IMG 1010 - RADIUS - Implementing

Implementing RADIUS on the IMG: Tandem Solution

To implement a TANDEM solution with IMG, you will need to implement RADIUS with the Dialogic Vender Specific Attributes (VSAs). In the following discussion, standard RADIUS attributes defined by IETF in RFCs 2865 and 2866 are preceded with “RADIUS” while Dialogic VSAs are preceded with "Dialogic".

Wholesale TANDEM

The value of the RADIUS interface in the Wholesale TANDEM application is to provide the billing system with the data necessary to create Inter-billing data between the Primary Carrier (the owner of the IMG) and their carrier partners for the purpose of settlement between the carriers. Image then calls transiting the following diagram from left to right:

Open

 In each call, it is important to identify the originating and terminating carriers. Notice that in the architecture above, there are two sets of RADIUS records generated for each call that transits the Primary Carrier network: one from the originating side IMG and one from the terminating side IMG. Also notice that a call can originate from a partner’s TDM switch or VoIP gateway, and terminate to a partners TDM switch or VoIP gateway.

Originating Side IMG:

Let’s look first at the billing data from the RADIUS records from the originating side IMG for the call. Calls originated from a TDM (Partner A) can be authenticated and the originating carrier identified by the trunk information or Carrier ID from the originating side IMG. This is passed to the RADIUS Server via the RADIUS NAS-IP-Address attribute for the IMG, plus the Dialogic Trunk Id . Calls originating from a VoIP Gateway (Partner B) can be identified by the MIND RADIUS VSA Originate Address.

For the originating side IMG, in a call transiting the Primary Carrier network, the second carrier involved in settlement is the Primary Carrier itself, since the originating IMG routes the call to the terminating side IMG. In the RADIUS records from the originating gateway, the on-net gateway that the call is routed to is identified by the MIND RADIUS VSA Remote Address. MIND-Bill is able to identify that IP as a Primary Carrier network address, and create the inter-billing CDR between the originating carrier (Partner A or Partner B) and the Primary Carrier. This CDR is used by the Primary Carrier the originating partner for Voice or VoIP termination services, or perhaps in the case of a “800” call, to pay the originating carrier for the call.

Authentication:

The originating carrier does not need to be authenticated in the Wholesales Transit application, although this is possible for an additional layer of security. If authentication is desired, then the following attributes need to be included in the Access-request RADIUS message:

• Reporting Gateway (NAS-IP-Address)

• Username (User-name) For the TANDEM Application this should be set to the same value as the Calling Number.

• Calling Number (Calling-Station-Id),

• Originating Carrier

• Originated from a TDM switch (NAS-IP-Address plus the MIND RADIUS VSA Trunk Id)

• Originated from a VoIP gateway or router (Dialogic Originate Address VSA)

Accounting:

The CDR will need to include the following information, primarily from the Accounting Stop RADIUS message:

• Reporting Gateway (NAS-IP-Address)

• Call ID (Acct-Session-Id) as the originating carrier provided to identify the call for the originating partner

• Call rating data

  • Calling Number (Calling-Station-Id),

  • Called Number (Called-Station-Id),

  • Call Duration (Acct-Session-Time),

  • Call Termination Status (Acct-Terminate-Cause)

  • Call Start Time of day (Dialogic Start Time VSA)

• Originating Carrier

  • Originated from a TDM switch (NAS-IP-Address plus the MIND RADIUS VSA Trunk Id)

  • Originated from a VoIP gateway or router (Dialogic Originate-Address VSA)

• “Terminating” Carrier (Dialogic Remote-Address VSA)

• Direction of Call, (Dialogic Call Direction VSA) essentially whether this is an originating-side-of-call record or a terminating-side-of-call record. For the originating side IMG in the call, the Dialogic  Call-Direction VSA should be set to a value of “O”.

Terminating Side IMG:

The terminating side IMG gateway will also generate CDR information, albeit for the Inter-billing data necessary for settlement with the terminating partner (Partner C or Partner D above).

The CDR will need to include the following information, primarily from the Accounting Stop RADIUS message:

• Reporting Gateway (NAS-IP-Address)

• Call ID (Acct-Session-Id) as the originating IMG provided to the terminating partner’s TDM switch or VoIP gateway/router to identify the call for the terminating partner

• Call rating data

  • Calling Number (Calling-Station-Id),

  • Called Number (Called-Station-Id),

  • Call Duration (Acct-Session-Time),

  • Call Termination Status (Acct-Terminate-Cause)

  • Call Start Time of Day (Dialogic Start-Time VSA)

• “Originating” Carrier (Dialogic Originate-Address VSA)

• Terminating Carrier

  • Terminated to a TDM switch (RADIUS NAS-IP-Address plus the Dialogic Trunk-Id VSA)

  • Terminated to a VoIP gateway or router (Dialogic Remote-Address VSA)

• Direction of Call, (Dialogic Call Direction VSA) essentially whether this is an originating-side-of-call record or a terminating-side-of-call record. For the originating side IMG in the call, the Dialogic Call-Direction VSA should be set to a value of “I”.

Wholesale TANDEM Hairpin

One exception to the general Wholesale TANDEM flow is a hairpin call, where the call is routed out of the Primary Carrier’s network on the same IMG gateway as the call originated on, without transiting anywhere else in the Primary Carrier’s network. Image, for example, calls between Partner A and Partner B, transiting the Primary Carrier Network, in the diagram below:

Open

In this case, the IMG is concurrently the originating and terminating gateway for the call, and the RADIUS information must provide information on both the originating and terminating partner. Optionally, the originating carrier may be authenticated in the same manner as described in the originating side section above. The Accounting data, however, is a combination of both the originating and terminating CDRs:

• Reporting Gateway (NAS-IP-Address)

• Call ID (Acct-Session-Id) as the originating carrier provided to identify the call for the originating partner

• Call rating data

  • Calling Number (Calling-Station-Id),

  • Called Number (Called-Station-Id),

  • Call Duration (Acct-Session-Time),

  • Call Termination Status (Acct-Terminate-Cause)

  • Call Start Time of Day (Dialogic Start-Time VSA)

• Originating Carrier

  • Originated from a TDM switch (NAS-IP-Address plus the MIND RADIUS VSA Trunk Id)

  • Originated from a VoIP gateway or router (Dialogic Originate-Address VSA)

• Terminating Carrier

  • Terminated to a TDM switch (NAS-IP-Address plus the Dialogic Trunk-Id VSA)

  • Terminated to a VoIP gateway or router (Dialogic Remote-Address VSA)

• Direction of Call, (Dialogic Call-Direction VSA) essentially whether this is an originating-side-of-call record or a terminating-side-of-call record. For the hairpin call on a IMG, the Dialogic Call-Direction VSA should be set to a value of “I”.

RADIUS Messages

Considering each of the possible flows above for the Wholesale TANDEM application, let’s now look at the corresponding RADIUS message attribute requirements. The list that follows is the minimum attributes that should be populated to meet the business needs. Other attributes can be filled with appropriate information if available.

Optional ACCESS-REQUEST

The RADIUS Access-Request is primarily used for end-user authentication, not necessarily carrier authentication in a TANDEM application. However, it is possible to treat the carrier and its trunks as a Private Trunk, and receive appropriate authentication for the carrier in a TANDEM application.

To do this, the IMG will populate the following fields in the RADIUS Access Request:

ACCESS-REQUEST, ACCESS-REJECT

The RADIUS Server will return either an Access-Accept or Accept-Reject message in response to the Access-Request. In either case, the only required field is the request status, provided in the Status field.

Accounting Start

The Accounting Start can be used for both Service Authorization and Service Start. For the TANDEM Application, the only time you might consider using the Service Authorization step would be if the Primary Carrier wanted to use the AAA of the billing system to restrict the destinations (called numbers) that a partner could reach through the Primary Carrier’s network.

For example:

Partner "A" can reach any national or international number, but Partner "B" is only allowed to reach domestic numbers through the Primary Carrier’s network. This business function can also be implemented through routing rules, if they are centralized to a Gatekeeper or Route Server. Assuming that Service Authorization is not needed for the Dialogic TANDEM solution you will only need to provide the Service Start message in the Accounting Start. To do this, the IMG should populate the following fields in the RADIUS Accounting Start:

Attribute Description Remarks

Acct-Status-Type- Accounting Request type: Start, Intermediate or Stop RADIUS attribute code = 40Value = Start (1)

Acct-Session-Id- Unique Call ID. This must be generated by the IMG and be a globally unique ID (GUID).  See IETF RFC RADIUS Attribute code = 44

Calling-Station-ID- Calling Number (ANI) RADIUS attribute code = 31

NAS-IP-Address- IP-address. RADIUS attribute code = 4

Dialogic VSA- Originate Address Originator (End Point) IP address. 32 bit in network order.

Dialogic VSA- Call Direction Inbound or Outbound direction  

Dialogic VSA- Accounting start type Specifies if the message is a call start or Authorization/Re-Authorization Value=2 (For call start message)Note: If this VSA is not sent the IMG assumes the  message type is Authorize/Re-authorize

Dialogic VSA- Remote address Remote IP address

Dialogic VSA Start- Time Start time of call (local time) in Seconds since 1/1/1970  

Dialogic VSA- Trunk Id Optional field Populate with Trunk Id when call originates on trunk side. Originate Address + trunk ID will be used to identify carrier.

Accounting Stop

The Accounting Stop message is used to close a CDR in the billing system. You should provide all information possible about the call in this record. As described above, certain fields are required for the MIND-Bill system to be able to successfully generate Inter-billing CDRs for settlement between carriers, as appropriate for the Wholesale TANDEM application. Here is a list of the required fields:

Attribute Description Remarks

Acct-Status-Type- Accounting Request type: Start, Intermediate or Stop RADIUS attribute code = 40Value = Start (1)

Acct-Session-Id- Unique Call ID. This must be generated by the IMG and be a globally unique ID (GUID).  See IETF RFC RADIUS Attribute code = 44

Calling-Station-ID- Calling Number (ANI) RADIUS attribute code = 31

NAS-IP-Address- IP Address. RADIUS attribute code = 4

Dialogic VSA- Originate Address Originator (End Point) IP address. 32 bit in network order.

Dialogic VSA- Call-Direction Inbound or Outbound direction  

Dialogic VSA- Accounting start type Specifies if the message is a call start or Authorization/Re-Authorization Value=2 (For call start message)Note: If this VSA is not sent assumes the message type is Authorize/Re-authorize

Dialogic VSA- Remote address Remote IP address

Dialogic VSA- Start Time Start time of call (local time) in seconds since 1/1/1970  

Dialogic VSA- Trunk Id Optional field Populate with Trunk Id when call originates on trunk side. Originate Address + trunk ID will be used to identify carrier.

Called-Station-Id- Called Number (DNIS) RADIUS attribute code = 30

Acct-Session-Time- Call Duration RADIUS attribute code = 46

Acct-Terminate-Cause- Call Termination Status RADIUS attribute code=47