Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.

Slides:

Advertisements

Similar presentations

Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.

Advertisements

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.

AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.

Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.

TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

22-23 June 2004TISPAN-3GPP Workshop - Sophia-Antipolis 1 TISPAN NGN Architecture Overview Richard Brennan pulver.com, WG2 Chair

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Chapter 19: Network Management Business Data Communications, 5e.

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,

QoS Auditing Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center Global Networking.

Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.

Policy-based Accounting Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center Global Networking (GloNe)

Traffic Engineering With Traditional IP Routing Protocols

Policy-based Accounting Draft Update Tanja Zseby, Sebastian Zander Fraunhofer Institute FOKUS Competence Center for Global Networking (GloNe) [zseby,

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

Examples for Policy-based Accounting in the AAA Framework Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS German National Research Institute for Information.

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

Management of IP networks and services AIMS‘99 Workshop Heidelberg May, 1999 Dr. Stefan Covaci GMD FOKUS, Berlin Some Ideas on Management of IP Networks.

1IMIC, 8/30/99 Constraint-Based Unicast and Multicast: Practical Issues Bala Rajagopalan NEC C&C Research Labs Princeton, NJ

Policy Framework Status aaaarch mtg, irtf, Aug. 2, 2000 Ed Ellesson co-chairs of policy framework wg: Ed Ellesson: John Strassner:

Accounting Examples Henk Jonkers Telematica Instituut Enschede, the Netherlands IRTF AAAARCH WG Meeting 50th IETF, Minneapolis, March 22, 2001.

Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000.

Policy-based Accounting: Accounting Issues Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Center for Information Technology.

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,

Accounting, billing & payment Support for financial exploitation of network-based services Henk Jonkers Telematica Instituut Enschede, the Netherlands.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN

1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

1/28/2010 Network Plus Unit 5 Section 2 Network Management.

AIMS’99 Workshop Heidelberg, May 1999 Ko / CP 4/99 Linkage between Internet Service Architectures and ATM

Interworking Architecture Between 3GPP and WLAN Systems 張憲忠, 何建民, 黃瑞銘, 紀嘉雄, 李有傑.

December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

Class-based QoS  Internet QoS model requires per session state at each router  1000s s of flows  per session RSVP is complex => reluctance.

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.

Applicazione del paradigma Diffserv per il controllo della QoS in reti IP: aspetti teorici e sperimentali Stefano Salsano Università di Roma “La Sapienza”

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.

11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.

Policy Based Data Management Data-Intensive Computing Distributed Collections Grid-Enabled Storage iRODS Reagan W. Moore 1.

- 1 IPv6 Quality of Service Measurement Issues and Solutions Alessandro Bassi Hitachi Europe SAS RIPE 50 meeting Stockholm, 2 nd May 2005.

Data Objects and Message Types 49 th IETF AAAarch Research Group David Spence Interlink Networks.

Standards Activities on Traffic Measurement. 2 Outline Applications requiring traffic measurement Packet capturing and flow measurement Existing protocols.

PART3 Data collection methodology and NM paradigms 1.

1 © NOKIA FILENAMs.PPT/ DATE / NN AAA-SIP Requirements Current draft: draft-loughney-sip-aaa-req-00.txt draft-calhoun-sip-aaa-reqs-04.txt may not be updated.

1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.

Omniran IEEE 802 OmniRAN EC SG Results and Outlook Date: Authors: NameAffiliationPhone Max RiegelNSN

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

Exploring opportunities in the OGSA service model– realising Utility Computing Jeffrin J. Von Reich Chief architect Hewlett Packard Software Global Unit.

Omniran CF00 1 Investigation on Accounting and Monitoring Date: [ ] Authors: NameAffiliationPhone Hao WangFujitsu R&D

Georg Carle, Sebastian Zander, Tanja Zseby

Working at a Small-to-Medium Business or ISP – Chapter 8

EA C451 Vishal Gupta.

Network and Services Management

Data collection methodology and NM paradigms

AAA: A Survey and a Policy- Based Architecture and Framework

Presentation transcript:

Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence Center Global Networking (GloNe)

March 30, 2000IRTF Meeting - AAAARCH RG2 Future Service Provider Options Variety of Provider Characteristics –Size and Purpose (e.g. small ISP, large backbone operator) –QoS provisioning technique (e.g. DiffServ, IntServ) –Service classes –Charging scheme(s) and models –Agreements with other providers (e.g. data exchange, distribute tasks) –Existing Infrastructure (MIBs, profile meters, etc.) Variety of User Profiles –Number of flows, flow granularity, traffic profiles, unicast/multicast –User preferences (e.g. acc. indication, itemized invoices, spending limits) Potential Distribution of accounting tasks among different entities –Provisioning of accounting service by other providers or even users Accounting Architecture has to be flexible

March 30, 2000IRTF Meeting - AAAARCH RG3 Charging Schemes (Examples) Three-Term-Charging: Access, Volume, Time C = S + a T + b V Karsten et al [KaSW98]: virtual resources derived from flowspec Delgrossi/Ferrari [DeFe98]: buffer, computing capacity, schedulability, distance Kilkki: Simple Integrated Media Access (SIMA) MacKie-Mason/Varian: Smart Market

March 30, 2000IRTF Meeting - AAAARCH RG4 Why do we need accounting policies ? Different sessions may have different accounting requirements or preferences (e.g. if charging schemes differ) Different users might prefer different accounting services for the same session type (e.g. accounting indication, itemized invoice) Different accounting infrastructure (standardized notation for configuration useful) Peer providers might require a certain accounting record type or report interval ==> dynamic configuration of accounting architecture needed Idea: Transport configuration information via accounting policies

March 30, 2000IRTF Meeting - AAAARCH RG5 Accounting Policies Accounting policies: define rules for transport and storage of accounting data –What kind of accounting records should be generated –Where to send (to which entities) –When to send and how often –Where stored –How long stored –Who is allowed to access This influences –Meter configuration (what attribute, how often measured) –Data collection process (e.g. collect info from authorization event log) –Accounting record distribution (which AAA sends what to whom) –Accounting record storage (location, expiration time, etc.)

March 30, 2000IRTF Meeting - AAAARCH RG6 Intra-Domain Accounting Provider End System Service Equipment Meter System AAA Billing Service Usage Acc-Records Acc. Policies config Accounting policies are fixed Manually configured by provider No transport of accounting policy needed Accounting is part of the service Meter records Acc. Records ASM User

March 30, 2000IRTF Meeting - AAAARCH RG7 Inter-Domain Accounting (Roaming Example) User Foreign Provider End System Service Equipment Meter System AAA Service Usage Home Provider AAA 1. AccPolReq 3. AccRec config Billing ASM 2. AccPolAck Meter records

March 30, 2000IRTF Meeting - AAAARCH RG8 config Accounting Indication Provider End System Service Equipment Meter System AAA 1. AccPolReq 2. AccPolAck ASM User 3. AccRec

March 30, 2000IRTF Meeting - AAAARCH RG9 AAA Server Authorization Authentication Accounting Meter System 6. Meter records AAA-1 1.AccPolReq AAA-2 8.AccRec 5. config 3.AccPolAck 4.Enforce AccPol 2.O.K. 7. Accounting records ASM

March 30, 2000IRTF Meeting - AAAARCH RG10 Meter Systems Meter Manager RTFM Meter (NeTraMet) Collector Meter SNMP (conf) Meter SNMP (data) AAA Meter Records Cisco NetFlow Meter System UDP (data) AAA Meter Records Flow Collector Filter & Aggregation ASM config policy

March 30, 2000IRTF Meeting - AAAARCH RG11 Open Issues Accounting policy format/language  policy, snmpconf, ipsp WGs, PAX PDL ? Session definition –Which messages indicate session start and session end ? –Sub-Sessions Mapping user/customer ID and flow Authorization negotiation –What happens if required accounting service cannot be provided Because meter cannot meter required values Meter overloaded Authorization fails (home AAA not allowed to access detailed information)  denial of service provisioning or negotiation of lowest common denominator ? Does AAA touch AccRecords or just forwards it ? –Add session ID, user ID, aggregate records Session/Auditing ID to correlate AAA data

THE END