RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury.

Slides:

Advertisements

Similar presentations

Diameter Credit Control Application Tutorial - IETF67

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.

Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Accounting Management IACT 918 April 2005 Glenn Bewsell/Gene Awyzio SITACS University of Wollongong.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Georgy Melamed Eran Stiller

Radius Dave Grizzanti Steve Curti. What is RADIUS? Remote Authentication Dial-In User Service (RADIUS) is a protocol for remote user authentication and.

Radius Security Extensions using Kerberos V5 draft-kaushik-radius-sec-ext.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper.

RADIUS Chargeable User Identity Farid Adrangi Avi Lior Jouni Korhonen draft-adrangi-radius-chargeable-user-identity-02.txt.

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

Chapter 17 TACACS+.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

1 CDMA/GPRS Roaming Proposals Raymond Hsu, Jack Nasielski Feb

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Interworking Architecture Between 3GPP and WLAN Systems 張憲忠, 何建民, 黃瑞銘, 紀嘉雄, 李有傑.

Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 70 – Vancouver draft-ietf-ancp-framework-04.txt.

70-411: Administering Windows Server 2012

Dean Cheng Jouni Korhonen Mehamed Boucadair

Credit Control and Prepaid Applications Avi LiorBridgewater Systems Parviz YeganiCisco

Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 71 – Philadelphia draft-ietf-ancp-framework-05.txt.

Cisco’s Secure Access Control Server (ACS)

1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)

March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )

Dean Cheng Jouni Korhonen Mehamed Boucadair

1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.

1 RADIUS Attribute Harmonization and Informational guidelines for PWLAN Farid Adrangi Intel Corporation ( )

Radius Redirection draft-lior-radius-redirection-01.txt Avi Lior Bridgewater Systems Farid Adrangi Intel.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

62nd IETF Lior, Chowdhury,Yegani,Guenther RADIUS Prepaid Extensions A. Lior, Y. Li, Bridgewater Systems P. Yegani, Cisco K. Chowdhury, Nortel C. Guenther,

X xxx ZTE Discussion on cdma2000 Charging with PCC Title: Discussion on PCC Charging for cdma2000 1x and HRPD Sources: China Telecom, ZTE Contact:

VirtuCo :: Authentication and Billing ::. VirtuCo v©v© Authentication schemes –Public key –Username and password –Combination –Additional possibilities.

1 © NOKIA diameter-cca-update.PPT Diameter Credit-control Application Harri Hakala.

AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.

Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

3GPP2 Charging Betsy Kidwell Chair, 3GPP2 TSG-X Lucent Technologies OMA-MCC Bangkok, Thailand June 2004.

1 © NOKIA FILENAMs.PPT/ DATE / NN AAA-SIP Requirements Current draft: draft-loughney-sip-aaa-req-00.txt draft-calhoun-sip-aaa-reqs-04.txt may not be updated.

RADIUS Protocol Sowjanya Talasila Shilpa Pamidimukkala.

Diameter NAPT Control Application: Discussion on naming of involved entities Frank Brockners.

1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.

RADIUS What it is Remote Authentication Dial-In User Service

1 Bandwidth Profile Negotiation over AAA Farid Adrangi, Paul Congdon, Chuck Black, Avi Lior, Farooq Bari draft-adrangi-radius-bandwidth-capability-01.txt.

Carrying Location Objects in RADIUS Presentation written by: Hannes Tschofenig, Allison Mankin Draft Authors: Hannes Tschofenig, F. Adrangi, A. Lior, M.

Prepaid Extensions to RADIUS (draft-lior-radius-prepaid-extensions-10.txt) A. Lior Bridgewater Systems P. Yegani Cisco Systems K. Chowdhury Starent Networks.

Dean Cheng 81 st IETF Quebec City RADIUS Extensions for CGN Configurations draft-cheng-behave-cgn-cfg-radius-ext

L Identify the “out-of-the-box” audit settings l Identify recommended minimum audit settings l Configure security event log settings to meet recommendations.

Diameter NAT Control Application (draft-brockners-diameter-nat-control-00.txt) IETF 74, March 2009 Presenter: Wojciech Dec

IETF69 ANCP WG1 ANCP Multicast Handling draft-maglione-ancp-mcast-00.txt R. Maglione, A. Garofalo - Telecom Italia F. Le Faucheur, T. Eckert - cisco Systems.

Diameter SIP Application

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Diameter credit control application Diameter credit control application draft-hakala-diameter-credit-control-05.txt Harri Hakala Ericsson Leena Mattila.

62 nd IETF RADIUS Bandwidth Capability Avi Lior, Bridgewater Systems Farid Adrangi, Intel Paul Congdon, ProCurve Networking Business Chuck Black, ProCurve.

IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)

IETF 78 RADIUS extensions for DS-Lite draft-maglione-softwire-dslite-radius-ext-00 R. Maglione – Telecom Italia A. Durand – Juniper Networks.

RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Module 10: Managing and Monitoring Network Access

Capability Exchange Requirements

Carrying Location Objects in RADIUS

Pre-authentication Overview

Chapter 8: Monitoring the Network

Presentation transcript:

RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury Nortel Networks

Requirements Provide support for Prepaid User. –Quota management –Usage metering –Session control Support Prepaid business models. –Time based, Volume based, “Token” based (unit less) –Simple rating and complex rating –Session based and single event based.

Key Features Quota based. –Quotas are initially exchanged in Access- Request/Accept; and are refreshed in Authorize-Only exchanges. Use RADIUS accounting messages only to record what has happened for audit and billing purposes.

What is New Simplified the Architecture model (draft 4) Added support for Multi-Services (draft 5) –Functionally aligned with Diameter CC. Cleanup and incorporation of comments received on list and privately. –Joel Halpern –Mark Grayson –Nagi Reddy Jonnala –Mike Santoro –Farid Adrangi –Damien Galand –Lothar Reith –Stefaan.de Cnodder

Prepaid Architecture RADIUS Client RADIUS Server Prepaid Client Prepaid Server RADIUS User Device Router/ Gateway Internet Prepaid attributes carried by RADIUS NAS

Multi-Services Main service or “Access Service” –This is what we traditionally authenticate and authorize. Operators what to differentiate between IP-flows –Some flows are more valuable. –Some flows are metered differently. –Some flows have different QoS. Additional flows only require authorization only.

Prepaid for Multi-Services Service defined by a Service-ID (string) –A Service can be an IP-Flow defined by IP-tuples. –“Access Service” is the default or initial service. 3GPP2 it corresponds to the Main-Service-Instance. Quota allocated –To one Service at a time; or –A group of Services using Rating-Groups: Rating-Group preconfigured in the Service Access Device. Define the rating (complex rating) and the Services that are associated with that Rating-Group. Pools –Associate quotas assigned to Services or Rating- Groups to Pools. –Minimize message. –Help when services are not drawing on quotas equally.

Multi-Service Example A: A user is Authenticated and Authorized as prepaid and assigned quota to the “Access Service” of 2MB. B: NAS wants to Authz another Service (eg VoIP). Sends an Access-Request (AuthOnly) with PPAQ specifying SID =Service-A. Session-Id needed to tie this Authorize-Only to previous AuthN/AuthZ. C: PPS replies with Access-Accept with a PPAQ for Service-A containing Volume of 1 MB. D: “Access Service” and Service-A request more quota. Report what they used. Update-Reason Quota-Refresh E: PPS authorize more quota to both. Access Service (+2MB) has 4 MB,Service-A (+1MB) 2MB F: User logs off. Report used quota. “Access- Service” 3MB, Service-A 1.5 MB. We know that it’s the end because the PPAQ indicates the cause for reporting Update- Reason User-Termination. NAS/PPC PPS AuthN/AuthZ “Access Service” Session-Id, [PPAQ SID=Service-A] A B C [PPAQ QID Service-A, I MB] Access-Request Authz Only Access-Accept Authz Only D E F Access-Request Authz Only [ PPAQ QID 2 MB] [ PPAQ QID Service-A, I MB] Access-Accept Authz Only [ PPAQ QID 4 MB] [ PPAQ QID Service-A, 2 MB] Access-Request Authz Only [ PPAQ QID 3 MB] [ PPAQ QID Service-A, I.5 MB] Access-Accept Authz Only

What is next Add support for single event. –Scenarios: Single Event Prepaid Authorization with Authentication. Single Even Prepaid Authorization only – user has already been authenticated. Mapping to Diameter