User Guide for Cisco Prime Access Registrar 6.0
Chapter 16 Using Prepaid Billing
Downloads: This chapterpdf (PDF - 304.0KB) The complete bookPDF (PDF - 8.03MB) | Feedback

Using Prepaid Billing

Table Of Contents

Using Prepaid Billing

Overview

IS835C Prepaid Billing

Configuring IS835C Prepaid Billing

Setting Up a Prepaid Billing RemoteServer

Setting Up an IS835C Prepaid Service

Setting Up Local Authentication

Setting Up an Authentication Group Service

CRB Prepaid Billing

Configuring CRB Prepaid Billing

Setting Up a Prepaid Billing RemoteServer

Setting Up a CRB Prepaid Service

Setting Up a Local Accounting Service

Setting Up a Local Authentication Service

Setting Up a Prepaid Accounting Group Service

Setting Up an Authentication Group Service

Configuring CRB Prepaid Billing for SSG

Generic Call Flow

Access-Request (Authentication)

Access-Accept (Authentication)

Access-Request (Authorization)

Access-Accept (Authorization)

Accounting-Start

Data Flow

Access-Request (Quota Depleted)

Accept-Accept (Quota Depleted)

Accounting Stop (Session End)

Accounting Response (Final Status)

Vendor-Specific Attributes

Implementing the Prepaid Billing API


Using Prepaid Billing


Cisco Prime Access Registrar (Cisco Prime AR) supports two types of prepaid billing, IS835C and Cisco Real-time Billing (CRB), a Cisco proprietary solution. The IS835C version adheres to industry standards and is the preferred version.

Three components are required to support a prepaid billing service, such as the following:

AAA client

Cisco Prime AR server

External prepaid billing server

The most important factor for an effective prepaid billing service is in developing a shared library to be configured under the prepaid RemoteServer object. The shared library should be developed to implement all specified API functions. You will have to provide a shared library that meets the needs of your environment. The shared library must implement the API functions to perform the various tasks required for your specific implementation of the prepaid billing service.


Note Cisco works with you to develop the prepaid billing service and implement the API. For more information, contact your Cisco systems engineer.


The chapter contains the following sections:

Overview

IS835C Prepaid Billing

CRB Prepaid Billing

Implementing the Prepaid Billing API

Overview

When a subscriber uses a prepaid billing service, each call requires a set of data about the subscriber. However, the AAA network has no previous knowledge of the subscriber's usage behavior. Cisco Prime AR uses an iterative authorization paradigm over multiple sessions to support the prepaid billing solution.

Each time an authorization request is made, the billing server apportions a fraction of the subscriber's balance into a quota. When a subscriber uses multiple sessions, each session must obtain its own quota. When a previously allocated quota is depleted, a session must be reauthorized to obtain a new quota.


Note The granularity and the magnitude of the quota is in the design and implementation of the prepaid billing server and is beyond the scope of this document. In general, a smaller quota generates more network traffic, but allows more sessions per subscriber. When the quota is equal to a subscriber's total account balance, there is minimal network traffic, but only one session can be supported.


When a subscriber's current quota is depleted, the AAA client initiates a reauthorization request sending Access-Request packets. After the Cisco Prime AR server receives the request, it forwards the request to the billing server. The billing server then returns the next quota to use. The new quota might not be the same as the previous, and the billing server might adjust the quota dynamically.

IS835C Prepaid Billing

Cisco Prime AR acts as a RADIUS protocol head for all the requirements specified in the cdma2000 Wireless IP Network Standard: PrePaid Packet Data Service specification:

http://www.3gpp2.org/Public_html/specs/X.S0011-006-C-v1.0.pdf

As long as the prepaid client understands or accepts what the external billing server sends, the service should work. The Cisco Prime AR server neither imposes nor is affected by the values of attributes returned from the external billing server.

For additional information, see cdma2000 Wireless IP Network Standard: Accounting Services and 3GPP2 RADIUS VSAs at the following URL:

http://www.3gpp2.org/Public_html/specs/X.S0011-005-C-v1.0.pdf

The IS835C specification requires that the Cisco Prime AR server be able to determine that a particular user is a prepaid billing user. A user is accepted as a valid prepaid user when the response dictionary of the incoming packet contains the Cisco Prime AR internal subattribute named prepaid.

The IS835C specification requires prepaid users to first be authenticated by the RADIUS server. This requires the configuration of a group service with an authentication service first, followed by the prepaid service that adds prepaid attributes as shown in Setting Up an Authentication Group Service. The group service configuration enables the AA service to add the prepaid subattribute to the response dictionary upon successful authentication, before the prepaid service is invoked.

Configuring IS835C Prepaid Billing

To configure an IS835C prepaid billing service, use the following sections to configure the required Cisco Prime AR objects:

Setting Up a Prepaid Billing RemoteServer

Setting Up an IS835C Prepaid Service

Setting Up Local Authentication

Setting Up an Authentication Group Service

Setting Up a Prepaid Billing RemoteServer

Cisco Prime AR loads the library dynamically and registers the API functions, then calls out the library initialization API once at startup. The call to initialize functions initializes various data structures and connections with the billing server, as required.

Table 16-1 lists and describes the properties required for an IS835C RemoteServer object.

Table 16-1 Prepaid-IS835C RemoteServer Properties 

Property
Description

Filename

Name of the shared library provided by the billing server vendor, such as libprepaid.so

IPAddress

IP address of the billing server

Port

Port used on the billing server, such as port 66

Connections

Number of threads the prepaid service and billing server can each use (default is 8).


Setting up a Prepaid Billing Remote Server

To set up a prepaid billing remote server:


Step 1 Use aregcmd to add a RemoteServer under /Radius/RemoteServers.

cd /radius/remoteserver

add prepaid-is835c

Step 2 Set remoteserver protocol to prepaid-is835c.

cd prepaid-is835c

set protocol prepaid-is835c

Set Protocol prepaid-is835c
 
   

The following is the default configuration of a prepaid-is835c RemoteServer.

[ //localhost/Radius/RemoteServers/prepaid-is835c ]
Name = prepaid-is835c
Description = 
Protocol = 
IPAddress = 
Port = 0
Filename = 
Connections = 8
 
   


Setting Up an IS835C Prepaid Service

Cisco Prime AR uses a service type prepaid to support the prepaid billing solution. The prepaid service mediates between the client NAS and the external prepaid billing server.

Setting up an IS835C Prepaid Service

To set up an IS835C prepaid service:


Step 1 Use aregcmd to add a prepaid service under /Radius/Services:

cd /radius/services

add prepaid

Added prepaid
 
   

Step 2 Set the service type to prepaid.

cd prepaid

set type prepaid

Set Type prepaid
 
   

A prepaid service has the following default properties:

[ //localhost/Radius/Services/prepaid ]
Name = prepaid
Description = 
Type = prepaid
IncomingScript~ = 
OutgoingScript~ = 
OutagePolicy~ = RejectAll
OutageScript~ = 
MultipleServersPolicy = Failover
RemoteServers/
 
   

Step 3 Add a reference to the is835c-prepaid RemoteServer.

cd RemoteServer

add 1 prepaid-is835c

Added 1
 
   

Setting Up Local Authentication

If you use the Cisco Prime AR server for authentication and authorization in your prepaid billing solution, you should configure an AA service. For example, you might configure a service similar to local-users (in the example configuration) for authentication and authorization of local users.

If some of the users are non-prepaid users or if the prepaid users need to have RADIUS authorization attributes returned, you should configure an AA service to perform that authentication and authorization.

Setting up a Local Authentication

To set up a local authentication:


Step 1 Use aregcmd to set up a local authentication service.

cd /radius/services

add Prepaid-LocalAuthentication

Added prepaid-LocalAuthentication
 
   

cd prepaid-LocalAuthentication

[ //localhost/Radius/Services/prepaid-LocalAuthentication ]
Name = prepaid-LocalAuthentication
Description = 
Type = 
 
   

Step 2 Set the service type to local.

set type local

Set Type local
 
   

Step 3 Set the UserList property to the userlist that contains IS835C prepaid users.

set UserList userlist_name

Set UserList userlist_name
 
   

Note You can use an LDAP or ODBC service in place of the local authentication service.


The authentication service must add the Cisco Prime AR internal attribute prepaid (subattribute 22) to the response upon successful authentication.


Setting Up an Authentication Group Service

Your prepaid billing solution usually requires a group service to tie together an AA service with a prepaid service, a group service to tie together an accounting service with a prepaid service, or both.

If you are using an AA service with your prepaid billing solution, you must configure a group service, for example prepaid-users, that ties the requests to the AA service (local-users in our example) with the prepaid service.

If you are using Cisco Prime AR for an accounting service with your prepaid billing solution, you must configure a group service, for example prepaid-file, that ties accounting requests to both the regular accounting service (local-file in our example) and the prepaid service.

Setting up an Authentication Group Service

To set up an authentication group service:


Step 1 Use aregcmd to add a prepaid authentication group service under /Radius/Services.

cd /radius/services

add prepaid-groupAuthentication

Added prepaid-groupAuthentication
 
   

cd prepaid-groupAuthentication

[ //localhost/Radius/Services/prepaid-groupAuthentication ]
Name = group-prepaidAuthentication
Description = 
Type = 
 
   

Step 2 Set the service type to group.

set type group

Set Type group
 
   

The group service requires the ResultRule to be set to AND, the default setting for a group service.

ls

[ //localhost/Radius/Services/group-prepaidAuthentication ]
    Name = group-prepaidAuthentication
    Description = 
    Type = group
    IncomingScript~ = 
    OutgoingScript~ = 
    ResultRule = AND
    GroupServices/
 
   

Step 3 Change directory to GroupServices and add references to the prepaid service and the authentication service.

cd GroupServices

[ //localhost/Radius/Services/group-prepaidAuthentication/GroupServices ]

add 1 Prepaid-LocalAuthentication

Added 1

add 2 prepaid

Added 2 
 
   

CRB Prepaid Billing

Cisco Real-Time Billing (CRB) is a Cisco proprietary method of providing prepaid billing service. Cisco Prime AR uses vendor-specific attributes (VSA) to extend the standard RADIUS protocol to carry information not usually present in the standard RADIUS packet. Cisco Prime AR uses a set of VSAs allocated to the Cisco VSA pool [26,9].

Cisco Prime AR required several different types of measurements to support a prepaid billing solution. These measurements require the use of metering variables to perform usage accounting. Table 16-2 lists the different measurements and what the AAA client, Cisco Prime AR server, and billing server do with them.

Table 16-2 Measurements and Component Actions  

Measurement Type
Billing Server Action
AAA Server Action
AAA Client Action

Duration

Return duration quota

Convert duration quota to VSAs and pass along

Compare running duration quota with quota returned by Cisco Prime AR server

Total volume

Return volume quota

Convert volume quota to VSAs and pass along

Compare running volume quota with quota returned by Cisco Prime AR server

Uplink volume

Return volume quota

Convert volume quota to VSAs and pass along

Compare running volume quota with quota returned by Cisco Prime AR server

Downlink volume

Return volume quota

Convert volume quota to VSAs and pass along

Compare running volume quota with quota returned by Cisco Prime AR server

Total packets

Return packet quota

Convert packet quota to VSAs and pass along

Compare running packet quota with quota returned by Cisco Prime AR server

Uplink packets

Return packet quota

Convert packet quota to VSAs and pass along

Compare running packet quota with quota returned by Cisco Prime AR server

Downlink packets

Return packet quota

Convert packet quota to VSAs and pass along

Compare running packet quota with quota returned by Cisco Prime AR server

Logical OR of two measurements

Return quota of both measurements

Convert both to VSA and pass along

Monitor both quota and issue reauthorization packet when any one trips


Cisco Prime AR provides maximum flexibility to billing servers by allowing the metering variable to be modified as the service is used. This requires network nodes to measure all parameters all the time, but to report values only after receiving a reauthorization request.


Note If you have been using an earlier implementation of CRB prepaid billing (Cisco Access Registrar 3.5.2 or earlier), you must recompile the API implementation with the newer API due to the addition of the parameter ebs_context as the first parameter to all API methods. Contact your Cisco systems engineer for assistance with the new API.


This section contains the following topics:

Configuring CRB Prepaid Billing

Configuring CRB Prepaid Billing for SSG

Generic Call Flow

Vendor-Specific Attributes

Configuring CRB Prepaid Billing

To configure an CRB prepaid billing service, use the following sections to configure the required Cisco Prime AR objects:

Setting Up a Prepaid Billing RemoteServer

Setting Up a CRB Prepaid Service

Setting Up a Local Accounting Service

Setting Up a Local Authentication Service

Setting Up a Prepaid Accounting Group Service

Setting Up an Authentication Group Service

If you are using CRB prepaid billing with Service Selection Gateway (SSG), you must also configure extension point scripts and prepaid clients. See Configuring CRB Prepaid Billing for SSG.

Setting Up a Prepaid Billing RemoteServer

Table 16-3 lists and describes the properties required for an CRB RemoteServer object.

Table 16-3 Prepaid-CRB RemoteServer Properties 

Property
Description

Filename

Name of the shared library provided by the billing server vendor, such as libprepaid.so

IPAddress

IP address of the billing server

Port

Port used on the billing server, such as port 66

Connections

Number of threads the prepaid service and billing server can each use (default is 8).


Setting up a Prepaid Billing Remote Server

To set up a prepaid billing remote server:


Step 1 Use aregcmd to add a RemoteServer under /Radius/RemoteServers.

cd /radius/remoteservers

add prepaid-crb

Added prepaid-crb
 
   

Step 2 Set the RemoteServer protocol to prepaid-crb.

cd prepaid-crb

set protocol prepaid-crb

Set Protocol prepaid-crb
 
   

The following is the default configuration of a prepaid-crb RemoteServer.

[ //localhost/Radius/RemoteServers/prepaid-crb ]
Name = prepaid-crb
Description = 
Protocol = 
IPAddress = 
Port = 0
Filename = 
Connections = 8
 
   


Setting Up a CRB Prepaid Service

Cisco Prime AR uses a service type prepaid to support the prepaid billing solution. The prepaid service mediates between the client NAS and the external prepaid billing server.

The prepaid service must receive accounting requests to accurately charge the prepaid billing user. You can also set the prepaid service in a group service to log accounting requests locally or to proxy the accounting requests to another service or to both locations.

Setting up a CRB Prepaid Service

To set up a CRB prepaid service:


Step 1 Use aregcmd to add a prepaid service under /Radius/Services:

cd /radius/services

add prepaid

Added prepaid
 
   

Step 2 Set the service type to prepaid.

cd prepaid

set type prepaid

Set Type prepaid
 
   

A prepaid service has the following default properties:

[ //localhost/Radius/Services/prepaid ]
Name = prepaid
Description = 
Type = prepaid
IncomingScript~ = 
OutgoingScript~ = 
OutagePolicy~ = RejectAll
OutageScript~ = 
MultipleServersPolicy = Failover
RemoteServers/
 
   

Step 3 Add a reference to the prepaid-crb RemoteServer.

cd RemoteServers

add 1 prepaid-crb

Added 1
 
   

Note The following steps are required only when using Prepaid-CRB with SSG.


Step 4 Set the IncomingScript to IncomingScript PPI-Parse-Prepaid-Incoming.

set IncomingScript PPI-Parse-Prepaid-Incoming

Set IncomingScript PPI-Parse-Prepaid-Incoming
 
   

Step 5 Set the OutgoingScript to OutgoingScript PPO-Parse-Prepaid-Outgoing.

set OutgoingScript PPO-Parse-Prepaid-Outgoing

Set OutgoingScript PPO-Parse-Prepaid-Outgoing
 
   

Setting Up a Local Accounting Service

If you want to use the Cisco Prime AR server to record the accounting records locally or to forward the accounting records to another RADIUS server, you must configure an accounting service. You might configure a service similar to local-file (in the example configuration) for accounting requests. Accounting requests can be logged locally (with an accounting service) or remotely (with a RADIUS service).

If you use the prepaid billing server to generate the accounting records, an accounting service is not necessary.

Setting up a Local Accounting Service

To set up a local accounting service:


Step 1 Use aregcmd to add a local accounting service under /Radius/Services.

cd /radius/services

add prepaid-LocalFileAccounting

add prepaid-LocalFileAccounting
 
   

Step 2 Set the service type to file.

cd prepaid-LocalFileAccounting

set type file

Set Type file
 
   

The file type service has the following properties:

[ //localhost/Radius/Services/prepaid-LocalFileAccounting ]
    Name = prepaid-LocalFileAccounting
    Description = 
    Type = file
    IncomingScript~ = 
    OutgoingScript~ = 
    OutagePolicy~ = RejectAll
    OutageScript~ = 
    FilenamePrefix = accounting
    MaxFileSize = "10 Megabytes"
    MaxFileAge = "1 Day"
    RolloverSchedule = 
    UseLocalTimeZone = FALSE
 
   

Step 3 Set the FilenamePrefix to Prepaid-Accounting.

set FilenamePrefix Prepaid-Accounting

Set FilenamePrefix Prepaid-Accounting
 
   

Step 4 Set the MaxFileAge to one hour.

set MaxFileAge "1 Hour"

Set MaxFileAge "1 Hour"
 
   

The MaxFileSize should remain at the default value of 10 megabytes.

Step 5 Set UseLocalTimeZone to TRUE.

set UseLocalTimeZone TRUE

Set UseLocalTimeZone TRUE
 
   

Setting Up a Local Authentication Service

If you use the Cisco Prime AR server for authentication and authorization in your prepaid billing solution, you should configure an AA service. For example, you might configure a service similar to local-users (in the example configuration) for authentication and authorization of local users.

If some of the users are non-prepaid users or if the prepaid users need to have RADIUS authorization attributes returned, you should configure an AA service to perform that authentication and authorization.

If all of the users in a realm are prepaid users and the prepaid billing client does not require normal RADIUS authorization attributes, an AA service is not necessary.

Setting up a Local Authentication Service

To set up a local authentication service:


Step 1 Use aregcmd to set up a local authentication service.

cd /radius/services

add Prepaid-LocalAuthentication

Added prepaid-LocalAuthentication
 
   

cd prepaid-LocalAuthentication

[ //localhost/Radius/Services/prepaid-LocalAuthentication ]
Name = prepaid-LocalAuthentication
Description = 
Type = 
 
   

Step 2 Set the service type to local.

set type local

Set Type local
 
   

Step 3 Set the UserList property to the userlist that contains IS835C prepaid users.

set UserList userlist_name

Set UserList userlist_name
 
   

Note You can use an LDAP or ODBC service in place of the local authentication service.



Setting Up a Prepaid Accounting Group Service

A prepaid billing solution usually requires a group service to tie together an AA service with a prepaid service, a group service to tie together an accounting service with a prepaid service, or both.

If you are using an AA service with your prepaid billing solution, you must configure a group service, for example prepaid-users, that ties the requests to the AA service (local-users in our example) with the prepaid service.

If you are using Cisco Prime AR for an accounting service with your prepaid billing solution, you must configure a group service, for example prepaid-file, that ties accounting requests to both the regular accounting service (local-file in our example) and the prepaid service.

Setting up a Prepaid Accounting Group Service

To set up a prepaid accounting group service:


Step 1 Use aregcmd to create an accounting group service under /Radius/Services.

cd /radius/services

add Prepaid-Accounting

Added prepaid-accounting
 
   

Step 2 Set the service type to group.

cd prepaid-accounting

[ //localhost/Radius/Services/prepaid-accounting ]
    Name = prepaid-accounting
    Description = 
    Type = 
 
   

set type group

Set Type group
 
   

The group service has the following properties:

[ //localhost/Radius/Services/prepaid-accounting ]
    Name = prepaid-accounting
    Description = 
    Type = group
    IncomingScript~ = 
    OutgoingScript~ = 
    ResultRule = AND
    GroupServices/
 
   

Step 3 Reference the Prepaid and Prepaid-LocalAccounting services under GroupServices.

cd GroupServices

[ //localhost/Radius/Services/prepaid-accounting/GroupServices ]
 
   

add 1 prepaid

Added 1
 
   

add 2 prepaid-LocalFileAccounting

Added 2
 
   

Setting Up an Authentication Group Service

A prepaid billing solution usually requires a group service to tie together an AA service with a prepaid service, a group service to tie together an accounting service with a prepaid service, or both.

If you are using an AA service with your prepaid billing solution, you must configure a group service, for example prepaid-users, that ties the requests to the AA service with the prepaid service.

If you are using Cisco Prime AR for an accounting service with your prepaid billing solution, you must configure a group service, for example prepaid-file, that ties accounting requests to both the regular accounting service and the prepaid service.

Setting up an Authentication Group Service

To set up an authentication group service:


Step 1 Use aregcmd to add a prepaid authentication group service under /Radius/Services.

cd /radius/services

add prepaid-groupAuthentication

Added group-prepaidAuthentication
 
   

cd group-prepaidAuthentication

[ //localhost/Radius/Services/group-prepaidAuthentication ]
Name = group-prepaidAuthentication
Description = 
Type = 
 
   

Step 2 Set the service type to group.

set type group

Set Type group
 
   

The group service requires the ResultRule to be set to AND, the default setting for a group service.

ls

[ //localhost/Radius/Services/group-prepaidAuthentication ]
    Name = group-prepaidAuthentication
    Description = 
    Type = group
    IncomingScript~ = 
    OutgoingScript~ = 
    ResultRule = AND
    GroupServices/
 
   

Step 3 Change directory to GroupServices and add references to the prepaid service and the authentication service.

cd GroupServices

[ //localhost/Radius/Services/group-prepaidAuthentication/GroupServices ]

add 1 Prepaid-LocalAuthentication

Added 1

add 2 prepaid

Added 2 

Configuring CRB Prepaid Billing for SSG

In addition to the configuration described in CRB Prepaid Billing, when using CRB-Prepaid billing with SSG, you must also perform the following:

Setting Up an Outgoing Script

Setting Up an Incoming Script

Setting Up a Prepaid Outgoing Script

Adding Prepaid Clients

Setting Up an Outgoing Script

To set up an outgoing script:


Step 1 Use aregcmd to add the PCO-Parse-Client-Outgoing outgoing script under /Radius/Scripts:

cd /radius/scripts

add PCO-Parse-Client-Outgoing

Added PCO-Parse-Client-Outgoing
 
   

cd PCO-Parse-Client-Outgoing

[ //localhost/Radius/Scripts/PCO-Parse-Client-Outgoing ]
    Name = PCO-Parse-Client-Outgoing
    Description = 
    Language = 
 
   

Step 2 Set the language to tcl.

set language tcl

Set Language tcl

Step 3 Set the filename to PCO-parse.client-outgoing.tcl.

set filename PCO-parse.client-outgoing.tcl

Set Filename PCO-parse.client-outgoing.tcl
 
   

Step 4 Set the EntryPoint to PCO-parse-client-outgoing.

set EntryPoint PCO-parse-client-outgoing

Set EntryPoint PCO-parse-client-outgoing
 
   

Setting Up an Incoming Script

To set up an incoming script:


Step 1 Use aregcmd to add the PPI-Parse-Prepaid-Incoming script under /Radius/Scripts.

cd /radius/scripts

add PPI-Parse-Prepaid-Incoming

Step 2 Set the language to tcl.

cd PPI-Parse-Prepaid-Incoming

set language tcl

Set Language tcl
 
   

Step 3 Set the filename to PPI-Parse-Prepaid-Incoming.tcl.

set filename PPI-Parse-Prepaid-Incoming.tcl

Set Filename PPI-Parse-Prepaid-Incoming.tcl
 
   

Step 4 Set the EntryPoint to PPO-Parse-Prepaid-Outgoing.

set EntryPoint PPO-Parse-Prepaid-Outgoing

Set EntryPoint PPO-Parse-Prepaid-Outgoing
 
   

Setting Up a Prepaid Outgoing Script

To set up a prepaid outgoing script:


Step 1 Use aregcmd to add the PPO-Parse-Prepaid-Outgoing outgoing script under /Radius/Scripts:

cd /radius/scripts

Step 2 Add the PPO-Parse-Prepaid-Outgoing outgoing script under /Radius/Scripts.

cd /radius/scripts

add PPO-Parse-Prepaid-Outgoing

Added PPO-Parse-Prepaid-Outgoing
 
   

Step 3 Set the language to tcl.

cd PPO-Parse-Prepaid-Outgoing

set language tcl

Set Language tcl
 
   

Step 4 Set the filename to PPO-Parse-Prepaid-Outgoing.tcl.

set filename PPO-Parse-Prepaid-Outgoing.tcl

Set Filename PPO-Parse-Prepaid-Outgoing.tcl
 
   

Step 5 Set the EntryPoint to PPO-Parse-Prepaid-Outgoing.

set EntryPoint PPO-Parse-Prepaid-Outgoing

Set EntryPoint PPO-Parse-Prepaid-Outgoing
 
   

Adding Prepaid Clients

To add prepaid clients:


Step 1 Use aregcmd to add the prepaid clients under /Radius/Clients.

cd /radius/clients

add SSG

A RADIUS client has the following properties:

[ //localhost/Radius/Clients/ssg ]
Name = ssg
Description = 
IPAddress = 
SharedSecret = 
Type = NAS
Vendor = 
IncomingScript~ = 
OutgoingScript~ = 
EnableDynamicAuthorization = FALSE
NetMask = 
 
   

Step 2 Set the IPAddress property to the client IP address.

set IPAddress aaa.bbb.ccc.ddd

Set IPAddress aaa.bbb.ccc.ddd
 
   

Step 3 Set the SharedSecret.

set sharedsecret cisco

Set SharedSecret cisco
 
   

Step 4 Set the OutgoingScript to PCO-Parse-Client-Outgoing.

set out PCO-Parse-Client-Outgoing

Set OutgoingScript PCO-Parse-Client-Outgoing
 
   

Generic Call Flow

This section describes the generic call flow for the Cisco Prime AR CRB prepaid billing. The call flow is controlled by the AAA client. The Cisco Prime AR server converts VSAs into calls to the billing server.


