 Feedback
|
Table Of Contents
Enhanced Billing Support for SIP Gateways
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Configuring the Username Attribute
Verifying the Username Attribute
Enhanced Billing Support for SIP Gateways
Document Update Alert
This document was originally produced for Cisco IOS Release 12.2(11)T. This feature has been updated in subsequent releases, and more recent documentation is available.
If you are using Cisco IOS Release 12.2(11)T or higher, refer to the following section in the Configuring AAA Features for SIP chapter of the Cisco IOS SIP Configuration Guide, Cisco IOS Voice Configuration Library, Release 12.3:
•
Enhanced Billing Support for SIP Gateways
Feature History
This document describes Enhanced Billing Support for Session Initiation Protocol (SIP) Gateways. Enhanced Billing Support for SIP Gateways describes the changes to authentication, authorization, and accounting (AAA) records and the Remote Authentication Dial-In User Service (RADIUS) implementations on Cisco SIP gateways. These changes were introduced to provide customers and partners the ability to effectively bill for traffic transported over SIP networks.
This document includes the following sections:
•
Feature Overview
Username Attribute
The username attribute is included in all AAA records and is the primary means for the billing system to identify an end user. The password attribute is included in authentication and authorization messages of inbound VoIP call legs.
For most implementations, the SIP gateway populates the username attribute in the SIP INVITE request with the calling number from the FROM: header, and the password attribute with null or with data from an IVR script. If a Proxy-Authorization header exists, it is ignored. A new Cisco IOS command aaa username determines the information with which to populate the username attribute.
Within the Microsoft Passport authentication service that authenticates and identifies users, the passport user ID (PUID) is used. The PUID and a password are passed from a Microsoft network to the Internet telephony service provider (ITSP) network in the Proxy-Authorization header of a SIP INVITE request as a single, base-64 encoded string. For example,
Proxy-Authorization: basic MDAwMzAwMDA4MDM5MzJlNjouThe new Cisco IOS command aaa username enables parsing of the Proxy-Authorization header; decoding of the PUID and password; and populating of the PUID into the username attribute, and the decoded password into the password attribute. The decoded password is generally a "." because a Microsoft Network (MSN) authenticates users prior to this point. For example,
Username = "123456789012345"Password = "Z\335\304\326KU\037\301\261\326GS\255\242\002\202"The password in the example above is an encrypted "." and is the same for all users.
SIP Call ID
From the Call ID header of the SIP INVITE request, the SIP Call ID is extracted and populated in Cisco vendor-specific attributes (VSA) as a new attribute value pair call-id=string. The value pair can be used to correlate RADIUS records from Cisco SIP gateways with RADIUS records from other SIP network elements for example, proxies. For complete information on this attribute value pair, see the RADIUS Vendor-Specific Attributes Voice Implementation Guide.
Session Protocol
Session Protocol is another new attribute value pair that indicates if the call is using SIP or H.323 as the signaling protocol. For complete information on this attribute value pair, see the RADIUS Vendor-Specific Attributes Voice Implementation Guide.
Silent Authentication Script
As part of the Enhanced Billing Support for SIP Gateways feature, a new Tool Command Language (TCL) Interactive Voice Response (IVR) API 2.0 Silent Authorization script has been developed. The Silent Authorization script allows users to be authorized without having to separately enter a username or password into the system. The script automatically extracts the passport user ID (PUID) and password from the SIP INVITE request, and then authenticates that information through RADIUS authentication and authorization records. The script is referred to as silent since neither the caller or called party hears any prompts.
You can upgrade to the latest script version through the CCO Software Center. The script app_passport_silent.2.0.0.0.tcl can be download from CCO URL http://www.cisco.com/cgi-bin/tablebuild.pl/tclware. You must be a registered CCO user to log in and access these files. For information regarding TCL IVR API 2.0 see the
TCL IVR API Version 2.0 Programmer's Guide.Developers using the TCL Silent Authorization script may be interested in joining the Cisco Developer Support Program. This program provides you with a consistent level of support that you can depend on while leveraging Cisco interfaces in your development projects. It also provides an easy process to open, update, and track issues through Cisco Connection Online (CCO). Cisco's web-site is a key communication vehicle for using Cisco's Online Case tracking tool. A signed Developer Support Agreement is required to participate in this program. For more details, and access to this agreement, please visit us at: http://www.cisco.com/warp/public/570/index.html, or contact developer-support@cisco.com.
Benefits
Effective Billing
The Enhanced Billing Support on SIP Gateways feature provides customers and partners the ability to effectively bill for traffic transported over SIP networks.
Related Features and Technologies
•
•
•
•
Related Documents
The following documents contain information related to the Cisco SIP functionality:
•
•
•
•
•
•
•
SIP Gateway Support of RSVP and TEL URL, Release 12.2(2)XB•
•
RADIUS Vendor-Specific Attributes Voice Implementation Guide•
TCL IVR API Version 2.0 Programmer's Guide.Supported Platforms
•
•
•
•
•
•
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Note
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
•
•
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
•
Prerequisites
The following are general prerequisites for SIP deployment.
