Skip Headers
Oracle® Communications Service Broker Online Mediation Controller Implementation Guide
Release 6.1
E29452-02
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
PDF · Mobi · ePub

8 Setting Up RADIUS Mediation for Accounting

This chapter describes the how to configure Oracle Communications Online Mediation Controller as a Remote Authentication Dial In Service (RADIUS) Manager. Online Mediation Controller integrates with an Oracle Communications Billing and Revenue Management (BRM) or Oracle Communications Elastic Charging Engine (ECE)RADIUS function server, to perform RADIUS accounting for offline charging sessions and events.

See "Setting Up RADIUS Mediation for Authentication and Authorization", for information on using Online Mediation Controller with BRM or ECE for RADIUS authentication and authorization.

About RADIUS Accounting Mediation

Online Mediation Controller translates RADIUS accounting requests to BRM or ECE client requests that BRM or ECE understands. Online Mediation Controller uses the Portal Connection Protocol (PCP) when communicating with BRM and the ECE ECE client API when used with ECE.

Figure 8-1 shows the Online Mediation Controller interworking modules that you need to configure to apply BRM or ECE offline charging services in a network supporting offline charging with RADIUS.

Figure 8-1 Online Mediation Controller Interworking Modules for Offline Charging

Description of Figure 8-1 follows
Description of "Figure 8-1 Online Mediation Controller Interworking Modules for Offline Charging"

Configuring RADIUS Accounting Mediation

To set up Online Mediation Controller to perform RADIUS accounting mediation to BRM or ECE, you need to deploy and configure the following Online Mediation Controller components:

  • IMOFCFPCP or IMOFCFECE

  • RIMOFCFRADIUS

    See the chapters on configuring either the IMOFCFPCP or IMOFCFECE and configuring the RIMOFCFRADIUS in Oracle Communications Service Broker Modules Configuration Guide for more information.

  • Orchestration Engine

    See Oracle Communications Service Broker Orchestration User's Guide for more information.

  • SSU RADIUS

  • SSU PCP or SSU ECE

    See the chapters on configuring the SSU RADIUS and configuring either the SSU PCP or SSU ECE in Oracle Communications Service Broker Signaling Server Units Configuration Guide for more information.

Configuration WorkFlow

To create an end-to-end configuration for RADIUS accounting:

  1. Configure the SSU RADIUS. See "Configuring the SSU RADIUS", for more information.

  2. Configure client profile and AVP filters. See "Configuring a Client Profile and AVP Filters", for more information.

  3. Add proxy realms if required. See "Adding Proxy Realms", for more information.

  4. Configure the SSU PCP or SSU ECE connection details to BRM or ECE. See "Connecting to BRM Through PCP", or "Connecting to ECE Using the ECE API", for more information.

  5. Create and configure the SSU PCP or SSU ECE network entities. See "Creating and Configuring SSU PCP or SSU ECE Network Entities", for more information.

  6. Create and configure an instance of RIMOFCFRADIUS. See "Creating and Configuring an RIMOFCFRADIUS Instance", for more information.

  7. Create and configure the IMOFCFPCP or IMOFCFECE instance. See "Creating and Configuring an IMOFCFPCP or IMOFCFECE Instance", for more information.

  8. Configure the Orchestration Engine to properly route the request to the BRM or ECE RADIUS accounting server. See "Creating Orchestration Logic for RADIUS Accounting", for more information.

  9. Activate the interworking modules. See "Activating the RIMOFCFRADIUS and IMOFCFPCP or IMOFCFECE Instances" for more information.

  10. Configure the RADIUS Mediation settings. See "Configuring RADIUS Mediation Settings" for more information.

Configuring the SSU RADIUS

Configure the SSU RADIUS for accounting requests as described in ”Configuring the SSU RADIUS” in Oracle Communications Service Broker Signaling Server Units Configuration Guide. Use the following configuration data, specifically:

  1. Create a new incoming routing rule.

  2. Set the parameter Name to the rule name to use.

  3. Set Local Realm to any. This is a case-sensitive field.

  4. Set Alias to the instance name that you are going to use for the RIMOFCFRADIUS instance. This instance is created later in the configuration process. See "Creating and Configuring an RIMOFCFRADIUS Instance", for more information. We will refer to this name as rimocfradius. Set the type of IM instance to RIMOCFRADIUS and the domain id to ocsb.com.