Note For information about call flows and attributes for IS835C, see IS835C Prepaid Billing.


The packet flows presented in Figure 16-1 are specific to the Cisco Prime AR CRB prepaid billing only. The headlines in the packet flows are general and do represent all data transferred. The letters c, s, and b in Figure 16-1 designate the packet's source of client, server, or billing server, respectively.

Figure 16-1 Generic Call Flow Diagram

This section contains the following topics:

Access-Request (Authentication)

Access-Accept (Authentication)

Access-Request (Authorization)

Access-Accept (Authorization)

Accounting-Start

Data Flow

Access-Request (Quota Depleted)

Accept-Accept (Quota Depleted)

Accounting Stop (Session End)

Accounting Response (Final Status)

Access-Request (Authentication)

Flow 1c shows the client sending the Access-Request to AAA Server, part of a normal authentication request. The exact nature of the message contents is dictated by the access technology, be it be CDMA1X-RTT, GPRS, or another. The Access-Request might involve other messages such as PAP/CHAP or another form of authentication.

The Flow 1c Access-Request might contain a prepaid specific VSA, CRB_AUTH_REASON. Table 16-4 lists the attributes included in the authentication Access-Request. This tells the Cisco Prime AR server to authenticate the subscriber with the Prepaid server as well. If the value is CRB_AR_INIT_AUTHENTICATE, the initial quota must be obtained for a single service prepaid solution. If this VSA is not present, the Cisco Prime AR server will not authenticate with the Prepaid billing server.

Table 16-4 Attributes Sent During Subscriber Authentication 

Attribute
Number
Attribute Name
Description
Notes

1

User-Name

APPL: Mobile Node Username

Required

2

NAS IP Address

Accounting Node IP Address

APPL: Required, POA

31

Calling-station-ID

APPL:MSISDN or IMSI

APPL: Conditional

26, 9

CRB_AUTH_REASON
CRB_AR_INIT_AUTHENTICATE

See VSA section

Required

26, 9

CRB_USER_ID

APPL:PDSN address or SSG address

APPL: Required, Address of the PDSN

26, 9

CRB_SERVICE_ID

APPL: Service ID such as Simple IP service, Mobile IP service, or VPN service

 

26, 9

CRB_SESSION_ID

This VSA contains the session key ID information

Required; the session ID must be globally unique across all clients and across reboots of the client


In Flow 1s, the Cisco Prime AR server sends a call to the billing server to authenticate the prepaid user and possibly determine more information about the subscriber's account. The Cisco Prime AR server can be configured to generate this packet flow, using a subscriber profile parameter, if the request is from a prepaid subscriber.

Access-Accept (Authentication)

Flow 2b shows the billing server returning the authentication result. The billing server returns a failure if the prepaid subscriber has an inadequate balance.

Flow 2s shows the Cisco Prime AR server sending the Access-Accept to the AAA client. This message flow contains at least one prepaid billing-specific VSA (listed in Table 16-5) and might contain other access technology-specific attributes.

Table 16-5 Attributes Sent to AAA client in Access-Accept (Authentication) 

Attribute
Number
Attribute Name
Description
Notes

26, 9

CRB__USER_TYPE

CRB_AR_INIT_AUTHENTICATE

See Vendor-Specific Attributes

Optional


Access-Request (Authorization)

In Flow 3c, the AAA client sends another Access-Request, this time to authorize the subscriber. Table 16-6 lists the attributes required by the Cisco Prime AR server to authorize the subscriber. The session key ID used must be specified using a prepaid VSA pointing to the RADIUS attribute (standard or VSA).

Table 16-6 Attributes Sent During Subscriber Authorization 

Attribute
Number
Attribute Name
Description
Notes

1

User-Name

APPL: Mobile Node Username

Required

2

NAS IP Address

Accounting Node IP Address

APPL: Required, POA

31

Calling-station-ID

APPL:MSISDN or IMSI

APPL: Conditional

26, 9

CRB_AUTH_REASON
CRB_AR_INIT_AUTHORIZE

See Vendor-Specific Attributes

Required

26, 9

CRB_USER_ID

APPL:PDSN address or SSG address

APPL: Required, Address of the PDSN

26, 9

CRB_SERVICE_ID

APPL: Service ID such as Simple IP service, Mobile IP service, or VPN service

 

26, 9

CRB_SESSION_ID

This VSA contains the session key ID information

Required; the session ID must be globally unique across all clients and across reboots of the client


.In Flow 3s, the Cisco Prime AR server sends the Prepaid billing server to obtain a quota. The quota might contain several values depending on the number of measurement parameters chosen.