•
•
•
For more information about configuring IP, refer to:
Cisco IOS IP Configuration Guide, Release 12.2•
For more information about configuring VoIP, refer to:
Cisco IOS Voice, Video, and Fax Command Reference, Release 12.2Configuration Tasks
See the following sections for configuration tasks for the features included in Enhanced Billing Support on SIP Gateways. Each task in the list is identified as either required or optional.
•
Configuring the Username Attribute
Complete these steps to configure the username attribute for AAA billing records, beginning in global configuration mode:
Verifying the Username Attribute
The show call active voice command is used to display the username. The two examples below show examples of the two different outputs with the two keywords.
Example 1:
Output when the aaa username command is set with the proxy-auth keyword.
Router# show call active voiceTotal call-legs: 2GENERIC:SetupTime=1551144 ms.. (snip).ReceiveBytes=63006VOIP:ConnectionId[0x220A95B7 0x6B3611D5 0x801DBD53 0x8F65BA34].. (snip).CallerName=CallerIDBlocked=FalseUsername=1234567890123456 <-- PUID from Proxy-Auth header
Example 2:
Output when the aaa username command is set to the default (no) or calling-number keyword.
Router(config)# /Router(config-sip-ua)# no aaa username proxy-authRouter# sh call active voiceTotal call-legs: 2GENERIC:SetupTime=1587000 ms.. (snip).ReceiveBytes=22762VOIP:ConnectionId[0xF7C22E07 0x6B3611D5 0x8022BD53 0x8F65BA34].. (snip).CallerName=CallerIDBlocked=FalseUsername=1234 <-- calling-numberTroubleshooting Tips
To troubleshoot the Enhanced Billing Support for SIP Gateways feature, perform the following steps:
•
•
–
–
–
–
•
CCSIP SPI: SIP Call Events tracing is enabled21:03:21: sippmh_parse_proxy_auth: Challenge is 'Basic'.21:03:21: sippmh_parse_proxy_auth: Base64 user-pass string is 'MTIzNDU2Nzg5MDEyMzQ1Njou'.21:03:21: sip_process_proxy_auth: Decoded user-pass string is '1234567890123456:.'.21:03:21: sip_process_proxy_auth: Username is '1234567890123456'.21:03:21: sip_process_proxy_auth: Pass is '.'.21:03:21: sipSPIAddBillingInfoToCcb: sipCallId for billing records =10872472-173611CC-81E9C73D-F836C2B6@172.18.192.19421:03:21: ****Adding to UAS Request tableConfiguration Examples
Note
This section provides a configuration example highlighting the minimal configuration options that are necessary to carry out the full functionality of the Enhanced Billing Support on SIP Gateways feature. After configuring the aaa username command described in this document, the gateway uses the information received in the SIP Authorization header and makes it available to AAA and Tool Command Language (TCL) Interactive Voice Response (IVR) services. Typically, if you expect to use the full functionality of this feature, AAA and TCL/IVR have been configured previously.
Current configuration : 4017 bytes!version 12.2no service single-slot-reload-enableservice timestamps debug datetime msecservice timestamps log uptimeno service password-encryption!hostname 3640-1!logging rate-limit console 10 except errors! Need the following aaa lineaaa new-model!! Need the following four aaa linesaaa authentication login h323 group radiusaaa authorization exec h323 group radiusaaa accounting connection h323 start-stop group radiusaaa session-id commonenable password lab!!!memory-size iomem 15clock timezone GMT 0voice-card 2!ip subnet-zero!ip domain-name sip.comip name-server 172.18.192.154ip name-server 10.10.1.5!no ip dhcp-client network-discoveryisdn switch-type primary-5essisdn voice-call-failure 0!voice service voipsiprel1xx disable!!fax interface-type fax-mailmta receive maximum-recipients 0call-history-mib retain-timer 500!!controller E1 1/0!controller E1 1/1!controller T1 2/0framing esflinecode b8zspri-group timeslots 1-24!controller T1 2/1framing sflinecode ami!! Need the following three linesgw-accounting h323gw-accounting h323 vsagw-accounting voip!!interface Ethernet0/0ip address 10.10.1.4 255.255.255.0half-duplexip rsvp bandwidth 7500 7500!interface Ethernet0/1no ip addressshutdownhalf-duplex!interface Ethernet0/2no ip addressshutdownhalf-duplex!interface Ethernet0/3no ip addressshutdownhalf-duplex!interface FastEthernet1/0ip address 172.18.192.197 255.255.255.0duplex autospeed autoip rsvp bandwidth 75000 75000!interface Serial2/0:23no ip addressno logging event link-statusisdn switch-type primary-5essisdn incoming-voice modemisdn T306 200000isdn T310 200000no cdp enable!ip classlessip route 10.0.0.0 255.0.0.0 172.18.192.1ip route 172.18.0.0 255.255.0.0 172.18.192.1no ip http server!ip radius source-interface FastEthernet1/0logging source-interface FastEthernet1/0!!! Need the following radius-server lines for accounting/authenticationradius-server host 172.18.192.154 auth-port 1645 acct-port 1646radius-server retransmit 1radius-server key labradius-server vsa send accountingradius-server vsa send authenticationcall rsvp-sync!!! Need the following call application lines in order to enable! tcl scripting feature.call application voice voice_billing tftp://172.18.207.15/app_passport_silent.2.0.0.0.tcl!voice-port 2/0:23!voice-port 3/0/0!voice-port 3/0/1!voice-port 3/1/0!voice-port 3/1/1!!mgcp profile defaultdial-peer cor custom!!!dial-peer voice 3640110 potsdestination-pattern 3640110port 3/0/0!dial-peer voice 3640120 potsdestination-pattern 3640120port 3/0/1!dial-peer voice 3660110 voipdestination-pattern 3660110session protocol sipv2session target ipv4:172.18.192.194codec g711ulaw!dial-peer voice 3660120 voipdestination-pattern 3660120session protocol sipv2session target ipv4:172.18.192.194codec g711ulaw!dial-peer voice 222 potshuntstopapplication sessiondestination-pattern 222no digit-stripdirect-inward-dialport 2/0:23!!! Need to add the application line below to enable the tcl scriptdial-peer voice 999 voipapplication voice_billingdestination-pattern ...session protocol sipv2session target ipv4:10.10.1.2:5061codec g711ulaw!!! Need to add the aaa line below in order to enable proxy-authorization! header processingsip-uaaaa username proxy-auth!!line con 0exec-timeout 0 0length 0line aux 0line vty 0 4!!endCommand Reference
This section documents the new aaa username command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
aaa username
To determine the information to populate the username attribute for AAA billing records, use the aaa username command in SIP user agent configuration mode. To achieve default capabilities, use the no form of this command.
aaa username {calling-number | proxy-auth}
no aaa username
Syntax Description
Defaults
The default is calling-number.
Command Modes
SIP user agent configuration
Command History
Usage Guidelines
Parsing of the Proxy-Authorization header, decoding of the PUID and password, and populating of the username attribute with the PUID must be enabled through this command. If this command is not issued, the Proxy-Authorization header is ignored.
The keyword proxy-auth is a nonstandard implementation, and SIP gateways do not normally receive or process the proxy-auth header.
Examples
The following example shows the processing of the SIP username from the Proxy-Authorization header being enabled:
Router(config)# sip-uaRouter(config-sip-ua)# aaa username proxy-authRelated Commands
show call active voice
Shows active call information for voice calls or fax transmissions in progress.
show call history voice
Displays the voice call history table.
Glossary
AAA—authentication, authorization, and accounting. AAA is a suite of network security services that provides the primary framework through which you can set up access control on your Cisco router or access server.
call-ID—A general header that uniquely identifies a particular invitation or all registrations of a particular client.
call leg— A logical connection between the router and another endpoint.
gateway—A gateway allows SIP or H.323 terminals to communicate with terminals configured to other protocols by converting protocols. A gateway is the point where a circuit-switched call is encoded and repackaged into IP packets.
INVITE—A method that initiates a session. It indicates that a user is invited to participate, provides a session description, indicates the type of media, and provides insight regarding the capabilities of the called and calling parties.
ITSP—Internet telephony service provider.
ISDN—Integrated Services Digital Network. Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.
MSN—Microsoft Network.
proxy—A SIP UAC or UAS that forwards requests and responses on behalf of another SIP UAC or UAS.
RADIUS—Remote Authentication Dial-In User Service. Service used for collecting and providing AAA information.
SIP—Session Initiation Protocol. An application-layer protocol originally developed by the Multiparty Multimedia Session Control (MMUSIC) working group of the Internet Engineering Task Force (IETF). Their goal was to equip platforms to signal the setup of voice and multimedia calls over IP networks. SIP features are compliant with IETF RFC 2543, published in March 1999.
TCL IVR— Tool Command Language (TCL) Interactive Voice Response (IVR).
UA—user agent.
UAC—user agent client. A client application that initiates a SIP request.
UAS—user agent server (or user agent). A server application that contacts the user when a SIP request is received, then returns a response on behalf of the user. The response accepts, rejects, or redirects the request.
VoIP—Voice over IP. The ability to carry normal telephone-style voice over an IP-based Internet with POTS-like functionality, reliability, and voice quality. VoIP is a blanket term that generally refers to the Cisco standards-based approach (for example, H.323) to IP voice traffic.
