Beruflich Dokumente
Kultur Dokumente
Product Description
HUAWEI infoX CDMA MN AAA
Product Description
Website: http://www.huawei.com
Copyright © 2007 Huawei Technologies Co., Ltd.
All Rights Reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior
Trademarks
And other Huawei trademarks are the trademarks or registered trademarks of Huawei
Technologies Co., Ltd. in the People’s Republic of China and certain other countries.
All other trademarks and trade names mentioned in this document are the property of their
respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has been made in the
preparation of this manual to ensure accuracy of the contents, but all statements, information, and
recommendations in this manual do not constitute the warranty of any kind, express or implied.
infoX CDMA MN AAA Product Description Confidential
Table of Contents
This chapter describes the following aspects of the infoX CDMA MN AAA:
l Functions of the infoX CDMA MN AAA
l Position of the infoX CDMA MN AAA in the CDMA Network
l Interfaces of the infoX CDMA MN AAA
The infoX AAA can access the account information of CDMA network data user and
check network access authentication credentials. If the user's credentials are authentic
and the connection attempt is authorized, the infoX AAA will authorize the user's
access based on specified conditions and record the network access connection in an
accounting log. Through RADIUS, the user authentication, authorization, and
accounting data can be collected and maintained in a central location, rather than on
each access server.
This interface is between RADIUS Server and PDSN. The interface adopts RADIUS
protocol to implement authentication, authorization and accounting for service user.
The infoX-AAA can work with access equipment of various networks, such as PDSN in
CDMA network, GGSN in WCDMA/GPRS network.
RADIUS protocol is described in IETF RFC 2865 and 2866.
The 3GPP2 protocol is described in 3GPP2 P.S0001-A, 3GPP2 P.S0001-B and 3GPP2
X.S0011-005-C,etc
The interface between visited-AAA and Home-AAA adopts RADIUS protocol. The
visited-AAA transmits the entire RADIUS message, received from PDSN, to the
Home-AAA unchangeably.
The interface between visited-AAA and Broker-AAA adopts RADIUS protocol. The
visited-AAA transmits the entire RADIUS message, received from PDSN, to the Broker
-AAA unchangeably.
This interface is between AAA and HA. The interface adopts RADIUS protocol to
implement authentication and authorization for service user.
RADIUS protocol is described in IETF RFC 2865 and 2866.
When the HA receives an RRQ from a PDSN, and if there is no previous MN-HA shared
key, the HA shall send a RADIUS Access-Request message associated with the user
to retrieve the MN-HA shared key. The RADIUS Access-Request message shall
contain the user's NAI. The RADIUS server will return the MN-HA shared key attribute
to the HA.
After charging, the infoX-AAA generates detailed priced bills and transfers them to the
accounting processing module, which merges the received bills according to NAI and
forms the uniform data service bills.
After processing the service bills, the infoX-AAA implements the unified BOSS function
through the open interface used with other specialized accounting systems. The
infoX-AAA also provides a complete BOSS interface, i.e., API, which can be invoked in
other specialized accounting systems when necessary to achieve the BOSS function.
The infoX-AAA can easily work with the existing OSS/BSS software of the carrier.
The MML Server provides necessary environment for resolving MML commands. The
MML can be provided to an external system like the OSS/BSS as an interface protocol.
The following describes the functions of the MML used as an interface protocol.
The Man Machine Language (MML) is a type of text-based command message.
Through the open APIs provided for Huawei MML protocol, the OSS system can send
the user's service maintenance command to the infoX-AAA system. Including the
functions of
l Registering users and accounts
l Deregistering users and accounts
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page1-3, Total51
infoX CDMA MN AAA Product Description Confidential
Interface function: The function of the FTP-based interface between the infoX-AAA and
the OSS/BSS system is to deliver CDRs. infoX-AAA puts generated CDRs into a
specified directory and the OSS/BSS system actively retrieves them.
Through controlling the interface, the infoX-AAA can receive commands of
enabling/disabling accounts delivered from the OSS/BSS system.
This chapter describes the following features of the infoX CDMA MN AAA:
l Supporting Visited-AAA/Broker-AAA/Home-AAA
l Supporting VPDN
l Supporting Local Prepaid Accounting
l Supporting IN Prepaid Accounting
l Supporting Postpaid Accounting
l Providing Massive Capacity
l Support Multi-Vendor Equipment
l Supporting Integration of CDMA AAA
l Supporting VSA attribute delivering
l Manageability and Maintainability
This chapter describes the following services and functions of the infoX CDMA MN
AAA:
l RADIUS Server
l Accounting Server
l Management System
l Prepaid Service
As specified in RFC 2865 and RFC 2866, RADIUS is an industry standard protocol,
and is used to provide authentication, authorization, and accounting services. A
RADIUS client (typically a PDSN) sends user credentials and connection parameter
information through RADIUS to the RADIUS server. The RADIUS server authenticates
and authorizes the RADIUS client's request, and sends back a RADIUS response
message. RADIUS clients also send RADIUS accounting messages to the RADIUS
server.
As a RADIUS server, Huawei infoX-AAA supports standard RADIUS defined in RFC
2865 and 2866 and 3GPP extended RADIUS protocol.
I. Visited-AAA
The infoX-AAA can serve as a visited MN AAA. Upon reception of RADIUS request
messages from the PDSN, the infoX-AAA can forward the requests based on realm of
NAI which can indicate a proxy target (i.e., a user would connect using George@myisp
rather than simply George) to user's home network unchangeably; Upon reception of
RADIUS response messages from user's home network, the infoX-AAA can forward
the message to PDSN unchangeably.
II. Broker-AAA
The infoX-AAA can serve as a broker MN AAA. It can forward the RADIUS request
messages from a visited MN AAA to a home MN AAA, and forward the RADIUS
response messages from a home MN AAA to a visited MN AAA.
III. Home-AAA
The infoX-AAA can serve as a home MN AAA. It can process and respond to the
RADIUS request messages received from the PDSN, visited MN AAA and broker MN
AAA.
IV. Summary
I. Simple IP
Simple IP refers to the access method which permits the subscriber to use an IP
address in a specified network. When moving outside the network, the subscriber will
use another IP address. In the process of network switching, the communication
breaks.
II. Mobile IP
Mobile IP refers to the access method which enables the subscriber to use an IP
address in different networks. Mobile IP provides the mobile function for subscribers.
With this function, subscribers can access different networks with one IP address and
keep the communication when switching networks.
4.1.4 Authentication
The end user equipment can connect to the PDSN in various passwords authentication
modes. The PPPoE protocol is most commonly used as the access protocol of end
users.
When PPPoE for CDMA is used for access, there are two user password authentication
modes: PAP and CHAP.
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page4-2, Total51
infoX CDMA MN AAA Product Description Confidential
I. PAP Authentication
Password Authentication Protocol (PAP) is very simple. The user sends password to
the infoX-AAA, and the infoX-AAA verifies it against its SQL database. Of the two legs
of the journey the password takes between user and infoX-AAA, the first leg is usually
unencrypted, and the PDSN gets the password from the user in clear text. For the
second leg, the PDSN encrypts the password and the infoX-AAA decrypts it using a
shared secret key. Ultimately, the infoX-AAA has the password in clear text form and is
able to make use of it directly for authentication.
Supporting the following five authentication methods: realm authentication (that is, all
authentication messages return successfully if the realm is correct), authentication
based on the IMSI, authentication based on the IMSI and NAI, authentication based on
the NAI and password, authentication based on the NAI, password and IMSI together.
In some scenario, the entire user use the common account to access the internet to use
a certain service, such as MMS service.
The infoX-AAA support “common account” + “IMSI” and “common account” + “common
password” +“IMSI” authentication methods. The corresponding service of the common
account can be set in the WMAS system. The charging policy of the common account
is based on usage not include the basic fee and accumulation discount.
V. Realm Analysis
The system denies the access of the user if the account is frozen or cancelled.
Some of the Radius Attribute value can be pre-set in the infoX-AAA WMAS GUI
interface. During the processing of Access-Request message, the infoX-AAA can
check whether the Radius attributes or values are being set.
Supporting pre-authentication: If the prepaid service is used with the WIN, two
interfaces are involved: pre-deduction and refund. After a user logs on, or the
pre-deducted fee has been used up, the user sends a pre-deduct message to the UIN
for more pre-deducted fee. After the user logs off, the balance is refunded. If the fee is
not pre-deducted, the access of the prepaid user is denied.
For prepaid user, the infoX-AAA can limit the user access base on time segment or
flow-based accumulative. The access policy can be set as some days of the week or
some time segment of the several days, or can be set as disable accessing or limit
bandwidth when accumulative flow value exceeding appointed value.
4.1.5 Authorization
I. Caller binding
The infoX-AAA supports that an account can only be used by a specified mobile phone,
effectively avoiding illegal use of the account of the CDMA user for access.
II. Uniqueness
After a special user is defined, the operator set a stationary IP address for him in the
infoX-AAA, which assigns the IP address to the user upon the access authentication.
Based on the setting, access user, realm and equipment, the system queries and
sends the attribute group to PDSN. These attributes include the dynamically defined
VPDN attribute, user QoS attribute, reverse tunnel attribute and the VPDN tunnel
attribute.
The infoX-AAA can select VSA templates based on domain names, user, and user
groups, etc, and deliver authorization attributes to the PDSN according to the VSA
templates.
The attributes can be import into system using format file defined by infoX-AAA system.
That is the attribute can be defined by vendors not pre-defined by infoX-AAA system.
After a subscriber is authenticated successfully, the infoX AAA delivers the IP address
to the device, and then the device assigns the IP address to the subscriber.
I. Overview
Huawei infoX-AAA can act as a RADIUS proxy server or a target server. In CDMA
network, When acting as a proxy server, Huawei infoX-AAA allows an incoming
RADIUS request to be forwarded to another RADIUS server (which is generally an
HOME-AAA RADIUS server of a CDMA user) for authentication and authorization or
accounting.
With proxy RADIUS, the infoX-AAA receives an authentication (or accounting) request
from a RADIUS client (such as a PDSN), forwards the request to a remote RADIUS
server (such as Broker-AAA/Home-AAA), receives the reply from the remote server,
and sends that reply to the client, possibly with changes to reflect local administrative
policy. A common use for proxy RADIUS is roaming. Roaming permits two or more
administrative entities to allow each other's users to access to either entity's network for
service.
The PDSN sends its RADIUS access-request to the "forwarding server" which forwards
it to the "remote server". The remote server sends a response (Access-Accept,
Access-Reject, or Access-Challenge) back to the forwarding server, which sends it
back to the PDSN. The User-Name attribute MAY contain a Network Access Identifier
(NAI) for RADIUS Proxy operations. The choice of which server receives the forwarded
request will be based on the authentication "realm" or IMSI. The authentication realm
MAY be the realm part of a Network Access Identifier (a "named realm"). Alternatively,
the choice of which server receives the forwarded request will be based on whatever
other criteria the forwarding server is configured to use, such as Called-Station-Id
(IMSI).
The infoX-AAA can function as both a forwarding server and a remote server, serving
as a forwarding server for some realms and a remote server for other realms. One
forwarding server can act as a forwarder for several numbers of remote servers. A
remote server can have several numbers of servers forwarding to it and can provide
authentication for several number of realms. One forwarding server can forward to
another forwarding server to create a chain of proxies, although care must be taken to
avoid introducing loops.
III. Supporting forwarding the packets of roaming users to the primary and secondary
servers
In inter-province roaming scenarios, the Visited-AAA server and Broker-AAA store the
UDR information of non-local roaming users for accounting and settlement.
Huawei infoX-AAA provides a balance budget mechanism for prepaid users. After a
user passes authentication, the infoX-AAA checks the user's account balance in real
time, and calculates the user's available online duration according to the balance and
the charging rate selected by the user. Then it sends a RADIUS access response
message with a session-timeout attribute to the PDSN.
If any PDSN has specified attributes requirement, the infoX-AAA can reply needed
attributes to different vendor PDSNs. The related attributes are described in the
following table.
In the registration of users, you can specify a fixed IP address for each user. When a
user accesses the system to use data services, the infoX-AAA receives an
Access-Request message from the PDSN. If it finds that the user has already
registered a fixed IP address, the infoX-AAA delivers the IP address in an
Access-Accept message and assigns it to the user.
The infoX-AAA can serve as the AAA of the VPDN Service, providing the authentication
of user L2TP tunnels and the configuration of tunnel attributes. According to the realm
carried in a NAI, the infoX-AAA judges the user's home, and transfers the
corresponding L2TP attributes to the LAC. Based on these attributes, the LAC
establishes an L2TP tunnel and session to the home LNS for the user.