Access-Accept (Authorization)

Flow 4b shows the billing server returning the quota array for the subscriber.

In Flow 4s, the Cisco Prime AR server converts the quota array received into VSAs and sends an Access-Accept with the assembled VSAs to the AAA client. Table 16-7 lists the prepaid-specific VSAs that might be included in the Access-Accept response message sent to the AAA client. For more detailed information about the VSAs, see Vendor-Specific Attributes.

Table 16-7 Attributes Sent to AAA client in Access-Accept (Authorization) 

Attribute
Number
Attribute Name

26, 9

CRB_DURATION

26, 9

CRB_TOTAL_VOLUME

26, 9

CRB_UPLINK_VOLUME

26, 9

CRB_DOWNLINK_VOLUME

26, 9

CRB_TOTAL_PACKETS

26, 9

CRB_UPLINK_PACKETS

26, 9

CRB_DOWNLINK_PACKETS


Flows 3c through 4s are repeated for every service started or restarted by the AAA client.

However, if the return parameters indicate that the authorization is rejected, an Access-Accept message is generated and sent to the client as shown in Table 16-8. When this type of error condition occurs, no other VSA is included in the Access-Accept message.

Table 16-8 Attribute Sent to Report Error Condition to AAA client 

Attribute
Number
Attribute Name
Description
Notes

26, 9

CRB_TERMINATE_CAUSE

Identifies why a subscriber failed authentication:
1. Exceeded the balance
2. Exceeded the overdraft
3. Bad credit
4. Services suspended
5. Invalid User

Conditional; rejection might be returned with Access-Accept and zero (0) quota


Accounting-Start

In Flow 5c, the AAA client sends the Accounting-Start. In Flow 6s, the Cisco Prime AR server replies with the Accounting-Response.

Data Flow

At this point, the data transfer begins. The AAA client monitors the subscriber's allocated quotas for metering parameters. A subscriber's Reauthorization request is generated when a quota for at least one of the metering parameters, is depleted.

Access-Request (Quota Depleted)

Flow 7c shows the client sending an Access-Request to the Cisco Prime AR server because at least one quota has been depleted. The Access-Request includes different measurements of how much of the quotas were used in VSA format. This enables the billing server to account for the usage and manage the subscriber's balance before assigning a new quota. Table 16-9 lists the attributes returned to the Cisco Prime AR server:

Table 16-9 Attributes Sent by NAS When Quota Depleted 

Attribute
Number
Attribute Name
Description
Notes

1

User-Name

APPL: Mobile Node Username

Conditional

2

NAS IP Address

Accounting Node IP Address

APPL: Required, POA address, or Home Node address

31

Calling-station-ID

APPL:MSISDN or IMSI

APPL: Conditional

26, 9

CRB_AUTH_REASON

See VSA

Required

26, 9

CRB_USER_ID

APPL: PDSN address or SSG address

APPL: Required, address of SGSN

26, 9

CRB_DURATION

See Vendor-Specific Attributes

Required

26, 9

CRB_TOTAL_VOLUME

Conditional

26, 9

CRB_UPLINK_VOLUME

26, 9

CRB_DOWNLINK_VOLUME

26, 9

CRB_TOTAL_PACKETS

26, 9

CRB_UPLINK_PACKETS

26, 9

CRB_DOWNLINK_PACKETS


Accept-Accept (Quota Depleted)

Flow 7s shows the Cisco Prime AR server returning the used quota array to the billing server. The call includes aaa_ebs_reauthoriz(). The billing server sends an updated quota array for the next period to the Cisco Prime AR server.

In Flow 8s, the Cisco Prime AR server converts the quota array into VSAs and sends them to the AAA client.

Table 16-10 Attributes Sent to AAA Client in Access-Accept (Reauthorization)  

Attribute
Number
Attribute Name

26, 9

CRB_USER_TYPE

26, 9

CRB_DURATION

26, 9

CRB_TOTAL_VOLUME

26, 9

CRB_UPLINK_VOLUME

26, 9

CRB_DOWNLINK_VOLUME

26, 9

CRB_TOTAL_PACKETS

26, 9

CRB_UPLINK_PACKETS

26, 9

CRB_DOWNLINK_PACKETS


Accounting Stop (Session End)

In Flow 9c, the client sends an Accounting-Stop to the Cisco Prime AR server to end the session. The Accounting-Stop message includes an updated quota array with the usage adjustments since the previous authorization in the VSA form.

Table 16-11 lists the attributes included in the Accounting-Stop message set to the Cisco Prime AR server and forwarded to the billing server.

Accounting Response (Final Status)

In Flow 9s, the Cisco Prime AR server sends the used quota array to the billing server in an Accounting-Stop message. Any values returned by the billing server in Flow 10b are discarded.

Flow 10s shows the Cisco Prime AR server sending final Accounting-Response message to the AAA client.

