Title: RADIUS Prepaid Extension
1RADIUS Prepaid Extension
- draft-lior-radius-prepaid-extensions-05.txt
Avi Lior, Yong Li, Bridgewater
Systems Parviz Yegani, Cisco Systems Kuntal
Chowdhury Nortel Networks
2Requirements
- Provide support for Prepaid User.
- Quota management
- Usage metering
- Session control
- Support Prepaid business models.
- Time based, Volume based, Token based (unit
less) - Simple rating and complex rating
- Session based and single event based.
3Key Features
- Quota based.
- Quotas are initially exchanged in
Access-Request/Accept and are refreshed in
Authorize-Only exchanges. - Use RADIUS accounting messages only to record
what has happened for audit and billing purposes.
4What is New
- Simplified the Architecture model (draft 4)
- Added support for Multi-Services (draft 5)
- Functionally aligned with Diameter CC.
- Cleanup and incorporation of comments received on
list and privately. - Joel Halpern
- Mark Grayson
- Nagi Reddy Jonnala
- Mike Santoro
- Farid Adrangi
- Damien Galand
- Lothar Reith
- Stefaan.de Cnodder
5Prepaid Architecture
NAS
Prepaid Server
Prepaid Client
Prepaid attributes carried by RADIUS
RADIUS Client
RADIUS Server
RADIUS
User Device
Router/Gateway
Internet
6Multi-Services
- Main service or Access Service
- This is what we traditionally authenticate and
authorize. - Operators what to differentiate between IP-flows
- Some flows are more valuable.
- Some flows are metered differently.
- Some flows have different QoS.
- Additional flows only require authorization only.
7Prepaid for Multi-Services
- Service defined by a Service-ID (string)
- A Service can be an IP-Flow defined by IP-tuples.
- Access Service is the default or initial
service. 3GPP2 it corresponds to the
Main-Service-Instance. - Quota allocated
- To one Service at a time or
- A group of Services using Rating-Groups
- Rating-Group preconfigured in the Service Access
Device. - Define the rating (complex rating) and the
Services that are associated with that
Rating-Group. - Pools
- Associate quotas assigned to Services or Rating-
Groups to Pools. - Minimize message.
- Help when services are not drawing on quotas
equally.
8Multi-Service Example
- A A user is Authenticated and Authorized as
prepaid and assigned quota to the Access
Service of 2MB. - B NAS wants to Authz another Service (eg VoIP).
Sends an Access-Request (AuthOnly) with PPAQ
specifying SID Service-A. - Session-Id needed to tie this Authorize-Only
to previous AuthN/AuthZ. - C PPS replies with Access-Accept with a PPAQ for
Service-A containing Volume of 1 MB. - D Access Service and Service-A request more
quota. Report what they used. - Update-Reason Quota-Refresh
- E PPS authorize more quota to both. Access
Service (2MB) has 4 MB,Service-A (1MB) 2MB - F User logs off. Report used quota.
Access-Service 3MB, Service-A 1.5 MB. We know
that its the end because the PPAQ indicates the
cause for reporting Update-Reason
User-Termination.
NAS/PPC
PPS
AuthN/AuthZ Access Service
A
Session-Id, PPAQ SIDService-A
B
Access-Request Authz Only
PPAQ QID Service-A, I MB
C
Access-Accept Authz Only
PPAQ QID 2 MB PPAQ QID Service-A, I MB
D
Access-Request Authz Only
PPAQ QID 4 MB PPAQ QID Service-A, 2 MB
E
Access-Accept Authz Only
PPAQ QID 3 MB PPAQ QID Service-A, I.5 MB
F
Access-Request Authz Only
Access-Accept Authz Only
9What is next
- Add support for single event.
- Scenarios
- Single Event Prepaid Authorization with
Authentication. - Single Even Prepaid Authorization only user has
already been authenticated. - Mapping to Diameter