IS835C Prepaid Billing
Prime Access Registrar acts as a RADIUS protocol head for all the requirements specified in the cdma2000 Wireless IP Network Standard: PrePaid Packet Data Service specification:
https://www.3gpp2.org/Public_html/Specs/X.S0011-006-C_v3.0_061030.pdf
As long as the prepaid client understands or accepts what the external billing server sends, the service should work. The Prime Access Registrar server neither imposes nor is affected by the values of attributes returned from the external billing server.
For additional information, see cdma2000 Wireless IP Network Standard: Accounting Services and 3GPP2 RADIUS VSAs at the following URL:
https://www.3gpp2.org/Public_html/Specs/X.S0011-005-C_v3.0_061030.pdf
The IS835C specification requires that the Prime Access Registrar server be able to determine that a particular user is a prepaid billing user. A user is accepted as a valid prepaid user when the response dictionary of the incoming packet contains the Prime Access Registrar internal subattribute named prepaid.
The IS835C specification requires prepaid users to first be authenticated by the RADIUS server. This requires the configuration of a group service with an authentication service first, followed by the prepaid service that adds prepaid attributes as shown in Setting Up an Authentication Group Service. The group service configuration enables the AA service to add the prepaid subattribute to the response dictionary upon successful authentication, before the prepaid service is invoked.
Configuring IS835C Prepaid Billing
To configure an IS835C prepaid billing service, use the following sections to configure the required Prime Access Registrar objects:
Setting Up a Prepaid Billing RemoteServer
Prime Access Registrar loads the library dynamically and registers the API functions, then calls out the library initialization API once at startup. The call to initialize functions initializes various data structures and connections with the billing server, as required.
Table 8-1 lists and describes the properties required for an IS835C RemoteServer object.
Table 8-1 Prepaid-IS835C RemoteServer Properties
|
|
Filename |
Name of the shared library provided by the billing server vendor, such as libprepaid.so |
IPAddress |
IP address of the billing server |
Port |
Port used on the billing server, such as port 66 |
Connections |
Number of threads the prepaid service and billing server can each use (default is 8). |
Setting Up a Prepaid Billing Remote Server
To set up a prepaid billing remote server:
Step 1 Use aregcmd to add a RemoteServer under /Radius/RemoteServers.
cd /radius/remoteserver
add prepaid-is835c
Step 2 Set remoteserver protocol to prepaid-is835c.
cd prepaid-is835c
set protocol prepaid-is835c
Set Protocol prepaid-is835c
The following is the default configuration of a prepaid-is835c RemoteServer.
[ //localhost/Radius/RemoteServers/prepaid-is835c ]
Setting Up an IS835C Prepaid Service
Prime Access Registrar uses a service type prepaid to support the prepaid billing solution. The prepaid service mediates between the client NAS and the external prepaid billing server.
Setting Up an IS835C Prepaid Service
To set up an IS835C prepaid service:
Step 1 Use aregcmd to add a prepaid service under /Radius/Services :
cd /radius/services
add prepaid
Step 2 Set the service type to prepaid.
cd prepaid
set type prepaid
A prepaid service has the following default properties:
[ //localhost/Radius/Services/prepaid ]
OutagePolicy~ = RejectAll
MultipleServersPolicy = Failover
Step 3 Add a reference to the is835c-prepaid RemoteServer.
cd RemoteServer
add 1 prepaid-is835c
Setting Up Local Authentication
If you use the Prime Access Registrar server for authentication and authorization in your prepaid billing solution, you should configure an AA service. For example, you might configure a service similar to local-users (in the example configuration) for authentication and authorization of local users.
If some of the users are non-prepaid users or if the prepaid users need to have RADIUS authorization attributes returned, you should configure an AA service to perform that authentication and authorization.
Setting Up a Local Authentication
To set up a local authentication:
Step 1 Use aregcmd to set up a local authentication service.
cd /radius/services
add Prepaid-LocalAuthentication
Added prepaid-LocalAuthentication
cd prepaid-LocalAuthentication
[ //localhost/Radius/Services/prepaid-LocalAuthentication ]
Name = prepaid-LocalAuthentication
Step 2 Set the service type to local.
set type local
Step 3 Set the UserList property to the userlist that contains IS835C prepaid users.
set UserList userlist_name
Set UserList userlist_name
Note You can use an LDAP or ODBC service in place of the local authentication service.
The authentication service must add the Prime Access Registrar internal attribute prepaid (subattribute 22) to the response upon successful authentication.
Setting Up an Authentication Group Service
Your prepaid billing solution usually requires a group service to tie together an AA service with a prepaid service, a group service to tie together an accounting service with a prepaid service, or both.
If you are using an AA service with your prepaid billing solution, you must configure a group service, for example prepaid-users, that ties the requests to the AA service (local-users in our example) with the prepaid service.
If you are using Prime Access Registrar for an accounting service with your prepaid billing solution, you must configure a group service, for example prepaid-file, that ties accounting requests to both the regular accounting service (local-file in our example) and the prepaid service.
Setting Up an Authentication Group Service
To set up an authentication group service:
Step 1 Use aregcmd to add a prepaid authentication group service under /Radius/Services.
cd /radius/services
add prepaid-groupAuthentication
Added prepaid-groupAuthentication
cd prepaid-groupAuthentication
[ //localhost/Radius/Services/prepaid-groupAuthentication ]
Name = group-prepaidAuthentication
Step 2 Set the service type to group.
set type group
The group service requires the ResultRule to be set to AND, the default setting for a group service.
ls
[ //localhost/Radius/Services/group-prepaidAuthentication ]
Name = group-prepaidAuthentication
Step 3 Change directory to GroupServices and add references to the prepaid service and the authentication service.
cd GroupServices
[ //localhost/Radius/Services/group-prepaidAuthentication/GroupServices ]
add 1 Prepaid-LocalAuthentication
add 2 prepaid
CRB Prepaid Billing
Cisco Real-Time Billing (CRB) is a Cisco proprietary method of providing prepaid billing service. Prime Access Registrar uses vendor-specific attributes (VSA) to extend the standard RADIUS protocol to carry information not usually present in the standard RADIUS packet. Prime Access Registrar uses a set of VSAs allocated to the Cisco VSA pool [26,9].
Prime Access Registrar required several different types of measurements to support a prepaid billing solution. These measurements require the use of metering variables to perform usage accounting. Table 8-2 lists the different measurements and what the AAA client, Prime Access Registrar server, and billing server do with them.
Table 8-2 Measurements and Component Actions
|
|
|
|
Duration |
Return duration quota |
Convert duration quota to VSAs and pass along |
Compare running duration quota with quota returned by Prime Access Registrar server |
Total volume |
Return volume quota |
Convert volume quota to VSAs and pass along |
Compare running volume quota with quota returned by Prime Access Registrar server |
Uplink volume |
Return volume quota |
Convert volume quota to VSAs and pass along |
Compare running volume quota with quota returned by Prime Access Registrar server |
Downlink volume |
Return volume quota |
Convert volume quota to VSAs and pass along |
Compare running volume quota with quota returned by Prime Access Registrar server |
Total packets |
Return packet quota |
Convert packet quota to VSAs and pass along |
Compare running packet quota with quota returned by Prime Access Registrar server |
Uplink packets |
Return packet quota |
Convert packet quota to VSAs and pass along |
Compare running packet quota with quota returned by Prime Access Registrar server |
Downlink packets |
Return packet quota |
Convert packet quota to VSAs and pass along |
Compare running packet quota with quota returned by Prime Access Registrar server |
Logical OR of two measurements |
Return quota of both measurements |
Convert both to VSA and pass along |
Monitor both quota and issue reauthorization packet when any one trips |
Prime Access Registrar provides maximum flexibility to billing servers by allowing the metering variable to be modified as the service is used. This requires network nodes to measure all parameters all the time, but to report values only after receiving a reauthorization request.
Note If you have been using an earlier implementation of CRB prepaid billing (Cisco Access Registrar 3.5.2 or earlier), you must recompile the API implementation with the newer API due to the addition of the parameter ebs_context as the first parameter to all API methods. Contact your Cisco systems engineer for assistance with the new API.
This section contains the following topics:
Configuring CRB Prepaid Billing
To configure an CRB prepaid billing service, use the following sections to configure the required Prime Access Registrar objects:
If you are using CRB prepaid billing with Service Selection Gateway (SSG), you must also configure extension point scripts and prepaid clients. See Configuring CRB Prepaid Billing for SSG.
