accounting-Session-Id RFC 2866 String
FRAMED-IP RFC 2865 - 5.1 IPv4 Address

FRAMED-IPV6-PREFIX

RFC 3162

PrefixLen and String

CALLED-STATION-ID (DNN)

RFC 2865 - 5.30

String

NAS-IP-Address

RFC 2865 – 5.4 (optional)

String

NAS-Identifier

RFC 2864 – 5.32 (optional)

String

The SMF silently discards other attributes present in the DM request if the packet decoding is successful.

The SMF supports the following attributes in the DM ACK or NAK response.

Attribute Reference Specification Encoding Type
ERROR-CAUSE RFC 5176 – 3.5 Integer
REPLY-MESSAGE RFC 2865 – 5.18 String

The RADIUS endpoint pod supports the following error codes if the Disconnect Request is rejected by radius-ep:

  • 402 (Missing Attribute) - Triggered due to invalid key combination

  • 403 (NAS Identification Mismatch) - Triggered if NAS-IP attribute in DM request does not match the endpoint COA-NAS VIP-IP or if NAS-Identifier attribute in the request does NAS identifier configuration within RADIUS Dynamic Authorization or CoA configuration

  • 407 (Invalid Attribute) - Triggered due to format error, encode error, and so on

  • 405 (Unsupported Service) - Triggered if the request is not a disconnect request

  • 503 (Session Context Not Found) - Triggered if the session cannot be located

For more information on configuring this feature, see the Configuring the Session Disconnect Feature section.