Table 16-11 Attributes Sent in Accounting-Stop Message  

Attribute
Number
Attribute Name
Description
Notes

1

User-Name

APPL: Mobile Node Username

Conditional

2

NAS IP Address

Accounting Node IP Address

APPL: Required, POA

31

Calling-station-ID

APPL:MSISDN or IMSI

APPL: Conditional

40, 2

Acct_status_type

Indicates the accounting "Stop" for the service

Required; this value (2) indicates an Accounting-Stop request message

42

Acct-Input-Octets

The number of octets sent by the subscriber; uplink

Required

43

Acc_Output_Octets

The number of octets received by the subscriber; downlink

46

Acct-Session-Time

Duration of the session

47

Acct-Input-Packets

Number of packets sent by the subscriber

48

Acct-Output-Packets

Number of packets received by the subscriber

49

Acct-Terminate-Cause

This parameter, used for tracking, should remain the same for all accounting requests for a given service.

26, 9

CRB_DURATION

See Vendor-Specific Attributes

Conditional

26, 9

CRB_TOTAL_VOLUME

26, 9

CRB_UPLINK_VOLUME

26, 9

CRB_DOWNLINK_VOLUME

26, 9

CRB_TOTAL_PACKETS

26, 9

CRB_UPLINK_PACKETS

26, 9

CRB_DOWNLINK_PACKETS

26, 9

CRB_SESSION_ID

Specifies the RADIUS attribute carrying the session ID information

Optional


Vendor-Specific Attributes

Vendor-specific attributes are included in specific RADIUS packets to communicate prepaid user balance information from the Cisco Prime AR server to the AAA client, and actual usage, either interim or total, between the NAS and the Cisco Prime AR Server.

Table 16-12 lists the VSAs that will be defined in the API. Table 16-12 also lists the string to be used with Cisco-AVPair below the VSA.


Note VSAs that start with CRB are used for Cisco Radius Billing prepaid service.


Table 16-12 Vendor-Specific Attributes for the Cisco Prepaid Billing Solution 

VSA Name
Type
Source
(Call Flow)
Description

CRB_AUTH_REASON

crb-auth-reason

Int8

1c, 7c, 7'c

Passed with re-authorization:
1. Initial Authentication
2. Initial Authorization
3. Re-authorization
4. Return Quota
5. Query to EBS

CRB_USER_ID

crb-user-id

String

1c, 7c, 7'c

APPL: In PDSN this can be Address of the PDSN.

CRB_SERVICE_ID

crb-service-id

String

1c, 7c

Identifies the subscriber's service

CRB_USER_TYPE

crb-entity-type

Int8

4s

Type of user:
1. Prepaid user
2. Post-paid with no credit limit
3. Post-paid with credit limit
4. Invalid user

The source for this VSA value could be from the Subscriber profile or from the billing server

CRB_DURATION

crb-duration

Int32

4s, 8s

Downlink quota received by the AAA client

CRB_TOTAL_VOLUME

crb-total-volume

Total Volume quota received by the AAA client

CRB_UPLINK_VOLUME

crb-uplink-volume

Uplink volume quota received by the AAA client

CRB_DOWNLINK_VOLUME

crb-downlink-volume

Uplink Volume quota received by the AAA client

CRB_TOTAL_PACKETS

crb-total-packets

Downlink Packet quota received by the AAA client

CRB_UPLINK_PACKETS

crb-uplink-packets

Uplink Packet quota received by the AAA client

CRB_DOWNLINK_PACKETS

crb-downlink-packets

Uplink Volume quota received by the AAA client

CRB_SESSION_ID

crb-session-id

String

 

Additional field if session ID is required. This VSA provides the real time billing-specific session ID. This VSA duplicates the contents of the technology- specific session ID or the contents of RADIUS attributes 44 or 50. The NAS can use this VSA to generate a unique session ID. If this VSA is not present, then RADIUS attribute 44 is used instead.

If this is a string AV Pair-type attribute, the name is the string attribute name.

CRB_TERMINATE_CAUSE

crb-terminate-cause

Int8

4se

Identifies why a subscriber failed authentication:
1. Exceeded the balance
2. Exceeded the overdraft
3. Bad credit
4. Services suspended
5. Invalid User
6. Invalid Password
7. System Error
8. Disabled
9. Expired
10. Valid in Future
11. Used up
12. No Parallel sessions
13. Session Already closed
14. Invalid session

CRB_PRIVATE

crb-private

String

n/a

Reserved for future use


Implementing the Prepaid Billing API

A shared library must implement the API functions to perform the various tasks given in the description of each of the function. This needs to be compiled as a shared library and then specified as part of the remote server configuration at the Filename property. See Setting Up a Prepaid Billing RemoteServer or Setting Up a Prepaid Billing RemoteServer.

At startup, Cisco Prime AR loads the library dynamically and registers the API functions, then calls out the library initialization API once at startup. The call to initialize functions initializes various data structures and connections with the billing server, as required.


Note Cisco works with you to develop the prepaid billing service and implement the API. For more information, contact your Cisco systems engineer.


At various times, according to the call flow described in the Prepaid Call Flow Specification (CRB or IS835C), Cisco Prime AR calls out appropriate API functions present in the shared library. The values for the arguments passed to these API calls are purely derived from the incoming RADIUS packet and Cisco Prime AR does not maintain any dynamic information related to the call flow. It is up to the API function to make use of the information passed to it as C structures to contact the Billing server, get appropriate data, and return the same to Cisco Prime AR using the designated arguments.


Note See the API specifications for more details pertaining to the arguments and return values of the API.