Configuring Accounting

Overview

This chapter provides you with information about configuring RADIUS accounting on your OCSBC including these essential configurations and specialized features:

  • Accounting for SIP and H.323
  • Local CDR storage on the OCSBC, including CSV file format settings-
  • The ability to send CDRs via FTP to a RADIUS sever
  • Per-realm accounting control
  • Configurable intermediate period
  • RADIUS CDR redundancy
  • RADIUS CDR content control

Accounting for SIP and H.323

This section explains SIP and H.323 accounting using the RADIUS Accounting System (RAS).

For accounting purposes, the OCSBC uses RADIUS to send accounting messages. These messages are transmitted to one of a predefined list of accounting servers using a predefined forwarding strategy. RAS provides a mechanism for temporarily storing session initiation and completion statistics and for delivering these statistics to accounting servers located elsewhere in the network.

Call Detail Records

The OCSBC supports CDRs through RADIUS reporting with additional VSAs to include information that is not available with the standard RADIUS session information. CDRs provide billing information on sessions traversed through a system, as well as troubleshooting information, fraud detection, fault diagnostics, and service monitoring.

CDRs can contain information about recent system usage such as the identities of sources (points of origin), the identities of destinations (endpoints), the duration of each call, the amount billed for each call, the total usage time in the billing period, the total free time remaining in the billing period, and the running total charged during the billing period.VSAs are defined by vendors of remote access servers in order to customize how RADIUS works on their servers.

RAS Overview

The RAS acts as a RADIUS client. It provides a mechanism for generating accounting information in CDRs. The CDRs are transmitted to a RADIUS server in UDP datagrams, using RADIUS Accounting Request messages.

The RAS receives RADIUS accounting messages when different events occur. The event and CDR event trigger list information determines which RADIUS messages, if any, are included, as well as which RADIUS attributes are included. The library adds RADIUS messages to the waiting queue only when the message is ready to be sent. The SIP proxy needs to populate the CDR as session information becomes available so, by the time the session ends, it contains the information necessary to generate all of the messages.

The RADIUS accounting client process manages its queue and a list of servers. The servers each have a UDP connection and manage their own pending message queues. Changes in the state of the server connection might cause interaction with the client process waiting queue.

When RADIUS messages are added to the RAS waiting queue, the RAS sends them to a server based on strategy. If the RAS is configured to transmit all the messages when the session ends, all the messages are sent to the same server. Each session continues logging messages according to the event logging scheme in effect when the session began (for example, when the CDR was created).

The RAS notifies the RADIUS server with Accounting-On/Off messages when the RAS’s entry for that server is enabled/disabled. The response to the Accounting-On message is the RAS’s first determination of RTT, and serves as notification that the server is reachable. Until the Accounting-On response is received, the server cannot send other messages.

RADIUS Accounting Client

The RADIUS accounting client process has a local socket at which it accepts RADIUS messages. RADIUS messages received on the local socket are added to the waiting queue for transmission to a RADIUS server. The waiting queue is a first-in, first-out (FIFO) queue.

The RADIUS accounting client process sends messages to a server queue based on the configuration (servers configured/enable/connected, as well as the strategy). Messages that return from a server (due to server failure/disabling) are first in the FIFO queue.

The RADIUS accounting client process interfaces with the RADIUS accounting servers using the RADIUS protocol with the VSAs outlined above.

The RADIUS server collects a variety of information that can be used for accounting and for reporting on network activity. The RADIUS client sends information to designated RADIUS servers when the user logs on and logs off. The RADIUS client might send additional usage information on a periodic basis while the session is in progress. The requests sent by the client to the server to record logon/logoff and usage information are generally called accounting requests.

RADIUS accounting permits a RADIUS server to track when users commence and terminate their connections. Typical accounting information includes the following:

  • Full user name
  • RAS identification name or IP address
  • RAS port number
  • Time connection started

When a client is configured to use RADIUS accounting, it generates an Accounting Start packet describing the type of service being delivered and the user it is being delivered to at the start of service delivery. It sends that packet to the RADIUS Accounting server, which sends back an acknowledgement that the packet has been received. At the end of service delivery, the client generates an Accounting Stop packet describing the type of service that was delivered and, optionally, statistics such as elapsed time, input and output octets, or input and output packets. It sends that packet to the RADIUS Accounting server, which sends back an acknowledgement that the packet has been received. The Accounting-Request (whether for Start or Stop) is submitted to the RADIUS accounting server through the network.

Transactions between the client and RADIUS accounting server are authenticated through the use of a shared secret, which is never sent over the network.

Session Accounting

The RAS client can record SIP, H.323, and IWF session activity based on configuration and a CDR. The CDR determines which messages are generated and determines the RADIUS attributes included in the messages. The RAS client must be capable of sending CDRs to any number of RADIUS accounting servers, using the defined hunt, failover, round robin, fewest pending, or fastest server strategies.

The establishment, failed establishment, change, or removal of a session can trigger RADIUS Accounting Request messages. The RAS might also send notification of its status (enabled/disabled). RADIUS Accounting Request messages include the following:

  • Start—Session has started.
  • Interim-Update—Session parameters have changed.
  • Stop—Session has ended.
  • Accounting-On—Creation of a new RADIUS client.
  • Accounting-Off—RADIUS client has shut down.

Each session might generate Start, Interim-Update, and Stop messages based on the local configuration when the session is initiated. Each Start message tells the RADIUS server that a session has started. Each Interim-Update message changes the session parameters, and may report the session characteristics for the session to that point. Each Stop message informs the RADIUS server that a session has ended and reports session characteristics.

The RAS has the ability to transmit all RADIUS messages related to a session at the end of the session, regardless of which messages are generated and when they are generated. Some customers might choose this option to reduce the likelihood of the RADIUS messages being logged to different servers, or in different log files on the same server.

The RAS always generates a RADIUS Stop message when the session ends, regardless of the session termination cause. The termination cause and the session characteristics are reported.

Interim RADIUS Records for Recursive Attempts

When the OCSBC routes calls, it performs local policy look-ups that can return several next hops, ordered by preference. This can also happen as a results of an LRT lookup, an ENUM query response, or SIP redirect. To set up sessions, the OCSBC uses—in ordered preference—and recurses through the list if it encounters failures.

You can configure SIP accounting to send RADIUS Interim records when the OCSBC encounters these failures. The interim message contains: the destination IP address, the disconnect reason, a timestamp for the failure, and the number that was called. This feature is enabled by setting the generate-interim parameter to unsuccessful-attempt. Please refer to Appendix B to view the format of an unsuccessful-attempt interim record.

RADIUS Messages

The following table identifies the relationship between the signaling elements and the RADIUS attributes included in Accounting Request messages to the RADIUS server.

RADIUS Attribute Data Element Message
NAS IP-Address IP address of the SIP proxy or the H.323 stack’s call signal address. Start, Interim-Update, Stop, On, Off
NAS Port SIP proxy port or the H.323 stack’s call signaling RAS port. Start, Interim-Update, Stop, On, Off
NAS Identifier Value, if any, set in the optional NAS-ID field for the accounting server that you configure as part of the accounting configuration. This identifier sets the value that the remote server (the accounting server) uses to identify the OCSBC so that RADIUS messages can be transmitted.

The remote server to which the accounting configuration will send messages uses at least one of two pieces of information for identification:

NAS IP address: always included in the accounting message

NAS identifier: configured in the NAS-ID parameter of the accounting server; if configured, the NAS identifier is sent to the remote server

This attribute only appears if a value is configured in the NAS-ID field.

Start, Interim-Update, Stop, On, Off
Acct-Session-ID Either the Call-ID field value of the SIP INVITE message, the callIdentifier of the H.323 message, or RADIUS client information. Start, Interim-Update, Stop, On, Off
Called Station ID To field value of the SIP INVITE message (a type of message used to initiate a session) or the calledPartyNumber of the H.323 message. Start, Interim-Update, Stop
Calling Station ID From field value of the SIP INVITE message or the callingPartyNumber of the H.323 message. Start, Interim-Update, Stop
Acct-Terminate-Cause Reason for session ending (refer to Session Termination session). Stop, Off
Acct-Session-Time Length of session (time in seconds, or milliseconds if so configured). Interim-Update, Stop, Off

Session Termination

Sessions are terminated for reasons that include normal termination, signaling failure, timeout, or network problems. The following table maps RADIUS accounting termination cause codes to network events.

RADIUS Termination Cause Event Message
User request SIP BYE message or H.323 Stop
User error SIP signaling failed to establish session (accompanied by disconnect cause) Stop
NAS request RADIUS server disabled Off

ACLI Instructions and Examples

This section tells you how to access and set parameters for RADIUS accounting support. To use the OCSBC with external RADIUS (accounting) servers to generate CDRs and provide billing services requires, you need to configure account configuration and account server list.

Accessing the Accounting and Accounting Servers Configuration

To configure the account configuration and account servers:

  1. In Superuser mode, navigate to the account-config parameter. 
    ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# account-config
ORACLE(account-config)#
  2. To configure account server parameters (a subset of the account configuration parameters), type account-servers and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(account-config)# account-servers
ORACLE(account-server)#

Setting Up the Account Configuration

You set the account configuration parameters to indicate where you want accounting messages sent, when accounting messages you want them sent, and the strategy you want used to select account servers.

