radius prepaid extension n.
Skip this Video
Loading SlideShow in 5 Seconds..
RADIUS Prepaid Extension PowerPoint Presentation
Download Presentation
RADIUS Prepaid Extension

RADIUS Prepaid Extension

0 Views Download Presentation
Download Presentation

RADIUS Prepaid Extension

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury Nortel Networks

  2. Requirements • Provide support for Prepaid User. • Quota management • Usage metering • Session control • Support Prepaid business models. • Time based, Volume based, “Token” based (unit less) • Simple rating and complex rating • Session based and single event based.

  3. Key Features • Quota based. • Quotas are initially exchanged in Access-Request/Accept; and are refreshed in Authorize-Only exchanges. • Use RADIUS accounting messages only to record what has happened for audit and billing purposes.

  4. What is New • Simplified the Architecture model (draft 4) • Added support for Multi-Services (draft 5) • Functionally aligned with Diameter CC. • Cleanup and incorporation of comments received on list and privately. • Joel Halpern • Mark Grayson • Nagi Reddy Jonnala • Mike Santoro • Farid Adrangi • Damien Galand • Lothar Reith • Cnodder

  5. Prepaid Architecture NAS Prepaid Server Prepaid Client Prepaid attributes carried by RADIUS RADIUS Client RADIUS Server RADIUS User Device Router/Gateway Internet

  6. Multi-Services • Main service or “Access Service” • This is what we traditionally authenticate and authorize. • Operators what to differentiate between IP-flows • Some flows are more valuable. • Some flows are metered differently. • Some flows have different QoS. • Additional flows only require authorization only.

  7. Prepaid for Multi-Services • Service defined by a Service-ID (string) • A Service can be an IP-Flow defined by IP-tuples. • “Access Service” is the default or initial service. 3GPP2 it corresponds to the Main-Service-Instance. • Quota allocated • To one Service at a time; or • A group of Services using Rating-Groups: • Rating-Group preconfigured in the Service Access Device. • Define the rating (complex rating) and the Services that are associated with that Rating-Group. • Pools • Associate quotas assigned to Services or Rating- Groups to Pools. • Minimize message. • Help when services are not drawing on quotas equally.

  8. Multi-Service Example PPS NAS/PPC A: A user is Authenticated and Authorized as prepaid and assigned quota to the “Access Service” of 2MB. B: NAS wants to Authz another Service (eg VoIP). Sends an Access-Request (AuthOnly) with PPAQ specifying SID =Service-A. Session-Id needed to tie this Authorize-Only to previous AuthN/AuthZ. C: PPS replies with Access-Accept with a PPAQ for Service-A containing Volume of 1 MB. D: “Access Service” and Service-A request more quota. Report what they used. Update-Reason Quota-Refresh E: PPS authorize more quota to both. Access Service (+2MB) has 4 MB,Service-A (+1MB) 2MB F: User logs off. Report used quota. “Access-Service” 3MB, Service-A 1.5 MB. We know that it’s the end because the PPAQ indicates the cause for reporting Update-Reason User-Termination. A AuthN/AuthZ “Access Service” Session-Id, [PPAQ SID=Service-A] B Access-Request Authz Only [PPAQ QID Service-A, I MB] C Access-Accept Authz Only [PPAQQID 2 MB][PPAQQID Service-A, I MB] D Access-Request Authz Only [PPAQQID 4 MB][PPAQQIDService-A, 2 MB] E Access-Accept Authz Only [PPAQQID 3 MB][PPAQQIDService-A, I.5 MB] F Access-Request Authz Only Access-Accept Authz Only

  9. What is next • Add support for single event. • Scenarios: • Single Event Prepaid Authorization with Authentication. • Single Even Prepaid Authorization only – user has already been authenticated. • Mapping to Diameter