Setting Up a Prepaid Billing RemoteServer
Table 8-3 lists and describes the properties required for an CRB RemoteServer object.
Table 8-3 Prepaid-CRB RemoteServer Properties
|
|
Filename |
Name of the shared library provided by the billing server vendor, such as libprepaid.so |
IPAddress |
IP address of the billing server |
Port |
Port used on the billing server, such as port 66 |
Connections |
Number of threads the prepaid service and billing server can each use (default is 8). |
Setting Up a Prepaid Billing Remote Server
To set up a prepaid billing remote server:
Step 1 Use aregcmd to add a RemoteServer under /Radius/RemoteServers.
cd /radius/remoteservers
add prepaid-crb
Step 2 Set the RemoteServer protocol to prepaid-crb.
cd prepaid-crb
set protocol prepaid-crb
The following is the default configuration of a prepaid-crb RemoteServer.
[ //localhost/Radius/RemoteServers/prepaid-crb ]
Setting Up a CRB Prepaid Service
Prime Access Registrar uses a service type prepaid to support the prepaid billing solution. The prepaid service mediates between the client NAS and the external prepaid billing server.
The prepaid service must receive accounting requests to accurately charge the prepaid billing user. You can also set the prepaid service in a group service to log accounting requests locally or to proxy the accounting requests to another service or to both locations.
Setting Up a CRB Prepaid Service
To set up a CRB prepaid service:
Step 1 Use aregcmd to add a prepaid service under /Radius/Services :
cd /radius/services
add prepaid
Step 2 Set the service type to prepaid.
cd prepaid
set type prepaid
A prepaid service has the following default properties:
[ //localhost/Radius/Services/prepaid ]
OutagePolicy~ = RejectAll
MultipleServersPolicy = Failover
Step 3 Add a reference to the prepaid-crb RemoteServer.
cd RemoteServers
add 1 prepaid-crb
Note The following steps are required only when using Prepaid-CRB with SSG.
Step 4 Set the IncomingScript to IncomingScript PPI-Parse-Prepaid-Incoming.
set IncomingScript PPI-Parse-Prepaid-Incoming
Set IncomingScript PPI-Parse-Prepaid-Incoming
Step 5 Set the OutgoingScript to PPO-Parse-Prepaid-Outgoing.
set OutgoingScript PPO-Parse-Prepaid-Outgoing
Set OutgoingScript PPO-Parse-Prepaid-Outgoing
Setting Up a Local Accounting Service
If you want to use the Prime Access Registrar server to record the accounting records locally or to forward the accounting records to another RADIUS server, you must configure an accounting service. You might configure a service similar to local-file (in the example configuration) for accounting requests. Accounting requests can be logged locally (with an accounting service) or remotely (with a RADIUS service).
If you use the prepaid billing server to generate the accounting records, an accounting service is not necessary.
Setting Up a Local Accounting Service
To set up a local accounting service:
Step 1 Use aregcmd to add a local accounting service under /Radius/Services.
cd /radius/services
add prepaid-LocalFileAccounting
add prepaid-LocalFileAccounting
Step 2 Set the service type to file.
cd prepaid-LocalFileAccounting
set type file
The file type service has the following properties:
[ //localhost/Radius/Services/prepaid-LocalFileAccounting ]
Name = prepaid-LocalFileAccounting
OutagePolicy~ = RejectAll
FilenamePrefix = accounting
MaxFileSize = "10 Megabytes"
Step 3 Set the FilenamePrefix to Prepaid-Accounting.
set FilenamePrefix Prepaid-Accounting
Set FilenamePrefix Prepaid-Accounting
Step 4 Set the MaxFileAge to one hour.
set MaxFileAge "1 Hour"
The MaxFileSize should remain at the default value of 10 megabytes.
Step 5 Set UseLocalTimeZone to TRUE.
set UseLocalTimeZone TRUE
Set UseLocalTimeZone TRUE
Setting Up a Local Authentication Service
If you use the Prime Access Registrar server for authentication and authorization in your prepaid billing solution, you should configure an AA service. For example, you might configure a service similar to local-users (in the example configuration) for authentication and authorization of local users.
If some of the users are non-prepaid users or if the prepaid users need to have RADIUS authorization attributes returned, you should configure an AA service to perform that authentication and authorization.
If all of the users in a realm are prepaid users and the prepaid billing client does not require normal RADIUS authorization attributes, an AA service is not necessary.
Setting Up a Local Authentication Service
To set up a local authentication service:
Step 1 Use aregcmd to set up a local authentication service.
cd /radius/services
add Prepaid-LocalAuthentication
Added prepaid-LocalAuthentication
cd prepaid-LocalAuthentication
[ //localhost/Radius/Services/prepaid-LocalAuthentication ]
Name = prepaid-LocalAuthentication
Step 2 Set the service type to local.
set type local
Step 3 Set the UserList property to the userlist that contains IS835C prepaid users.
set UserList userlist_name
Set UserList userlist_name
Note You can use an LDAP or ODBC service in place of the local authentication service.
Setting Up a Prepaid Accounting Group Service
A prepaid billing solution usually requires a group service to tie together an AA service with a prepaid service, a group service to tie together an accounting service with a prepaid service, or both.
If you are using an AA service with your prepaid billing solution, you must configure a group service, for example prepaid-users, that ties the requests to the AA service (local-users in our example) with the prepaid service.
If you are using Prime Access Registrar for an accounting service with your prepaid billing solution, you must configure a group service, for example prepaid-file, that ties accounting requests to both the regular accounting service (local-file in our example) and the prepaid service.
Setting Up a Prepaid Accounting Group Service
To set up a prepaid accounting group service:
Step 1 Use aregcmd to create an accounting group service under /Radius/Services.
cd /radius/services
add Prepaid-Accounting
Step 2 Set the service type to group.
cd prepaid-accounting
[ //localhost/Radius/Services/prepaid-accounting ]
Name = prepaid-accounting
set type group
The group service has the following properties:
[ //localhost/Radius/Services/prepaid-accounting ]
Name = prepaid-accounting
Step 3 Reference the Prepaid and Prepaid-LocalAccounting services under GroupServices.
cd GroupServices
[ //localhost/Radius/Services/prepaid-accounting/GroupServices ]
add 1 prepaid
add 2 prepaid-LocalFileAccounting
Setting Up an Authentication Group Service
A prepaid billing solution usually requires a group service to tie together an AA service with a prepaid service, a group service to tie together an accounting service with a prepaid service, or both.
If you are using an AA service with your prepaid billing solution, you must configure a group service, for example prepaid-users, that ties the requests to the AA service with the prepaid service.
If you are using Prime Access Registrar for an accounting service with your prepaid billing solution, you must configure a group service, for example prepaid-file, that ties accounting requests to both the regular accounting service and the prepaid service.
Setting Up an Authentication Group Service
To set up an authentication group service:
Step 1 Use aregcmd to add a prepaid authentication group service under /Radius/Services.
cd /radius/services
add prepaid-groupAuthentication
Added group-prepaidAuthentication
cd group-prepaidAuthentication
[ //localhost/Radius/Services/group-prepaidAuthentication ]
Name = group-prepaidAuthentication
Step 2 Set the service type to group.
set type group
The group service requires the ResultRule to be set to AND, the default setting for a group service.
ls
[ //localhost/Radius/Services/group-prepaidAuthentication ]
Name = group-prepaidAuthentication
Step 3 Change directory to GroupServices and add references to the prepaid service and the authentication service.
cd GroupServices
[ //localhost/Radius/Services/group-prepaidAuthentication/GroupServices ]
add 1 Prepaid-LocalAuthentication
add 2 prepaid
Configuring CRB Prepaid Billing for SSG
In addition to the configuration described in CRB Prepaid Billing, when using CRB-Prepaid billing with SSG, you must also perform the following:
Setting Up an Outgoing Script
To set up an outgoing script:
Step 1 Use aregcmd to add the PCO-Parse-Client-Outgoing outgoing script under /Radius/Scripts:
cd /radius/scripts
add PCO-Parse-Client-Outgoing
Added PCO-Parse-Client-Outgoing
cd PCO-Parse-Client-Outgoing
[ //localhost/Radius/Scripts/PCO-Parse-Client-Outgoing ]
Name = PCO-Parse-Client-Outgoing
Step 2 Set the language to tcl.
set language tcl
Step 3 Set the filename to PCO-parse.client-outgoing.tcl.
set filename PCO-parse.client-outgoing.tcl
Set Filename PCO-parse.client-outgoing.tcl
Step 4 Set the EntryPoint to PCO-parse-client-outgoing.
set EntryPoint PCO-parse-client-outgoing
Set EntryPoint PCO-parse-client-outgoing
Setting Up an Incoming Script
To set up an incoming script:
Step 1 Use aregcmd to add the PPI-Parse-Prepaid-Incoming script under /Radius/Scripts.
cd /radius/scripts
add PPI-Parse-Prepaid-Incoming
Step 2 Set the language to tcl.
cd PPI-Parse-Prepaid-Incoming
set language tcl
Step 3 Set the filename to PPI-Parse-Prepaid-Incoming.tcl.
set filename PPI-Parse-Prepaid-Incoming.tcl
Set Filename PPI-Parse-Prepaid-Incoming.tcl
Step 4 Set the EntryPoint to PPO-Parse-Prepaid-Outgoing.
set EntryPoint PPO-Parse-Prepaid-Outgoing
Set EntryPoint PPO-Parse-Prepaid-Outgoing
Setting Up a Prepaid Outgoing Script
To set up a prepaid outgoing script:
Step 1 Use aregcmd to add the PPO-Parse-Prepaid-Outgoing outgoing script under /Radius/Scripts:
cd /radius/scripts
Step 2 Add the PPO-Parse-Prepaid-Outgoing outgoing script under /Radius/Scripts.
cd /radius/scripts
add PPO-Parse-Prepaid-Outgoing
Added PPO-Parse-Prepaid-Outgoing
Step 3 Set the language to tcl.
cd PPO-Parse-Prepaid-Outgoing
set language tcl
Step 4 Set the filename to PPO-Parse-Prepaid-Outgoing.tcl.
set filename PPO-Parse-Prepaid-Outgoing.tcl
Set Filename PPO-Parse-Prepaid-Outgoing.tcl
Step 5 Set the EntryPoint to PPO-Parse-Prepaid-Outgoing.
set EntryPoint PPO-Parse-Prepaid-Outgoing
Set EntryPoint PPO-Parse-Prepaid-Outgoing
Adding Prepaid Clients
To add prepaid clients:
Step 1 Use aregcmd to add the prepaid clients under /Radius/Clients.
cd /radius/clients
add SSG
A RADIUS client has the following properties:
[ //localhost/Radius/Clients/ssg ]
EnableDynamicAuthorization = FALSE
Step 2 Set the IPAddress property to the client IP address.
set IPAddress aaa.bbb.ccc.ddd
Set IPAddress aaa.bbb.ccc.ddd
Step 3 Set the SharedSecret.
set sharedsecret cisco
Step 4 Set the to PCO-Parse-Client-Outgoing.
set out PCO-Parse-Client-Outgoing
Set PCO-Parse-Client-Outgoing
Generic Call Flow
This section describes the generic call flow for the Prime Access Registrar CRB prepaid billing. The call flow is controlled by the AAA client. The Prime Access Registrar server converts VSAs into calls to the billing server. For information about call flows and attributes for IS835C, see IS835C Prepaid Billing.
The packet flows presented in Figure 8-1 are specific to the Prime Access Registrar CRB prepaid billing only. The headlines in the packet flows are general and do represent all data transferred. The letters c, s, and b in Figure 8-1 designate the packet’s source of client, server, or billing server, respectively.
Figure 8-1 Generic Call Flow Diagram
This section contains the following topics:
Access-Request (Authentication)
Flow 1c shows the client sending the Access-Request to AAA Server, part of a normal authentication request. The exact nature of the message contents is dictated by the access technology, be it be CDMA1X-RTT, GPRS, or another. The Access-Request might involve other messages such as PAP/CHAP or another form of authentication.
The Flow 1c Access-Request might contain a prepaid specific VSA, CRB_AUTH_REASON. Table 8-4 lists the attributes included in the authentication Access-Request. This tells the Prime Access Registrar server to authenticate the subscriber with the Prepaid server as well. If the value is CRB_AR_INIT_AUTHENTICATE, the initial quota must be obtained for a single service prepaid solution. If this VSA is not present, the Prime Access Registrar server will not authenticate with the Prepaid billing server.
Table 8-4 Attributes Sent During Subscriber Authentication
|
|
|
|
1 |
User-Name |
APPL: Mobile Node Username |
Required |
2 |
NAS IP Address |
Accounting Node IP Address |
APPL: Required, POA |
31 |
Calling-station-ID |
APPL:MSISDN or IMSI |
APPL: Conditional |
26, 9 |
CRB_AUTH_REASON CRB_AR_INIT_AUTHENTICATE |
See VSA section |
Required |
26, 9 |
CRB_USER_ID |
APPL:PDSN address or SSG address |
APPL: Required, Address of the PDSN |
26, 9 |
CRB_SERVICE_ID |
APPL: Service ID such as Simple IP service, Mobile IP service, or VPN service |
|
26, 9 |
CRB_SESSION_ID |
This VSA contains the session key ID information |
Required; the session ID must be globally unique across all clients and across reboots of the client |
In Flow 1s, the Prime Access Registrar server sends a call to the billing server to authenticate the prepaid user and possibly determine more information about the subscriber’s account. The Prime Access Registrar server can be configured to generate this packet flow, using a subscriber profile parameter, if the request is from a prepaid subscriber.
Access-Accept (Authentication)
Flow 2b shows the billing server returning the authentication result. The billing server returns a failure if the prepaid subscriber has an inadequate balance.
Flow 2s shows the Prime Access Registrar server sending the Access-Accept to the AAA client. This message flow contains at least one prepaid billing-specific VSA (listed in Table 8-5 ) and might contain other access technology-specific attributes.
Table 8-5 Attributes Sent to AAA client in Access-Accept (Authentication)
|
|
|
|
26, 9 |
CRB__USER_TYPE CRB_AR_INIT_AUTHENTICATE |
See Vendor-Specific Attributes |
Optional |
Access-Request (Authorization)
In Flow 3c, the AAA client sends another Access-Request, this time to authorize the subscriber. Table 8-6 lists the attributes required by the Prime Access Registrar server to authorize the subscriber. The session key ID used must be specified using a prepaid VSA pointing to the RADIUS attribute (standard or VSA).
Table 8-6 Attributes Sent During Subscriber Authorization
|
|
|
|
1 |
User-Name |
APPL: Mobile Node Username |
Required |
2 |
NAS IP Address |
Accounting Node IP Address |
APPL: Required, POA |
31 |
Calling-station-ID |
APPL:MSISDN or IMSI |
APPL: Conditional |
26, 9 |
CRB_AUTH_REASON CRB_AR_INIT_AUTHORIZE |
See Vendor-Specific Attributes |
Required |
26, 9 |
CRB_USER_ID |
APPL:PDSN address or SSG address |
APPL: Required, Address of the PDSN |
26, 9 |
CRB_SERVICE_ID |
APPL: Service ID such as Simple IP service, Mobile IP service, or VPN service |
|
26, 9 |
CRB_SESSION_ID |
This VSA contains the session key ID information |
Required; the session ID must be globally unique across all clients and across reboots of the client |
.In Flow 3s, the Prime Access Registrar server sends the Prepaid billing server to obtain a quota. The quota might contain several values depending on the number of measurement parameters chosen.
Access-Accept (Authorization)
Flow 4b shows the billing server returning the quota array for the subscriber.
In Flow 4s, the Prime Access Registrar server converts the quota array received into VSAs and sends an Access-Accept with the assembled VSAs to the AAA client. Table 8-7 lists the prepaid-specific VSAs that might be included in the Access-Accept response message sent to the AAA client. For more detailed information about the VSAs, see Vendor-Specific Attributes.
Table 8-7 Attributes Sent to AAA client in Access-Accept (Authorization)
|
|
26, 9 |
CRB_DURATION |
26, 9 |
CRB_TOTAL_VOLUME |
26, 9 |
CRB_UPLINK_VOLUME |
26, 9 |
CRB_DOWNLINK_VOLUME |
26, 9 |
CRB_TOTAL_PACKETS |
26, 9 |
CRB_UPLINK_PACKETS |
26, 9 |
CRB_DOWNLINK_PACKETS |
Flows 3c through 4s are repeated for every service started or restarted by the AAA client.
However, if the return parameters indicate that the authorization is rejected, an Access-Accept message is generated and sent to the client as shown in Table 8-8 . When this type of error condition occurs, no other VSA is included in the Access-Accept message.
Table 8-8 Attribute Sent to Report Error Condition to AAA client
|
|
|
|
26, 9 |
CRB_TERMINATE_CAUSE |
Identifies why a subscriber failed authentication: 1. Exceeded the balance 2. Exceeded the overdraft 3. Bad credit 4. Services suspended 5. Invalid User |
Conditional; rejection might be returned with Access-Accept and zero (0) quota |
Accounting-Start
In Flow 5c, the AAA client sends the Accounting-Start. In Flow 6s, the Prime Access Registrar server replies with the Accounting-Response.
Data Flow
At this point, the data transfer begins. The AAA client monitors the subscriber’s allocated quotas for metering parameters. A subscriber’s Reauthorization request is generated when a quota for at least one of the metering parameters, is depleted.
Access-Request (Quota Depleted)
Flow 7c shows the client sending an Access-Request to the Prime Access Registrar server because at least one quota has been depleted. The Access-Request includes different measurements of how much of the quotas were used in VSA format. This enables the billing server to account for the usage and manage the subscriber’s balance before assigning a new quota. Table 8-9 lists the attributes returned to the Prime Access Registrar server:
Table 8-9 Attributes Sent by NAS When Quota Depleted
|
|
|
|
1 |
User-Name |
APPL: Mobile Node Username |
Conditional |
2 |
NAS IP Address |
Accounting Node IP Address |
APPL: Required, POA address, or Home Node address |
31 |
Calling-station-ID |
APPL:MSISDN or IMSI |
APPL: Conditional |
26, 9 |
CRB_AUTH_REASON |
See VSA |
Required |
26, 9 |
CRB_USER_ID |
APPL: PDSN address or SSG address |
APPL: Required, address of SGSN |
26, 9 |
CRB_DURATION |
See Vendor-Specific Attributes |
Required |
26, 9 |
CRB_TOTAL_VOLUME |
Conditional |
26, 9 |
CRB_UPLINK_VOLUME |
26, 9 |
CRB_DOWNLINK_VOLUME |
26, 9 |
CRB_TOTAL_PACKETS |
26, 9 |
CRB_UPLINK_PACKETS |
26, 9 |
CRB_DOWNLINK_PACKETS |
Accept-Accept (Quota Depleted)
Flow 7s shows the Prime Access Registrar server returning the used quota array to the billing server. The call includes aaa_ebs_reauthoriz(). The billing server sends an updated quota array for the next period to the Prime Access Registrar server.
In Flow 8s, the Prime Access Registrar server converts the quota array into VSAs and sends them to the AAA client.
Table 8-10 Attributes Sent to AAA Client in Access-Accept (Reauthorization)
|
|
26, 9 |
CRB_USER_TYPE |
26, 9 |
CRB_DURATION |
26, 9 |
CRB_TOTAL_VOLUME |
26, 9 |
CRB_UPLINK_VOLUME |
26, 9 |
CRB_DOWNLINK_VOLUME |
26, 9 |
CRB_TOTAL_PACKETS |
26, 9 |
CRB_UPLINK_PACKETS |
26, 9 |
CRB_DOWNLINK_PACKETS |
Accounting Stop (Session End)
In Flow 9c, the client sends an Accounting-Stop to the Prime Access Registrar server to end the session. The Accounting-Stop message includes an updated quota array with the usage adjustments since the previous authorization in the VSA form.
Table 8-11 lists the attributes included in the Accounting-Stop message set to the Prime Access Registrar server and forwarded to the billing server.
Accounting Response (Final Status)
In Flow 9s, the Prime Access Registrar server sends the used quota array to the billing server in an Accounting-Stop message. Any values returned by the billing server in Flow 10b are discarded.
Flow 10s shows the Prime Access Registrar server sending final Accounting-Response message to the AAA client.
Table 8-11 Attributes Sent in Accounting-Stop Message
|
|
|
|
1 |
User-Name |
APPL: Mobile Node Username |
Conditional |
2 |
NAS IP Address |
Accounting Node IP Address |
APPL: Required, POA |
31 |
Calling-station-ID |
APPL:MSISDN or IMSI |
APPL: Conditional |
40, 2 |
Acct_status_type |
Indicates the accounting “Stop” for the service |
Required; this value (2) indicates an Accounting-Stop request message |
42 |
Acct-Input-Octets |
The number of octets sent by the subscriber; uplink |
Required |
43 |
Acc_Output_Octets |
The number of octets received by the subscriber; downlink |
46 |
Acct-Session-Time |
Duration of the session |
47 |
Acct-Input-Packets |
Number of packets sent by the subscriber |
48 |
Acct-Output-Packets |
Number of packets received by the subscriber |
49 |
Acct-Terminate-Cause |
This parameter, used for tracking, should remain the same for all accounting requests for a given service. |
26, 9 |
CRB_DURATION |
See Vendor-Specific Attributes |
Conditional |
26, 9 |
CRB_TOTAL_VOLUME |
26, 9 |
CRB_UPLINK_VOLUME |
26, 9 |
CRB_DOWNLINK_VOLUME |
26, 9 |
CRB_TOTAL_PACKETS |
26, 9 |
CRB_UPLINK_PACKETS |
26, 9 |
CRB_DOWNLINK_PACKETS |
26, 9 |
CRB_SESSION_ID |
Specifies the RADIUS attribute carrying the session ID information |
Optional |
Vendor-Specific Attributes
Vendor-specific attributes are included in specific RADIUS packets to communicate prepaid user balance information from the Prime Access Registrar server to the AAA client, and actual usage, either interim or total, between the NAS and the Prime Access Registrar Server.
Table 8-12 lists the VSAs that will be defined in the API. Table 8-12 also lists the string to be used with Cisco-AVPair below the VSA.
Note VSAs that start with CRB are used for Cisco Radius Billing prepaid service.
Table 8-12 Vendor-Specific Attributes for the Cisco Prepaid Billing Solution
|
|
|
|
CRB_AUTH_REASON crb-auth-reason |
Int8 |
1c, 7c, 7’c |
Passed with re-authorization: 1. Initial Authentication 2. Initial Authorization 3. Re-authorization 4. Return Quota 5. Query to EBS |
CRB_USER_ID crb-user-id |
String |
1c, 7c, 7’c |
APPL: In PDSN this can be Address of the PDSN. |
CRB_SERVICE_ID crb-service-id |
String |
1c, 7c |
Identifies the subscriber’s service |
CRB_USER_TYPE crb-entity-type |
Int8 |
4s |
Type of user: 1. Prepaid user 2. Post-paid with no credit limit 3. Post-paid with credit limit 4. Invalid user The source for this VSA value could be from the Subscriber profile or from the billing server |
CRB_DURATION crb-duration |
Int32 |
4s, 8s |
Downlink quota received by the AAA client |
CRB_TOTAL_VOLUME crb-total-volume |
Total Volume quota received by the AAA client |
CRB_UPLINK_VOLUME crb-uplink-volume |
Uplink volume quota received by the AAA client |
CRB_DOWNLINK_VOLUME crb-downlink-volume |
Uplink Volume quota received by the AAA client |
CRB_TOTAL_PACKETS crb-total-packets |
Downlink Packet quota received by the AAA client |
CRB_UPLINK_PACKETS crb-uplink-packets |
Uplink Packet quota received by the AAA client |
CRB_DOWNLINK_PACKETS crb-downlink-packets |
Uplink Volume quota received by the AAA client |
CRB_SESSION_ID crb-session-id |
String |
|
Additional field if session ID is required. This VSA provides the real time billing-specific session ID. This VSA duplicates the contents of the technology- specific session ID or the contents of RADIUS attributes 44 or 50. The NAS can use this VSA to generate a unique session ID. If this VSA is not present, then RADIUS attribute 44 is used instead. If this is a string AV Pair-type attribute, the name is the string attribute name. |
CRB_TERMINATE_CAUSE crb-terminate-cause |
Int8 |
4se |
Identifies why a subscriber failed authentication: 1. Exceeded the balance 2. Exceeded the overdraft 3. Bad credit 4. Services suspended 5. Invalid User 6. Invalid Password 7. System Error 8. Disabled 9. Expired 10. Valid in Future 11. Used up 12. No Parallel sessions 13. Session Already closed 14. Invalid session |
CRB_PRIVATE crb-private |
String |
n/a |
Reserved for future use |