RADIUS Prepaid Extension

1
RADIUS Prepaid Extension

• draft-lior-radius-prepaid-extensions-05.txt

Avi Lior, Yong Li, Bridgewater
Systems Parviz Yegani, Cisco Systems Kuntal
Chowdhury Nortel Networks
2
Requirements

• Provide support for Prepaid User.
• Quota management
• Usage metering
• Session control
• Support Prepaid business models.
• Time based, Volume based, Token based (unit
  less)
• Simple rating and complex rating
• Session based and single event based.

3
Key Features

• Quota based.
• Quotas are initially exchanged in
  Access-Request/Accept and are refreshed in
  Authorize-Only exchanges.
• Use RADIUS accounting messages only to record
  what has happened for audit and billing purposes.

4
What is New

• Simplified the Architecture model (draft 4)
• Added support for Multi-Services (draft 5)
• Functionally aligned with Diameter CC.
• Cleanup and incorporation of comments received on
  list and privately.
• Joel Halpern
• Mark Grayson
• Nagi Reddy Jonnala
• Mike Santoro
• Farid Adrangi
• Damien Galand
• Lothar Reith
• Stefaan.de Cnodder

5
Prepaid Architecture
NAS
Prepaid Server
Prepaid Client
Prepaid attributes carried by RADIUS
RADIUS Client
RADIUS Server
RADIUS
User Device
Router/Gateway
Internet
6
Multi-Services

• Main service or Access Service
• This is what we traditionally authenticate and
  authorize.
• Operators what to differentiate between IP-flows
• Some flows are more valuable.
• Some flows are metered differently.
• Some flows have different QoS.
• Additional flows only require authorization only.

7
Prepaid for Multi-Services

• Service defined by a Service-ID (string)
• A Service can be an IP-Flow defined by IP-tuples.
• Access Service is the default or initial
  service. 3GPP2 it corresponds to the
  Main-Service-Instance.
• Quota allocated
• To one Service at a time or
• A group of Services using Rating-Groups
• Rating-Group preconfigured in the Service Access
  Device.
• Define the rating (complex rating) and the
  Services that are associated with that
  Rating-Group.
• Pools
• Associate quotas assigned to Services or Rating-
  Groups to Pools.
• Minimize message.
• Help when services are not drawing on quotas
  equally.

8
Multi-Service Example

• A A user is Authenticated and Authorized as
  prepaid and assigned quota to the Access
  Service of 2MB.
• B NAS wants to Authz another Service (eg VoIP).
  Sends an Access-Request (AuthOnly) with PPAQ
  specifying SID Service-A.
• Session-Id needed to tie this Authorize-Only
  to previous AuthN/AuthZ.
• C PPS replies with Access-Accept with a PPAQ for
  Service-A containing Volume of 1 MB.
• D Access Service and Service-A request more
  quota. Report what they used.
• Update-Reason Quota-Refresh
• E PPS authorize more quota to both. Access
  Service (2MB) has 4 MB,Service-A (1MB) 2MB
• F User logs off. Report used quota.
  Access-Service 3MB, Service-A 1.5 MB. We know
  that its the end because the PPAQ indicates the
  cause for reporting Update-Reason
  User-Termination.

NAS/PPC
PPS
AuthN/AuthZ Access Service
A
Session-Id, PPAQ SIDService-A
B
Access-Request Authz Only
PPAQ QID Service-A, I MB
C
Access-Accept Authz Only
PPAQ QID 2 MB PPAQ QID Service-A, I MB
D
Access-Request Authz Only
PPAQ QID 4 MB PPAQ QID Service-A, 2 MB
E
Access-Accept Authz Only
PPAQ QID 3 MB PPAQ QID Service-A, I.5 MB
F
Access-Request Authz Only
Access-Accept Authz Only
9
What is next

• Add support for single event.
• Scenarios
• Single Event Prepaid Authorization with
  Authentication.
• Single Even Prepaid Authorization only user has
  already been authenticated.
• Mapping to Diameter