    The complete string to enter in the Alias fields is:

    ssu:rimofcfradius.RIMOCFRADIUS@ocsb.com

  5. Click Apply.

Configuring a Client Profile and AVP Filters

To create a client profile:

  1. In the SSU RADIUS Configuration screen, click the RADIUS tab.

  2. Click the Client Profile tab. Click the ClientProfile sub tab to define the RADIUS client profile properties.

  3. Click New.

  4. In the New window enter the following information:

    In the Client Address field, enter the address or address range for the RADIUS Network Authentication Server (NAS) client(s) to configure. You can define a single IP address or host name, or a group of RADIUS clients, if entered as a regular expression.

    In the Client NAS Identifier field, enter the ID of the client NAS. This can be a fully qualified domain name.

    In the Authentication Shared Secret Key field, enter the key in the Credential Store that maps to the secret in the Credential Store used to identify authentication requests from the NAS client.

    For more information about the Credential Store, see Oracle Communications Service Broker Security Guide.

    In the accountingSharedSecretKey field, enter the key in the Credential Store that maps to the secret in the Credential Store used to identify accounting requests from the NAS client.

  5. Click OK.

  6. Click the Avps to copy from Request to Response tab.

  7. Choose the client profile to apply the filter to from the Parent drop-down list. The index of the client profile correlates to the keyId assigned to the client profile.

  8. To add additional AVPs in incoming requests needed in the response:

    1. Click New.

    2. In the New: window enter:

      In the Attribute Name field, enter the name of an AVP included in the request and shall be included in the response.

    3. Click Apply.

Adding Proxy Realms

To a add a proxy realm to proxy requests to:

  1. In the SSU RADIUS Configuration node, click the RADIUS tab.

  2. Click the Proxy Realm tab.

  3. Click New.

  4. In the New window enter:

    In the Name of the proxy realm field, enter a name for the RADIUS server to proxy requests to.

    In the Username Match Criteria field, enter the username matching criteria. Use a regular expression matching the realm part of the username attribute in the request. For example, enter isp1.net for any user that belongs to isp1.net.

    In the Authentication Shared Secret Key field, enter the key in the Credential Store that maps to the secret in the Credential Store used to identify authentication requests from the NAS client. For more information about the Credential Store, see Oracle Communications Service Broker Security Guide.

    In the Accounting Shared Secret Key field, enter the key in the Credential Store that maps to the secret in the Credential Store used to identify accounting requests from the NAS client.

    In the Request Timeout field, enter the number of seconds to wait for a response before a request times out and is retried.

    In the Number of Retries field, enter the number of times to retry a request before it is considered failed.

  5. Click Apply to save your configuration.

Connecting to BRM Through PCP

To connect Online Mediation Controller to BRM:

  1. Create BRM connection pools in the SSU PCP. See the discussion on connection pools in the chapter on configuring the PCP signaling server unit in Oracle Communications Service Broker Signaling Server Units Configuration Guide for more information.

    For additional information on BRM connection pools, consult the chapter on connection pools in Oracle Communications Billing and Revenue Management System Administrator's Guide.

  2. Secure the BRM connection pools created in step 1, as described in the PCP signaling server configuration chapter in Oracle Communications Service Broker Signaling Server Units Configuration Guide.

  3. In the Administration Console:

    1. Expand OCSB.

    2. Expand Signaling Tier.

    3. Select SSU PCP.

    4. Select the PCP tab.

    5. Select the Credential Store tab.

    6. In the Password area, enter the ID of the connection pool that you want to secure in the Key field. This should be the Pool ID you assigned to the connection pool created in step 1.

    7. In the Password area, enter the password of the BRM client application account used by the connection pool to access the BRM in the Password field. This should be the password of the account you configured in the BRM CM Login ID field when you initially defined the connection pool.

    8. In the Password area, uncheck the One-way check box.

    9. In the Password area, click the Set button.

    10. Repeat the Administration Console steps for each connection pool you want to secure.

  4. Define destination BRM applications, as described in "Defining PCP Network Entities" in the chapter "Configuring the PCP Signaling Server Unit" in Oracle Communications Service Broker Signaling Server Units Configuration Guide.

  5. Click Commit to save your configuration.

Connecting to ECE Using the ECE API

To connect Online Mediation Controller to ECE:

  1. In the Administration Console:

    1. In the navigation tree, expand OCSB.

    2. Expand Signaling Tier.

    3. Select SSU ECE.

    4. Select the ECE tab.

    5. Click the Coherence tab.

  2. Populate the ECE Protocol Adapter values used to connect to ECE using the information below. Consult your ECE administrator for specific information about the ECE implementation in your environment.