This mode is applicable to the enterprise-oriented VPDN service. If a user is found to
be a VPDN user of an enterprise, the infoX-AAA will send the corresponding L2TP
attributes to the LAC through RADIUS, and thereby establish an L2TP tunnel to the
enterprise LNS. The authentication of a single user is completed by the enterprise AAA.
After a user's L2TP session is established, if the LAC can send RADIUS accounting
messages to the infoX-AAA, the infoX-AAA may record the network usage statistics of
this end user. These records can be used for checking the bills generated at the Carrier
and the enterprise AAA.
The standard VPDN attributes are described in the following table.
In this specification, an MS may request dynamic HA assignment during the initial MIP
registration. If the local policy dictates that during re-registration, the PDSN shall send a
RADIUS Access-Request message to Home RADIUS server, then Home RADIUS
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page4-9, Total51
infoX CDMA MN AAA Product Description Confidential
shall allocate the same HA that is specified in the RRQ To request a dynamic HA
assignment, the MS shall set the HA address field to 255.255.255.255 in the RRQ
message.
Upon receipt of the RADIUS Access-Request message, if the Home RADIUS
determines that an HA may be assigned dynamically, then the Home AAA shall apply
an implementation specific HA selection algorithm to determine the IP address of an HA
and return it to the PDSN in the HA Attribute in an RADIUS Access-Accept message.
The PDSN then relays the RRQ message to the assigned HA.
If the assigned HA does not have the MN-HA shared secret to verify the MN-HA
Authentication Extension, the HA shall obtain it from the Home AAA. If the processing
of the RRQ message is successful, then the HA responds with an RRP message to the
PDSN containing its own IP 3GPP2 P.S0001-B 2/6/2002 address in the HA field. Upon
receipt of an RRP message indicating MIP registration success, the MS shall accept
the dynamically assigned HA address contained in the RRP message, even if it is
different from the HA address provided in the RRQ message. The network will not
dynamically assign a home address, unless the MS requests one. The allocated HA
shall be capable of supporting the requested non-zero Home Address of the MS, if
proposed in the RRQ.
During MIP re-registrations, the MS shall use the same HA IP address and the Home
Address that were assigned to it during the initial MIP registration.
If the MS initiates an RRQ with a non-zero HA IP address that is not 255.255.255.255
(i.e., MS not requesting a dynamic HA assignment), then the Home AAA should return
the same HA IP address in the RADIUS Access-Accept message to the PDSN.
The infoX-AAA supports prepaid user authentication accounting, and postpaid user
authentication and accounting.
The infoX-AAA support Multi-Serv-Flow for postpaid service. That is, the postpaid user
has one session and uses several services.
The infoX-AAA support One-Serv-Flow for prepaid service. That is, the prepaid user
has one session and uses ones services.
For prepaid service, the system supports various accounting modes, including
I. Free charge
For some users, all the Internet access fees are free of charge.
The users pay for the Internet access fee for a month. In this month, he has no limit
duration or volume for Internet access.
For users with high consumption, only part of the basic fee is charged, and the users
are charged at a low rate.
To stimulate the consumption of users, when the accumulated Internet access fee of a
user exceeds the upper limit, the system no longer charges the user.
V. Time-segment-based accounting
The Accounting Server provides flexible charging policies for the CDMA access service.
The infoX-AAA supports the duration-based charging in the CDMA services.
The infoX-AAA supports setting charging rates based on the data flow generated upon
the usage of the data service and supports charging according to the traffic information
reported by PDSN.
I. Time-segment-based discount
Network
6 Access 1 64 String User-Name
Identifier(NAI)
MIP Home 3GPP2 HA IP
7 26/7 16 IP-addr
Agent (HA) Addr
PDSN/FA
8 4 16 IP-addr NAS Address
Address
3GPP2 PCF IP
9 Serving PCF 26/9 16 IP-addr
Addr
The MML Server is mainly responsible for the client access control. The client access
control means that the legal third party will be granted the access license and that the
third-party software will apply for access when it starts, so that the MML Server can
check its license and grant the access permission accordingly. This result in great
access convergence, and hence the access load of the Service Management
Subsystem host is reduced.
Through the WMAS, the carrier can manage recharging card resources. For example,
the carrier can generate, activate, deactivate, pre-delete or delete cards, import or
export card data and extend the validity period of cards.
Function Description
Generate card Generates a batch of card resources.
Activates prepaid cards. Only the activated cards
Activate card
can be used to access the Internet.
Deactivates prepaid cards. Cards in the
Deactivate card Deactivated state cannot be used to access the
Internet.
Sets the status of a card to the Pre-deleted state.
Pre-delete card Cards in this state can be deleted directly from the
database.
Completely deletes cards from the database. After
Delete card this, cards can’t be regenerated and put in use
again.
Imports card data from a .txt file that is compiled in
Import card
the specified format into the database.
Exports the card data in the database to a .txt file in
Export card
the specified format.
Extend validity period Extends the validity period for a batch of cards.
l Account management:
l Add/delete users
A postpaid user can subscribe for the Internet access service through the business
center version. He can access the Internet through this account and pay the usage fee
to the carrier at the specified time. Normally, the consumption amount is not limited.
Moreover, through defining a user, the carrier can learn about some user data, and
control overdraft or defaulting actions of the user.
Deleting a user is reverse to defining a user. The carrier cancels the function of
accessing the Internet through this account, and stop providing the Internet access
service for the user.
l Reset accounts
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page4-14, Total51
infoX CDMA MN AAA Product Description Confidential
If your account is suspended, you can continue to use it to access the Internet through
resetting operation.
l Enable/disable accounts
As a forcible management function provided to control the defaulting users, it can
suspend the service. It can also resume the service after the users have paid all the
overdue fees.
l Unlock users
Locked users can ask to be unlocked in the business center.
l Change password
You can change your password in the business center.
You can manage local prepaid user account. The following show the main function of
the user account management :
If the carrier has OSS or Billing system which provide business function, the infoX-AAA
system provides MML interfaces to implement according functions. The following
functions in case of the carrier have no OSS or Billing system.
l Local prepaid account register
The infoX-AAA WMAS system provides local prepaid account registering GUI
operation function. This subscriber also can do cash recharge at the same time.
l Local prepaid account cash recharge
The infoX-AAA supports local prepaid subscriber do cash recharge through business
hall.
l Rollback cash recharging
The local prepaid subscriber can rollback cash recharging for recent month, usually it is
about 3 month.
l Query recharging record
The local prepaid subscriber can query cash recharging record through business hall.
The record is usually saved for 3 month.
The records include user account, recharging time, and recharging balance and so on.
l Query rollback recharging record
The local prepaid subscriber can query rollback cash recharging record through
business hall. The record is usually saved for 3 month.
l Query subscriber information
End user can query information about their accounts such as user name, user type,
port restriction status, and balance, etc.
You can manage various CDMA service parameters. For example, manage CDMA
service configuration parameters, realm attributes, extended attributes and proxy
attributes.
The CDMA service configuration parameters mainly include maximum monitored
duration (second) per session, maximum monitored traffic (Kbytes) per session,
maximum password reattempts, idle time-out time (second), the period of reserving
deregistered user data (day), the access range of prepaid users, and proxy priority. You
can query and modify the parameters.
You can configure various CDMA service parameters, realm attributes, extended
RADIUS attributes, proxy attributes the mapping of IMSIs and realms to satisfy the
requirements for flexible configuration of parameters, and thereby realize dynamic
delivery of attributes in the CDMA service.
By means of user management, you can manage the user profile. The user profile
includes the user's NAI, IMSI, status, password, service type, and QoS information.
You can manage users by NAI or by IMSI.
The values of QoS include:
0=Best Effort
10=AF11
12=AF12
14=AF13
18=AF21
20=AF22
22=AF23
26=AF31
28=AF32
30=AF33
34=AF41
36=AF42
38=AF43
46=EF.
The IMSI is the unique identifier of a user, and is used by the proxy AAA in user
authentication.
Through user management, you can manage user groups, user information, user
password, user authentication mode, and user password protection, freeze a single
user or freeze users in batches, and realize scheduled deletion of deregistered user
data.
The main attributes of a user are described in the following table.
Attribute description
User Name
User Service Type
Home Realm
IMSI
MDN
Static IP address
User status
Through the remote Web management interface provided by the infoX-AAA system or
through command lines, you can manage system data, and manage the open JDBC
interface between the background and the database.
System management is mainly to manage operator data, user data, accounting data,
network nodes and system alarms, monitor system resources and back up the
database.
In the CDMA service, you can add, load, modify, update, unload and delete PDSN
nodes and CDMA proxy nodes.
The information of a PDSN node includes node type, node number, basic IP address,
basic port number, backup IP address, and equipment type, public key and extended
attribute ID.
The information of a CDMA proxy node includes node type, node number, basic IP
address, basic port number, backup IP address, equipment type, protocol code and
public key.
The information of an HA node includes node type, node number, basic IP address,
basic port number, backup IP address, equipment type, RADIUS Share Secret, and
IKE Pre-shared Secret.
The infoX-AAA uses the defined parameters of a network node to communicate with
the corresponding external entity and satisfy the requirements of the CDMA service.
The prepaid service solution allows a user to buy a certain amount of services in
advance (In the prepaid data service, it is a certain quantity of usage time or data traffic).
In this solution, the prepaid service traces the user's consumption of resources (time or
traffic) and deducts the service fees from the user's account in real time. Before the
account balance runs out, the prepaid service allows the user to recharge the account,
and thereby ensures that the user can uninterruptedly enjoy various services provided
by the carrier.
Note:
It can’t support IN prepaid service and local prepaid service at the same time in the
infoX-AAA system.
At present, almost all the wireless carriers in the world have deployed the prepaid
service in the voice service field. In some areas, the quantity of prepaid voice service
users has reached 70% of the total quantity of users. It is found by carriers that the
provisioning of prepaid services can not only popularize wireless services, but also
bring considerable profits for them. The CDMA carriers worldwide are now upgrading
their networks to CDMA 1x, and begin to provide optimized data services. They
strongly demand equipment manufacturers to provide a prepaid service solution
oriented to data services. This complete prepaid service solution provided for CDMA1x
carriers by Huawei is to meet this demand.
The implementation schemes for prepaid data services are classified into two types:
The Home-AAA (Here, it refers to the infoX-AAA) server can provide authentication,
authorization and accounting services for prepaid users, and can identify prepaid users.
Huawei intelligent network (H-IN) controls the account balance of each user. The
Home-AAA needs to request a certain amount of money from the H-IN and allocate it to
the user. If the amount is not used up, the remaining shall be refunded to the H-IN. The
interface between the AAA and H-IN adopts Huawei open HMPP protocol.
If the AAA of the current CDMA network is provide by infoX-AAA. There is no Huawei IN
rd
or the IN provide 3 party vendor who can’t follow the HMPP protocol, provided by
Huawei, to connect with infoX-AAA system. In order to implement the prepaid service,
the infoX-AAA provides local prepaid service function. The network structure as
following shows:
The Web Portal system is provided by OSS/BILLING system of the carrier. If there is no
OSS/BILLING system, the web portal basic function provided by infoX-AAA. The
interface between the infoX-AAA and Web Portal adopts Huawei open MML protocol
In the situation, an independent prepaid data service system is separated from the
prepaid voice service system. Each user has an independent prepaid data service
account.
The Home-AAA (Here, it refers to the infoX-AAA) server can provide authentication,
authorization and accounting services for local prepaid users, and can identify local
prepaid users. The infoX-AAA controls the account balance of each user. The
Home-AAA needs to request a certain amount of money from local prepaid account
and allocate it to the user. If the amount is not used up, the remaining shall be refunded
to the local prepaid account.
The infoX-AAA system issues recharging card. The local prepaid user can use
recharging card recharge account through Web Portal system.
Note:
We recommend the carrier provides the Web Portal system when infoX-AAA provides
the local prepaid service. The infoX-AAA just provides basic function Web Portal
system.
The Self-care Portal is an optional component of the infoX-AAA system of the local
prepaid service. Through the Self-care Portal, the carrier can provide Web-based
customer self-care services to users.
The following figure is a sample page of the Web-based self-care Portal:
1) In the operation area on the left, users can operate self-care local prepaid service.
2) In the demonstration area on the right, users can view the operation results.
4.5.1 Functions
End user can query information about their accounts such as user name, user type,
account balance, and so on.
End users can log in to the self-care center to change their authentication password.
After a local prepaid user buy a rechargeable card, he can login in to the self-care
center to recharge.
The local prepaid user can query bills by the month on the self-service portal. The user
can query the detailed online information in this period, such as online time, duration,
volume, and consumption amount.
Chapter 5 Reliability
l Hardware Reliability
l Software Reliability
standby hosts, the call or operation being processed may be lost. The switchover time
of the dual system is no more than 300 seconds.
Active
Active machine
machine
application
application software
software
Lock On standby machine,
Lockdisk
disk only OS is running.
Informix
Informix Server
Server
Data space
Active
Active network
network
segement
segement
Standby
Standby network
network
segment
segment
Heartbeat network
There are two nodes and two shared disk arrays in the infoX-AAA dual system. All the
application files and data in the database are put on the shared disks. Simultaneously
infoX-AAA applications are split into two application groups. Each group corresponds to
a predefined logical host. The logical host is a virtual host which can switch between
the two nodes. The logical host has a floating IP address which is bound to the
hardware node but floats with the logical host between the two hardware nodes. So the
client system does not need to care which node the application group is presently on.
The two application groups that correspond to the two logical hosts include:
Group1: RADIUS & billing system and other relative processes.
Group2: service management system and Web application processes.
At normal time, the two logical hosts are active separately on the two hardware nodes.
When one node is running abnormally, the cluster monitor will probe the failure, and
then switch the logical host to another node, and subsequently start up the
corresponding applications.
Figure 5-2 describes the configuration of the cluster dual system.
Admin Client
console System
Public Network
ttya ttya
NAFO NAFO
Group Group
Interconnect
adaptors
Node 1 Node 2
Interconnect cables
Storage SCSI
interfaces
Regarding disk reliability, infoX-AAA ensures high reliability and availability of data in
centralized storage array mode. The infoX-AAA system includes two storage disk
arrays. (For example, Sun StorEdge3320. A single array can support up to 12*73G
Ultra SCSI disks.) In the centralized storage array system, the infoX-AAA adopts the
RAID 1+0 technologies to provide disk redundancy and ensure high performance.
Thereby, it can prevent system data from being affected by any single point failure.
The data redundancy function is to use redundant information to recover data after user
data is corrupted, so as to ensure security for the user data. From the view point of the
user, the disk volume is like a hard disk. Operations on a disk array are basically
consistent with those on a single hard disk. The mere difference is as follows: The
storage performance of a disk array is much higher than that of a single hard disk.
Moreover, the disk array can provide data redundancy.
RAID stands for Redundant Array of Independent Disks. Simply speaking, a RAID is a
hard disk volume (logical hard disk) formed by several independent hard disks
(physical hard disks). Compared with a single hard disk, a RAID provides data
redundancy and higher storage performance. Various modes for forming RAIDs are
called RAID levels.
RAID 0, also called stripe or striping, and represents the highest storage performance
among all RAID levels. For RAID 0, the principle of enhancing storage performance is
to scatter successive data to multiple disks for access. In this way, when there is a data
request in the system, the requested operation will be implemented on multiple disks in
parallel, and each disk only fulfills the part of data of its own. This kind of parallel
operation can make full use of the bus bandwidth and remarkably enhance the overall
access performance of the disks.
RAID 1 is also called mirror or mirroring. Its purpose is to maximally ensure the
availability and recoverability of user data. The operation mode of RAID 1 is to
automatically duplicate all the data written by a user on a hard disk to another hard disk.
Due to 100% backup of stored data, among all the RAID levels, RAID 1 provides the
highest data security guarantee. However, because the backup data occupies half of
the total storage space, the mirror disk features lower space utilization ratio and high
storage cost.
RAID 1+0 is the combination of RAID 0 and RAID 1. As a scheme that has taken both
storage performance and data security into consideration, RAID 1+0 provides data
security guarantee equivalent to that of RAID 1, and storage performance approximate
to that of RAID 0.
Here take RAID 1+0 formed by four disks as an example. Figure 5-3 shows its data
storage mode.
In addition, the infoX-AAA adopts VERITAS Volume Manager to manage the volumes
of the whole disk array, and thereby ensures that each disk volume can be orderly
accessed by multiple hosts in parallel.
All the power supplies, signaling links and data networks of Huawei infoX-AAA host are
backed up to guarantee the normal operation of the system in case any fault occurs on
the active node.
The data links of the dual system work in active/standby mode. Each node of the
cluster is provided with two network adapters (one active and one standby), which are
respectively connected to the active sub-network and the standby sub-network. The
two sub-networks are connected via links. If the active network adapter on a host is
faulty, the standby network adapter will be used for network communication. If the
connector in the active network segment is faulty, the equipment running on the
network can continue to work in the standby network segment.
The entity with dual system represents one IP address, that is, the floating IP address,
to the outside. Therefore, the IP address accessed by the external entity remains
unchanged after the switchover of the dual system. Both the data network and the
signaling network link are configured in pairs. If one link is faulty, the system can
automatically switch over to the other link.
The handling of various exceptions has been considered during the design of each
functional entity. For example, when one process of the RADIUS server is abnormal, it
can be automatically restarted.
Any application Subsystem that has detected abnormal running will report the alarm
information to the EMS system, and the EMS system generates an alarm to inform the
operator for handling.
In case of communication exception, each functional entity can automatically detect the
communication exception with the external entity, and will save the messages sent to
the outside. When the communication recovers, it will re-send the messages.
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page5-5, Total51
infoX CDMA MN AAA Product Description Confidential
The RADIUS server makes real-time access statistics, and will start overload control to
ensure that the system can resist very high call impact when the system load exceeds
the threshold value or when the response speed is very slow. Meanwhile, it ensures
that the processing capability of the system can be recovered quickly after the impact,
and the service capability will not drop greatly in peak hours.
The M2000 is a centralized management system for the Huawei mobile network
products. It is platform software implementing centralized management for different
mobile network products. The M2000 communicates with the infoX-AAA through the
TCP/IP protocol.
l System Performance
l Physical and Electrical Specifications 删除的内容: Physical and
Electrical Specifications
l Reliability Specifications
删除的内容: Reliability
l Compliant Safety Standards
Specifications
l EMC Specifications
删除的内容: EMC
Specifications
7.1 System Performance
Table 7-1 lists the system performance specifications of the infoX-AAA which runs in
SUN V440 Dual, 4*1.593GHz, 8G, 4*73G.
1
Table 7-1 system performance specifications
Item Performance
The max amount of database
l 500 thousand
subscribers
The max active subscribers l 130 thousand
l Postpaid
RADIUS authentication 167 pieces per second
message processing rate l Prepaid
50 pieces per second
l Postpaid
RADIUS accounting message 334 pieces per second
processing rate l Prepaid
1008 pieces per second
l Postpaid
RADIUS transaction processing 167 pieces per second
rate l Prepaid
50 pieces per second
l < 3 seconds (for 95% of the authentication
Response time for an requests)
authentication request l < 5 seconds (for 99% of the authentication
requests)
1
According to the calling mode provided by infoX-AAA.
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page7-1, Total51
infoX CDMA MN AAA Product Description Confidential
Item Specification
Availability Is more than 99.995%.
Time needed to switch in the two-node system Is less than 5 minutes.
Mean Time Between Failure (MTBF) Is more than 17520 hours.
Mean Time To Recover (MTTR) Is less than 48 minutes.
Chapter 8 Installation
l System Installation
l System Expansion
l Vertical expansion
You can enhance the performance indexes of a node such as the processing capability,
storage capability, and I/O processing capability by increasing the number of CPUs,
memory capacity and the number of hard disks. Thereby the service processing
capability of this node is enhanced.
l Horizontal expansion
A
AAA Authentication, Authorization and Accounting
ADSL Asymmetric Digital Subscriber Line
ASN Access service network
ASN-GW ASN Gateway
ASP Application service provider
B
BSC Base Station Controller
BS Base Station
BSS Base Station Subsystem
BTS Base Transceiver Station
C
CDR Call Detail Record
CDMA Code Division Multiple Access
CDPD Cellular Digital Packet Data
CSD Circuit Switched Data
CSN Connectivity service network
CP/SP Content/Service Provider
D
DHCP Dynamic host configuration protocol
DSMP Data Service Management Platform
DSSP Data Service Switch Point
E
EAP Extensible authentication protocol
F
FA Foreign Agent
FTAM File Transfer Access Management
FTP File Transfer Protocol
G
GGSN Gateway GPRS Support Node
GMSC Gateway Mobile Switching Center
GSM Global System for Mobile Communication
H
HA Home Agent
HLR Host Location Register
HTTP Hyper Text Transfer Protocol
I
ICP Internet Content Provide
IGW Interconnecting Gateway
IN Intelligent Network
iSMS Integrated Service Management System
ISDN Integrated Services Digital Network
ISN Intelligent Service Node
ISP Internet Service Provider
M
Confidential Information of Huawei. No Spreading without
2008-04-04 Permission Page9-1, Total51
infoX CDMA MN AAA Product Description Confidential