Вы находитесь на странице: 1из 71

ZXMBW AAA

AAA Server
Technical Description

Version 3.06.11

ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900 800-9830-9830
Fax: (86) 755 26772236
URL: http://support.zte.com.cn
E-mail: doc@zte.com.cn
LEGAL INFORMATION

Copyright © 2006 ZTE CORPORATION.

The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.

All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.

This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.

ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.

ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.

Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.

The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History

Date Revision No. Serial No. Reason for Issue


Nov. 13, 2007 R1.0 sjzl20073195 First edition
ZTE CORPORATION
Values Your Comments & Suggestions!
Your opinion is of great value and will help us improve the quality of our product
documentation and offer better services to our customers.
Please fax to (86) 755-26772236 or mail to Documentation R&D Department, ZTE
CORPORATION, ZTE Plaza, A Wing, Keji Road South, Hi-Tech Industrial Park,
Shenzhen, P. R. China 518057.
Thank you for your cooperation!

Document
ZXMBW AAA AAA Server Technical Description
Name
Document Revision
Product Version V3.06.11 R1.0
Number
Equipment
Serial No. sjzl20073195
Installation Date

Presentation:
(Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization,
Appearance)
… Good … Fair … Average … Poor … Bad … N/A

Your evaluation Accessibility:


of this
(Contents, Index, Headings, Numbering, Glossary)
documentation
… Good … Fair … Average … Poor … Bad … N/A

Intelligibility:
(Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content)
… Good … Fair … Average … Poor … Bad … N/A

Please check the suggestions which you feel can improve this documentation:
… Improve the overview/introduction … Make it more concise/brief
… Improve the Contents … Add more step-by-step procedures/tutorials
… Improve the organization … Add more troubleshooting information
… Include more figures … Make it less technical
Your … Add more examples … Add more/better quick reference aids
suggestions for … Add more detail … Improve the index
improvement of
this … Other suggestions
documentation __________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
# Please feel free to write any comments on an attached sheet.

If you wish to be contacted regarding your comments, please complete the following:
Name Company
Postcode Address
Telephone E-mail
This page is intentionally blank.
Contents

About This Manual ............................................................ i


Purpose ................................................................................ i
Intended Audience ................................................................. i
Prerequisite Skill and Knowledge .............................................. i
What Is in This Manual ........................................................... i
Related Documentation.......................................................... ii
Conventions ......................................................................... ii
How to Get in Touch............................................................. iii

Declaration of RoHS Compliance..................................... v

Chapter 1.......................................................................... 1

Introduction ..................................................................... 1
Overview ............................................................................. 1
System Background .............................................................. 1
Complied Standards .............................................................. 2
WiMAX Network Reference Model ............................................ 6
ZXMBW AAA Server.............................................................. 7
AAA Server Functions ............................................................ 8

Chapter 2.......................................................................... 9

Hardware Architecture .................................................... 9


Overview ............................................................................. 9
AAA Hardware Architecture .................................................... 9

Chapter 3........................................................................ 13

Software Architecture.................................................... 13
Overview ........................................................................... 13
AAA Software Architecture ................................................... 13
External Gateway................................................................ 15

Chapter 4........................................................................ 17
Technical Indices ........................................................... 17
Overview ...........................................................................17
Physical Indices ..................................................................17
Power Supply......................................................................17
Capacity Indices..................................................................18
Performance Indices ............................................................18
Environmental Requirements ................................................18

Chapter 5........................................................................ 21

Interfaces....................................................................... 21
Overview ...........................................................................21
Communication Protocol .......................................................21
Interface between AAA and ASN-AGW ....................................22

Chapter 6........................................................................ 29

Service Functions........................................................... 29
Overview ...........................................................................29
Authentication, Authorization and Accounting ..........................29
Initial Service Flow Channel Management ...............................34
AAA Disaster Recovery Function ............................................36

Chapter 7........................................................................ 37

EAP Authentication ........................................................ 37


Overview ...........................................................................37
Authentication Protocol Stack ................................................37
User Authentication Flow ......................................................39
MD5-Challenge Authentication Flow .......................................40
EAP MD5-Response Message Format ......................................42
MSK Generate and Transmit ..................................................42

Chapter 8........................................................................ 45

Networking Modes ......................................................... 45


Overview ...........................................................................45
Generic Networking .............................................................45

Appendix A ..................................................................... 47

Abbreviations ................................................................. 47

Glossary.......................................................................... 51
Figures............................................................................ 53

Tables ............................................................................. 55

Index .............................................................................. 57
This page is intentionally blank.
About This Manual

Purpose
This manual explains the background, software and hardware
architecture, interface, service functions and networking modes
of ZXMBW AAA system.

Intended Audience
This manual is intended for engineers and technicians who
perform operation activities on ZXMBW AAA system.

Prerequisite Skill and Knowledge


To use this manual effectively, users should have a general
understanding of wireless telecommunications technology.
Familiarity with the following is helpful:
„ ZXMBW AAA system and its various components
„ User interfaces on ZXMBW AAA Server
„ Local operating procedures of ZXMBW AAA system

What Is in This Manual


This manual contains the following chapters:

TABLE 1 CHAPTER SUMM ARY

Chapter Summary
Chapter 1, Introduction Briefly explains ZXMBW AAA background,
functions and architecture.
Chapter 2, Hardware Introduces hardware architecture of
Architecture ZXMBW AAA Server with corresponding
entities.
Chapter 3, Software Introduces the software architecture of
Architecture ZXMBW AAA and its related subsystems.

Confidential and Proprietary Information of ZTE CORPORATION i


ZXMBW AAA AAA Server Technical Description

Chapter Summary
Chapter 4, Technical Briefly describes the technical indices and
Indices environmental requirements of ZXMBW
AAA server.
Chapter 5, Interfaces Introduces the interfaces between AAA
and other network entities.
Chapter 6, Service Introduces the service functionalities of
Functions ZXMBW AAA Server.
Chapter 7, EAP Introduces the EAP authentication protocol
Authentication stacks and authentication flows.
Chapter 8, Networking Introduces the networking modes for
Modes ZXMBW AAA server.

Related Documentation
The following documentation is related to this manual:
„ ZXMBW AAA (V3.06.11) AAA Server Hardware Installation
„ ZXMBW AAA (V3.06.11) AAA Server Software Installation
„ ZXMBW AAA (V3.06.11) AAA Server Agent
„ ZXMBW AAA (V3.06.11) AAA Server Billing
„ ZXMBW AAA (V3.06.11) AAA Server Configuration
„ ZXMBW AAA (V3.06.11) AAA Server Routine Maintenance
„ ZXMBW AAA (V3.06.11) AAA Server Performance Monitoring
and Alarm Information

Conventions
Typographical ZTE documents employ the following typographical conventions.
Conventions
TABLE 2 TYPOGRAPHICAL CONVENTIONS

Typeface Meaning
Italics References to other Manuals and documents.
“Quotes” Links on screens.
Bold Menus, menu options, function names, input
fields, radio button names, check boxes, drop-
down lists, dialog box names, window names.
CAPS Keys on the keyboard and buttons on screens
and company name.
Constant width Text that you type, program code, files and
directory names, and function names.

ii Confidential and Proprietary Information of ZTE CORPORATION


About This Manual

TABLE 3 MOUSE OPERATION CONVENTIONS


Mouse
Operation Typeface Meaning
Conventions Click Refers to clicking the primary mouse button (usually
the left mouse button) once.
Double-click Refers to quickly clicking the primary mouse button
(usually the left mouse button) twice.
Right-click Refers to clicking the secondary mouse button
(usually the right mouse button) once.
Drag Refers to pressing and holding a mouse button and
moving the mouse.

How to Get in Touch


The following sections provide information on how to obtain
support for the documentation and the software.
Customer If you have problems, questions, comments, or suggestions
Support regarding your product, contact us by e-mail at
support@zte.com.cn. You can also call our customer support
center at (86) 755 26771900 and (86) 800-9830-9830.
Documentation ZTE welcomes your comments and suggestions on the quality
Support and usefulness of this document. For further questions,
comments, or suggestions on the documentation, you can
contact us by e-mail at doc@zte.com.cn; or you can fax your
comments and suggestions to (86) 755 26772236. You can also
browse our website at http://support.zte.com.cn, which contains
various interesting subjects like documentation, knowledge base,
forum and service request.

Confidential and Proprietary Information of ZTE CORPORATION iii


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

iv Confidential and Proprietary Information of ZTE CORPORATION


Declaration of RoHS
Compliance

To minimize the environmental impact and take more


responsibility to the earth we live, this document shall serve as
formal declaration that the ZXMBW AAA AAA Server
manufactured by ZTE CORPORATION are in compliance with the
Directive 2002/95/EC of the European Parliament - RoHS
(Restriction of Hazardous Substances) with respect to the
following substances:
„ Lead (Pb)
„ Mercury (Hg)
„ Cadmium (Cd)
„ Hexavalent Chromium (Cr (VI))
„ PolyBrominated Biphenyls (PBB’s)
„ PolyBrominated Diphenyl Ethers (PBDE’s)

The ZXMBW AAA AAA Server manufactured by ZTE


CORPORATION meet the requirements of EU 2002/95/EC;
however, some assemblies are customized to client
specifications. Addition of specialized, customer-specified
materials or processes which do not meet the requirements of
EU 2002/95/EC may negate RoHS compliance of the assembly.
To guarantee compliance of the assembly, the need for
compliant product must be communicated to ZTE CORPORATION
in written form.
This declaration is issued based on our current level of
knowledge. Since conditions of use are outside our control, ZTE
CORPORATION makes no warranties, express or implied, and
assumes no liability in connection with the use of this
information.

Confidential and Proprietary Information of ZTE CORPORATION v


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

vi Confidential and Proprietary Information of ZTE CORPORATION


Chapter 1

Introduction

Overview
Introduction This chapter briefly explains ZXMBW AAA background, functions
and architecture.
Contents This chapter includes the following topics:

TABLE 4 TOPICS IN CHAPTER 1

Topic Page No.


System Background 1
Complied Standards 2
WiMAX Network Reference Model 6
ZXMBW AAA Server 7
AAA Server Functions 8

System Background
Introduction Mobile communication is a fastest growing sector in the current
telecommunications industry. Over the past two decades from
its initial commercial application in early 1980s, mobile
communication has become the most competitive and promising
means of communication.
Description With the evolution from 1G analog system to 2G GSM and
narrowband CDMA system, the International Mobile 2000
(IMT2000), namely, Third Generation (3G) communications
system has become focus of the industry. 3G mobile
communication system aims at providing broadband service in
particular multimedia data service at high frequency spectrum
utilization. The objectives of its design are to provide system
capacity greater than Second Generation (2G), better
communication quality, universal mobility, and multiple services.

Confidential and Proprietary Information of ZTE CORPORATION 1


ZXMBW AAA AAA Server Technical Description

Complied Standards
ZXMBW is complied with the following protocols and standards:
„ IEEE 802.16-2004 October 2004, Air Interface for Fixed and
Mobile Broadband Wireless Access Systems — Amendment
for Physical and Medium Access Control Layers for Combined
Fixed and Mobile Operation in Licensed Bands, August 2004.
„ IEEE 802.16e/D12 September 2005, Local and Metropolitan
Area Networks – Part 16: Air Interface for Fixed Broadband
Wireless Access Systems, March 2004.
„ Public Ether Type Field Listings, http:
//www.iana.org/assignments/ethernet-numbers
„ RFC792 - Internet Control Message Protocol (ICMP), J. Postel,
September 1981,
„ RFC826 - An Ethernet Address Resolution Protocol (ARP),
David C. Plummer, November 1982.
„ RFC1027 - Using ARP to Implement Transparent Subnet
Gateways, Smoot Carl-Mitchell and John S. Quarterman,
October 1987
„ RFC1349 – Type of Service in the Internet Protocol Suite, P.
Almquist, July 1992.
„ RFC1678 - IPng Requirements of Large Corporate Networks,
E. Britton and J. Tavs, August 1994,Informational
„ RFC1701 - Generic Routing Encapsulation (GRE), S. Hanks,
et al., October 1994, Informational
„ RFC2119 – Key words for use in RFCs to Indicate
Requirement Levels, S. Bradley, March 1997, Best Current
Practice
„ RFC2131 – Dynamic Host Configuration Protocol (DHCP), R.
Droms, March 1997, Standards Track
„ RFC2132 – DHCP Options and BOOTP Vendor Extensions, S.
Alexander and R. Droms, March 1997,Standards track
„ RFC2205 – Resource ReSerVation Protocol (RSVP), R. Braden,
et al., September 1997, Standardstrack
„ RFC2327 – SDP: Session Description Protocol, M. Handley
and V. Jacobson, April 1998, StandardsTrack
„ RFC2461 – Simpson, Neighbor Discovery for IP Version 6
(Ipv6), Narten and Nordmark, December1998, Standards
Track
„ RFC2462 – Ipv6 Stateless Address Auto-configuration,
Thomson and Narten, December 1998,Standards Track
„ RFC2474 – Definition of the Differentiated Services Field in
the Ipv4 and Ipv6 Headers, K. Nichols, etal., December 1998,
Standards Track

2 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 1 Introduction

„ RFC2475 – Architecture for Differentiated Services, S. Blake,


et al., December 1998, informational
„ RFC2597 – Assured Forwarding PHB Group, J. Heinanen, et
al., June 1999, Standards Track
„ RFC2598 – Expedited Forwarding PHB Group, V. Jacobson, et
al., June 1999, Standards Track
„ RFC2748 – The COPS (Common Open Policy Service)
Protocol, D. Durham, et al., January 2000,Standards Track
„ RFC2794 – Mobile IP Network Access Identifier Extension for
Ipv4, P. Calhoun and C. Perkins, March2000, Standards
Track
„ RFC2865 – Remote Authentication Dial In User Service
(RADIUS), C. Rigney, et al., June 2000,Standards Track
„ RFC2866 – RADIUS Accounting, C Rigney and Livingston,
June 2000, Informational
„ RFC2904 – AAA Authorization Framework, J. Vollbrecht, et
al., August 2000, Informational
„ RFC2905 – AAA Authorization Application Examples, J.
Vollbrecht, et al., August 2000,Informational
„ RFC2906 – AAA Authorization Requirements, S. Farrell, et al.,
August 2000, Informational
„ RFC3012 – Mobile Ipv4 Challenge/Response Extensions, C.
Perkins and P. Calhoun, November 2000,Standards Track
„ RFC 3024 – Reverse Tunneling for Mobile IP, revised, G.
Montenegro, January 2001, Standards track
„ RFC3041 – Privacy Extensions for Stateless Address
Autoconfiguration in Ipv6, Narten, Draves,January 2001,
Standards Track
„ RFC3046 – DHCP Relay Agent Information Option, M. Patrick,
January 2001, Standards Track
„ RFC3084 – COPS Usage for Policy Provisioning (COPS-PR), K.
Chan, et al., March 2001, StandardsTrack
„ RFC3115 – Mobile IP Vendor/Organization-specific extensions,
G. Dommety and K. Leung, April2001, Standards Track
„ RFC3118 – Authentication for DHCP Messages, R. Droms and
W. Arbaugh, June 2001, StandardsTrack
„ RFC3159 – Structure of Policy Provisioning Information (SPPI)
K. McCloghrie, et al., August 2001,Standards Track
„ RFC3162 - RADIUS and IPv6, B. Aboba, et al., August 2001,
Standards Track
„ RFC3173 - IP Payload Compression Protocol (IPComp), A.
Shacham, et al., September 2001,Standards Track
„ RFC3203 – DHCP Reconfigure Extension, Y. T’Joens, et al.,
December 2001, Standards Track

Confidential and Proprietary Information of ZTE CORPORATION 3


ZXMBW AAA AAA Server Technical Description

„ RFC3264 – An Offer/Answer Model with the Session


Description Protocol (SDP), J. Rosenberg and H.Schulzrinne,
June 2002, Standards Track
„ RFC3312 – Integration of Resource Management and Session
Initiated Protocol, G. Camarillo, et al.,October 2002,
Standards Track
„ RFC3313 – Private Session Initiation Protocol (SIP)
Extensions for Media Authorization, W. Marshall,January
2003, Informational
„ RFC3315 – Dynamic Host Configuration Protocol for Ipv6
(DHCPv6, R. Droms, et al., July 2003,Standards Track
„ RFC3344 – Mobile IP support for Ipv4, C. Perkins, August
2002, Standards Track
„ RFC3520 – Session Authorization Policy Element, L-N. Hamer,
et al., April 2003, Standards Track
„ RFC3543 - Registration Revocation in Mobile IPv4, S. Glass
and M. Chandra, August 2003, StandardsTrack
„ RFC3556 – Session Description Protocol (SDP) Bandwidth
Modifiers for RTP Control Protocol(RTCP) Bandwidth, S.
Casner, July 2003, Standards Track
„ RFC3565 - Use of the Advanced Encryption Standard (AES)
Encryption Algorithm in CryptographicMessage Syntax (CMS),
J. Schaad, July 2003, Standards Track
„ RFC3576 - Dynamic Authorization Extensions to Remote
Authentication Dial In User Service(RADIUS), M. Chiba, et al.,
July 2003, Informational
„ RFC3579 – RADIUS (Remote Authentication Dial In User
Service) Support For ExtensibleAuthentication Protocol (EAP),
B. Aboba and P. Calhoun, September 2003, Informational
„ RFC3588 – Diameter Base Protocol, P. Calhoun, et al.,
September 2003, Standards Track
„ RFC3736 – Stateless Dynamic Host Configuration Protocol
(DHCP) Service for Ipv6, R. Droms, April2004, Standards
Track
„ RFC3748 – Extensible Authentication Protocol, B. Aboba, et
al., June 2004, Standards Track
„ RFC3775 – Mobility Support in Ipv6, D. Johnson, C. Perkins,
J. Arkko, June 2004, Standards Track
„ RFC3776 – Using Ipsec to Protect Mobile Ipv6 Signaling
Between Mobile Nodes and Home Agents, J.Arkko, V.
Devarapalli, F. Dupont, June 2004, Standards Track
„ RFC3957 – Authentication, Authorization, and Accounting
(AAA) Registration Keys for Mobile Ipv4,C. Perkins and P.
Calhoun, March 2005, Standards Track
„ RFCaaaa – draft-adrangi-eap-network-discovery-14.txt,
Network Discovery and Selection within theEAP Framework, F.

4 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 1 Introduction

Adrangi, et al., August 2005, Informational (RFC Editor’s


Queue)
„ RFCbbbb – draft-ietf-eap-netsel-problem-03.txt, Network
Discovery and Selection Problem, J. Arkkoand B. Aboba,
October 2005
„ RFC4285 –Authentication Protocol for Mobile Ipv6, A. Patel,
et al., January 2006, Informational
„ RFC4283 –Mobile Node Identifier Option for MIPv6, A. Patel,
et al., November 2005, Standards Track
„ RFC4282 –The Network Access Identifier, B. Aboba, et al.,
December 2005, Standards Track
„ RFCffff – draft-ohba-eap-aaakey-binding-01.txt, AAA-Key
Derivation with Lower-Layer ParameterBinding draft-ohba-
eap-aaakey-binding-01, Y. Ohba, et al., June 2005
„ TR-025 – DSL Forum, “Core Network Architecture for Access
to Legacy Data Network over ADSL”,Nov-1999
„ TR-044 – DSL Forum , “Auto-Config for Basic Internet (IP-
based) Services, “ Nov-2001
„ TR-059 – DSL Forum, “DSL Evolution – Architecture
Requirements for the Support of QoS-EnabledIP Services,”
Sept-2003
„ 3GPP TR 22.934 V6.2.0 (2003-09) “Feasibility Study on 3GPP
system to Wireless Local AreaNetwork (WLAN) interworking
(Release 6)”
„ 3GPP TR 23.981 V6.3.0 (2005-03) “Interworking aspects and
migration scenarios for IPv4 based IMSImplementations”
„ 3GPP TS 23.002 V6.9.0 (2005-10) “Technical Specification
Group Services and Systems Aspects;Network architecture
(Release 6)”
„ 3GPP TS 23.234 V6.5.0 (2005-06) “3GPP system to Wireless
Local Area Network (WLAN)interworking; System description
(Release 6)”
„ 3GPP TS 23.207 V6.6.0 (2005-10) “End-to-end Quality of
Service (QoS) concept and architecture(Release 6)”
„ 3GPP TS 23.228 V6.10.0 (2005-06) “IP Multimedia
Subsystem (IMS); Stage 2, (Release 6)”
„ 3GPP TS 24.229 V6.8.0 (2005-10) “Internet Protocol (IP)
multimedia call control protocol based onSession Initiation
Protocol (SIP) and Session Description Protocol (SDP); Stage
3 (Release 6)”
„ 3GPP TS 24.234 V6.3.0 (2005-06) “3GPP System to Wireless
Local Area Network (WLAN)interworking; User Equipment
(UE) to network protocols; Stage 3 (Release 6)”
„ 3GPP TS 29.234 V6.4.0 (2005-10) “3GPP system to Wireless
Local Area Network (WLAN)interworking; Stage 3”

Confidential and Proprietary Information of ZTE CORPORATION 5


ZXMBW AAA AAA Server Technical Description

„ 3GPP TS 33.234 V6.5.1 (2005-06) “Wireless Local Area


Network (WLAN) interworking security(Release 6)”
„ WT-101 – DSL Forum, “Migrating from ATM to Ethernet DSL
Aggregation,” Work in Progress
„ 3GPP2 X.S0013-000-0 v2.0 “All-IP Core Network Multimedia
Domain – Overview,” Aug-2005
„ 3GPP2 X.S0013.00200 v1.0 “All-IP Core Network Multimedia
Domain: IP Multimedia SubsystemStage 2,” Feb-2004
„ 3GPP2 X.S0013-004-0 v1.0 “All-IP Core Network Multimedia
Domain: IP Multimedia Call ControlProtocol Based on SIP and
SDP Stage 3,” Feb-2004
„ WiMAX Service Provider Working Group Requirements
Document, “SPWG_Requirements_10182005,” Most Current
Version
„ IEEE 802.16g-05/008r1, October 2005.
„ WiMAX Forum: 051129_NWG_Stage-2.doc
„ WiMAX Forum: 060301_NWG_Stage-2.doc
„ WiMAX Forum: 060327_NWG_Stage-3.doc

WiMAX Network Reference Model


Introduction WiMAX is an acronym that stands for Worldwide Interoperability
for Microwave Access.
WiMAX is standards and protocols-based technology enables
wireless broadband access as an alternative to cable and DSL.
WiMAX provides fixed, nomadic, portable, and, eventually,
mobile wireless broadband connectivity without the need for
direct line-of-sight to a base station
Reference WiMAX network reference model is shown in Figure 1.
Model
F I G U R E 1 W I M AX N E T W O R K R E F E R E N C E M O D E L

NAP n etwork NSP network ASP n etwork

R2
R3
SS R1
ASN
/MS
R4 CSN ASP
ASP
R3
Visit netw ork ASN
R5

Home network R2
CSN ASP
ASP

------ Control Plane Bearer Plane

6 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 1 Introduction

ZXMBW AAA Server


Introduction Authentication, Authorization, and Accounting sometimes referred
as ‘triple A’ or AAA. It is fundamental aspect of IP networking and
RADIUS server. An AAA server provides means of administering
policy to ensure proper use and management of resources.
Description Brief explanation of authentication, authorization and accounting
is as follows:
„ Authentication: It authenticates user script file information.
It is a process before subscriber use the network resource.
In this process, the system obtains user ID information such
as user name and password and submits them to RADIUS
authentication server. RADIUS server compares the
information with the information stored in its database for
legal status of user.
„ Authorization: It authorizes data services and it is method
for authenticated user to use the network resource. This
process defines what services and rights are given to user
after connection, such as the IP address given. Making an
example on GSM system: When authentication was passed,
the corresponding service rights (such as international call
rights) were already established before.
„ Accounting: It is a process of measuring resource
consumption, allowing monitoring and reporting of events
and usage for various purposes including billing, analysis,
and ongoing policy management functions. So the system
will generate the bill or audit according to the statistic.
Type of AAA AAA is divided into three types on the basis of its location in the
network.
„ Service AAA: It is located at service network (also known as
the visited access provider network).
„ Home AAA: It is located at home network and correlates
with HA in the home network in case of mobile IP. If the MS
has no roaming function, the service AAA and home AAA are
integrated.
„ Intermediate AAA: It is used to safely transmit AAA
messages between service AAA and home AAA. In some
cases, there may be more than one intermediate AAA
between the service AAA and home AAA.
AAA RADIUS Important features of ZXMBW AAA RADIUS server are as
Features follows:
„ Access authentication and authorization
„ Mobile IP authentication in home agent
„ Accounting for packet data services
„ Roaming support for mobile nodes

Confidential and Proprietary Information of ZTE CORPORATION 7


ZXMBW AAA AAA Server Technical Description

AAA Server Functions


ZXMBW AAA server functions are as follows:
„ Supports WiMAX and network EAP authentication
„ Support MSK authorization
„ Support QoS Profile authorization
„ Support VPN group authorization
„ Security parameter authorization
„ NTP Client
„ Support the alarm messages reported through SNMP protocol
„ Support accounting (include Interim-Update Accounting)
„ CDR selection
„ Support MML agent interface

8 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 2

Hardware Architecture

Overview
Introduction This chapter introduces the hardware architecture of ZXMBW
AAA Server with corresponding entities.
Contents This chapter includes the following topics:

TABLE 5 TOPICS IN CHAPTER 2

Topic Page No.


AAA Hardware Architecture 9

AAA Hardware Architecture


Introduction ZXMBW AAA authenticates, authorizes and accounts charges
bills for user data services. In addition, AAA implements the
management of the data service subscription for users.
ZXMBW AAA system is composed of AAA server, agent,
accounting interface, and AAA configuration management
module built in OMC system. To ensure the reliable running of
the system, AAA server adopts the dual-computer cluster
architecture.
Architecture ZXMBW AAA hardware architecture is shown in Figure 2.

Confidential and Proprietary Information of ZTE CORPORATION 9


ZXMBW AAA AAA Server Technical Description

FI G U R E 2 AR C H I T E C T U R E OF Z X M BW AA A S Y S T E M

Hardware of AAA system consists of the following parts:


„ OMC Server
AAA Server is core equipment in ZXMBW AAA system.
Usually it consists of dual-servers and array. It is running
AAA database, database management software and RADIUS
services.
In hardware, it uses small business servers.
„ OMC Client
OMC client program such as configuration, performance, and
alarming installs with OMC client. It provides friendly
interface. OMC Client can be combined together with Agent
PC.
Standard PC can be used for OMC client. The basic hardware
configuration is same to Agent PC.
„ AAA Host + Storage
AAA Host + storage (database) are based on ZXPDSS-A100
platform which is based on universal server.
The basic requirements on software/hardware environments
are as follows:
f Hardware environment
Minimal requirements for hardware platform: Intel
Pentium III 1.8G or higher; 1G memory, 36G disk space
or larger. For redundancy and load sharing, it is
necessary to prepare a couple of servers, a disk array, a
tape driver, UPS, and several network devices.

10 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 2 Hardware Architecture

Operator can use either UNIX work station or mini


computer manufactured by SUN, or PC servers like HP,
DELL, and IBM.
f Software environment
Two types of operating system environment can be used
such as Windows 2003 operating system and UNIX
operating system.
Database: MS SQL Server and Oracle database
„ Service Agent
It provides local service processing and user management.
A PC-compatible machine is used as the service agent
hardware.
„ Application Server
It provides external accounting interface for remote service
processing.
A PC server is used as the application server hardware.
Working RADIUS servers reside in a visited or foreign network as well as
a home network. AGW uses the visited AAA to perform RADIUS
authentication during a Point-to-Point Protocol (PPP) session
with a mobile client. AGW also interacts with a foreign AAA
RADIUS server during Foreign Agent (FA) Challenge for Mobile IP
registrations. Foreign AAA then relays requests to the
appropriate Home AAA RADIUS server. In this instance, home
AAA serves as a Proxy AAA RADIUS server.

Confidential and Proprietary Information of ZTE CORPORATION 11


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

12 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 3

Software Architecture

Overview
Introduction This chapter describes the software architecture of ZXMBW AAA
and its related subsystems.
Contents This chapter includes the following topics:

TABLE 6 TOPICS IN CHAPTER3

Topic Page No.


AAA Software Architecture 13
External Gateway 15

AAA Software Architecture


Introduction AAA server is also called RADIUS server. It provides
authentication, authorization and billing functions and works in
client/server modes. It consists of RADIUS server and RADIUS
client.
RADIUS server serves as proxy client of another RADIUS server.
Complete information with respect to subscriber authentication
and network access service stores in database of the RADIUS
servers in a variety of ways to meet client requirements.
Servers communicate with the entities that serve as RADIUS
clients. It authenticates user for PDP activation in by accessing
user database; it sends data packets and information about user
authentication and authorization.
RADIUS Client runs with the RADIUS server on host through
network. It serves to send authentication requests to the
RADIUS server, and promptly react to the response returned
from server.
Architecture Software architecture of AAA system is shown in Figure 3

Confidential and Proprietary Information of ZTE CORPORATION 13


ZXMBW AAA AAA Server Technical Description

FIGURE 3 SOFTWARE ARCHITECTURE OF ZXMBW AAA

Explanation of ZXMBW AAA sub-systems are as follows:


„ RADIUS Service Sub-Systems
It locally authenticates, authorizes, and bills user and proxy.
RADIUS service subsystem obtains packet prepaid account
information of the user for packet prepaid service, by
interacting with the PPS/SCP.
„ Database Sub-Systems
It stores the account profile and original bill information of
data user in addition; it stores the system configuration
information of the ZXMBW AAA server.
„ CDR Management Sub-Systems
Read accounting information from the database subsystem at
the specified time (timer can be configured) or as per the file
size (file size threshold can be configured) to generate CDR
files (record fields in the CDR file can be customized
according to the service provider’s requirement). Expired
CDR data are backed up or deleted periodically.
„ Billing Interface Sub-Systems
It provides corresponding accounting online command
interface for handling of user's accounting system at remote
service. Operator sets the user data modification request
packets according to the prompts on GUIs, and sends
internal messages to the database interface module for
database operations, including user account creation, user
subscription data query and modification, user deletion and
logging.
„ Agent Sub-Systems
It implements basic group management, subscriber account
creation, bill query, and other functions.

14 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 3 Software Architecture

„ WATCHDOG Service Sub-Systems


It monitors the running condition of the RADIUS service
subsystem, bill processing subsystem, and other subsystems.
Once it detects an abnormality, it handles the abnormality
and restarts the faulty subsystem according to requirement.
„ Operation and Maintenance Sub-Systems
It implements the foreground operation and maintenance of
ZXMBW AAA. It cooperates with background OMM to
manage AAA server, including attribute, security association,
number analysis, multi-IPS access, rate configuration, and
other basic system configuration and management functions,
alarm management, performance management, signaling
tracing, service analysis, and other functions.

External Gateway
Interface between ZXMBW AAA system and the customer care
system functions through the external gateway, as shown in
Figure 4.

FIGURE 4 EXTERNAL G ATEWAY

DataBase msg MML


External Billing
Watchdog interface Gateway program
Module

Billing system
msg

Service Agent
Agent Module
subsystem

External gateway starts the socket (on the basis of TCP) service
on the specified port, listens the specified port in 7*24 hours,
and interacts with the customer care system using request/reply
commands. The subsystem receives commands from the
customer care system in accordance with the MML customer
care interface specifications, and converts them into internal
signaling to create user account, query and modify user
subscription data and delete users.

Confidential and Proprietary Information of ZTE CORPORATION 15


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

16 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 4

Technical Indices

Overview
Introduction This chapter describes the technical indices and environmental
requirements of ZXMBW AAA server.
Contents This chapter includes the following topics:

TABLE 7 TOPICS IN CHAPTER 4

Topic Page No.


Physical Indices 17
Power Supply 17
Capacity Indices 18
Performance Indices 18
Environmental Requirements 18

Physical Indices
If any commercial UNIX server or PC server is used as AAA, such
physical features as dimensions, weight and capacity
requirements are shown in the attached technical document of
respective machine.

Power Supply
ZXMBW AAA system power indices are shown in Table 8.

TABLE 8 ZXMBW AAA POWER INDICES

Parameter Indices
AC Voltage 160 V ~ 265 V

Confidential and Proprietary Information of ZTE CORPORATION 17


ZXMBW AAA AAA Server Technical Description

Parameter Indices
Frequency 45Hz ~ 65Hz

Capacity Indices
ZXMBW AAA system capacity indices are shown in Table 9.

TABLE 9 ZXMBW AAA CAPACITY INDICES

Parameter Indices
Standard Configuration 500,000 users
High-End Configuration 1,000,000 users
Authentication Quantity per 800/s
second
Billing Quantity per second 400/s
Monitoring Index <= 4 %

Performance Indices
ZXMBW AAA system performance indices are shown in Table 10.

TABLE 10 ZXMBW AAA MODULE INDICES

Parameter Indices
AAA supports 1,000,000 Subscribers
Authentications per second 600
Processing time for one > 50 ms
authentication
MTBF >100,000 hours

Environmental Requirements
Temperature Too high or too low temperature or humidity in the equipment
and Humidity room can result in adverse effects to the equipment life span.
ZXMBW AAA temperature and humidity requirements are shown
in Table 11.

18 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 4 Technical Indices

TABLE 11 TEMPERATURE AND HUMIDITY REQUIREMENTS

Temperature Humidity
Long-Term Short- Term Long-Term Short- Term
Operating Operating Operating Operating
Conditions Conditions Conditions Conditions
15°C (59°F) ~ 0°C (32°F) ~ 30% ~ 70% 20% ~ 90%
25°C (77°F) 45°C (113°F)

Note: Short-term operating condition means that the continuous


operating time in a month cannot be more than 48 hours and
the annually accumulated time is of 15 days
Lightening It is recommended to use colored glasses and dark non-
transparent curtains for the windows. Fluorescence lamps must
be installed on the ceiling of the equipment room for main
illumination, with the average illumination controlled between
150lx ~ 200lx.
Air Pollution The content ratio of fresh air entering the equipment room must
not be less than 5% to ensure air cleanness.

Confidential and Proprietary Information of ZTE CORPORATION 19


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

20 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 5

Interfaces

Overview
Introduction This chapter describes the interfaces between AAA and other
network entities.
Contents This chapter includes the following topics:

TABLE 12 TOPICS IN CHAPTER 5

Topic Page No.


Communication Protocol 21
Interface between AAA and ASN-AGW 22

Communication Protocol
Introduction RADIUS protocol is used to transmit authentication,
authorization and accounting information between ZXMBW AAA
server and ASN-AGW. AAA server acts as the RADIUS server.
ASN-AGW acts as the RADIUS client.
Description RADIUS protocol is an extendable protocol. All the jobs it does
are based on Attribute-Length-Value vector. It uses the smart
authentication mechanisms such as PAP, CHAP etc.
Basic RADIUS principle is: User access to the NAS. NAS sends
the user name and password information to RADIUS through
Access-Request message. The password information is
encrypted by MD5 method. NAS and RADIUS server use the
same key. This key is not transmitted on the network. Then
RADIUS servers checkout the user name and password. It also
can generate a Challenge for further authentication to the user
or to NAS when necessary. If they are legal, it will return an
Access-Accept message to NAS and allow the further procedure.
Otherwise it will return Access-Reject message and denied
access. If the access is allowed, NAS will send the Account-
Request message to RADIUS server and beginning charging.

Confidential and Proprietary Information of ZTE CORPORATION 21


ZXMBW AAA AAA Server Technical Description

Interface between AAA and ASN-


AGW
Introduction Lower level communication between AAA server and ASN-AGW
uses IP/UDP protocol. The upper layer uses RADIUS protocol.
ASN-AGW works as the AAA client to transfer user
authentication, authorization and accounting information to AAA.
For the pre-paid users, the account information is also
transferred, as shown in Figure 5.

FIGURE 5 COMMUNICATION MODEL FOR AAA

Supplicant Authenticator ASN Gateway Visited NSP AAA Broker AAA Backend

RADIUS/ AAA AAA AAA AAA


DIAMETER Client Proxy Proxy Proxy Server/Proxy
MSS (ASN) (ASN) (CSN) (CSN) (CSN)

EAP-TLS with X.509 Certificate exchange for device (MSS) and network BS mutual
authentication

EAP

PKMv2 RADIUS / DIAMETER

802.16 UDP/TCP/IP

RADIUS Packet Format

Packet Format RADIUS packet format is shown in Table 13.

TABLE 13 RADIUS PACKET FORMAT

Code Identifier Length


Authenticator
Attributes

Description of RADIUS packet fields are as follows:


Code RADIUS packet codes are listed in Table 14.

TABLE 14 RADIUS PACKET CODE

Code Description
1 Access-Request
2 Access-Accept

22 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 5 Interfaces

Code Description
3 Access-Reject
4 Accounting-Request
5 Accounting-Response
11 Access-Challenge
12 Status-Server (experimental)
13 Status-Client (experimental)
40 Disconnect-Request
41 Disconnect-ACK
42 Disconnect-NAK
255 Reserved

Identifier It is composed of one byte and used to identify request and


reply to matched packet.
Length It consists of two bytes, and is used to describe the total length
of the packet (Code + Identifier + Length + Authenticator +
Attribute). When the actual packet length is bigger than the
described length, the back part is directly ignored as filled bytes.
When the actual packet length is smaller than the described
length, the packet is discarded. The maximum message length is
4096 bytes.
Authenticator It consists of 16 bytes and is used to authenticate the reply from
RADIUS Server or encapsulate the user’s Password. It can be
Request Authenticator or Response Authenticator.
„ Request Authenticator
In Access-Request, Authenticator in Accounting-Request is
called Request Authenticator. The random numbers of the 16
bytes must be unique to avoid midway reply of an attacker
or pretension of a target server. When Identifier value is
changed, Request Authenticator value must be regenerated.
The Request Authenticator is also used to encrypt the user
Password. The shared password (Secret) of the client and
server and Request Authenticator implements one hash with
MD5, generate a 16-byte digest, select one from it between
the Password, and generate a value to place it in the
attributes as User-Password.
„ Response Authenticator
In Access-Accept, Access-Challenge, Access-Reply or
Accounting-Response, Authenticator is called Request
Authenticator. It is calculated as follows:
Response Authenticator = MD5 (Code + ID + Length +
Request Authenticator + Attributes + Secret)
Secret is the shared password and provided in the pure text
form by the databases at both ends, and it is transferred

Confidential and Proprietary Information of ZTE CORPORATION 23


ZXMBW AAA AAA Server Technical Description

through encryption. RADIUS Server, with the source IP in the


UDP packet of RADIUS, finds out the shared password to be
selected. The selected Secret must be big enough and hard
to be guessed to prevent attack by infinitude examples.
Attributes Attributes have different instances. Different sequences of the
same type of attributes must be reserved, but sequences of
different types of attributes need not be reserved.

RADIUS Authentication Packet Types

Introduction The packet types are defined by the Code field. Packets of types
Access-Request, Access-Accept, Access-Reject and Access-
Challenge are described below.
Access This Access-Request is sent to RADIUS Server to decide whether
Request to allow the user to access the external data network and
whether to provide the user with specific service. After receiving
the Access-Request from the client, RADIUS Server must send a
reply message back. Here, if the user Password need be
transferred, its value must be encrypted with MD5 algorithm.
Attributes of Access-Request:
Attributes = User-Name
+ NAS-IP-Address, NAS-Identifier
+ User-Password, CHAP-Password
+ (NAS-Port, NAS-Port-Type)
„ Code:
1 for Access-Request
„ Identifier:
Once Attributes change or a valid reply is received, the
Identifier must change. The Identifier cannot change in
retransmission.
„ Request Authenticator:
The Request Authenticator value changes along with the
Identifier.
Access-Accept This packet is sent by RADIUS Server, and it is used to send the
configuration information required for service to the user. The
Identifier of Access-Accept matches that of Access-Request, and
the Response Authenticator must be correct, when the Access-
Accept is deemed as valid. Otherwise, it is discarded.
Access-Reject After RADIUS Server receives the Access-Request, it must send
the Access-Reject (including one or multiple Reply-Message
attribute instances) if any Attribute is unacceptable.
Access- RADIUS Server hopes to provide the user with Challenge to get
Challenge a Response. RADIUS Server can send Access-Challenge (which
can contain one or more Reply-Message attribute instances or
one State attribute). In the received Access-Challenge, Identifier

24 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 5 Interfaces

must match the corresponding field of Access-Request and the


Response Authenticator field must be correct. Otherwise, it is
discarded.

RADIUS Accounting Packet Format

Introduction RADIUS accounting packet format is consistent with RADIUS


access (authentication and authorization) packet format, but
slightly different in the data fields. The packet is encapsulated in
UDP for transmission, and the UDP destination port is 1813.
Packet Format The format is described in Table 15.

TABLE 15 RADIUS ACCOUNTING P ACKET FORM AT

Code Identifier Length


Authenticator
Attributes

Fields of RADIUS accounting packet are explained as follows:


Code „ Accounting-Request
„ Accounting-Response
Identifier It is composed of one byte and used to identify request and
reply to matching with packet.
Length It consists of two bytes, and is used to describe the total length
of the packet (Code + Identifier + Length + Authenticator +
Attribute). The packet with the actual length less than the
described length is discarded. Numbers are filled at the back
when the two-byte length is not enough. 20 ≤ Length ≤ 212.
Therefore, the maximum length of 24 bytes can be filled in.
Authenticator It can be Request Authenticator or Response Authenticator. The
random numbers of the 16 bytes must be unique to avoid
midway reply of an attacker or pretension of a target server.
When Identifier value is changed, Request Authenticator value
must be regenerated. The Request Authenticator is also used to
encrypt the user Password. The shared password (Secret) of the
client and server and Request Authenticator implements one
hash with MD5, generate a 16-byte digest, select one from it
between the Password, and generate a value to place it in the
attributes as User-Password.
„ Request Authenticator
In the Accounting-Request packet, the Authenticator value is
the 16-byte MD5 check sum and known as the Request
Authenticator. It is calculated as follows:
Request Authenticator = MD5 (Code + Identifier + Length +
16 zero octets + request Attributes + shared Secret)

Confidential and Proprietary Information of ZTE CORPORATION 25


ZXMBW AAA AAA Server Technical Description

It differs from the Request Authenticator in the Access-


Request packet of RADIUS, for the Accounting-Request
packet does not contain the User-Password attribute.
„ Response Authenticator
In the Accounting-Response packet, Authenticator is called
Response Authenticator. It is calculated as follows:
Response Authenticator = MD5 (Code + Identifier + Length
+ Request
Authenticator + Attributes + shared Secret)
Identifier, Length and Attributes: Their descriptions are the
same as those of RADIUS access packet.
Attributes Attributes have different instances. Different sequences of the
same type of attributes must be reserved, but sequences of
different types of attributes need not be reserved.

RADIUS Accounting Packet Types

Introduction RADIUS accounting packets fall into two types: Accounting-


Request and Accounting-Response.
Accounting This type of packet is used to send service accounting providing
Request message from the client or its agent to RADIUS Server.
When the Accounting-Request is received and the accounting
packet is successfully recorded, RADIUS Server must send the
Accounting-Response. If recording of the accounting packet fails,
RADIUS Server must not send any response message.
User-Password, CHAP-Password, Reply-Message and State
cannot appear in the Accounting-Request. Any of other
attributes that are valid in the Access-Request and Access-
Accept packets are also valid similarly in the Accounting-Request
packet.
NAS-IP-Address (or NAS-Identifier) must be provided in the
Accounting-Request. Either of the NAS-Port and NAS-Port-Type
or both must be provided in the Accounting-Request, unless the
service does not involve the (physical) port or the NAS does not
differentiate (physical) ports.
When the packet attribute value changes or a valid reply is
received, the Identifier value of the packet must change. The
Identifier value cannot change during retransmission. When the
packet containing the attribute Acct-Delay-Time is retransmitted,
the Identifier value must be changed and the Request
Authenticator must be updated because the Acct-Delay-Time
value need be updated.
At RADIUS authentication, the client sends an authentication
request to the server, and this sending mode has the
retransmission mechanism. If the server fails to send a response
to the client in a certain period, the client resends the request.

26 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 5 Interfaces

After receiving the request, the server authenticates the client.


If the client sending the authentication request has no shared
password with the server, this request is discarded. If the client
is valid through authentication, the server queries the server
database based on the username and find the matched value.
After the Password passes the authentication, it sends the
required configuration information to the client.
As a result, RADIUS client must perform RADIUS configuration.
RADIUS client authenticated with RADIUS must be configured as
follows:
„ Receiving and identifying the user request or RADIUS packet
type
„ Correctly extracting the user or RADIUS packet information
„ Generating and filling in random numbers
„ Managing the shared Secret (including the shared Secret
with the CHAP user)
„ Invoking MD5
„ Processing user passwords (including the ordinary user
password, PAP password, CHAP password and Challenge
password)
„ Checking validity of RADIUS packet (provided by the
Response Authenticator attribute)
„ Checking consistency of RADIUS response packet
„ Providing the Challenge using CHAP
„ Correctly sending packet
„ RADIUS Server must also be provided with corresponding
authentication configurations:
„ Managing the user database (username, password, NAS ID
and shared Secret)
„ Receiving and identifying RADIUS client packet type
„ Correctly extracting RADIUS client packet information
„ Verifying user ID (including the ordinary user password, PAP
password, CHAP password and Challenge password)
„ Generating Challenge
„ Marking consistency of the response packet
Accounting This packet is send by RADIUS Server, and it is the reply
Response message to Accounting-Request. If RADIUS server does not
record the packet successfully, it cannot send Accounting-
Response confirmation to the client. The Identifier of
Accounting-Response matches that of Accounting-Request, and
the Response Authenticator must be correct, when the
Accounting-Response is deemed as valid. Otherwise, it is
discarded.

Confidential and Proprietary Information of ZTE CORPORATION 27


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

28 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 6

Service Functions

Overview
Introduction This chapter describes the service functionalities of ZXMBW AAA
Server.
Contents This chapter includes the following topics:

TABLE 16 TOPICS IN CHAPTER 6

Topic Page No.


Authentication, Authorization and Accounting 29
Initial Service Flow Channel Management 34
AAA Disaster Recovery Function 36

Authentication, Authorization and


Accounting
Subscriber Authentication

Introduction In the first phase, only the subscriber authentication part in the
following flow is implemented. At present, method of
implementing EAP authentication is MD5-Challenge method.

Subscriber authentication flow is shown in Figure 6.

Confidential and Proprietary Information of ZTE CORPORATION 29


ZXMBW AAA AAA Server Technical Description

FIGURE 6 SUBSCRIBER AUTHENTICATION FLOW

MS BS ASN- GW AAA

(a ) SBC Procedure
(b ) PKMv2/ EAP Start
(c ) Auth Relay/ EAP Start

(d ) PKMv2 EAP Transfer (d ) Auth ReplyEAP Transfer Request


EAP Request/ Identity

(e ) PKMv2 EAP Transfer (e) Auth Reply EAP Tranfer Response

EAP Response/ Identity (f ) Access- Request

EAP Response/ Identity

(g ) Access- Challenge
EAP Request/Md5- challenge
(h ) PKMv2 EAP Transfer (h ) Auth ReplyEAP Transfer Request
EAP Request/Md5- challenge

(i ) PKMv2 EAP Transfer (i ) Auth Reply EAP Tranfer Response

EAP Response/Md5- Challenge (j ) Access- Request

EAP Response/Md5- Challenge

(k ) Access- Accept
EAP Success

(l ) Assign an IP address
(m ) MS Info Report

EAP Success,AK …

(n ) PKMv2 EAP Transfer


EAP Success (o ) MS Info Report Ack

(p ) SA-TEK

Description Explanation of subscriber authentication flow is as follows:


a. After MS negotiates the basic capacities with BS, the
subscriber authentication course begins.
b. MS sends a PKMv2EAPStart message to BS to request to
start the EAP subscriber authentication course.
c. After receiving the message, BS sends an Auth Relay/EAP
Start message to ASN-GW. If the timer for waiting for
authentication start at the BS side times out, and MS does
not initiate the EAP authentication request, BS will actively
send an Auth Relay/EAP Start message to ASN-GW to trigger
the EAP subscriber authentication flow.
d. During the course of subscriber authorization, ASN-GW sends
an Auth Relay EAP Transfer Request message (carrying EAP
Request/Identity request) to BS. BS encapsulates the EAP
Request/Identity message in the PKMv2 EAP Transfer
message and sends it to MS.
e. MS sends an EAP Response/Identity message encapsulated
in the PKMv2 EAP Transfer message to BS. Then BS
encapsulates the EAP Response/Identity message in the Auth
Transfer/EAP Transfer message and sends it to ASN-GW.

30 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 6 Service Functions

f. ASN-GW encapsulates the EAP Response/Identity message in


the EAP Response/Identity message and sends it to AAA
Server.
g. After receiving the message, AAA Server will decide to adopt
the MD5-Challenge method to perform authentication on MS.
AAA Server sends RADIUS Access-Challenge message
carrying EAP Request/Md5-Challenge information to ASN-GW.
h. After receiving the message, ASN-GW encapsulates the EAP
Request/Md5-Challenge information in the Auth-Transfer/EAP
Request message and sends it to BS. Bs sends the EAP
Request/Md5-Challenge information through the PKMv2 EAP
Transfer message to MS.
i. After receiving the message, MS processes Md5-Challenge
and generates an EAP Response/Md5-Challenge message.
MS encapsulates the EAP Response/Md5-Challenge message
in the Auth Relay EAP Transfer Response and sends it to
ASN-GW.
j. After receiving the message, ASN-GW encapsulates the EAP
Response/Md5-Challenge message in the RADIUS Access-
Request message and sends it to AAA Server.
k. After receiving the message, AAA Server finishes
authentication on MS; generates EAP Success, MSK, MSK
Lifetime, QoS Profile and other information; and sends these
information to ASN-GW through the RADIUS Access-Accept
message.
l. After receiving the message, ASN-GW allocates an IP
address to the MS in advance, which will be given to the MS
through the DHCP message after the MS finishes the initial
service flow channel establishment. IP address allocation can
adopt both the DHCP method and the local address pool
allocation method. ASN-GW generates AK, AK Lifetime and
other information at the same time.
m. ASN-GW encapsulates EAP Success, AK, AK Lifetime, QoS
Profile and other information in the MS Info Report message,
and sends it to BS.
n. BS sends a PKMv2 EAP Transfer message (carrying the EAP
Success information) to MS. MS generates AK after receiving
the EAP success indication.
o. BS sends an MS Info Report ACK message to ASN-GW to
confirm that the authentication is finished.
p. After getting the AK context information, BS exchanges SA-
TEK Challenge/Request/Response messages with MS and
begins the SA-TEK three-step handshaking course. After the
SA-TEK three-step handshaking course is finished, BS
activates AK, and MS enters the authorized status.

Confidential and Proprietary Information of ZTE CORPORATION 31


ZXMBW AAA AAA Server Technical Description

Subscriber Accounting

Subscriber Fee Fee of the subscriber is composed of two parts:


„ Fee based on per subscriber
It is related with the duration within which the subscriber has
accessed the network. In general, one time of access
(registering/de-registering) of one subscriber corresponds to
only one billing message.
f Billing start
After the billing MS has accessed the network, ASN-GW is
directly notified that the billing on the subscriber should
start.
f Billing end
It occurs due to getting offline or call abnormally dropped.
f Billing information changing record: is generated in the
case of switching and status changing.
„ Fee based on per service flow: One subscriber can create one
or more service flows, and each service flow need separate
billing.
f Billing start
It occurs when the bearer channel is established
(R6Establish).
f Billing end
It occurs when the bearer channel is released
(R6Release).
Flow Subscriber billing flow is shown in Figure 7.

32 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 6 Service Functions

FIGURE 7 BILLING FLOW

Description Explanation of subscriber billing flow is as follows:


a. The (initial) service flow has been created.
b. ASN-GW sends a RADIUS Acct-Request Start message to the
AAA server according to the current UDR. The AAA server
begins to generate the billing file.
c. AAA returns a RADIUS Acct-Response Start message.
d. The service data begins to be transferred.
e. Within a certain internal or when the data transfer is
accumulated to the specific traffic, ASN-GW will periodically
sends Acct-Request interim-Update messages to AAA.
f. AAA returns Acct-Response interim-Update messages to
ASN-GW.
g. The (initial) service flow tunnel has been deleted.
h. ASN-GW sends a RADIUS Acct-Request Stop message based
on the current UDR to stop billing to the AAA server.
i. AAA returns a RADIUS Acct Response Stop message.

Confidential and Proprietary Information of ZTE CORPORATION 33


ZXMBW AAA AAA Server Technical Description

Initial Service Flow Channel


Management
Initial Service Flow Tunnel Establishment

Introduction After the subscriber successfully registered in WiMAX network


and before the IP data stream begins, it is necessary to establish
a set of initial service flow channel. Initial service flow is shown
in Figure 8.

FIGURE 8 INITIAL SERVICE FLOW CHANNEL ESTABLISHMENT

Description Explanation of initial service flow tunnel establishment is as


follows:
a. After subscriber authentication has been finished, AAA
Server sends QoS Profile to ASN-GW. After finishing CS
capability negotiation, ASN-GW will send a RR-Request
(Uplink) message to BS according the information in QoS
Profile to begin the initial service flow establishment.
b. ASN-GW sends a RR-Request (Downlink) message to BS at
the same time.
c. BS performs admission control on initial service flow
establishment according to the message contents, and sends
a DSA-REQ message carrying specific parameters of this
service flow to MS.
d. MS returns a DSA-RSP message.
e. After receiving DSA-RSP message, BS sends a RR response
(uplink) message to ASN-GW to confirm the uplink
parameters.

34 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 6 Service Functions

f. BS sends a RR-Response (Downlink) message to ASN-GW at


the same time to ASN-GW to confirm the downlink
parameters.
g. BS sends a Data Path Establishment Request to the serving
ASN-GW to initiate the establishment of the R6 connection.
h. ASN-GW creates the related binding information of the R6
tunnel, returns a Data Path Establishment Response message,
accepts the R6 registration request from BS, finishes the
establishment of preliminary service flow channel, and
installs a classifier for the tunnel.

Initial Service Flow Tunnel Deletion Initiated by


BS

Introduction Initial service flow tunnel deletion flow initiated by BS is shown


in Figure 9.

FIGURE 9 INITIAL SERVICE TUNNEL DELETION FLOW INITIATED BY BS

Description Explanation of initial service flow tunnel deletion is as follows:


a. BS decides to release the initial service flow tunnel of the MS,
and sends a Data Path Release Request message to ASN-GW.
b. ASN-GW receives the message. In the case there in only
initial service flow tunnel, it is equal to release the subscriber.
ASN-GW releases the resources occupied by the subscriber,
and the IP address.
c. ASN-GW sends a Data Path Release Response message to BS
to confirm the tunnel has been deleted.
d. After receiving the message, BS releases the wireless link.
e. If the IP address has been allocated by DHCP Server, ASN-
GW will send a DHCP Release message to DHCP Server.

Confidential and Proprietary Information of ZTE CORPORATION 35


ZXMBW AAA AAA Server Technical Description

f. After receiving the message, DHCP Server releases the IP


address resources.

AAA Disaster Recovery Function


ZXMBW AAA server adopts dual-computer plus disk
configuration, supporting the disaster recovery function. In
normal case, the dual-computer system works in the load
sharing plus active/standby modes to ensure the system can run
reliably and stably. The local AAA server and another AAA server
periodically synchronize their system configuration and
subscriber data to each other. In the case that the local AAA
server is broken, the disaster recovery AAA server can
automatically take over the local AAA, performing the
authentication and accounting on the subscribers.

36 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 7

EAP Authentication

Overview
Introduction This chapter describes the EAP authentication protocol stacks
and authentication flows.
Contents This chapter includes the following topics:

TABLE 17 TOPICS IN CHAPTER 5

Topic Page No.


Authentication Protocol Stack 37
User Authentication Flow 39
MD5-Challenge Authentication Flow 40
EAP MD5-Response Message Format 42
MSK Generate and Transmit 42

Authentication Protocol Stack


Introduction In ZTE WiMAX security mechanism, air interface follows the
definition of security sub-layer defined in IEEE 802.16e protocol.
End-to-end network structure follows the ASN security system
requirements and AAA structure defined by NWG.
The security sub-layer defined in IEEE 802.16e includes PKMv1
and PKMv2. PKMv1 is compatible with IEEE 802.16d protocol.
PKMv2 supports EAP authentication method and enhanced RSA
double authentication method.
Description ZXMBW AAA product supports PKMv2 EAP authentication
method. This kind of authentication method is used for EAP-AKA,
EAP-TLS, EAP-SIM and EAP-PSK. ASN security system defined
the ASN security function module. The authentication between
BS and ASN GW should follow the trunk authentication protocol

Confidential and Proprietary Information of ZTE CORPORATION 37


ZXMBW AAA AAA Server Technical Description

and AK transmits protocol. ZXMBW AAA follows the NWG AAA


structure requirements completely.
According to the NWG requirements, EAP authentication
supports both equipment authentication and user authentication.
Single EAP method or Double EAP method is used and can be
consisted in SBC process. If only authenticate with the
equipment or with the user, Single EAP method can be used. If
there’s necessary to authenticate with the equipment and with
the user both, and even the authentication performed separately,
Double EAP method should be used. But if the authentication
targets are in the same Home CSN, Single EAP method is shown
in Figure 10.

FIGURE 10 PKMV2 USER AUTHENTICATION PROTOCOL STACK

Upper layer of EAP layer is EAP user authentication method:


MD5-Challenge. MD5-Challenge message is packed in the EAP
message. 802.16e PKMv2 bears the EAP message between MS
and BS. Between AAA Server and ASN Authenticator, EAP
protocol is transferred above AAA protocol (RADIUS).
Authentication Relay Protocol is used between BS and
Authenticator.
MS in ZTE WiMAX is consisted of PCMCIA card and PC dial-up
software. PCMCIA card implies the PKMv2 message management,
that is the 802.16 and PKMv2 layers in the protocol stack. PC
dial-up software implies the user name and password input. It
implies the message management of EAP Method layer and EAP
layer that is the EAP Method layer and EAP layer in the protocol
stack.

38 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 7 EAP Authentication

User Authentication Flow


Introduction Authentication flow of PKMv2 in ZTE WiMAX system is shown in
Figure 11.

FIGURE 11 PKMV2 USER AUTHENTICATION FLOW IN ZTE WIM AX SYSTEM

Description Explanation of PKMv2 authentication flow is as follows:


„ In the process of SBC consistency, BS receives Auth Policy
and then MS and ASN change to negotiation PKM and PKMV2
security ability and authentication policy (whether support
the equipment authentication and requirement).
„ MS sends PKMv2 EAP Start, and then BS sends Auth Relay
EAP Start to Authenticator to generate a EAP authentication
process.
„ Authenticator sends EAP Request/Identity to start the EAP
authentication.
„ MS returns NAI (Username@realm) in EAP Response/Identity.
Authenticator gets the Home CSN information of the MS from
the NAI message. It will send the EAP message to Home AAA
through RADIUS/UDP/IP.
„ Then MS and AAA finish the MD5-Challenge EAP
authentication, and generate MSK according ZTE internal
method (MD5-Challenge standard does not support MSK
generation currently)

Confidential and Proprietary Information of ZTE CORPORATION 39


ZXMBW AAA AAA Server Technical Description

„ MSK and SA Info (user authorization policy configured in AAA)


will be sent to Authenticator through RADIUS Access-Accept
message.
„ MS and Authenticator use MSK to generate PMK and AK
independently. AK and SA Info will be sent to BS through
Auth Relay AK Transfer message.
„ MS and BS finish SA-TEK 3-way Handshake step. MS
generates TEK status machine for each SA received. TEK
status machine communicate with BS and get TEK service
key. This service key is updated regularly. Then establish the
service flow and transfer the data.

MD5-Challenge Authentication Flow


Introduction User authentication in ZTE WiMAX system using is MD5-
Challenge. It is standard EAP method. MD5-Challenge
authentication flow is shown in Figure 12.

FIGURE 12 MD5-CHALLENGE AUTHENTICATION FLOW

Description Explanation of MD5-Challange Authentication flow is as follows:


„ Authenticator sends EAP-Request/Identity message to MS to
start an EAP authentication.

40 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 7 EAP Authentication

„ MS returns EAP-Response/Identity with NAI in its Identity


field. It follows NWG specification.
„ Authenticator packs EAP-Response/Identity in RADIUS
message and transfers it to AAA.
„ AAA receives the RADIUS Access-Request with EAP
Response/ Identifier message from the client. It will generate
RADIUS Access-Challenge reply message of EAP Request/
MD5-Challenge and send them to the require side.
„ MS receives EAP Request/ MD5-Challenge from Authenticator.
It will generate MD5 Response=MD5 (Identifier, Secret,
Challenge) and return EAP Response/ MD5-Response.
„ AAA receives the RADIUS Access-Request of EAP MD5-
Challenge Request response message and generates an
authentication process. It picks up the Challenge, Identifier
information from temporary data area and calculates CHAP-
response=MD5 (Identifier, Secret, Challenge). Secret is the
shared key between AAA and the terminal. Then check if the
calculated CHAP-response matches CHAP-Response value in
EAP Response /MD5-Challenge message. When
authentication is passed, AAA will send RADIUS Access-
Accept as the reply message and generates MSK. MSK is
filled in attributes field in MS-MPPE-Recv-Key and MS-MPPE-
Send-Key. If authentication passed, user cluster, user
QosProfile and SA-Info information will included in
authorization message. If authentication failed, AAA will send
RADIUS Access-Reject as the reply message.
Note: Identity field is NAI in EAP-Response/Identity message.
According to the NWG specification, this Identity is outer-
Identity with the format ({AuthMode}
pseudoIdentity@realm). In ZTE WiMAX definition, MACID in
{AuthMode}MACID@NSP is MAC Address (for example: if a
MS MAC address is 11.3a.4f.16.24.12, its MACID is
113a4f162412).
„ Inner-Identity is the user ID in EAP Method. Different EAP
Method can use different Inner-Identity. In ZTE WiMAX
definition, Inner-Identity is used as really user ID. When the
new user registered, it is given by the operator and stored in
AAA. When the user accesses to the network, Inner-Identity
is used as the user name in dial-up software. Inner-Identity
is transferred to AAA in Name field within EAP-
Response/MD5-Response message. AAA uses Inner-Identity
to check the user configuration and the shared Secret in both
sides (it can be used to check the Challenge result return by
MS, and calculate MSK).
„ Secret is the shared key of MS and AAA. It is stored in both
MS (PCMCIA card) and AAA. MS also stores the user name
and password of the authentication interface. When the user
name and password are the same with those stores in MS,
MS will send Secret to the dial-up software. Dial-up software
will generate MD5 (Identifier, Secret, Challenge) and send

Confidential and Proprietary Information of ZTE CORPORATION 41


ZXMBW AAA AAA Server Technical Description

EAP Response/MD5-Response message to MS. Then MS


packs them into air interface message and sends them to BS.

EAP MD5-Response Message


Format
EAP MD5-Response message format is as follows:
0 1 2 3
01234567890123456789012345678901
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| Value-Size | Value...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Name...

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Value field carries Response through MD5 (Identifier, Secret,


Challenge) arithmetic. Secret is given to user by operator. It is
the shared key between MS and AAA.
Name field is inner-Identity. Value-Size is the length of Value
field, not including the length of Name field.
EAP-Request/MD5-Challenge and EAP-Response/MD5-Response
message formats are not mentioned here. Please reference to
RFC3748.

MSK Generate and Transmit


Introduction AAA generates MSK from MD5-Challenge, CHAP-ID and shared
key. MSK is generated by the standard method. In the RADIUS
Access-Accept message (with EAP-Success), RADIUS MS-MPPE-
Recv-Key attribute field stores the first 32 bytes of encrypted
MSK. MS-MPPE-Send-Key attribute field stores the last 32 bytes
of encrypted MSK.
Function AAA generates MSK by the following expand function:
MSK = P_hash(secret, seed) = HMAC_md5(secret, A(1) +
seed) +
HMAC_md5(secret, A(2) + seed) +
HMAC_md5(secret, A(3) + seed) +
HMAC_md5(secret, A(4) + seed)
NOTE:

42 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 7 EAP Authentication

A() is defined as:


A(0) = seed,
A(i) = HMAC_hash(secret, A(i-1))
Seed is: CHAP-ID+MD5-Challenge
Secret data is: Shared key between user and AAA.
First 32 bytes of encrypted MSK is stored in MS-MPPE-Recv-Key
attribute field and last 32 bytes of encrypted MSK is stored in
MS-MPPE-Send-Key attribute field as shown in Figure 13.

FIGURE 13 FORM AT OF ATTRIBUTE

Field Explanation of attribute fields is as follows:


Description
„ Type = 26
„ Length = Type 、Length、Vendor-Id、Vendor type, Vendor
length、Salt、String
„ Vendor-Id = 311 (Microsoft)
„ Vendor type: For MS-MPPE-Recv-Key is 17; For MS-MPPE-
Send-Key is 16.
„ Vendor length: Total length of Vendor type, Vendor length,
Salt and String.
„ Salt: 2 bytes. The first bit (left) is 1. Salt should be the only
number in one Access-Accept message.
When encoded into message, these two attributes are
encrypted by the method in RFC2548.
Times of 0~16 bytes is added after the attribute.
Following symbols will be used:
f S: the shared key between AAA server and user
f R: Request Authenticator in Access–Request message
f A: Salt
f P: The “0” value added behind
f P is consisted with 16 bytes length parts: p(1), p(2)...p(i),
i=len(P)/16

Confidential and Proprietary Information of ZTE CORPORATION 43


ZXMBW AAA AAA Server Technical Description

Calculation Encrypted field C (i) and the final encrypted message can be
Method calculated by the following method:
b(1) = MD5(S + R + A) c(1) = p(1) XOR b(1) C = c(1)

b(2) = MD5(S + c(1)) c(2) = p(2) XOR b(2) C = C + c(2)


b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i)
Note:
b(1), b(2)...c(i) is the inter-value. “+” means join together.
String field in the final message is: c(1)+c(2)+...+c(i)

44 Confidential and Proprietary Information of ZTE CORPORATION


Chapter 8

Networking Modes

Overview
Introduction This chapter describes the networking mode for ZXMBW AAA
server.
Contents This chapter includes the following topic:

TABLE 18 TOPICS IN CHAPTER 7

Topic Page No.


Generic Networking 45

Generic Networking
Introduction Generic networking mode refers to MS connecting to AGW from
wireless side resorting to tunnel technologies such as GRE, PPP
and MPLS, and finally MS can access external network through
AGW. In this mode, security is ensured by means of firewalls, as
shown in Figure 14.

FIGURE 14 GENERIC NETWORKING MODE

AAA Server

Internet
Intranet
MT+TE PE
AGW

Confidential and Proprietary Information of ZTE CORPORATION 45


ZXMBW AAA AAA Server Technical Description

Security In this networking mode, the security of MS accessing core


network is ensured by safe-mode tunnel technology at wireless
side of AGW, which includes:
„ GRE
GRE technology is used between wireless side and AGW. By
the application of GRE tunnel, subscribers are enabled to
access network without dialing and services are still borne
upon IP, as makes service expansion flexible.
„ Multi-Protocol Label Switching (MPLS)
MPLS technology between wireless side and AGW is used for
package transmitting and comparing with IP messages.
Message in shorter length boosts transmitting speed and
enjoys easier expansibility and better flexibility.
„ VLAN
VLAN technology is used between wireless side and AGW,
which effectively isolate diverse messages and protect
subscribers against interference from network storms.
Communication Lower level communication between AAA server and ASN-AGW
uses IP/UDP protocol. The upper layer uses RADIUS protocol.
ASN-AGW works as AAA client to transfer user authentication,
authorization and accounting information to AAA.

46 Confidential and Proprietary Information of ZTE CORPORATION


Appendix A

Abbreviations

Abbreviation Description
3
3G The third generation mobile communications
A
AAA Authentication, Authorization and Accounting
AAL2 ATM Adaptation Layer type 2
AAL5 ATM Adaptation Layer type 5
ACK Acknowledgement
AH Authentication Header
ASN Access Service Network
ASP Application Service Provider
ASN-GW Access Service Network Gateway
ATM Asynchronous Transfer Mode
B
BSS Base Station Subsystem
C
CHAP Challenge Handshake Authentication Protocol
CHUB Control HUB
CM Configuration Management
COA Care Of Address
CPLD Complex Programmable Logic Device
D
DB Database
DBA Database Agent
DBIO Database Input & Output
DBS Database Subsystem
DHCP Dynamic Host Configuration Protocol

Confidential and Proprietary Information of ZTE CORPORATION 47


ZXMBW AAA AAA Server Technical Description

Abbreviation Description
DHCP Server Dynamic Host Configuration Protocol Server
DRC Data Rate Control
E
EMS Element Management System
F
FA Foreign Agent
FE Fast Ethernet
FISU Fill-in Signaling Unit
G
GDSN General Data Serving Node
GE Giga Ethernet
GLI GE Line Interface
GPRS General Packet Radio Service
GRE Generic Routing Encapsulation
H
HA Home Agent
HLR Home Location Register
HSSL High Speed Serial Link
I
ICMP Internet Control Message Protocol
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IMSI International Mobile Subscriber Identity
IPCP IP Control Protocol
IPSec IP Security
Ipv6 IP Version 6
IRM International Roaming MIN
Internet Security Association and Key
ISAKMP
Management Protocol
L
L2TP Layer2 Tunnel Protocol
LAN Local Area Network
LCP Link Control Protocol
LSSU Link Status Signaling Unit
M
MIP Mobile IP
MS Mobile Station

48 Confidential and Proprietary Information of ZTE CORPORATION


Appendix A Abbreviations

Abbreviation Description
MSID Mobile Station Identifier
MSIN Mobile Station Identification Number
MSISDN Mobile Station ISDN number

MSU Message Signal Unit

N
NAI Network Access Identifier
NCP Network Control Protocol
NE Network Element
NGN Next Generation Network
NMC Network Management Center
NMS Network Management Subsystem
O
OMC Operations & Maintenance Center
OMM Operation Maintenance Module
P
PAP Password Authentication Protocol
PPP Point to Point Protocol
PPTP PPP Tunnel Protocol
PSI PCF Session Identity
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial In User Service
RSVP Resource Reservation Protocol
S
STM Synchronous Transfer Mode
T
TCP Transfer Control Protocol
TOS Type Of Service
U
UDP User Datagram Protocol
UDR User Data Record
UMTS Universal Mobile Telecommunication System
V
VPN Virtual Private Network
VTP Virtual Tunnel Protocol

Confidential and Proprietary Information of ZTE CORPORATION 49


ZXMBW AAA AAA Server Technical Description

Abbreviation Description
W
WAN Wide Area Network
WDP Wireless Datagram Protocol
WDSS Wireless Data Services System
WIN Wireless Intelligent Network
WVPN Wireless Virtual Private Network

50 Confidential and Proprietary Information of ZTE CORPORATION


Glossary

3G 3G refers to next generation of mobile communication systems.


These offer enhanced services, such as multimedia and video.
Main 3G technologies include UMTS and cdma2000.
3GPP 3GPP was formed in December 1998 as a collaboration
agreement bringing together a number of telecommunication
standards bodies. These standards bodies are referred to as
Organizational Partners. Aim of 3GPP was to produce globally
applicable technical specifications for third generation mobile
systems based on evolved GSM Core Networks and the radio
access technology Universal Terrestrial Radio Access (UTRAN).
3GPP2 3GPP2 is a sister project to 3GPP and is a collaboration
agreement regarding third generation mobile networks. It is
comprised of five Standards Development Organizations similar
to Organizational Partners in 3GPP. 3GPP2 mainly deals with the
following five areas: A-interface system, CDMA2000, American
National Standards Institute-41 (ANSI-41), wireless packet data
inter-working, and services & systems aspects.
AAA It is a system, which is implemented to securely determine the
identity and privileges of a user and to track that user's activities.
FA A Foreign Agent (FA) is a node in a Mobile IP (MIP) network that
enables roamed IP users to register on the foreign network. The
FA will communicate with the Home Agent (HA) to enable IP
datagram’s to be transferred between the home IP network and
the roamed IP user on the foreign network.
FTP A client server application protocol using well known ports 20
and 21. It uses the services of Transmission Control Protocol
(TCP) to provide reliability in the transfer of data files between
network nodes. FTP was first defined as a standard in Request
for Comments (RFC 959).
Home Access The home cdma2000 cellular network of the mobile subscribed
Provision users. For the data service, a user can have different home
Network networks.
Home IP Home network providing the user with IP-based data services,
Network serving as the route home network of user NAI. This network
can be enterprise private network, public ISP access network or
cdma2000 network.
Intermediate Intermediate AAA, located in an intermediate network, is in
AAA security relationships with the service AAA and home AAA. It is
used to safely transmit AAA messages between the service AAA
and home AAA. In some cases, there may be more than one
intermediate AAA between the service AAA and the home AAA.

Confidential and Proprietary Information of ZTE CORPORATION 51


ZXMBW AAA AAA Server Technical Description

Intermediate The management domain networking containing the


AAA Network intermediate AAA.
Packet Data The packet switching data service provided by cdma2000
Service network for the mobile user.
Packet Data One service option provides one method. It is used for setting up
Service Option and maintaining cdma2000 service channel used by the packet
data services between MS and radio network.
Packet Data An instance in which the user continuously uses the packet data
Session service. A packet data session starts when the user activates the
packet data service and ends when the user/network terminates
the packet data service. During a specific packet data session,
the user can change the position with the same IP address.
PPP Session A specific PPP connection instance maintained between MS and
PDSN. PPP session is held when the MS is in dormant status.
When the user has inter-RN handoff, PDSN keeps unchanged, so
PPP session keeps unchanged. If PDSN changes, a new PPP
session is set up for the user at the target PDSN side.
Private Home IP network resident after the firewall. The private IP
Network address can be used.
Radio Network In the network reference model, RN is equal to the BS. In this
file, terms PCF and RN are the same, in the description of the R-
P interface handoff.
Service cdma2000 network operated by the home service supplier or
Provision visiting service supplier. The relationship between home service
Network supplier and user is commercial customer relationship. The
visiting service supplier and home service supplier makes service
agreement to provide the visitor user with access service.
Visiting Access cdma2000 cellular network providing roaming user with access
Provision service
Network

Visitor AAA AAA server resident on the visiting access provision network

52 Confidential and Proprietary Information of ZTE CORPORATION


Figures

Figure 1 WiMAX Network Reference Model.............................6


Figure 2 Architecture of ZXMBW AAA System...................... 10
Figure 3 Software Architecture of ZXMBW AAA.................... 14
Figure 4 External Gateway ................................................ 15
Figure 5 Communication Model for AAA .............................. 22
Figure 6 Subscriber Authentication Flow.............................. 30
Figure 7 Billing Flow......................................................... 33
Figure 8 Initial Service Flow Channel Establishment.............. 34
Figure 9 Initial Service Tunnel Deletion Flow Initiated by BS .. 35
Figure 10 PKMv2 User Authentication Protocol Stack............. 38
Figure 11 PKMv2 User Authentication Flow in ZTE WiMAX
System ........................................................................... 39
Figure 12 MD5-Challenge Authentication Flow...................... 40
Figure 13 Format of Attribute ............................................ 43
Figure 14 Generic Networking Mode ................................... 45

Confidential and Proprietary Information of ZTE CORPORATION 53


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

54 Confidential and Proprietary Information of ZTE CORPORATION


Tables

Table 1 Chapter Summary ...................................................i


Table 2 Typographical Conventions ...................................... ii
Table 3 Mouse Operation Conventions ................................. iii
Table 4 Topics In Chapter 1 ................................................1
Table 5 Topics In Chapter 2 ................................................9
Table 6 Topics In Chapter3 ............................................... 13
Table 7 Topics In Chapter 4 .............................................. 17
Table 8 ZXMBW AAA Power Indices ................................... 17
Table 9 ZXMBW AAA Capacity Indices................................ 18
Table 10 ZXMBW AAA Module Indices ................................ 18
Table 11 Temperature and Humidity Requirements............... 19
Table 12 Topics In Chapter 5............................................. 21
Table 13 RADIUS Packet Format ........................................ 22
Table 14 RADIUS Packet Code ........................................... 22
Table 15 RADIUS Accounting Packet Format ........................ 25
Table 16 Topics In Chapter 6............................................. 29
Table 17 Topics In Chapter 5............................................. 37
Table 18 Topics In Chapter 7............................................. 45

Confidential and Proprietary Information of ZTE CORPORATION 55


ZXMBW AAA AAA Server Technical Description

This page is intentionally blank.

56 Confidential and Proprietary Information of ZTE CORPORATION


Index

3G 51 IP 2, 3, 4, 5, 6, 31, 34, 35, 36,


3GPP ................................. 51 46
AAAi, v, 1, 6, 7, 8, 9, 10, 11, 13, IP/UDP protocol ..............22, 46
14, 15, 21, 22, 37, 38, 39, MD5 method .......................... 21
40, 41, 42, 43, 46, 47 Message ...... 23, 24, 26, 27, 51
Accounting ...........................7 mobile .............................. 51
Agent .................10, 11, 47, 48 Mobile IP .................. 7, 11, 48
Application ...........................3 MSK..... 8, 37, 39, 40, 41, 42, 43
ASN .........30, 31, 32, 33, 34, 35 Network ..................... 3, 4, 5, 6
ASN-AGW ................... 21, 22, 46 NWG...................................... 6
Authentication ......................7 OMC Client .......................... 10
Authentication Protocol Stack37, PAP...............................21, 49
38 PCMCIA card....................38, 41
Authorization........................7 PKMv2 ...................... 37, 38, 39
Base.....................................4 Point-to-Point Protocol (PPP) 11
Billing interface subsystem ... 14 PPP................................... 52
CDR ......................................8 Protocol.............. 2, 3, 4, 5, 46
Channel ............................. 52 QoS Profile authorization........ 8
CHAP............. 21, 41, 42, 43, 47 RADIUS 7, 11, 13, 14, 15, 21, 22,
Configuration .................... 2, 4 38, 39, 40, 41, 46, 49
Control ............................ 2, 4 RADIUS protocol ........ 21, 22, 46
Domain ..................................6 RADIUS service subsystem ..14, 15
EAP authentication . ii, 8, 37, 38, Request Authenticator ........... 43
39, 40 server ............................... 33
Equipment..............................5 Server ............... 31, 34, 35, 36
Forum ............................... 5, 6 Service . 2, 3, 4, 5, 6, 29, 34, 35
GSM ................................... 51 Service AAA........................... 7
Home AAA ................7, 11, 39 Session ............................. 52
IEEE................................. 2, 6 UMTS ................................. 51
Interface..............................2 VPN................................ 8, 49
Intermediate AAA..................7 WATCHDOG service subsystem .... 15
WiMAX .. 6, 34, 37, 38, 39, 40, 41

Confidential and Proprietary Information of ZTE CORPORATION 57

Вам также может понравиться