NetMaut RADIUS Server

The NetMaut RADIUS Server authenticates and authorizes subscribers accessing a mobile network via gateways (GGSN, PGW), which require the RADIUS protocol for setting up the connection.

The RADIUS Server may be deployed for the following functions:

  • authentication and authorization based on user names and passwords (may be relevant in enterprise business)
  • allocation of IP addresses
  • setting of billing plans and charging identifiers (if the default at the gateway is not sufficient)
  • setting of session timeouts

If the RADIUS Server is involved in setting up the session, it can determine how the session is controlled and how the volume and time quota used up during the session are managed.

'Control' here refers to configuration of the session (Quality of Service, bandwidths, redirects etc.), while managing the quota is usually referred to as 'Quota Handling' or 'Calculation'.

 

Integration of the NetMaut RADIUS Server

The NetMaut RADIUS Server uses the RADIUS protocol for the communication with the gateways (GGSN, PGW).

Session control takes place via

  • manufacturer specific QoS attributes
  • RADIUS filter lists
  • gateway ACLs
  • „Change of Authorization“ or „Packet of Disconnect“

Quota management takes place by RADIUS accounting and respective configuration of the accounting intervals.

The NetMaut RADIUS Server can pass an IP address and DNS server to the device, configure the gateway for OCS usage if required or specify a PCRF.  

If subsequent policy and quota management is to be handled in the Diameter protocol with an OCS and/or PCRF, the RADIUS-based quota handling and session configuration will be suspended for the respective session.

Migration of Different Worlds

For a smart migration of the different technologies and due to continually occurring incompatibilities especially in the roaming context the RADIUS Server configures different variants of session control and calculation:

TypeControlQuota ManagementPurpose of Use
ARADIUSNo calculationPure flatrate- and gateway-managed services
BNo controlRADIUS accountingExternally authorized sessions, e.g. enterprise products
CRADIUSRADIUS accountingOrigin of the Acctopus policy solution
DRADIUSOnline charging via Diameter Gy to the OCSFirst evolution of GGSNs
EPRCF Diameter GxRADIUS accountingLimited performance or incomplete trigger implementation at the gateway
FPRCF Diameter GxOnline charging via Diameter Gy to the OCS3GPP EPC target architecture
GPRCF Diameter GxOnline charging via Diameter Gx to the PCRFAllows the usage of a primary OCS for the quota management and an additional management of the quota for the policy management (e.g. MVNO or ARP).

Why not NASREQ?

In a pure Diameter environment the RADIUS Server is replaced by a Diameter NASREQ Server. We at Acctopus hold such a Diameter NASREQ Server but we experienced that gateway manufacturers do not keep up this strategy consequently. Moreover Diameter accounting ended up in a dead-end at the IETF and 3GPP which means that no consistent implementations exist. 

Therefore we recommend our customers to use a RADIUS Server until EPC can do without the legacy IP allocation via NASREQ or RADIUS. This will probably take a while considering the facts that gateway interaction in cases of failover is not specified yet and IPv6 networks are not implemented completely so far.