Академический Документы
Профессиональный Документы
Культура Документы
AAA Server
Technical Description
Version 3.06.11
ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900 800-9830-9830
Fax: (86) 755 26772236
URL: http://support.zte.com.cn
E-mail: doc@zte.com.cn
LEGAL INFORMATION
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
Revision History
Document
ZXMBW AAA AAA Server Technical Description
Name
Document Revision
Product Version V3.06.11 R1.0
Number
Equipment
Serial No. sjzl20073195
Installation Date
Presentation:
(Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization,
Appearance)
Good
Fair
Average
Poor
Bad
N/A
Intelligibility:
(Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content)
Good
Fair
Average
Poor
Bad
N/A
Please check the suggestions which you feel can improve this documentation:
Improve the overview/introduction
Make it more concise/brief
Improve the Contents
Add more step-by-step procedures/tutorials
Improve the organization
Add more troubleshooting information
Include more figures
Make it less technical
Your
Add more examples
Add more/better quick reference aids
suggestions for
Add more detail
Improve the index
improvement of
this
Other suggestions
documentation __________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
# Please feel free to write any comments on an attached sheet.
If you wish to be contacted regarding your comments, please complete the following:
Name Company
Postcode Address
Telephone E-mail
This page is intentionally blank.
Contents
Chapter 1.......................................................................... 1
Introduction ..................................................................... 1
Overview ............................................................................. 1
System Background .............................................................. 1
Complied Standards .............................................................. 2
WiMAX Network Reference Model ............................................ 6
ZXMBW AAA Server.............................................................. 7
AAA Server Functions ............................................................ 8
Chapter 2.......................................................................... 9
Chapter 3........................................................................ 13
Software Architecture.................................................... 13
Overview ........................................................................... 13
AAA Software Architecture ................................................... 13
External Gateway................................................................ 15
Chapter 4........................................................................ 17
Technical Indices ........................................................... 17
Overview ...........................................................................17
Physical Indices ..................................................................17
Power Supply......................................................................17
Capacity Indices..................................................................18
Performance Indices ............................................................18
Environmental Requirements ................................................18
Chapter 5........................................................................ 21
Interfaces....................................................................... 21
Overview ...........................................................................21
Communication Protocol .......................................................21
Interface between AAA and ASN-AGW ....................................22
Chapter 6........................................................................ 29
Service Functions........................................................... 29
Overview ...........................................................................29
Authentication, Authorization and Accounting ..........................29
Initial Service Flow Channel Management ...............................34
AAA Disaster Recovery Function ............................................36
Chapter 7........................................................................ 37
Chapter 8........................................................................ 45
Appendix A ..................................................................... 47
Abbreviations ................................................................. 47
Glossary.......................................................................... 51
Figures............................................................................ 53
Tables ............................................................................. 55
Index .............................................................................. 57
This page is intentionally blank.
About This Manual
Purpose
This manual explains the background, software and hardware
architecture, interface, service functions and networking modes
of ZXMBW AAA system.
Intended Audience
This manual is intended for engineers and technicians who
perform operation activities on ZXMBW AAA system.
Chapter Summary
Chapter 1, Introduction Briefly explains ZXMBW AAA background,
functions and architecture.
Chapter 2, Hardware Introduces hardware architecture of
Architecture ZXMBW AAA Server with corresponding
entities.
Chapter 3, Software Introduces the software architecture of
Architecture ZXMBW AAA and its related subsystems.
Chapter Summary
Chapter 4, Technical Briefly describes the technical indices and
Indices environmental requirements of ZXMBW
AAA server.
Chapter 5, Interfaces Introduces the interfaces between AAA
and other network entities.
Chapter 6, Service Introduces the service functionalities of
Functions ZXMBW AAA Server.
Chapter 7, EAP Introduces the EAP authentication protocol
Authentication stacks and authentication flows.
Chapter 8, Networking Introduces the networking modes for
Modes ZXMBW AAA server.
Related Documentation
The following documentation is related to this manual:
ZXMBW AAA (V3.06.11) AAA Server Hardware Installation
ZXMBW AAA (V3.06.11) AAA Server Software Installation
ZXMBW AAA (V3.06.11) AAA Server Agent
ZXMBW AAA (V3.06.11) AAA Server Billing
ZXMBW AAA (V3.06.11) AAA Server Configuration
ZXMBW AAA (V3.06.11) AAA Server Routine Maintenance
ZXMBW AAA (V3.06.11) AAA Server Performance Monitoring
and Alarm Information
Conventions
Typographical ZTE documents employ the following typographical conventions.
Conventions
TABLE 2 TYPOGRAPHICAL CONVENTIONS
Typeface Meaning
Italics References to other Manuals and documents.
“Quotes” Links on screens.
Bold Menus, menu options, function names, input
fields, radio button names, check boxes, drop-
down lists, dialog box names, window names.
CAPS Keys on the keyboard and buttons on screens
and company name.
Constant width Text that you type, program code, files and
directory names, and function names.
Introduction
Overview
Introduction This chapter briefly explains ZXMBW AAA background, functions
and architecture.
Contents This chapter includes the following topics:
System Background
Introduction Mobile communication is a fastest growing sector in the current
telecommunications industry. Over the past two decades from
its initial commercial application in early 1980s, mobile
communication has become the most competitive and promising
means of communication.
Description With the evolution from 1G analog system to 2G GSM and
narrowband CDMA system, the International Mobile 2000
(IMT2000), namely, Third Generation (3G) communications
system has become focus of the industry. 3G mobile
communication system aims at providing broadband service in
particular multimedia data service at high frequency spectrum
utilization. The objectives of its design are to provide system
capacity greater than Second Generation (2G), better
communication quality, universal mobility, and multiple services.
Complied Standards
ZXMBW is complied with the following protocols and standards:
IEEE 802.16-2004 October 2004, Air Interface for Fixed and
Mobile Broadband Wireless Access Systems — Amendment
for Physical and Medium Access Control Layers for Combined
Fixed and Mobile Operation in Licensed Bands, August 2004.
IEEE 802.16e/D12 September 2005, Local and Metropolitan
Area Networks – Part 16: Air Interface for Fixed Broadband
Wireless Access Systems, March 2004.
Public Ether Type Field Listings, http:
//www.iana.org/assignments/ethernet-numbers
RFC792 - Internet Control Message Protocol (ICMP), J. Postel,
September 1981,
RFC826 - An Ethernet Address Resolution Protocol (ARP),
David C. Plummer, November 1982.
RFC1027 - Using ARP to Implement Transparent Subnet
Gateways, Smoot Carl-Mitchell and John S. Quarterman,
October 1987
RFC1349 – Type of Service in the Internet Protocol Suite, P.
Almquist, July 1992.
RFC1678 - IPng Requirements of Large Corporate Networks,
E. Britton and J. Tavs, August 1994,Informational
RFC1701 - Generic Routing Encapsulation (GRE), S. Hanks,
et al., October 1994, Informational
RFC2119 – Key words for use in RFCs to Indicate
Requirement Levels, S. Bradley, March 1997, Best Current
Practice
RFC2131 – Dynamic Host Configuration Protocol (DHCP), R.
Droms, March 1997, Standards Track
RFC2132 – DHCP Options and BOOTP Vendor Extensions, S.
Alexander and R. Droms, March 1997,Standards track
RFC2205 – Resource ReSerVation Protocol (RSVP), R. Braden,
et al., September 1997, Standardstrack
RFC2327 – SDP: Session Description Protocol, M. Handley
and V. Jacobson, April 1998, StandardsTrack
RFC2461 – Simpson, Neighbor Discovery for IP Version 6
(Ipv6), Narten and Nordmark, December1998, Standards
Track
RFC2462 – Ipv6 Stateless Address Auto-configuration,
Thomson and Narten, December 1998,Standards Track
RFC2474 – Definition of the Differentiated Services Field in
the Ipv4 and Ipv6 Headers, K. Nichols, etal., December 1998,
Standards Track
R2
R3
SS R1
ASN
/MS
R4 CSN ASP
ASP
R3
Visit netw ork ASN
R5
Home network R2
CSN ASP
ASP
Hardware Architecture
Overview
Introduction This chapter introduces the hardware architecture of ZXMBW
AAA Server with corresponding entities.
Contents This chapter includes the following topics:
FI G U R E 2 AR C H I T E C T U R E OF Z X M BW AA A S Y S T E M
Software Architecture
Overview
Introduction This chapter describes the software architecture of ZXMBW AAA
and its related subsystems.
Contents This chapter includes the following topics:
External Gateway
Interface between ZXMBW AAA system and the customer care
system functions through the external gateway, as shown in
Figure 4.
Billing system
msg
Service Agent
Agent Module
subsystem
External gateway starts the socket (on the basis of TCP) service
on the specified port, listens the specified port in 7*24 hours,
and interacts with the customer care system using request/reply
commands. The subsystem receives commands from the
customer care system in accordance with the MML customer
care interface specifications, and converts them into internal
signaling to create user account, query and modify user
subscription data and delete users.
Technical Indices
Overview
Introduction This chapter describes the technical indices and environmental
requirements of ZXMBW AAA server.
Contents This chapter includes the following topics:
Physical Indices
If any commercial UNIX server or PC server is used as AAA, such
physical features as dimensions, weight and capacity
requirements are shown in the attached technical document of
respective machine.
Power Supply
ZXMBW AAA system power indices are shown in Table 8.
Parameter Indices
AC Voltage 160 V ~ 265 V
Parameter Indices
Frequency 45Hz ~ 65Hz
Capacity Indices
ZXMBW AAA system capacity indices are shown in Table 9.
Parameter Indices
Standard Configuration 500,000 users
High-End Configuration 1,000,000 users
Authentication Quantity per 800/s
second
Billing Quantity per second 400/s
Monitoring Index <= 4 %
Performance Indices
ZXMBW AAA system performance indices are shown in Table 10.
Parameter Indices
AAA supports 1,000,000 Subscribers
Authentications per second 600
Processing time for one > 50 ms
authentication
MTBF >100,000 hours
Environmental Requirements
Temperature Too high or too low temperature or humidity in the equipment
and Humidity room can result in adverse effects to the equipment life span.
ZXMBW AAA temperature and humidity requirements are shown
in Table 11.
Temperature Humidity
Long-Term Short- Term Long-Term Short- Term
Operating Operating Operating Operating
Conditions Conditions Conditions Conditions
15°C (59°F) ~ 0°C (32°F) ~ 30% ~ 70% 20% ~ 90%
25°C (77°F) 45°C (113°F)
Interfaces
Overview
Introduction This chapter describes the interfaces between AAA and other
network entities.
Contents This chapter includes the following topics:
Communication Protocol
Introduction RADIUS protocol is used to transmit authentication,
authorization and accounting information between ZXMBW AAA
server and ASN-AGW. AAA server acts as the RADIUS server.
ASN-AGW acts as the RADIUS client.
Description RADIUS protocol is an extendable protocol. All the jobs it does
are based on Attribute-Length-Value vector. It uses the smart
authentication mechanisms such as PAP, CHAP etc.
Basic RADIUS principle is: User access to the NAS. NAS sends
the user name and password information to RADIUS through
Access-Request message. The password information is
encrypted by MD5 method. NAS and RADIUS server use the
same key. This key is not transmitted on the network. Then
RADIUS servers checkout the user name and password. It also
can generate a Challenge for further authentication to the user
or to NAS when necessary. If they are legal, it will return an
Access-Accept message to NAS and allow the further procedure.
Otherwise it will return Access-Reject message and denied
access. If the access is allowed, NAS will send the Account-
Request message to RADIUS server and beginning charging.
Supplicant Authenticator ASN Gateway Visited NSP AAA Broker AAA Backend
EAP-TLS with X.509 Certificate exchange for device (MSS) and network BS mutual
authentication
EAP
802.16 UDP/TCP/IP
Code Description
1 Access-Request
2 Access-Accept
Code Description
3 Access-Reject
4 Accounting-Request
5 Accounting-Response
11 Access-Challenge
12 Status-Server (experimental)
13 Status-Client (experimental)
40 Disconnect-Request
41 Disconnect-ACK
42 Disconnect-NAK
255 Reserved
Introduction The packet types are defined by the Code field. Packets of types
Access-Request, Access-Accept, Access-Reject and Access-
Challenge are described below.
Access This Access-Request is sent to RADIUS Server to decide whether
Request to allow the user to access the external data network and
whether to provide the user with specific service. After receiving
the Access-Request from the client, RADIUS Server must send a
reply message back. Here, if the user Password need be
transferred, its value must be encrypted with MD5 algorithm.
Attributes of Access-Request:
Attributes = User-Name
+ NAS-IP-Address, NAS-Identifier
+ User-Password, CHAP-Password
+ (NAS-Port, NAS-Port-Type)
Code:
1 for Access-Request
Identifier:
Once Attributes change or a valid reply is received, the
Identifier must change. The Identifier cannot change in
retransmission.
Request Authenticator:
The Request Authenticator value changes along with the
Identifier.
Access-Accept This packet is sent by RADIUS Server, and it is used to send the
configuration information required for service to the user. The
Identifier of Access-Accept matches that of Access-Request, and
the Response Authenticator must be correct, when the Access-
Accept is deemed as valid. Otherwise, it is discarded.
Access-Reject After RADIUS Server receives the Access-Request, it must send
the Access-Reject (including one or multiple Reply-Message
attribute instances) if any Attribute is unacceptable.
Access- RADIUS Server hopes to provide the user with Challenge to get
Challenge a Response. RADIUS Server can send Access-Challenge (which
can contain one or more Reply-Message attribute instances or
one State attribute). In the received Access-Challenge, Identifier
Service Functions
Overview
Introduction This chapter describes the service functionalities of ZXMBW AAA
Server.
Contents This chapter includes the following topics:
Introduction In the first phase, only the subscriber authentication part in the
following flow is implemented. At present, method of
implementing EAP authentication is MD5-Challenge method.
MS BS ASN- GW AAA
(a ) SBC Procedure
(b ) PKMv2/ EAP Start
(c ) Auth Relay/ EAP Start
(g ) Access- Challenge
EAP Request/Md5- challenge
(h ) PKMv2 EAP Transfer (h ) Auth ReplyEAP Transfer Request
EAP Request/Md5- challenge
(k ) Access- Accept
EAP Success
(l ) Assign an IP address
(m ) MS Info Report
EAP Success,AK …
(p ) SA-TEK
Subscriber Accounting
EAP Authentication
Overview
Introduction This chapter describes the EAP authentication protocol stacks
and authentication flows.
Contents This chapter includes the following topics:
| Name...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Calculation Encrypted field C (i) and the final encrypted message can be
Method calculated by the following method:
b(1) = MD5(S + R + A) c(1) = p(1) XOR b(1) C = c(1)
Networking Modes
Overview
Introduction This chapter describes the networking mode for ZXMBW AAA
server.
Contents This chapter includes the following topic:
Generic Networking
Introduction Generic networking mode refers to MS connecting to AGW from
wireless side resorting to tunnel technologies such as GRE, PPP
and MPLS, and finally MS can access external network through
AGW. In this mode, security is ensured by means of firewalls, as
shown in Figure 14.
AAA Server
Internet
Intranet
MT+TE PE
AGW
Abbreviations
Abbreviation Description
3
3G The third generation mobile communications
A
AAA Authentication, Authorization and Accounting
AAL2 ATM Adaptation Layer type 2
AAL5 ATM Adaptation Layer type 5
ACK Acknowledgement
AH Authentication Header
ASN Access Service Network
ASP Application Service Provider
ASN-GW Access Service Network Gateway
ATM Asynchronous Transfer Mode
B
BSS Base Station Subsystem
C
CHAP Challenge Handshake Authentication Protocol
CHUB Control HUB
CM Configuration Management
COA Care Of Address
CPLD Complex Programmable Logic Device
D
DB Database
DBA Database Agent
DBIO Database Input & Output
DBS Database Subsystem
DHCP Dynamic Host Configuration Protocol
Abbreviation Description
DHCP Server Dynamic Host Configuration Protocol Server
DRC Data Rate Control
E
EMS Element Management System
F
FA Foreign Agent
FE Fast Ethernet
FISU Fill-in Signaling Unit
G
GDSN General Data Serving Node
GE Giga Ethernet
GLI GE Line Interface
GPRS General Packet Radio Service
GRE Generic Routing Encapsulation
H
HA Home Agent
HLR Home Location Register
HSSL High Speed Serial Link
I
ICMP Internet Control Message Protocol
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IMSI International Mobile Subscriber Identity
IPCP IP Control Protocol
IPSec IP Security
Ipv6 IP Version 6
IRM International Roaming MIN
Internet Security Association and Key
ISAKMP
Management Protocol
L
L2TP Layer2 Tunnel Protocol
LAN Local Area Network
LCP Link Control Protocol
LSSU Link Status Signaling Unit
M
MIP Mobile IP
MS Mobile Station
Abbreviation Description
MSID Mobile Station Identifier
MSIN Mobile Station Identification Number
MSISDN Mobile Station ISDN number
N
NAI Network Access Identifier
NCP Network Control Protocol
NE Network Element
NGN Next Generation Network
NMC Network Management Center
NMS Network Management Subsystem
O
OMC Operations & Maintenance Center
OMM Operation Maintenance Module
P
PAP Password Authentication Protocol
PPP Point to Point Protocol
PPTP PPP Tunnel Protocol
PSI PCF Session Identity
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial In User Service
RSVP Resource Reservation Protocol
S
STM Synchronous Transfer Mode
T
TCP Transfer Control Protocol
TOS Type Of Service
U
UDP User Datagram Protocol
UDR User Data Record
UMTS Universal Mobile Telecommunication System
V
VPN Virtual Private Network
VTP Virtual Tunnel Protocol
Abbreviation Description
W
WAN Wide Area Network
WDP Wireless Datagram Protocol
WDSS Wireless Data Services System
WIN Wireless Intelligent Network
WVPN Wireless Virtual Private Network
Visitor AAA AAA server resident on the visiting access provision network