    In the Coherence cluster name field, enter the name of the Coherence cluster on which ECE runs. A default value of BRM is entered.

    In the JMX management read-only field, set whether Mbeans exposed by the ECE Coherence node allow operations that modify run-time attributes. The default value is set to FALSE.

    In the Coherence log file name field, provide a string used when logging is enabled. By default, the log is located in same directory as where a managed server starts.

    In the Coherence log level field, enter the log level for the ECE Coherence cluster. The possible numeric values range from -1 to 9. There is no default value. See the discussion on debugging in Oracle Coherence Developer's Guide, for more information on setting Coherence logging levels.

    In the Use ECE well known address field, select the boolean indicating whether a well known address (WKA) for ECE will be used. Multicast address is not supported when WKA is used.

    In the Well know address 1 (ip:port) field, provide the first WKA IP address and port number of the ECE Coherence cluster.

    In the Well know address 2 (ip:port) field, provide the second WKA IP address and port number of the ECE Coherence cluster.

    In the Multicast address (ip:port) field, provide the IP address and port number of the ECE Coherence cluster when using multicast.

    In the Multicast TTL field, enter in a value for the multicast time-to-live setting. This value determines the maximum number of hops a packet may traverse. Legal values are from 0 to 255.

    In the Use SSL connection field, select the boolean indicating whether to use a secure connection to ECE. The default value is FALSE. See the discussion on securing SSU ECE in Oracle Communications Service Broker Signaling Server Units Configuration Guide, for more information on setting up the SSL connection to ECE.

    See Oracle Communications Elastic Charging Engine Administration Guide, for additional information on configuring ECE.

  3. Select the General tab to set the general parameters listed in Table 8-1:

    Table 8-1 ECE OCS General Parameters

    Name Type Description

    Request Default Timeout

    Integer

    Specifies the default request timeout in milliseconds when no value is supplied by the outbound request. The default value is 2000 milliseconds.

    ECE Request Batch Size

    Integer

    Specifies the number of ECE requests to send per request. The default value is 1.

    ECE Request Batch Timeout

    Integer

    Specifies the ECE batch request timeout in milliseconds.

    ECE Thread Pool Size

    Integer

    Specifies the number of ECE threads to use in the connection pool.

Creating and Configuring SSU PCP or SSU ECE Network Entities

Create network entities for SSU PCP or SSU ECE after completing the respective SSU connection configuration. See the respective chapters for SSU PCP or SSU ECE in Oracle Communications Service Broker Signaling Server Units Configuration Guide, for more information on creating network entities.

Creating and Configuring an RIMOFCFRADIUS Instance

Create and configure the RIMOFCFRADIUS instance for accounting requests as described in ”Configuring RIMOFCF Radius” in Oracle Communications Service Broker Modules Configuration Guide. Use the following configuration data, specifically:

Give the IM a name that matches the Alias used when creating the incoming routing rule in the SSU RADIUS. See "Configuring the SSU RADIUS", for more information.

Creating and Configuring an IMOFCFPCP or IMOFCFECE Instance

Create and configure the IMOFCFPCP or IMOFCFECE instance for accounting requests as described in the respective configuration chapters for IMOFCFPCP or IMOFCFECE in Oracle Communications Service Broker Modules Configuration Guide. Give the IM a name that will be used by the Orchestration Engine when routing requests. We will refer to this name as imofcfpcp or imofcfece.

After creating the IMOFCFPCP or IMOFCFECE module, define the destination BRM or ECE system that the module communicates with. Specify the alias of a destination used when configuring the SSU PCP or SSU ECE network entity. See "Creating and Configuring SSU PCP or SSU ECE Network Entities", for more information.

In the Administration Console:

  1. In the navigation tree, expand OCSB.

  2. Expand Processing Tier.

  3. Expand Interworking Modules.

  4. Select either the IMOFCFPCP or IMOFCFECE module node.

  5. Select the Configuration tab.

  6. In the Call Handling tab, set the field Destination Alias to the string you provided for the Alias parameter when creating the SSU PCP or SSU ECE network entity.

  7. Click Apply.

Configuring Service Type Parameters

By default, both the IMOFCFPCP and IMOFCFECE contain service type mapping values for use with basic BRM and ECE services. To view existing, or configure new service type mappings in the IM modules in the Administration Console:

  1. In the navigation tree, expand OCSB.

  2. Expand Processing Tier.

  3. Expand Interworking Modules.

  4. Select either the IMOFCFPCP or IMOFCFECE module.

  5. Select either the Rf PCP Mediation or Rf ECE Mediation tab.

  6. Select the Service Types tab.

  7. Click New to create a service type mapping.

The ServiceType tab enables you to set up a mapping between RADIUS application IDs and BRM or ECE service types. Table 8-2 describes configuration parameters in the BRM ServiceType subtab. Table 8-3 describes configuration parameters in the ECE ServiceType subtab.

Table 8-2 Authentication Application Service Type Parameters for BRM

Name Type Description

BRM Service ID

Integer

The RADIUS application ID to be mapped to a BRM service type.

BRM Service Type

String

The BRM service type to use for the corresponding RADIUS application ID.

For example: service/ip

Is Default Service Type

Boolean

Indicates whether to use this service type if none is specified. Set to:

  • true if to use this as a default value.

  • false to not use it as a default value.

Table 8-3 Authentication Application Service Type Parameters for ECE

Name Type Description

Service-Identifier AVP

Integer

The RADIUS application ID to be mapped to a BRM service type.

ECE product type

String

The ECE product type to use for the corresponding RADIUS application ID.

For example: VOICE

ECE event type

String

The ECE event type to use for the corresponding RADIUS application ID.

For example: DATA_USAGE

ECE specification version

Decimal

The ECE specification version.

Default service type

Boolean

Indicates whether to use this service type if none is specified. Set to:

  • true if to use this as a default value.

  • false to not use it as a default value.

Creating Orchestration Logic for RADIUS Accounting

Use the Orchestration Studio to route RADIUS accounting requests to the IMOFCFPCP or IMOFCFECE instance. See Oracle Communications Service Broker Orchestration User's Guide, for more information on configuring orchestration.

Use the following configuration data, specifically:

  • Route the requests to sip:imofcfpcp.IMOFCFPCP@ocsb.com or sip:imofcfece.IMOFCFECE@ocsb.com

    Where imofcfpcp or imofcfece is the IM name you gave for the IM-OFCFPCP or IMOFCFECE instance.

Activating the RIMOFCFRADIUS and IMOFCFPCP or IMOFCFECE Instances

To activate the newly created RIMOFCFRADIUS and IMOFCFPCP or IMOFCFECE instances:

  1. In the Domain Navigation pane, expand OCSB.

  2. Expand Processing Tier and then Interworking Modules.

  3. Select IM Management.

  4. Click the RIMOFCFRADIUS instance. The instance name is the same as you gave when you created it.

  5. Click Activate.

  6. Click the IMOFCFPCP or IMOFCFECE instance. The instance name is the same as you gave when you created it.

  7. Click Activate.

Configuring RADIUS Mediation Settings

This section describes how to configure RADUIS Mediation using the Online Mediation Controller Administration Console.

To access the RADIUS Mediation Configuration screen:

  1. In the domain navigation pane, expand OCSB.

  2. Expand Processing Tier.

  3. Click RADIUS Mediation.

  4. Configure the parameters in Table 8-4

Table 8-4 RADIUS Mediation General Parameters

Name Type Description

auth-timeout

Integer

The time to allow for an authentication requests to execute before it is considered to have timed out. Given in seconds.

BRM error codes

Integer

Comma separated BRM error codes which will trigger a request to be processed in Degraded Mode. See "Using Degraded Mode" for more information.

degraded-mode-behavior

Enumeration, drop-down menu

Defines how authentication requests that times out are handled. Choose:

  • accept to treat the requests as accepted.

  • discard to discard the requests.

  • reject to reject the request.

ECE integration

Boolean

Indication whether to route charging requests to BRM or ECE. When true, requests will be routed to ECE.

Extending RADIUS Accounting Support

You can extend the accounting functionality by adding support for custom RADIUS AVPs. You do that by adding custom AVPs to the RADIUS dictionary in the SSU RADIUS. See the chapter on configuring the SSU RADIUS in Oracle Communications Service Broker Signaling Server Units Configuration Guide, for more information.

If you add custom AVPs to the RADIUS dictionary in the SSU RADIUS, you also need to implement custom mappers from RADIUS to Rf (deployed in RIMOFCFRADIUS), and from Rf to PCP or ECE (deployed in IMOFCFPCP or IMOFCFECE).

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us