IMPLEMENTATION OF AAA SERVER LABORATORY MODEL

Similar documents
Application Notes for Configuring SIP Trunking between the Comdasys Mobile Convergence Solution and an Avaya IP Office Telephony Solution Issue 1.

The Realization of NGN Architecture for ASON/GMPLS Network Sylwester Kaczmarek, Magdalena Młynarczuk, Marcin Narloch, and Maciej Sac

Generic Transparency Descriptor for GKTMP Using SS7 Interconnect for Voice Gateways Version 2.0

Configuration Notes 284

The Peering with CESNET VoIP Network

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE

Configuration Notes 281

ON THE USE OF AT COMMANDS FOR CONTROLING THE MOBILE PHONE WITH MICROCONTROLLER LABORATORY EXERCISE

Analyze of SIP Messages and Proposal of SIP Routing

OSP URL Command Change

SysMaster GW 7000 Digital Gateway. User Manual. version 1.0

THE GROUP OF IP TELEPHONY IN CESNET2 NETWORK

Secure web proxy resistant to probing attacks

Table of Contents. CRA-200 Analog Telephone Adapter 2 x Ethernet Port + 2 x VoIP Line. Quick Installation Guide. CRA-200 Quick Installation Guide

Introduction. H.323 Basics CHAPTER

SIN 496 Issue 1.2 September 2015

Cisco TelePresence Video Communication Server Basic Configuration (Single VCS Control)

Step 3 - How to Configure Basic System Settings

IBM WebSphere Application Server V3.5, Advanced Edition Expands Platform Support and Leverages the Performance of the Java 2 Software Development Kit

International Journal of Scientific & Engineering Research, Volume 6, Issue 3, March ISSN

Interactive Distance Learning based on SIP

IEEE 802.1X with ACL Assignments

Application Note. Microsoft OCS 2007 Configuration Guide

Cisco Cisco Voice over IP (CVOICE) Practice Test. Version QQ:

How to Connect Elastix to NeoGate TA FXS Gateway

Request for Comments: 5079 Category: Standards Track December Rejecting Anonymous Requests in the Session Initiation Protocol (SIP)

How to Connect Yeastar TA FXS Gateway to AskoziaPBX

Chunyan Wang Electrical and Computer Engineering Dept. National University of Singapore

Application Notes for ClearOne MAX IP and MAXAttach IP with Avaya IP Office Issue 1.0

Protocol & Port Information for the deployment of. and. within IP Networks

Universal Port Resource Pooling for Voice and Data Services

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

A Sample Configuration for Securing Avaya IP Softphone Clients over a Wireless LAN using Avaya VPNremote Software and IP Address Pooling - Issue 1.

The ISG RADIUS Proxy Support for Mobile Users Hotspot Roaming and Accounting Start Filtering feature

A Study on Mobile Commerce AAA Mechanism for Wireless LAN *

End-to-End WLAN Roaming Test Cases 3.1 October 2004

RADIUS - QUICK GUIDE AAA AND NAS?

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 9 Networking Practices

Enter a description and the IP address of each gateway (). Treat SIP providers as gateways.

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

Configuring Avaya IP Softphone with Video and Polycom VSX 3000 with Avaya Communication Manager Issue 1.0

Configuring the Avaya SG203 Security Gateway to Support H.323 IP Trunking over Port Network Address Translation (PNAT) - Issue 1.0

Configuring H.323 Gatekeepers and Proxies

Cisco SRW Port Gigabit Switch: WebView Cisco Small Business Managed Switches

Abstract. Avaya Solution & Interoperability Test Lab

Polycom RealPresence Access Director System

Call Transfer and Forward

IP Possibilities Conference & Expo. Minneapolis, MN April 11, 2007

This is an introductory tutorial designed for beginners to help them understand the basics of Radius.

Toll Fraud Prevention

Ethernet Module ETHM-1

Robo Tester Evolution (RTE) Automation Tool for GSM Tariff Tests

SIP Proxy Deployment Guide. SIP Server 8.1.1

What is NGN? Hamid R. Rabiee Mostafa Salehi, Fatemeh Dabiran, Hoda Ayatollahi Spring 2011

Unified Border Element (CUBE) with Cisco Unified Communications Manager (CUCM) Configuration Example

WHOIS Accuracy Reporting: Phase 1

Implementation of Layer 2 Rules using Software Defined Networking

Chapter 3. Technology Adopted. 3.1 Introduction

Internet Engineering Task Force (IETF) Request for Comments: 6572 Category: Standards Track

Application Notes for Configuring Avaya ecas 5.1 Call Accounting Application with an Avaya Intelligent Branch Solution Issue 1.0

Virtual Private Networks (VPNs)

AMERICAN NATIONAL STANDARD

Gateway Trunk and Carrier Based Routing Enhancements

Application Notes for Magnetic North Optimise VoIP Call Recorder with Avaya Communication Manager and Avaya Application Enablement Services Issue 1.

Cisco Single VCS Control - Basic Configuration

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

Standardization Trends of the Next Generation Network in ETSI TISPAN

Rev

Configuring VoIP Call Setup Monitoring

On-demand target, up and running

VOIP²ALL SERIES. 4 Channel Gateway User Guide. Version 5.38

Unified Communications Manager Express Toll Fraud Prevention

RESEARCH AND EDUCATIONAL ACTIVITIES IN NGN FIELD LABORATORY COMPLEX OF STUDY AND RESEARCH OF NGN/IMS/OSS NETWORK TECHNOLOGIES AND PROTOCOLS SOTSBI-U

OneXS will provide users with a reference server (IP, FQDN, or other means to connect to the service). This must be obtained before setup can begin.

Configuring Security on the GGSN

Creating and Managing a Content Server Cluster

FREUND SIP SW - V Intercom Setup

Configuring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to

Home Agent Redundancy

Cisco Unified MeetingPlace Integration

Unit 5 Research Project. Eddie S. Jackson. Kaplan University. IT530: Computer Networks. Dr. Thomas Watts, PhD, CISSP

Introduction. VoipSwitch documentation : Callshop. Document generated by Confluence on Oct 30, :41 Page 1

Cisco IOS Voice Commands: G

Application Notes for Empix evolve Presence Server and Empix evolve xtphone Client with Avaya IP Office Issue 1.0

(A212) Communication Application Server (AS) Standalone Overview

Application Notes for Configuring Avaya Distributed Office with the Ascom i75 VoWiFi SIP Handset using the Aruba Networks Wireless Network - Issue 1.

Polycom RealPresence Capture Server - Appliance Edition Getting Started Guide

Integrating VoIP Phones and IP PBX s with VidyoGateway

Scope and Sequence: CCNA Discovery v4.0

User Guide IP Connect CSD

Powering Transformation With Cisco

Application Notes for Infoblox DNSone in an Avaya IP Office IP Telephony Infrastructure Issue 1.0

Application Notes for Configuring SIP Trunking between the Skype SIP Service and an Avaya IP Office Telephony Solution Issue 1.0

SCOPIA iview Management Suite. Installation Guide Version 7.5

EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: H04L 12/56 ( )

A PROTOTYPE IMPLEMENTATION OF VPN ENABLING USER-BASED MULTIPLE ASSOCIATION

Application Note Asterisk BE with SIP Trunking - Configuration Guide

Authors Martin Eckert Ingmar Kliche Deutsche Telekom Laboratories.

Application Notes for Revolabs FLX UC 1000 with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Improving QoS of VoIP over Wireless Networks (IQ-VW)

Transcription:

2007 Poznańskie Warsztaty Telekomunikacyjne Poznań 6-7 grudnia 2007 POZNAN POZNAN UNIVERSITY UNIVERSITYOF OF TECHNOLOGY ACADEMIC ACADEMIC JOURNALS JOURNALS N O SERIA 2007 Sylwester Kaczmarek*, Urszula Orłowska** IMPLEMENTATION OF AAA SERVER LABORATORY MODEL The purpose of the paper is to show educative aspects of created AAA (Authorization, Authentication and Accounting) sever laboratory model. This paper is arranged in the following way. Section 2 presents created concept of AAA system based on H.323 protocols. There are introduced functions that each module performs as well as all open source solutions used for modules implementation. There is also presented the way of practical establishment of laboratory set together with configuration steps for every module. There are several tests listed which were done on created system. In section 3 there are discussed skills and knowledge that each student should gain after performing all proposed experiments. Both chapters are preceded by introduction. Keywords: NGN, AAA server, RADIUS, Linux, Education 1. INTRODUCTION Standardization of AAA system has begun in the end of 1990s when IETF (The Internet Engineering Task Force) set up a special group called The AAA working group. Before AAA system architecture was introduced, each piece of equipment was authenticating users making use of its resources by itself. Considering the fact there was no standard, each machine was using different authentication method. The main problem coming from that approach was poor scalability and lack of universality. The necessity of bringing AAA system into life came together with the concept of using Internet as a platform for handling telecommunication services. The concept of NGN networks is characterized not only by convergence of techniques and technologies, but also by functional divergence. The system of sending and exchanging information in NGN networks can be organized in different ways, with usage of different techniques and technologies, depending on provided services. In NGN networks, very important is the issue of integration many services on one equipment platform. Integration in terms of telecommunication means independ- * Gdańsk University of Technology, ** Adva Optical Networking PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 1/8

2 Sylwester Kaczmarek, Urszula Orłowska ence of offered serviced from access method used and forwarding protocol. All that led to necessity of introducing standardized method which would allow for authorization, authentication and monitoring users making use of the variety of services. Hence, there appeared the concept of AAA system architecture. 1.1. The functionality of AAA system The functional structure of NGN networks is visible in the layer model of telecommunication network (Figure 1). AAA system, which is the subject of this paper, is located in call control servers layer. call control servers layer Operator 1 1 Operator 2 2 1 Operator 1 3 Operator 2 2 connection control servers layer 4 resources layer Fig. 1. Layer model of NGN networks [4] Controlling is important issue is terms of quality which is brought to clients. The fact that NGN network has to provide real time services forces strict functional and time requirements for controlling. Functions performed by AAA system belong to the set of request service functions. The name of system is an abbreviation coming from words describing system s functionalities: Authentication, Authorization and Accounting. Authentication is a process during which endpoint declared identity is verified. The result of this process is the base to give or refuse user the network access rights. Authorization process is a set of rules according to which there is a decision made if user can receive rights and services requested [7]. Authorization process can be done only if the user already has guarantee for the network access received in preceding authentication process. Accounting means the methodology of collecting information about all resources used by endpoints [8]. PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 2/8

Implementation of AAA server laboratory model 3 1.2. AAA System architecture The schematic diagram of AAA system architecture is depicted in Figure 2. AAA server Authentication Authorization Accounting Network NAS AAA client endpoint Fig. 2. AAA System architecture [5] In discussed example the basic network architecture is extended by introducing AAA functionality performed by: AAA server it is the equipment located in network s core; it performs AAA function directly by itself or forwards all requests to another AAA server. AAA client (NAS) it is the equipment located in network s edge; it controls the access to the network (acts as access point). It requests access to resources for itself or its users. 2. DESCRIPTION OF LABORATORY SET There AAA system concept was received on basis of open sources. The laboratory set was established afterwards as a proof that the concept is correct and fulfils assumed functionalities. 2.1. The concept of AAA system on basis of open sources The concept of AAA system discussed in this paper was created in agreement with DGT Sp. z o. o. As basic functionality it assumes VoIP working with the use of H.323 protocol. Block diagram of discussed concept is presented in Figure 3. PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 3/8

4 Sylwester Kaczmarek, Urszula Orłowska H.323 (RAS) ATK DGT 7410 Gatekeeper GnuGK RADIUS AAA Server IBSng H.323 (RAS) xsql ATK DGT 7410 Postgre SQL Fig. 3. The concept of AAA system Data Base End users connected to the IP network via ATK-DGT 7410 device. This device is using H.323 signaling (RAS) and communicates with GnuGK (gatekeeper AAA system client - NAS). The gatekeeper asks IBSng application (IBSng is a server performing AAA system services) using RADIUS protocol [6] if particular endpoints are the ones which they seem to be (authentication) and if they have the right to initiate and receive incoming calls (authorization). IBSng verifies endpoints rights by sending requests in SQL do external data base PostgreSQL where information about all H.323 endpoints belonging to the system is located. Accounting functionality is performed using gatekeeper which sends to the IBSng application all essential information about established connections (start/stop/connection s length) and it s work session (gatekeeper s application start/stop). All data is saved by IBSng application in PostgreSQL data base. The part of data referring to the users is treated as billing records CDR (Call Details Records). AAA system modules were created in the following way: ATK-DGT7410 standalone device which allows for access to IP network and usage of basic POTS services GNU-Gatekeeper it is gatekeeper implementation based on open source solutions available at http://www.gnugk.org IBSng it is AAA server implementation based on open source solutions available at http://ibs.sourceforge.net/ PostgreSQL it is relation data base management system solution with freeware. 2.2. AAA system establishment in Linux environment Laboratory set was created on basis of following equipment requirements: PC computer with Linux OS, Mandriva distribution 2005 (Mandrake 10.2), PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 4/8

Implementation of AAA server laboratory model 5 Hub (with Internet access), ATK DGT 7410 based on H.323 standard, 2 analogue telephones with cables ended with RJ11 on both ends. The schematic diagram of test laboratory set is depicted in Figure 4. In order to establish the system it was necessary to install Apache server, php5, XML, Python and PostgreSQL as well as ATK, GnuGK and IBSng (and configure mention modules). ATK configuration can be done in two ways: via RS port or via www browser [1]. ATK configuration includes: general settings configuration: ATK IP address (ipaddr), subnet mask (netmask), Gateway IP address (gatewayip), Gatekeeper IP address (GK), turning on access to ATK via http (WWW=1). ports configuration which endpoints are connected to (port state = on, telephone number, select en-block), setting passwords for each port. GnuGK configuration should allow for communication between terminals and IBSng application. Configuration file located in /dgt/gk/gnugk.ini used in that purpose. Values for each gatekeeper configuration sections have to be set manually. Sections allow for e.g.: selecting call signaling and H.245 signaling forwarding mode; define access rules to gatekeeper status ports and gatekeeper authentication mechanisms, define configuration settings which allow for authentication via RADIUS protocol, describe accounting module which forwards accounting (billing) data to RADIUS server [2]. IBSng configuration is done via website. Configuration steps are as below [9]: add radius server (Add New RAS), create new tariff for VoIP (Add New Tariff ), create new charge (Add New Charge), add new users group (Add New Group), add new user (Add New User). After all steps are done system should work correctly. Described situation will take place if connection is established and the user is charged. 2.3. Test performed in laboratory environment In order to verify if all modules work as desired and if communication between modules is correct, several tests on established AAA system were performed. Tests were divided into three verification stages. Stage 1: correctness of forwarded H.323 signaling frames. The purpose of first test was to verify if endpoints register correctly. Four connection scenarios were performed afterwards. Scenarios were differentiated by the route which each signaling channel (call signaling and H.245 signaling) was established by (connection directly between endpoints or routed via gatekeeper). PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 5/8

6 Sylwester Kaczmarek, Urszula Orłowska Stage 2: correctness of frames forwarded via RADIUS protocol. The purpose of first test was to verify correctness of RADIUS protocol messages exchange. Structure of following messages was analyzed afterwards: Access Request, Access Accept, Access Reject, Accounting Request, Accounting Response [3]. Stage 3: correctness of AAA server functionalities. Conducted tests were divided in subjects groups: Logging in via www and verification of all action available or restricted for a user, Correctness of functions connected with reporting, Correctness of charging. Tests referring to forwarded H.323 signaling messages and RADIUS protocol were performed with the use of Ethereal. In case of AAA system server tests following issues were analyzed: values saved in data base via IBSng application, messages appearing on gatekeeper status port, protocols frames via Ethereal. 3. EDUCATIVE ASPECTS OF AAA SERVER LABORATORY MODEL There are two experiments proposed. They will be conducted on separate laboratory sets because of differences in their subjects. The experiments titles are as follows: Configuration of AAA system elements, Functionality tests of AAA server. Schematic diagram of laboratory set is depicted in Figure 4. The purpose of both experiments is to gain knowledge about implemented on basis of H.323 protocols AAA system as well as to get familiar with Linux OS and also to acquire skills in usage of Ethereal (tool used for analyzing frames). Experiments were set up in the way so that student performing discussed experiments will learn how to configure AAA system at first and run functionality tests on already configured system afterwards. While conducting experiments student acquires also other skills: Configuration of AAA system elements While performing this experiment student learns how the AAA system is build, what are it s functions and functionalities. Student acquires skills in configuring: a) ATK DGT 7410 from bootloader level or from www browser level, b) Gatekeeper using gnugk.ini configuration file, c) AAA Server for H.323 using IBSng application. Student can notice the essence of communication between particular elements and the need to establish each element, which is integral part of the whole system. In order to check the correctness of experiment done, student should establish connection, observe messages on gatekeeper status port and user presence on AAA PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 6/8

Implementation of AAA server laboratory model 7 server via Report Online Users. Student should comment on received results. Internet endpoint hub or switch ATK DGT 7410 PC computer with installed: Apache server GnuGK application IBSng application PostgreSQL data base endpoint Fig. 4. Schematic diagram of laboratory set prepared for students Functionality tests of AAA server While performing this experiment student learns how the processes of Authorization, Authentication and Accounting proceed via RADIUS protocol (it uses offline filtration of frames observed via Ethereal). Student can observe the process of exchanging messages, analyzes how each frame is build and compare results with theoretical assumptions. Student should comment on observations afterwards. Student gains knowledge about capabilities of presented based on H.323 protocol AAA system: a) Student checks system s reaction for establishment of connection attempt after the password is change for incorrect, comments on solution observed and presents own suggestions. b) Student checks the correctness of accounting depending on used rate and prefixes. He also observes systems reaction for modifications of particular parameters and again comments on received results. c) Student checks the correctness of real time graph creation. Graphs should be analyzed and results should be commented. d) Student establishes connection which is too long for money resources collected on users account. Student's comments on system s reaction using IBSng application and RADIUS protocol frame analysis. e) Students tries to establish connection in case when there are no money resources collected on users account, observes system s reaction and suggests solution. After conducting described experiments student should have theoretical knowledge about AAA system, should be able to configure system, analyze RADIUS protocol frames using Ethereal tool, modify AAA system configuration parameters using IBSng application. Student should know system s reactions for introduced modifications and also should be able to observe these reactions on gatekeeper status port, on AAA server (using IBSng application) and with use of RADIUS protocol messages. Student should analyze received results and suggest own solu- PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 7/8

8 Sylwester Kaczmarek, Urszula Orłowska tions. 4. CONCLUSIONS In this paper the educative aspects of AAA sever laboratory model were presented. There was shown the way of creating the system from concepts to practical implementation in Linux environment. Configuration of the most important elements together with performed tests was discussed. It is necessary that this system appears in NGN networks. Each telecommunication company which exist on the market tries to provide AAA system solution in it s offer. This makes AAA system even more interesting for students. They should know issues connected with AAA system and understand processes between system s elements. Experiments presented in this paper allow gaining such knowledge. To extend already established laboratory set, there could be system configuration added so that not only voice but also data could be transferred. To implement such a system, there has to be special device used which supports data transfer. It can be RuterOS V2.9 made by MicroTik. The device enables set up of wireless network as well. It would allow creating wireless AAA system. REFERENCES [1] Company materials, Samodzielny Abonencki Terminal Kablowy ATK DGT 7410. Operating manual. DGT Sp.z.o.o., Gdańsk 2005. [2] Documentation for GnuGK, http://heanet.dl.sourceforge.net/sourceforge/openh323gk/gnugk-manual-2.2.4.pdf [3] Hassell J., RADIUS, Publisher O Reilly, October 2002 [4] Kaczmarek S., Next Generation Networks Architectures, Lecture materials, PG WETI, Gdańsk 2004. [5] Metz Ch., AAA PROTOCOLS: Authentication, Authorization and Accounting for the Internet, IEEE Internet Computing, November December 1999. [6] RFC 2865, Remote Authentication Dial In User Service (RADIUS), Network Working Group, June 2000. [7] RFC 2904, AAA Authorization Framework, Network Working Group, August 2000. [8] RFC 2975, Introduction to Accounting Management, Network Working Group, October 2000. [9] Web site of IBSng, http://www.ibsng.com/ PWT 2007 - POZNAŃ 6-7 GRUDNIA 2007 8/8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback