Guest

Cisco IOS Software Releases 12.2 T

Enhanced Billing Support for SIP Gateways

  • Viewing Options

  • PDF (237.2 KB)
  • Feedback
Enhanced Billing Support for SIP Gateways

Table Of Contents

Enhanced Billing Support for SIP Gateways

Feature Overview

Username Attribute

SIP Call ID

Session Protocol

Silent Authentication Script

Benefits

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring the Username Attribute

Verifying the Username Attribute

Troubleshooting Tips

Configuration Examples

Command Reference

aaa username

Glossary


Enhanced Billing Support for SIP Gateways


Document Update Alert


This document was originally produced for Cisco IOS Release 12.2(11)T. This feature has been updated in subsequent releases, and more recent documentation is available.

If you are using Cisco IOS Release 12.2(11)T or higher, refer to the following section in the Configuring AAA Features for SIP chapter of the Cisco IOS SIP Configuration Guide, Cisco IOS Voice Configuration Library, Release 12.3:

Enhanced Billing Support for SIP Gateways


Feature History

Release
Modification

12.2(2)XB

This feature was introduced on the Cisco 2600 series, Cisco 3600 series, Cisco 7200 series, Cisco AS5300, Cisco AS5350, and Cisco AS5400 platforms.

12.2(8)T

This feature was integrated into Cisco IOS Release 12.2(8)T.

Note The Cisco AS5300, Cisco AS5350, and Cisco AS5400 platforms were not supported in this release.

12.2(11)T

This feature was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco AS5300, Cisco AS5350, and Cisco AS5400 platforms.


This document describes Enhanced Billing Support for Session Initiation Protocol (SIP) Gateways. Enhanced Billing Support for SIP Gateways describes the changes to authentication, authorization, and accounting (AAA) records and the Remote Authentication Dial-In User Service (RADIUS) implementations on Cisco SIP gateways. These changes were introduced to provide customers and partners the ability to effectively bill for traffic transported over SIP networks.

This document includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuration Examples

Command Reference

Glossary

Feature Overview

Username Attribute

The username attribute is included in all AAA records and is the primary means for the billing system to identify an end user. The password attribute is included in authentication and authorization messages of inbound VoIP call legs.

For most implementations, the SIP gateway populates the username attribute in the SIP INVITE request with the calling number from the FROM: header, and the password attribute with null or with data from an IVR script. If a Proxy-Authorization header exists, it is ignored. A new Cisco IOS command aaa username determines the information with which to populate the username attribute.

Within the Microsoft Passport authentication service that authenticates and identifies users, the passport user ID (PUID) is used. The PUID and a password are passed from a Microsoft network to the Internet telephony service provider (ITSP) network in the Proxy-Authorization header of a SIP INVITE request as a single, base-64 encoded string. For example,

Proxy-Authorization: basic MDAwMzAwMDA4MDM5MzJlNjou

The new Cisco IOS command aaa username enables parsing of the Proxy-Authorization header; decoding of the PUID and password; and populating of the PUID into the username attribute, and the decoded password into the password attribute. The decoded password is generally a "." because a Microsoft Network (MSN) authenticates users prior to this point. For example,

Username = "123456789012345"
Password = "Z\335\304\326KU\037\301\261\326GS\255\242\002\202"

The password in the example above is an encrypted "." and is the same for all users.

SIP Call ID

From the Call ID header of the SIP INVITE request, the SIP Call ID is extracted and populated in Cisco vendor-specific attributes (VSA) as a new attribute value pair call-id=string. The value pair can be used to correlate RADIUS records from Cisco SIP gateways with RADIUS records from other SIP network elements for example, proxies. For complete information on this attribute value pair, see the RADIUS Vendor-Specific Attributes Voice Implementation Guide.

Session Protocol

Session Protocol is another new attribute value pair that indicates if the call is using SIP or H.323 as the signaling protocol. For complete information on this attribute value pair, see the RADIUS Vendor-Specific Attributes Voice Implementation Guide.

Silent Authentication Script

As part of the Enhanced Billing Support for SIP Gateways feature, a new Tool Command Language (TCL) Interactive Voice Response (IVR) API 2.0 Silent Authorization script has been developed. The Silent Authorization script allows users to be authorized without having to separately enter a username or password into the system. The script automatically extracts the passport user ID (PUID) and password from the SIP INVITE request, and then authenticates that information through RADIUS authentication and authorization records. The script is referred to as silent since neither the caller or called party hears any prompts.

You can upgrade to the latest script version through the CCO Software Center. The script app_passport_silent.2.0.0.0.tcl can be download from CCO URL http://www.cisco.com/cgi-bin/tablebuild.pl/tclware. You must be a registered CCO user to log in and access these files. For information regarding TCL IVR API 2.0 see the
TCL IVR API Version 2.0 Programmer's Guide.

Developers using the TCL Silent Authorization script may be interested in joining the Cisco Developer Support Program. This program provides you with a consistent level of support that you can depend on while leveraging Cisco interfaces in your development projects. It also provides an easy process to open, update, and track issues through Cisco Connection Online (CCO). Cisco's web-site is a key communication vehicle for using Cisco's Online Case tracking tool. A signed Developer Support Agreement is required to participate in this program. For more details, and access to this agreement, please visit us at: http://www.cisco.com/warp/public/570/index.html, or contact developer-support@cisco.com.

Benefits

Effective Billing

The Enhanced Billing Support on SIP Gateways feature provides customers and partners the ability to effectively bill for traffic transported over SIP networks.

Related Features and Technologies

Cisco AAA

Cisco TCL/IVR Version 2.0

Cisco SIP Proxy Server

Cisco VoIP

Related Documents

The following documents contain information related to the Cisco SIP functionality:

Cisco IOS Voice, Video, and Fax Configuration Guide,  Release 12.2

Cisco IOS Voice, Video, and Fax Command Reference,  Release 12.2

Cisco IOS IP Configuration Guide,  Release 12.2

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services,  Release 12.2

Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols,  Release 12.2

Cisco IOS IP Command Reference, Volume 3 of 3: Multicast,  Release 12.2

Retry and Timer commands are described in:
SIP Gateway Support of RSVP and TEL URL, Release 12.2(2)XB

SIP call flows are described in: SIP Call Flows, Release 12.2(4)T

Further MSN Billing information can be found in the
RADIUS Vendor-Specific Attributes Voice Implementation Guide

Further IVR script information can be found in the
TCL IVR API Version 2.0 Programmer's Guide.

Supported Platforms

Cisco 2600 series

Cisco 3600 series

Cisco AS5300 universal access server

Cisco AS5350 universal gateway

Cisco AS5400 universal gateway

Cisco 7200 series

Table 1 Cisco IOS Release and Platform Support for this Feature

Platform
12.2(2)XB
12.2(8)T
12.2(11)T

Cisco 2600 series

X

X

X

Cisco 3600 series

X

X

X

Cisco 7200 series

X

X

X

Cisco AS5300

X

Not supported

X

Cisco AS5350

X

Not supported

X

Cisco AS5400

X

Not supported

X


Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.


Note As of Cisco IOS Release 12.2(2)XB, Cisco Feature Navigator does not support features included in this limited-lifetime release.


Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

CISCO-SIP-UA-MIB

CISCO-VOICE-DIAL-CONTROL-MIB

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFC 2543, SIP: Session Initiation Protocol

Prerequisites

The following are general prerequisites for SIP deployment.

Ensure that your Cisco 2600 series, Cisco 3600 series, or Cisco 7200 series router has 16-MB Flash memory and 64-MB DRAM memory, minimum. A Cisco AS5300 must have a minimum of 16-MB Flash memory and 128-MB DRAM memory. A Cisco AS5400 must have a minimum of 32-MB Flash memory and 256-MB DRAM memory.

Ensure that the gateway has voice functionality that is configurable for SIP.

Establish a working IP network.

For more information about configuring IP, refer to:
Cisco IOS IP Configuration Guide,  Release 12.2

Configure VoIP.

For more information about configuring VoIP, refer to:
Cisco IOS Voice, Video, and Fax Command Reference,  Release 12.2

Configuration Tasks

See the following sections for configuration tasks for the features included in Enhanced Billing Support on SIP Gateways. Each task in the list is identified as either required or optional.

Configuring the Username Attribute (required)

Configuring the Username Attribute

Complete these steps to configure the username attribute for AAA billing records, beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# sip-ua

Enters SIP user agent configuration mode.

Step 2 

Router(config-sip-ua)# aaa username {calling-number | proxy-auth}

Determines what should be included in the username attribute for AAA billing records. The default is calling-number.

calling-number—Uses the FROM: header in the SIP INVITE. This keyword is used in most implementations.

proxy-auth—Parses the Proxy- Authorization header. Decodes the Microsoft Passport user ID (PUID) and password, and then populates the PUID into the username attribute and a "." into the password attribute.

Step 3 

Router(config-sip-ua)# exit

Exits SIP user agent configuration mode.

Verifying the Username Attribute

The show call active voice command is used to display the username. The two examples below show examples of the two different outputs with the two keywords.

Example 1:

Output when the aaa username command is set with the proxy-auth keyword.

Router# show call active voice
  Total call-legs: 2

   GENERIC:
  SetupTime=1551144 ms
    .
    . (snip)
    .
  ReceiveBytes=63006
  VOIP:
  ConnectionId[0x220A95B7 0x6B3611D5 0x801DBD53 0x8F65BA34]
    .
    . (snip)
    .
  CallerName=
  CallerIDBlocked=False
  Username=1234567890123456             <-- PUID from Proxy-Auth header

Example 2:

Output when the aaa username command is set to the default (no) or calling-number keyword.

Router(config)# /
  Router(config-sip-ua)# no aaa username proxy-auth



  Router# sh call active voice
  Total call-legs: 2

   GENERIC:
  SetupTime=1587000 ms
    .
    . (snip)
    .
  ReceiveBytes=22762
  VOIP:
  ConnectionId[0xF7C22E07 0x6B3611D5 0x8022BD53 0x8F65BA34]
    .
    . (snip)
    .
  CallerName=
  CallerIDBlocked=False
  Username=1234                         <-- calling-number

Troubleshooting Tips

To troubleshoot the Enhanced Billing Support for SIP Gateways feature, perform the following steps:

Make sure that you can make a voice call.

Use the debug ccsip all command to enable all SIP debugging capabilities, or use one of the following SIP debug commands:

debug ccsip calls

debug ccsip error

debug ccsip events

debug ccsip messages

In addition, debug ccsip events and debug ccsip all include new output specific to the Enhanced Billing Support for SIP Gateways feature. The example shows how the Proxy-Authorization header is broken down into a decoded user name and password.

CCSIP SPI: SIP Call Events tracing is enabled 

21:03:21: sippmh_parse_proxy_auth: Challenge is 'Basic'. 
21:03:21: sippmh_parse_proxy_auth: Base64 user-pass string is 
'MTIzNDU2Nzg5MDEyMzQ1Njou'. 
21:03:21: sip_process_proxy_auth: Decoded user-pass string is '1234567890123456:.'. 
21:03:21: sip_process_proxy_auth: Username is '1234567890123456'. 
21:03:21: sip_process_proxy_auth: Pass is '.'. 
21:03:21: sipSPIAddBillingInfoToCcb: sipCallId for billing records = 
10872472-173611CC-81E9C73D-F836C2B6@172.18.192.19421:03:21: ****Adding to UAS Request 
table

Configuration Examples


Note IP addresses and hostnames in this example are fictitious.


This section provides a configuration example highlighting the minimal configuration options that are necessary to carry out the full functionality of the Enhanced Billing Support on SIP Gateways feature. After configuring the aaa username command described in this document, the gateway uses the information received in the SIP Authorization header and makes it available to AAA and Tool Command Language (TCL) Interactive Voice Response (IVR) services. Typically, if you expect to use the full functionality of this feature, AAA and TCL/IVR have been configured previously.

Current configuration : 4017 bytes 
! 
version 12.2 
no service single-slot-reload-enable 
service timestamps debug datetime msec 
service timestamps log uptime 
no service password-encryption 
! 
hostname 3640-1 
! 
logging rate-limit console 10 except errors
! Need the following aaa line
aaa new-model
! 
! Need the following four aaa lines 
aaa authentication login h323 group radius 
aaa authorization exec h323 group radius 
aaa accounting connection h323 start-stop group radius 
aaa session-id common 
enable password lab 
! 
! 
! 
memory-size iomem 15 
clock timezone GMT 0 
voice-card 2 
! 
ip subnet-zero! 
ip domain-name sip.com 
ip name-server 172.18.192.154 
ip name-server 10.10.1.5 
! 
no ip dhcp-client network-discovery 
isdn switch-type primary-5ess 
isdn voice-call-failure 0 
! 
voice service voip 
sip 
rel1xx disable 
! 
! 
fax interface-type fax-mail 
mta receive maximum-recipients 0 
call-history-mib retain-timer 500
! 
! 
controller E1 1/0 
! 
controller E1 1/1 
! 
controller T1 2/0 
framing esf 
linecode b8zs 
pri-group timeslots 1-24 
! 
controller T1 2/1 
framing sf 
linecode ami 
! 
! Need the following three lines 
gw-accounting h323 
gw-accounting h323 vsa 
gw-accounting voip
! 
! 
interface Ethernet0/0 
ip address 10.10.1.4 255.255.255.0 
half-duplex 
ip rsvp bandwidth 7500 7500 
! 
interface Ethernet0/1 
no ip address 
shutdown 
half-duplex 
! 
interface Ethernet0/2 
no ip address 
shutdown 
half-duplex 
! 
interface Ethernet0/3 
no ip address 
shutdown 
half-duplex 
! 
interface FastEthernet1/0 
ip address 172.18.192.197 255.255.255.0 
duplex auto 
speed auto 
ip rsvp bandwidth 75000 75000 
! 
interface Serial2/0:23 
no ip address 
no logging event link-status 
isdn switch-type primary-5ess 
isdn incoming-voice modem 
isdn T306 200000 
isdn T310 200000 
no cdp enable 
! 
ip classless
ip route 10.0.0.0 255.0.0.0 172.18.192.1 
ip route 172.18.0.0 255.255.0.0 172.18.192.1 
no ip http server 
! 
ip radius source-interface FastEthernet1/0 
logging source-interface FastEthernet1/0 
! 
! 
! Need the following radius-server lines for accounting/authentication 
radius-server host 172.18.192.154 auth-port 1645 acct-port 1646 
radius-server retransmit 1 
radius-server key lab 
radius-server vsa send accounting 
radius-server vsa send authentication 
call rsvp-sync 
! 
! 
! Need the following call application lines in order to enable 
! tcl scripting feature. 
call application voice voice_billing tftp://172.18.207.15/app_passport_silent.2.0.0.0.tcl 
! 
voice-port 2/0:23 
! 
voice-port 3/0/0 
! 
voice-port 3/0/1 
! 
voice-port 3/1/0 
! 
voice-port 3/1/1 
! 
! 
mgcp profile default
dial-peer cor custom 
! 
! 
! 
dial-peer voice 3640110 pots 
destination-pattern 3640110 
port 3/0/0 
! 
dial-peer voice 3640120 pots 
destination-pattern 3640120 
port 3/0/1 
! 
dial-peer voice 3660110 voip 
destination-pattern 3660110 
session protocol sipv2 
session target ipv4:172.18.192.194 
codec g711ulaw 
!
dial-peer voice 3660120 voip 
destination-pattern 3660120 
session protocol sipv2 
session target ipv4:172.18.192.194 
codec g711ulaw 
! 
dial-peer voice 222 pots 
huntstop 
application session 
destination-pattern 222 
no digit-strip 
direct-inward-dial 
port 2/0:23 
! 
! 
! Need to add the application line below to enable the tcl script 
dial-peer voice 999 voip 
application voice_billing 
destination-pattern ... 
session protocol sipv2 
session target ipv4:10.10.1.2:5061 
codec g711ulaw 
! 
! 
! Need to add the aaa line below in order to enable proxy-authorization 
! header processing 
sip-ua 
aaa username proxy-auth 
! 
! 
line con 0 
exec-timeout 0 0 
length 0 
line aux 0 
line vty 0 4 
! 
! 
end 
 
 

Command Reference

This section documents the new aaa username command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

aaa username

To determine the information to populate the username attribute for AAA billing records, use the aaa username command in SIP user agent configuration mode. To achieve default capabilities, use the no form of this command.

aaa username {calling-number | proxy-auth}

no aaa username

Syntax Description

calling-number

Uses the FROM: header in the SIP INVITE (default value). This keyword is used in most implementations.

proxy-auth

Parses the Proxy-Authorization header. Decodes the Microsoft Passport user ID (PUID) and password, and then populates the PUID into the username attribute and a "." into the password attribute.

The username attribute is used for billing and the "." is used for the password, because the user has already been authenticated prior to this point.


Defaults

The default is calling-number.

Command Modes

SIP user agent configuration

Command History

Release
Modification

12.2(2)XB

This command was introduced.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T. The Cisco AS5300, Cisco AS5350, and Cisco AS5400 platforms were not supported in this release.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco AS5300, Cisco AS5350, and Cisco AS5400 platforms.


Usage Guidelines

Parsing of the Proxy-Authorization header, decoding of the PUID and password, and populating of the username attribute with the PUID must be enabled through this command. If this command is not issued, the Proxy-Authorization header is ignored.

The keyword proxy-auth is a nonstandard implementation, and SIP gateways do not normally receive or process the proxy-auth header.

Examples

The following example shows the processing of the SIP username from the Proxy-Authorization header being enabled:

Router(config)# sip-ua
Router(config-sip-ua)# aaa username proxy-auth

Related Commands

Command
Description

show call active voice

Shows active call information for voice calls or fax transmissions in progress.

show call history voice

Displays the voice call history table.


Glossary

AAA—authentication, authorization, and accounting. AAA is a suite of network security services that provides the primary framework through which you can set up access control on your Cisco router or access server.

call-ID—A general header that uniquely identifies a particular invitation or all registrations of a particular client.

call leg— A logical connection between the router and another endpoint.

gateway—A gateway allows SIP or H.323 terminals to communicate with terminals configured to other protocols by converting protocols. A gateway is the point where a circuit-switched call is encoded and repackaged into IP packets.

INVITE—A method that initiates a session. It indicates that a user is invited to participate, provides a session description, indicates the type of media, and provides insight regarding the capabilities of the called and calling parties.

ITSP—Internet telephony service provider.

ISDN—Integrated Services Digital Network. Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.

MSN—Microsoft Network.

proxy—A SIP UAC or UAS that forwards requests and responses on behalf of another SIP UAC or UAS.

RADIUS—Remote Authentication Dial-In User Service. Service used for collecting and providing AAA information.

SIP—Session Initiation Protocol. An application-layer protocol originally developed by the Multiparty Multimedia Session Control (MMUSIC) working group of the Internet Engineering Task Force (IETF). Their goal was to equip platforms to signal the setup of voice and multimedia calls over IP networks. SIP features are compliant with IETF RFC 2543, published in March 1999.

TCL IVR— Tool Command Language (TCL) Interactive Voice Response (IVR).

UA—user agent.

UAC—user agent client. A client application that initiates a SIP request.

UAS—user agent server (or user agent). A server application that contacts the user when a SIP request is received, then returns a response on behalf of the user. The response accepts, rejects, or redirects the request.

VoIP—Voice over IP. The ability to carry normal telephone-style voice over an IP-based Internet with POTS-like functionality, reliability, and voice quality. VoIP is a blanket term that generally refers to the Cisco standards-based approach (for example, H.323) to IP voice traffic.