Some fields in RADIUS accounting records might change in the middle of the session. IS835 provides for two methods to send changes in parameters from PDSN to RADIUS servers. One of them is to send a "stop" followed by a "start" record, with the changed values to stop the current accounting record and initiate a new one in the event of a parameter change.
Another method utilizes "accounting containers" to store and forward information in the format depicted in Figure B.2. The changed fields of the accounting record and change reasons such as tariff boundary, handoff, and parameter change are stored in the appropriate fields in the container. This technique allows the RADIUS server to continue to store accounting information without interruption.
IKE attributes include pre-shared secret requests indicating if a pre-shared secret required during PDSN and HA negotiations, a KeyID attribute sent by the home RADIUS server to the PDSN, and the "S" attribute used during generation of pre-shared secret sent by the home RADIUS server to the HA during PDSN-to-HA IKE negotiation. Table B.1 summarizes IKE attributes parameters.
ATTRIBUTE |
VENDOR TYPE |
VENDOR LENGTH |
VENDOR VALUE |
---|---|---|---|
"S" request |
13 |
6 |
0 = No request for S from HA 1 =Request for S from HA |
"S" lifetime |
12 |
6 |
Number of seconds since 1/1/1970 00:00 UTC |
"S" |
11 |
3 |
Value of the secret |
KeyID |
8 |
22 |
HAAA address + FAAA address + timestamp [a] |
Pre-shared secret request |
1 |
6 |
1 = Requested by PDSN 0 = Not requested by PDSN |
Pre-shared secret |
3 |
18 |
Secret key value |
[a]The event timestamp contains information about the beginning and ending of an accounting session. Its value field contains the number of seconds since 1/1/1970 00:00 UTC (similar to "S" lifetime). |
All of these attributes are optionally included in Access-Accept messages. The parameters of these attributes are included in Table B.2:
Security level is an optional attribute sent from the home to the visited AAA server, indicating the type of security the visited network must provide to the MN.
Reverse tunnel is an attribute indicating whether a reverse tunnel must be created between visited and home networks.
The HA attribute carries an HA address.
The DiffServ attribute is used by RADIUS servers to define the use of DiffServ (described in Chapter 2) to provide quality of service to the data traffic passing through the PDSN. The values of this attribute are specified according to [RFC2597] and [RFC2598].
ATTRIBUTE |
VENDOR TYPE |
VENDOR LENGTH |
VENDOR VALUE |
---|---|---|---|
Security Level |
2 |
6 |
1 - IPSec required for registration messages 2 - IPSec required for tunnels 3 - IPSec required for tunnels and messages 4 - IPSec not required |
Reverse tunnel |
4 |
6 |
0 = Not required 1 = Required |
HA |
7 |
6 |
IP address |
DiffServ |
5 |
6 |
Set according to RFC2597 and RFC2598 |