To configure the account configuration:

  1. hostname—Defaults to and must remain localhost.
  2. port—Retain the default value of 1813 or enter the number of the UDP port associated with the OCSBC from which RADIUS messages are sent.

    • minimum: 1025

    • maximum: 65535

  3. strategy—Indicate the strategy you want used to select the accounting servers to which the OCSBC will send its accounting messages. The following table lists the available strategies:
    • hunt—Selects accounting servers in the order in which they are listed. If the first accounting server is online, working, and has not exceeded any of the defined constraints, all traffic is sent to it. Otherwise the second accounting server is selected. If the first and second accounting servers are offline or exceed any defined constraints, the third accounting server is selected. And so on through the entire list of configured servers.
    • failover—Uses the first server in the list of predefined accounting servers until a failure is received from that server. Once a failure is received, it moves to the second accounting server in the list until a failure is received. And so on through the entire list of configured servers.
    • round robin—Selects each accounting server in order, distributing the selection of each accounting server evenly over time.
    • fastest round trip time—Selects the accounting server that has the fastest round trip time (RTT) observed during transactions with the servers (sending a record and receiving an ACK).
    • fewest pending—Selects the accounting server that has the fewest number of unacknowledged accounting messages (that are in transit to the OCSBC).
  4. state—Retain the default value enabled if you want the account configuration active on the system. Enter disabled if you do not want the account configuration active on the system.
  5. max-msg-delay—Retain the default value of 60 seconds or indicate the length of time in seconds that you want the OCSBC to continue trying to send each accounting message. During this delay, the OCSBC can hold a generic queue of 4096 messages.
    • Minimum: zero (0)
    • Maximum: 4294967295
  6. max-wait-failover—Retain the default value of 100 messages or indicate the maximum number of accounting messages the OCSBC can store its message waiting queue for a specific accounting server, before it is considered a failover situation.

    Once this value is exceeded, the OCSBC attempts to send it accounting messages, including its pending messages, to the next accounting server in its configured list.

    • Minimum: one (1) message

    • Maximum: 4096 messages

  7. trans-at-close—Retain the default value of disabled if you do not want to defer the transmission of message information to the close of a session. Enter enabled if you want to defer message transmission.

    • disabled—The OCSBC transmits accounting information at the start of a session (Start), during the session (Interim), and at the close of a session (Stop). The transmitted accounting information for a single session might span a period of hours and be spread out among different storage files.

    • enabled—Limits the number of files on the OCSBC used to store the accounting message information for one session. It is easiest to store the accounting information from a single session in a single storage file.

  8. generate-start—Retain the default value ok if you want the RADIUS Start message to be generated once the OCSBC receives an OK message in response to an INVITE. (A RADIUS Start message informs the accounting server that a SIP session has started.)

    Other options include:

    • Start—RADIUS Start message should not be generated.

    • Invite—RADIUS Start message should be generated once the OCSBC receives a SIP session INVITE.

  9. generate-interim—Retain the default value reinvite response to cause the OCSBC to transmit a RADIUS Interim message. (A RADIUS Interim message indicates to the accounting server that the SIP session parameters have changed.)
    You can select none, one, or more than one of the following values:
    • ok—RADIUS Start message is generated when the OCSBC receives an OK message in response to an INVITE.
    • reinvite—RADIUS Interim message is generated when the OCSBC receives a SIP session reINVITE message.
    • reinvite response (default)—RADIUS Interim message is generated when the OCSBC receives a SIP session reINVITE and responds to it (for example, session connection or failure).
    • reinvite cancel—RADIUS Interim message is generated when the OCSBC receives a SIP session reINVITE, and the Reinvite is cancelled before the OCSBC responds to it.
    • unsuccessful-attempt—RADIUS Interim message is generated when a SIP session set-up attempt from a preference-ordered list of next-hop destinations is unsuccessful. This can happen when a local policy lookup, LRT lookup, ENUM query response, or SIP redirect returns a preference-ordered list of next-hop destinations. The interim message contains: the destination IP address, the disconnect reason, a timestamp for the failure, and the number that was called.
  10. account-server—Create the account server list to store accounting server information for the account configuration. Each account server can hold 100 accounting messages. See the next section for step-by-step instructions.

    Account server entries are specific to the account configuration. They cannot be viewed or accessed for editing outside of the account configuration.

    Note:

    RADIUS will not work if you do not enter one or more servers in a list.

Setting Up Accounting Servers

You must establish the list of servers to which the OCSBC can send accounting messages.

  1. hostname—Host associated with the account server as an IP address.
  2. port—Retain the default 1813 or enter the number of the UDP port associated with the account server to which RADIUS messages are sent.

    • minimum: 1025

    • maximum: 65535

  3. state—Retain the default enabled to enable the account servers on the system or enter disabled to disable them.
  4. min-round-trip—Retain the default 250 milliseconds or indicate the minimum round trip time of an accounting message.

    • minimum: 10 milliseconds

    • maximum: 5000 milliseconds

    A round trip consists of the following:

    • The OCSBC sends an accounting message to the account server.
    • The account server processes this message and responds back to the OCSBC.

    If the fastest RTT is the strategy for the account configuration, the value you enter here can be used to determine an order of preference (if all the configured account servers are responding in less than their minimum RTT).

  5. max-inactivity—Retain the default 60 seconds or indicate the length of time in seconds that you want the OCSBC with pending accounting messages to wait when it has not received a valid response from the target account server.

    • minimum: 1 second

    • maximum: 300 seconds

      Once this timer value is exceeded, the OCSBC marks the unresponsive account server as disabled in its failover scheme. When a server connection is marked as inactive, the OCSBC attempts to restart the connection and transfers pending messages to another queue for transmission. RADIUS messages might be moved between different account servers as servers become inactive or disabled.

  6. restart-delay—Retain the default 30 seconds or indicate the length of time in seconds you want the OCSBC to wait before resending messages to a disabled account server.

    • minimum: 1 second

    • maximum: 300 seconds

  7. bundle-vsa—Retain the default enabled if you want the account server to bundle the VSAs within RADIUS accounting messages. Enter disabled if you do not want the VSAs to be bundled. (Bundling means including multiple VSAs within the vendor value portion of the message.)

    In a bundled accounting message, the RADIUS message type is vendor-specific, the length is determined for each individual message, and the vendor portion begins with a 4-byte identifier, and includes multiple vendor type, vendor length, and vendor value attributes.

  8. secret—Enter the secret passed from the account server to the client in text format. Transactions between the client and the RADIUS server are authenticated by the shared secret; which is determined by the source IPv4 address of the received packet.
  9. NAS-ID—Optional. Enter the NAS ID in text format (FQDN allowed). The account server uses this value to identify the OCSBC for the transmittal of accounting messages.

    The remote server to which the account configuration sends messages uses at least one of two potential pieces of information for purposes of identification. The OCSBC accounting messages always includes in the first of these:

    • Network Access Server (NAS) IP address (the IP address of the OCSBC’s SIP proxy)

    • NAS ID (the second piece of information) provided by this value. If you enter a value here, the NAS ID is sent to the remote server.

      If you have more than one OCSBC pointing to the same account server, the NAS ID can be used to identify which OCSBC generated the record.

SIP CDR Stop Time

You can set up your global SIP configuration so the disconnect time reflected in a RADIUS CDR is the time when the OCSBC receives a BYE. Enabling this parameter also means the disconnect time is defined when the OCSBC sends a BYE to the UAS and UAC. Otherwise, the the CDR’s value is based on when the 200 OK confirms the BYE.

The applicable RADIUS CDR in this case is the standard RADIUS attribute Acct-Session-Time, number 46.

ACLI Instructions and Examples

To enable definition of the disconnect time based on the BYE:

  1. Access the sip-config configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# sip-config
ORACLE(sip-config)#
  2. Select the sip-config object to edit. 
    ORACLE(sip-config)# select


ORACLE(sip-config)#
  3. set-disconnect-time-on-bye—Set this parameter to enabled if you want to use the BYE message as the defining factor for the disconnect time. This parameter is disabled by default.
  4. Type done to save your configuration.

Set Acct-session-time attribute to milliseconds

Some accounting features require greater precision. The attribute acct-session-time can be configured to be in milliseconds.

The RADIUS attribute acct-session-time uses seconds as its default. You can set this to a millisecond granularity in the account-config configuration element using the option millisecond-duration. This option setting is required for the RADIUS CDR display, Diameter RF accounting and locally-generated CDR comma separated value (CSV) files behaviors.

Note:

Changing to millisecond granularity violates RFC 2866.

Configure acct-session-time for millisecond granularity

Set the option for millsecond granularity for the acct-session-time attribute.

  1. Access the account-config configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# account-config
ORACLE(account-config)#
  2. Type select to begin configuring this object.
  3. options—Set the options parameter by typing +options, a Space, the option name millsecond-duration and then press Enter.
  4. Type done to save your configuration.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents