- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
More chapters from new and classic Cisco Press books
Rate your favorite Cisco Press books
Billing and mediation services are important in voice over IP (VoIP). They are key factors in helping a service provider or an enterprise vendor understand financial aspects, such as Return on Investment (ROI), when migrating its time-division multiplexing (TDM)-based network to VoIP. The public switched telephone network (PSTN) world offers a simpler billing structure for calls made over the network because the originator and the destination points are static and tied to a physical location. It also expects voice traffic (usage based on minutes of call durations) and data traffic (usage based on a flat fee) to be billed in different ways. VoIP changes this paradigm and allows the endpoints to move. The voice and data traffic are all packets that are transported from one location to another over the network. This raises some issues and requires protocol definitions on whom to bill, where to bill, and what to bill.
In VoIP, other than a basic call made between two endpoints, you need to consider many service categories where billing requirements differ. It is important to note that the tools for implementing these services can vary. The broad categories of services are as follows:
Supplementary services:
— Forking
— Forwarding
— Transferring
— Redirecting
— Holding
— Find-me-follow-me
— Simultaneous ringing
Service categories:
— Billed by duration (voice, fax, voice mail recording/playing)
— Billed by data bytes (modem)
— Billed by page (fax)
— Billed by flat fee (for example, stock quotes)
Roaming
— Integration with billing and database services partners
Conference calling
— Planned
— Spontaneous
Multibox billing
— Conference server
— Voice-mail server
— Translations, SCP-based services
— Unified communications (UC)
— Integration of billing/UC partners
AAA and RADIUS are two foundational blocks for billing services in the IP world. For VoIP, billing and mediation are services that a server requests. The clients are usually the entities that have call control information (for example, Media Gateway Control Protocol [MGCP] Call Agent, Session Initiation Protocol [SIP] Proxy server, and so on), whereas the server is where the processing of billing-related information takes place. Note that the client to the billing server might in turn be a server in the VoIP network for call control to its end users and VoIP clients. The three steps of AAA are as follows:
Authentication provides a vehicle to identify a client that requires access to some system and logically precedes authorization. Authentication is done through the exchange of logical keys or certificates between the client and the server.
Authorization follows authentication and sets the process of determining whether the client is allowed to perform or request certain tasks or operations. Therefore, authorization is at the heart of policy administration.
Accounting is the process of measuring resource consumption, allowing monitoring and reporting of events and usage for various purposes including billing, analysis, and ongoing policy management. VoIP offers innovative accounting models to evolve because of features like mobility, roaming, and inexpensive ways to carry voice traffic over data pipes.
Remote Authentication Dial-In User Service (RADIUS) is a data-communications protocol designed to provide security management and statistics collection in remote computing environments, especially for distributed networks like VoIP. For accounting, it is well understood that centrally stored data is more secure, easier to manage, and scales more smoothly than data scattered throughout the network on multiple devices.
RADIUS operates on the client/server model. A RADIUS authentication server provides security services and stores security data, whereas a RADIUS accounting server collects and stores statistical data. Typically, a single machine provides both functions; however, the two RADIUS servers can reside on separate machines. Network engineers can configure a RADIUS client to use RADIUS security services, RADIUS accounting services, or both.
A RADIUS client consists of a network access server (NAS), which gives one or more remote users access to network resources. A single RADIUS server can serve hundreds of RADIUS clients and thousands of end users. You can address fault tolerance and redundancy concerns by configuring a RADIUS client to use one or more alternative RADIUS servers.
RADIUS provides three network services, known as authentication, authorization, and accounting (AAA). These services perform the following functions:
Identify remote users to ensure that they are valid users who can access the network (authentication)
Define what each user can do by controlling access to network resources (authorization)
Track the resources that each user consumes for the purpose of billing them for services (accounting)
The following are some other key features of RADIUS:
Network security—Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server to eliminate the possibility that someone who is snooping on an unsecured network can determine a user password.
Protocol extensions—All transactions are composed of variable-length Attribute-Length-Value 3-tuples. You can add new attribute values easily without disturbing existing implementations of the protocol. This property of RADIUS enables vendors to create certain vendor-specific attributes (VSA) that enable network providers to pass valuable information in them.
Flexible authentication schemes—The RADIUS server can support a variety of methods to authenticate a user. When it is provided with the username and the original password given by the user, it can support PPP Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP), UNIX login, and other authentication mechanisms.
Several VoIP protocols are in use today. Each of these protocols has its own set of features and information fields about the session established between two VoIP endpoints. Service providers looking for billing data often have special requests on certain attributes that can be passed to them only if certain additions are being made to the RADIUS accounting requests that are fed to the RADIUS servers. These new additions are mostly protocol specific (for example, H.323 or SIP may call for certain attributes).
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment