4-Infox CDMA MN AAA V200R002 Product Description V1 20

infoX CDMA MN AAA
Product Description
HUAWEI infoX CDMA MN AAA
Product Description
Document Version T2-040201-20060301-C-2.50
Product Version V200R002
Huawei Technologies Co., Ltd. provides customers with comprehensive technical

support and service. Please feel free to contact our local office or company
headquarters.
Huawei Technologies Co., Ltd.
Address: Administration Building, Huawei Technologies Co.,
Ltd., Bantian, Longgang District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://www.huawei.com
Copyright © 2007 Huawei Technologies Co., Ltd.
All Rights Reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks
And other Huawei trademarks are the trademarks or registered trademarks of Huawei
Technologies Co., Ltd. in the People’s Republic of China and certain other countries.
All other trademarks and trade names mentioned in this document are the property of their
respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has been made in the
preparation of this manual to ensure accuracy of the contents, but all statements, information, and
recommendations in this manual do not constitute the warranty of any kind, express or implied.
infoX CDMA MN AAA Product Description Confidential
Table of Contents
Chapter 1 Introduction to the infoX CDMA MN AAA............................................................... 1-1

1.1 Functions of the infoX CDMA MN AAA .......................................................................... 1-1
1.2 Position of the infoX CDMA MN AAA in the CDMA Network .......................................... 1-1
1.3 Interfaces of the infoX CDMA MN AAA.......................................................................... 1-2
1.4 Standards and Specifications ........................................................................................ 1-4
Chapter 2 Key Benefits ............................................................................................................ 2-1
2.1 Supporting Visited-AAA/Broker-AAA/Home-AAA ........................................................... 2-1
2.2 Supporting VPDN.......................................................................................................... 2-1
2.3 Supporting Local Prepaid Account User ........................................................................ 2-1
2.4 Supporting IN Prepaid Account User ............................................................................. 2-1
2.5 Access Policy Limitation for Prepaid User...................................................................... 2-2
2.6 Supporting Postpaid Accounting.................................................................................... 2-2
2.7 Providing Massive Capacity .......................................................................................... 2-2
2.8 Support Multi-Vendor Equipment................................................................................... 2-2
2.9 Supporting Integration of CDMA AAA ............................................................................ 2-2
2.10 Supporting VSA attribute delivering ............................................................................. 2-2
2.11 Manageability and Maintainability ................................................................................ 2-3
Chapter 3 System Structure .................................................................................................... 3-1
3.2 RADIUS Server............................................................................................................. 3-1
3.3 Accounting Server......................................................................................................... 3-1
3.4 Management System .................................................................................................... 3-2
3.5 Centralized Database.................................................................................................... 3-2
3.6 CDR Processor............................................................................................................. 3-2
3.7 General External gateway ............................................................................................. 3-2
Chapter 4 Services and Functions .......................................................................................... 4-1
4.1 RADIUS Server............................................................................................................. 4-1
4.2 Accounting Server....................................................................................................... 4-11
4.3 Management System .................................................................................................. 4-13
4.4 Prepaid Service........................................................................................................... 4-18
4.5 Web-based Self-care Portal ........................................................................................ 4-21
Chapter 5 Reliability................................................................................................................. 5-1
5.1 Hardware Reliability ...................................................................................................... 5-1
5.2 Software Reliability........................................................................................................ 5-5
Chapter 6 Operation and Maintenance.................................................................................... 6-1
6.1 O&M Functions ............................................................................................................. 6-1
Confidential Information of Huawei. No Spreading without

2008-04-04 Permission Page1-1, Total51
Chapter 7 Technical Specifications......................................................................................... 7-1

7.1 System Performance..................................................................................................... 7-1
7.2 Physical and Electrical Specifications ............................................................................ 7-2
7.3 Reliability Specifications ................................................................................................ 7-2
7.4 Compliant Safety Standards.......................................................................................... 7-2
7.5 EMC Specifications ....................................................................................................... 7-2
Chapter 8 Installation............................................................................................................... 8-1
8.1 System Installation........................................................................................................ 8-1
8.2 System Expansion ........................................................................................................ 8-1
Chapter 9 Appendix Acronyms and Abbreviations .............................................................. 9-1

Chapter 1 Introduction to the infoX CDMA MN AAA
This chapter describes the following aspects of the infoX CDMA MN AAA:
l Functions of the infoX CDMA MN AAA
l Position of the infoX CDMA MN AAA in the CDMA Network
l Interfaces of the infoX CDMA MN AAA
1.1 Functions of the infoX CDMA MN AAA

infoX-AAA is Huawei’s implementation for Remote Authentication Dial-In User Service
(RADIUS) server. As a RADIUS server, the infoX-AAA acts as an AAA server
interacting with PDSN or HA in the CDMA network, and perform centralized access
authentication, authorization, and accounting. When acting as proxy RADIUS server,
the infoX-AAA supports forwarding based on both realm and IMSI, and can forward the
authentication and accounting messages to another RADIUS Server (which is
generally an Home-AAA server) to implement roaming authentication and accounting.
It supports the IETF standards for RADIUS described in RFC 2865 and 2866, and
supports the use of a heterogeneous set of wireless, remote access equipment.
1.2 Position of the infoX CDMA MN AAA in the CDMA

Network
As a leading 3G standard in the world, CDMA2000 is well known for both its support for
high-speed data service and its compact, simple and practical network structure, as
shown in Figure 1-1.
Figure 1-1 CDMA network and orientation of the infoX-AAA

The infoX AAA can access the account information of CDMA network data user and
check network access authentication credentials. If the user's credentials are authentic
and the connection attempt is authorized, the infoX AAA will authorize the user's
access based on specified conditions and record the network access connection in an
accounting log. Through RADIUS, the user authentication, authorization, and
accounting data can be collected and maintained in a central location, rather than on
each access server.
1.3 Interfaces of the infoX CDMA MN AAA

1.3.1 Description of External Interfaces
Figure 1-2 System external interfaces
1.3.2 Interface with PDSN
This interface is between RADIUS Server and PDSN. The interface adopts RADIUS
protocol to implement authentication, authorization and accounting for service user.
The infoX-AAA can work with access equipment of various networks, such as PDSN in
CDMA network, GGSN in WCDMA/GPRS network.
RADIUS protocol is described in IETF RFC 2865 and 2866.
The 3GPP2 protocol is described in 3GPP2 P.S0001-A, 3GPP2 P.S0001-B and 3GPP2
X.S0011-005-C,etc

1.3.3 Interface with 3rd Party Radius Server
The interface between visited-AAA and Home-AAA adopts RADIUS protocol. The
visited-AAA transmits the entire RADIUS message, received from PDSN, to the
Home-AAA unchangeably.
The interface between visited-AAA and Broker-AAA adopts RADIUS protocol. The
visited-AAA transmits the entire RADIUS message, received from PDSN, to the Broker
-AAA unchangeably.
1.3.4 Interface with Home Agent
This interface is between AAA and HA. The interface adopts RADIUS protocol to
implement authentication and authorization for service user.
RADIUS protocol is described in IETF RFC 2865 and 2866.
When the HA receives an RRQ from a PDSN, and if there is no previous MN-HA shared
key, the HA shall send a RADIUS Access-Request message associated with the user
to retrieve the MN-HA shared key. The RADIUS Access-Request message shall
contain the user's NAI. The RADIUS server will return the MN-HA shared key attribute
to the HA.
1.3.5 Interface with OSS/BSS
After charging, the infoX-AAA generates detailed priced bills and transfers them to the
accounting processing module, which merges the received bills according to NAI and
forms the uniform data service bills.
After processing the service bills, the infoX-AAA implements the unified BOSS function
through the open interface used with other specialized accounting systems. The
infoX-AAA also provides a complete BOSS interface, i.e., API, which can be invoked in
other specialized accounting systems when necessary to achieve the BOSS function.
The infoX-AAA can easily work with the existing OSS/BSS software of the carrier.
I. MML protocol interface
The MML Server provides necessary environment for resolving MML commands. The
MML can be provided to an external system like the OSS/BSS as an interface protocol.
The following describes the functions of the MML used as an interface protocol.
The Man Machine Language (MML) is a type of text-based command message.
Through the open APIs provided for Huawei MML protocol, the OSS system can send
the user's service maintenance command to the infoX-AAA system. Including the
functions of
l Registering users and accounts
l Deregistering users and accounts
l Changing user password

l Querying user recharging record
l Querying user information
l Modifying account password or other attributes
The MML interface is based on the TCP protocol.
II. FTP interface
Interface function: The function of the FTP-based interface between the infoX-AAA and
the OSS/BSS system is to deliver CDRs. infoX-AAA puts generated CDRs into a
specified directory and the OSS/BSS system actively retrieves them.
Through controlling the interface, the infoX-AAA can receive commands of
enabling/disabling accounts delivered from the OSS/BSS system.
1.3.6 Interface with Huawei IN
The AAP is an interconnecting and inter-working module between Huawei CIN/FIN

network and infoX-AAA network. Through the AAP module the infoX-AAA can send
authentication request messages and fee deduction request messages to Huawei
CIN/FIN network when the prepaid users access the CDMA data network. So the
prepaid user can access the Internet.
The interface between infoX-AAA and CWIN is HMPP protocol. The interface between
infoX-AAA and FIN is SQL protocol.
1.4 Standards and Specifications

The infoX-AAA system design scheme of Huawei complies with the following
international standards:
l RFC 1101: DNS encoding of network names and other types

l RFC 1901:Introduction to Community-based SNMPv2
l RFC 1902:Structure of Management Information for Version 2 of the Simple
Network Management Protocol (SNMPV2)
l RFC 1905:Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPV2)
l RFC 2618: RADIUS Authentication Client MIB
l RFC 2619: RADIUS Authentication Server MIB
l RFC 2620: RADIUS Accounting Client MIB
l RFC 2621: RADIUS Accounting Server MIB
l RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1

l RFC 2138:Remote Authentication Dial In User Service (RADIUS)

l RFC 2139:RADIUS Accounting
l RFC 2865:Remote Authentication Dial In User Service (RADIUS)
l RFC 2866:RADIUS Accounting
l RFC 2867:RADIUS Accounting Modifications for Tunnel Protocol Support
l RFC 2868:RADIUS Attributes for Tunnel Protocol Support
l RFC 2869:RADIUS Extensions
l RFC 3576: Dynamic Authorization Extensions to RADIUS
l 3GPP2 P.S0001-A Version 1.0.0 Version Date: July 14, 2000 Wireless IP
Network Standard
l 3GPP2 P.S0001-B 2 Version 1.0.0 3 Version Date: January 30, 2002
Wireless SIP and MIP Standard
l 3GPP2 X.S0011-005-C Version: 1.0.0 Date: August 2003, CDMA accounting
Standard
l 3GPP2 X.S0011-006-C Version: 1.0.0 Date: August 2003, CDMA prepaid
service flow
l 3GPP2 A.S0007-0 Version 2.0 Date: November 2001 HRPD Standard
l 3GPP2 X.S0011-001-D Version 1.0, Date: March, 2006, cdma2000 Wireless
IP Network Standard:Introduction
IP Network Standard:Simple IP and Mobile IP Access Services
IP Network Standard:Data Mobility and Resource Management
IP Network Standard:Quality of Service and Header Reduction
IP Network Standard:Accounting Services and 3GPP2 RADIUS
IP Network Standard:PrePaid Packet Data Service
l RFC 1035: DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
l RFC 2136: Dynamic Updates in the Domain Name System (DNS UPDATE)
l RFC 2617: HTTP Authentication: Basic and Digest Access Authentication

Chapter 2 Key Benefits
This chapter describes the following features of the infoX CDMA MN AAA:
l Supporting Visited-AAA/Broker-AAA/Home-AAA
l Supporting VPDN
l Supporting Local Prepaid Accounting
l Supporting IN Prepaid Accounting
l Supporting Postpaid Accounting
l Providing Massive Capacity
l Support Multi-Vendor Equipment
l Supporting Integration of CDMA AAA
l Supporting VSA attribute delivering
l Manageability and Maintainability
2.1 Supporting Visited-AAA/Broker-AAA/Home-AAA

The infoX-AAA can act as a proxy server or a target server, and can forward proxy
requests to other RADIUS servers based on realm and IMSI.
2.2 Supporting VPDN

The infoX-AAA supports VPDN data service of CDMA network by delivering VPDN
tunnel attribute.
2.3 Supporting Local Prepaid Account User

The infoX-AAA supports local prepaid accounting for CDMA data service users. The
subscribers register in infoX-AAA system. The infoX-AAA provides recharging cards
management function.
The infoX-AAA supports the real-time accounting, multiple charging policies and the
functions listed in the attachment.
2.4 Supporting IN Prepaid Account User

Working with Huawei's intelligent network, the infoX-AAA supports prepaid accounting
for CDMA data service users.
The infoX-AAA supports the real-time accounting, multiple charging policies and the
functions listed in the attachment.

2.5 Access Policy Limitation for Prepaid User

The infoX-AAA can limit the user access base on time segment or flow-based
accumulative. The access policy can be set as some days of the week or some time
segment of the several days, or can be set as disable accessing or use new charging
policy when accumulative flow value exceeding appointed value.
2.6 Supporting Postpaid Accounting

The infoX-AAA supports the authentication on a CDMA postpaid user. Based on the
configuration, the infoX-AAA can also determine whether to record the related
accounting information of the user's usage of the network services. The information is
recorded in CDRs, which include NAI, IMSI, IP Address, start time of the service, end
time of the service, and so on.
2.7 Providing Massive Capacity

With load-balance and cluster architecture, the system can process a virtually unlimited
number of users without interruption in services. The infoX-AAA supports multiple
RADIUS server processes running simultaneously. For the PDSN, the default, second
and third RADIUS servers can be defined for backup and load-balance purposes.
2.8 Support Multi-Vendor Equipment

The infoX-AAA can work with a variety of network access equipment, including the
equipment from Huawei or other vendors to implement authentication and accounting
for CDMA user access and to realize the whole data network coverage. Thereby, it
provides the carrier with integrated, network-wide feature services.
2.9 Supporting Integration of CDMA AAA

In the CDMA2000 system, the AN AAA and MN AAA can be two different logical nodes.
The AN AAA and MN AAA can be placed separately on two different physical nodes, or
placed on the same physical node.
The infoX-AAA can serve as an MN AAA and an AN AAA simultaneously.
2.10 Supporting VSA attribute delivering

If any PDSN has specified attributes requirement, the infoX-AAA can reply needed
attributes to different vendor PDSNs.

2.11 Manageability and Maintainability

The infoX-AAA is highly manageable and maintainable. The system provides operator
right management, operation log management and CDMA service parameter
management such as QoS management, system alarm, system data query, and
level-specific system log management. You can manage and maintain the system
easily.

Chapter 3 System Structure
The infoX-AAA system is mainly composed of five Subsystems: RADIUS Server,

（including Accounting Server）, Management System, centralized database, CDR
Processor and General External Gateway. The five parts are as shown in Figure 3-1
Figure 3-1 Architecture of the infoX-AAA System
3.2 RADIUS Server

As the core part of the infoX-AAA, the RADIUS provides the functions of processing
RADIUS message, authenticating CDMA subscriber's access request, and accounting
the subscriber's usage. As a proxy RADIUS server, the infoX-AAA can forward
authentication and accounting messages. Additionally, it can set IPSec security
attribute. By delivering VPDN attribute, it can also build the VPDN security tunnel.
3.3 Accounting Server

As the core Subsystem of the infoX-AAA, Accounting Server conducts the secondary
pricing of original bills, and provides external interfaces for the OSS/BSS. It supports
the OSS/BSS to handle accounts, and receives the commands of enabling/disabling
accounts from the OSS/BSS after finishing accounts.

3.4 Management System

infoX-AAA includes a complete Management System which is very important for
service operation. The Service Management System consists of following parts:
Service Management Point (SMP), Web Management Access Server (WMAS), and
MML Server.
3.5 Centralized Database

The Database Server supports relationship databases such as Oracle and Informix.
3.6 CDR Processor

Transfer the CDR file format to fit with the billing system’s demand and send the CDR
file to the billing system.
3.7 General External gateway

Through the general external gateway, the infoX-AAA system can connect Huawei IN
and Radius Server.

Chapter 4 Services and Functions
This chapter describes the following services and functions of the infoX CDMA MN
AAA:
l RADIUS Server
l Accounting Server
l Management System
l Prepaid Service
4.1 RADIUS Server

Huawei infoX-AAA adopts the centralized user management mode. The user account
data and configuration information are stored in the SQL-based central database, thus
making it more convenient for the carrier to manage users.
4.1.1 Supporting standard RADIUS and 3GPP2 extended RADIUS protocol
As specified in RFC 2865 and RFC 2866, RADIUS is an industry standard protocol,
and is used to provide authentication, authorization, and accounting services. A
RADIUS client (typically a PDSN) sends user credentials and connection parameter
information through RADIUS to the RADIUS server. The RADIUS server authenticates
and authorizes the RADIUS client's request, and sends back a RADIUS response
message. RADIUS clients also send RADIUS accounting messages to the RADIUS
server.
As a RADIUS server, Huawei infoX-AAA supports standard RADIUS defined in RFC
2865 and 2866 and 3GPP extended RADIUS protocol.
4.1.2 Supporting Visited-AAA/Broker-AAA/Home-AAA
I. Visited-AAA
The infoX-AAA can serve as a visited MN AAA. Upon reception of RADIUS request
messages from the PDSN, the infoX-AAA can forward the requests based on realm of
NAI which can indicate a proxy target (i.e., a user would connect using George@myisp
rather than simply George) to user's home network unchangeably; Upon reception of
RADIUS response messages from user's home network, the infoX-AAA can forward
the message to PDSN unchangeably.

II. Broker-AAA
The infoX-AAA can serve as a broker MN AAA. It can forward the RADIUS request
messages from a visited MN AAA to a home MN AAA, and forward the RADIUS
response messages from a home MN AAA to a visited MN AAA.
III. Home-AAA
The infoX-AAA can serve as a home MN AAA. It can process and respond to the
RADIUS request messages received from the PDSN, visited MN AAA and broker MN
AAA.
IV. Summary
The correspondence of realm and routes can be configured on the infoX-AAA.

According to the routes, the infoX-AAA can forward the RADIUS messages with
different realms to different devices. The infoX-AAA can also judge whether a user is a
local one, and forward the RADIUS messages of non-local users based on the default
route.
When forwarding RADIUS messages as a proxy AAA, if it cannot receive any response
from the remote MN AAA, the infoX-AAA will forward the messages to the backup AAA
of the remote MN AAA.
4.1.3 Supporting Simple IP and Mobile IP
I. Simple IP
Simple IP refers to the access method which permits the subscriber to use an IP
address in a specified network. When moving outside the network, the subscriber will
use another IP address. In the process of network switching, the communication
breaks.
II. Mobile IP
Mobile IP refers to the access method which enables the subscriber to use an IP
address in different networks. Mobile IP provides the mobile function for subscribers.
With this function, subscribers can access different networks with one IP address and
keep the communication when switching networks.
4.1.4 Authentication
The end user equipment can connect to the PDSN in various passwords authentication
modes. The PPPoE protocol is most commonly used as the access protocol of end
users.
When PPPoE for CDMA is used for access, there are two user password authentication
modes: PAP and CHAP.
I. PAP Authentication
Password Authentication Protocol (PAP) is very simple. The user sends password to
the infoX-AAA, and the infoX-AAA verifies it against its SQL database. Of the two legs
of the journey the password takes between user and infoX-AAA, the first leg is usually
unencrypted, and the PDSN gets the password from the user in clear text. For the
second leg, the PDSN encrypts the password and the infoX-AAA decrypts it using a
shared secret key. Ultimately, the infoX-AAA has the password in clear text form and is
able to make use of it directly for authentication.
II. CHAP Authentication
Challenge Handshake Authentication Protocol (CHAP) avoids sending passwords in

clear text over any communication link. With CHAP, the PDSN generates a random
number (the challenge) and sends it to the user. The user's PPP client creates a
"digest" - a one-way encryption - of the password concatenated with the challenge, and
sends this digest to the PDSN. Because the digest is a one-way encryption, the
infoX-AAA cannot recover the password from the digest. What it can do is to perform
the identical digest operation using its own copy of the user's password stored in its
database. If the two digests match, the user will be authenticated.
III. Multi-Authentication Methods
Supporting the following five authentication methods: realm authentication (that is, all
authentication messages return successfully if the realm is correct), authentication
based on the IMSI, authentication based on the IMSI and NAI, authentication based on
the NAI and password, authentication based on the NAI, password and IMSI together.
IV. Authentication based on Common Account
In some scenario, the entire user use the common account to access the internet to use
a certain service, such as MMS service.
The infoX-AAA support “common account” + “IMSI” and “common account” + “common
password” +“IMSI” authentication methods. The corresponding service of the common
account can be set in the WMAS system. The charging policy of the common account
is based on usage not include the basic fee and accumulation discount.
V. Realm Analysis
Supporting realm resolution: The realm delimiter can be configured as %, #, @, and /.

In addition, realms can be preposed or postposed in the form of user@huawei or
huawei@user (for interconnecting with legacy devices). The infoX-AAA can resolve
these entire real format to get username and realm value.

VI. Account validity check
The system denies the access of the user if the account is frozen or cancelled.
VII. Support Radius Attribute Check
Some of the Radius Attribute value can be pre-set in the infoX-AAA WMAS GUI
interface. During the processing of Access-Request message, the infoX-AAA can
check whether the Radius attributes or values are being set.
VIII. Prepaid User Authentication
Supporting pre-authentication: If the prepaid service is used with the WIN, two
interfaces are involved: pre-deduction and refund. After a user logs on, or the
pre-deducted fee has been used up, the user sends a pre-deduct message to the UIN
for more pre-deducted fee. After the user logs off, the balance is refunded. If the fee is
not pre-deducted, the access of the prepaid user is denied.
IX. Access Policy Limitation
For prepaid user, the infoX-AAA can limit the user access base on time segment or
flow-based accumulative. The access policy can be set as some days of the week or
some time segment of the several days, or can be set as disable accessing or limit
bandwidth when accumulative flow value exceeding appointed value.
X. Postpaid User Authentication
Supporting the authentication of postpaid users, The infoX-AAA MN AAA can

authenticate postpaid users in the preceding authentication modes, and generate
CDRs.
4.1.5 Authorization
After accepting an access request, the infoX-AAA performs authorization according to

the user attribute information stored in the SQL database. infoX-AAA needs to judge
whether the user attribute satisfies various conditions, and ultimately returns an
authorization response message to the user.
The infoX-AAA supports authorization based on the following user information:
I. Caller binding
The infoX-AAA supports that an account can only be used by a specified mobile phone,
effectively avoiding illegal use of the account of the CDMA user for access.

II. Uniqueness
For a postpaid account, infoX-AAA supports uniqueness restriction by binding the

logon account with the user's mobile phone to ensure that the account can only be
used by the specific mobile phone. For a prepaid account, uniqueness can be
guaranteed because the charging is conducted based on the mobile phone number
(used in the wireless intelligent network), and mobile phones which have been
authenticated can not be reused.
III. IP static assignment
After a special user is defined, the operator set a stationary IP address for him in the
infoX-AAA, which assigns the IP address to the user upon the access authentication.
IV. Send the attribute dynamically
Based on the setting, access user, realm and equipment, the system queries and
sends the attribute group to PDSN. These attributes include the dynamically defined
VPDN attribute, user QoS attribute, reverse tunnel attribute and the VPDN tunnel
attribute.
V. Deliver the VSA attribute
The infoX-AAA can select VSA templates based on domain names, user, and user
groups, etc, and deliver authorization attributes to the PDSN according to the VSA
templates.
The attributes can be import into system using format file defined by infoX-AAA system.
That is the attribute can be defined by vendors not pre-defined by infoX-AAA system.
VI. IP Address Allocation
1) Dynamic address assignment

The carrier can define the IP address pool and set the mapping between the IP address
pool and the device, domain, subscriber, user type.
When receiving an authentication request, the infoX AAA first finds the mapping IP
address pool bound with the device, domain, subscriber, or user type. Then it delivers
an IP address in the IP address pool or the name of the IP address pool in the
authentication response to the device.
The device assigns the specified IP address or an IP address from the specified IP
address pool to the subscriber.
2) Static address assignment
This assignment policy is irrelevant to IP address pools. The carrier can specify a static
IP address for a subscriber when defining the subscriber.

After a subscriber is authenticated successfully, the infoX AAA delivers the IP address
to the device, and then the device assigns the IP address to the subscriber.
4.1.6 Proxy RADIUS capability
I. Overview
Huawei infoX-AAA can act as a RADIUS proxy server or a target server. In CDMA
network, When acting as a proxy server, Huawei infoX-AAA allows an incoming
RADIUS request to be forwarded to another RADIUS server (which is generally an
HOME-AAA RADIUS server of a CDMA user) for authentication and authorization or
accounting.
Figure 4-1 Roaming and Proxy Network Diagram
With proxy RADIUS, the infoX-AAA receives an authentication (or accounting) request
from a RADIUS client (such as a PDSN), forwards the request to a remote RADIUS
server (such as Broker-AAA/Home-AAA), receives the reply from the remote server,
and sends that reply to the client, possibly with changes to reflect local administrative
policy. A common use for proxy RADIUS is roaming. Roaming permits two or more
administrative entities to allow each other's users to access to either entity's network for
service.
The PDSN sends its RADIUS access-request to the "forwarding server" which forwards
it to the "remote server". The remote server sends a response (Access-Accept,
Access-Reject, or Access-Challenge) back to the forwarding server, which sends it
back to the PDSN. The User-Name attribute MAY contain a Network Access Identifier

(NAI) for RADIUS Proxy operations. The choice of which server receives the forwarded
request will be based on the authentication "realm" or IMSI. The authentication realm
MAY be the realm part of a Network Access Identifier (a "named realm"). Alternatively,
the choice of which server receives the forwarded request will be based on whatever
other criteria the forwarding server is configured to use, such as Called-Station-Id
(IMSI).
The infoX-AAA can function as both a forwarding server and a remote server, serving
as a forwarding server for some realms and a remote server for other realms. One
forwarding server can act as a forwarder for several numbers of remote servers. A
remote server can have several numbers of servers forwarding to it and can provide
authentication for several number of realms. One forwarding server can forward to
another forwarding server to create a chain of proxies, although care must be taken to
avoid introducing loops.
II. Multiple proxy rules
The infoX-AAA supports forwarding RADIUS message based realm.

The infoX-AAA supports forwarding RADIUS message based IMSI segment.
The infoX-AAA can forward the packets of non-local users to the default Home-AAA.
III. Supporting forwarding the packets of roaming users to the primary and secondary
servers
IV. Forwarding authentication and accounting requests dividually
The infoX-AAA can forward authentication and accounting requests to different

Home-AAAs.
V. Supporting generating CDRs
In inter-province roaming scenarios, the Visited-AAA server and Broker-AAA store the
UDR information of non-local roaming users for accounting and settlement.
4.1.7 Fee budget and session duration delivery
Huawei infoX-AAA provides a balance budget mechanism for prepaid users. After a
user passes authentication, the infoX-AAA checks the user's account balance in real
time, and calculates the user's available online duration according to the balance and
the charging rate selected by the user. Then it sends a RADIUS access response
message with a session-timeout attribute to the PDSN.

4.1.8 VSAs delivery
If any PDSN has specified attributes requirement, the infoX-AAA can reply needed
attributes to different vendor PDSNs. The related attributes are described in the
following table.
Table 4-1 VSA attributes list
Type Attribute Name Range Description

Indicates whether the PDSN needs
IKE Pre-shared Secret
1/5355 3GPP2 a pre-shared secret for Phase 1 IKE
Request
negotiation with the HA
Security level: Indicates the type security that the

2/5355 3GPP2 home network mandates on the
visited network
3/5355 Pre-shared secret: 3GPP2 A pre-shared secret for IKE
Reverse Tunnel Indicates the style of reverse
4/5355 3GPP2
Specification tunneling that is required
The Home RADIUS server
Differentiated Services authorizes differentiated service via
5/5355 3GPP2
Class Option Attribute the Differentiated Services Class
Options Attribute
7/5355 Home Agent Attribute 3GPP2 The address of the Home Agent
Contains the KeyID parameter used
8/5355 KeyID Attribute 3GPP2 during IKE exchange between the
PDSN and the HA
Contains the ‘S’ secret parameter
11/5355 ‘S’ Attribute 3GPP2
used to make Pre-shared secret
Contains the lifetime of ‘S’ secret
12/5355 ‘S’ lifetime Attribute 3GPP2 parameter used to make
Pre-shared Secret
Indicates whether the HA requests
13/5355 S' Request Attribute 3GPP2
a shared secret "S"
4.1.9 Home Address Assignment
In the registration of users, you can specify a fixed IP address for each user. When a
user accesses the system to use data services, the infoX-AAA receives an
Access-Request message from the PDSN. If it finds that the user has already
registered a fixed IP address, the infoX-AAA delivers the IP address in an
Access-Accept message and assigns it to the user.

4.1.10 Supporting VPDN authorization
The infoX-AAA can serve as the AAA of the VPDN Service, providing the authentication
of user L2TP tunnels and the configuration of tunnel attributes. According to the realm
carried in a NAI, the infoX-AAA judges the user's home, and transfers the
corresponding L2TP attributes to the LAC. Based on these attributes, the LAC
establishes an L2TP tunnel and session to the home LNS for the user.
This mode is applicable to the enterprise-oriented VPDN service. If a user is found to
be a VPDN user of an enterprise, the infoX-AAA will send the corresponding L2TP
attributes to the LAC through RADIUS, and thereby establish an L2TP tunnel to the
enterprise LNS. The authentication of a single user is completed by the enterprise AAA.
After a user's L2TP session is established, if the LAC can send RADIUS accounting
messages to the infoX-AAA, the infoX-AAA may record the network usage statistics of
this end user. These records can be used for checking the bills generated at the Carrier
and the enterprise AAA.
The standard VPDN attributes are described in the following table.
Table 4-2 VPDN attributes list
Type Attribute Name Range Description

64 Tunnel-Type L2TP Type of Tunneling protocol
Type of transport protocol used for
65 Tunnel-Medium-Type L2TP
the tunnel
66 Tunnel-Client-Endpoint L2TP Beginning of the tunnel's IP address
67 Tunnel-Server-Endpoint L2TP Ending of the tunnel's IP address
68 Acct-Tunnel-Connection L2TP Unique accounting ID
Encrypted password necessary to
69 Tunnel-Password L2TP
establish the tunnel
Group ID for a particular tunneled
81 Tunnel-Private-Group-ID L2TP
session
82 Tunnel-Assignment-ID L2TP Name of the tunnel
83 Tunnel-Preference L2TP Tunnel preference
90 Tunnel-Client-Auth-ID L2TP Name of the beginning of the tunnel
91 Tunnel-Server-Auth-ID L2TP Name of the ending of the tunnel
4.1.11 Dynamic Home Agent assignment with RADIUS
In this specification, an MS may request dynamic HA assignment during the initial MIP
registration. If the local policy dictates that during re-registration, the PDSN shall send a
RADIUS Access-Request message to Home RADIUS server, then Home RADIUS
shall allocate the same HA that is specified in the RRQ To request a dynamic HA
assignment, the MS shall set the HA address field to 255.255.255.255 in the RRQ
message.
Upon receipt of the RADIUS Access-Request message, if the Home RADIUS
determines that an HA may be assigned dynamically, then the Home AAA shall apply
an implementation specific HA selection algorithm to determine the IP address of an HA
and return it to the PDSN in the HA Attribute in an RADIUS Access-Accept message.
The PDSN then relays the RRQ message to the assigned HA.
If the assigned HA does not have the MN-HA shared secret to verify the MN-HA
Authentication Extension, the HA shall obtain it from the Home AAA. If the processing
of the RRQ message is successful, then the HA responds with an RRP message to the
PDSN containing its own IP 3GPP2 P.S0001-B 2/6/2002 address in the HA field. Upon
receipt of an RRP message indicating MIP registration success, the MS shall accept
the dynamically assigned HA address contained in the RRP message, even if it is
different from the HA address provided in the RRQ message. The network will not
dynamically assign a home address, unless the MS requests one. The allocated HA
shall be capable of supporting the requested non-zero Home Address of the MS, if
proposed in the RRQ.
During MIP re-registrations, the MS shall use the same HA IP address and the Home
Address that were assigned to it during the initial MIP registration.
If the MS initiates an RRQ with a non-zero HA IP address that is not 255.255.255.255
(i.e., MS not requesting a dynamic HA assignment), then the Home AAA should return
the same HA IP address in the RADIUS Access-Accept message to the PDSN.
4.1.12 Supporting postpaid and prepaid users
The infoX-AAA supports prepaid user authentication accounting, and postpaid user
authentication and accounting.
4.1.13 Supporting EV-DO Rev.A
The infoX-AAA support EV-DO Rev.A standard.

During the Authorization procedure, the infoX-AAA support delivering the following
EV-DO Rev.A attributes to PDSN: Maximum Authorized Aggregate Bandwidth for
Best-Effort Traffic, Allowed Differentiated Services Marking, Service Option Profile,
Allowed Persistent TFTs, Authorized Flow Profile IDs for the User, Maximum Per Flow
Priority for the User, Inter-User Priority.
During the Accounting procedure, the infoX-AAA deal with PDSN sending attributes:
Service Reference ID, FLOW_ID Parameter, Subnet, RSVP Inbound Octet Count,
RSVP Outbound Octet Count, RSVP Inbound Packet Count, RSVP Outbound Packet
Count, Granted QoS Parameters, and put these attribute into CDR file.
The infoX-AAA support Multi-Serv-Flow for postpaid service. That is, the postpaid user
has one session and uses several services.
The infoX-AAA support One-Serv-Flow for prepaid service. That is, the prepaid user
has one session and uses ones services.
4.2 Accounting Server

4.2.1 Supporting multiple accounting modes
For prepaid service, the system supports various accounting modes, including
I. Free charge
For some users, all the Internet access fees are free of charge.
II. Monthly-fee package
The users pay for the Internet access fee for a month. In this month, he has no limit
duration or volume for Internet access.
III. Basic fee + Measurement-based fee
For users with high consumption, only part of the basic fee is charged, and the users
are charged at a low rate.
IV. Upper limit
To stimulate the consumption of users, when the accumulated Internet access fee of a
user exceeds the upper limit, the system no longer charges the user.
V. Time-segment-based accounting
The Accounting Server provides flexible charging policies for the CDMA access service.
The infoX-AAA supports the duration-based charging in the CDMA services.
VI. Traffic-based accounting
The infoX-AAA supports setting charging rates based on the data flow generated upon
the usage of the data service and supports charging according to the traffic information
reported by PDSN.
4.2.2 Supporting multiple discount modes
The system supports various discount modes, including:
I. Time-segment-based discount
l A certain time period in each day

l Some days in each week
l Some days in each year

l Some days in some years
II. Subscription preference (by duration, by flow)
III. Time-based/ Flow-based accumulative discount
l Supporting duration-based accumulative discount

l Supporting flow-based accumulative discount
4.2.3 Supporting prepaid and postpaid charging policies and their

combinations
l Supporting duration-based accounting

l Supporting traffic-based accounting
l Supporting discount-based accounting
4.2.4 Generating CDRs
Accounting information can be recorded in CDRs, regardless of whether the infoX-AAA

serves as a Home-AAA, a Broker-AAA or a Visited-AAA. Through a management
terminal, you can set whether to record Accounting Start information, Accounting Stop
information and Interim Accounting information. The main parameters in a CDR are as
shown in the following table.
Table 4-3 CDR attributes list
CDR definition RADIUS attribute definition

Max.
RADIUS Data
No. CDR field load RADIUS field Feature
type format
size
Status
1 AcctType 40 4 Integer Acct-Status-Type
type
Roaming
2 RoamFlag 4 Integer
flag
User
3 UserClass 4 Integer
type
4 MSID 31 20 String Calling ID
Framed IP
5 IP Address 8 16 IP-addr
Address

Network
6 Access 1 64 String User-Name
Identifier(NAI)
MIP Home 3GPP2 HA IP
7 26/7 16 IP-addr
Agent (HA) Addr
PDSN/FA
8 4 16 IP-addr NAS Address
Address
3GPP2 PCF IP
9 Serving PCF 26/9 16 IP-addr
Addr
4.3 Management System

Huawei infoX-AAA includes a complete Management System which is very important
for service operation. Functionally, the Management System can be divided into
several parts as follows.
4.3.1 Components of the Management System
I. Service Management Subsystem
The infoX-AAA Service Management Subsystem is the kernel of the

infoX-AAA-Management System. All management functions are finally accomplished
by the software in the host, including the management of service, users, network,
access and system. Operators interact with the System to conduct all infoX-AAA
management operations.
In the Management System, the open interface provides the MML commands and the
security management mechanism. The operation support system of a third party can
access the infoX-AAA-Management System via MML Server to use the powerful
functions provided by the System.
II. MML Server
The MML Server is mainly responsible for the client access control. The client access
control means that the legal third party will be granted the access license and that the
third-party software will apply for access when it starts, so that the MML Server can
check its license and grant the access permission accordingly. This result in great
access convergence, and hence the access load of the Service Management
Subsystem host is reduced.

4.3.2 Service Management
I. Managing Recharging Cards
Through the WMAS, the carrier can manage recharging card resources. For example,
the carrier can generate, activate, deactivate, pre-delete or delete cards, import or
export card data and extend the validity period of cards.
Table 4-4 Recharging Card Management
Function Description
Generate card Generates a batch of card resources.
Activates prepaid cards. Only the activated cards
Activate card
can be used to access the Internet.
Deactivates prepaid cards. Cards in the
Deactivate card Deactivated state cannot be used to access the
Internet.
Sets the status of a card to the Pre-deleted state.
Pre-delete card Cards in this state can be deleted directly from the
database.
Completely deletes cards from the database. After
Delete card this, cards can’t be regenerated and put in use
again.
Imports card data from a .txt file that is compiled in
Import card
the specified format into the database.
Exports the card data in the database to a .txt file in
Export card
the specified format.
Extend validity period Extends the validity period for a batch of cards.
II. Managing the user service
l Account management:
l Add/delete users
A postpaid user can subscribe for the Internet access service through the business
center version. He can access the Internet through this account and pay the usage fee
to the carrier at the specified time. Normally, the consumption amount is not limited.
Moreover, through defining a user, the carrier can learn about some user data, and
control overdraft or defaulting actions of the user.
Deleting a user is reverse to defining a user. The carrier cancels the function of
accessing the Internet through this account, and stop providing the Internet access
service for the user.
l Reset accounts
If your account is suspended, you can continue to use it to access the Internet through
resetting operation.
l Enable/disable accounts
As a forcible management function provided to control the defaulting users, it can
suspend the service. It can also resume the service after the users have paid all the
overdue fees.
l Unlock users
Locked users can ask to be unlocked in the business center.
l Change password
You can change your password in the business center.
III. Managing Local Prepaid User Account
You can manage local prepaid user account. The following show the main function of
the user account management :
If the carrier has OSS or Billing system which provide business function, the infoX-AAA
system provides MML interfaces to implement according functions. The following
functions in case of the carrier have no OSS or Billing system.
l Local prepaid account register
The infoX-AAA WMAS system provides local prepaid account registering GUI
operation function. This subscriber also can do cash recharge at the same time.
l Local prepaid account cash recharge
The infoX-AAA supports local prepaid subscriber do cash recharge through business
hall.
l Rollback cash recharging
The local prepaid subscriber can rollback cash recharging for recent month, usually it is
about 3 month.
l Query recharging record
The local prepaid subscriber can query cash recharging record through business hall.
The record is usually saved for 3 month.
The records include user account, recharging time, and recharging balance and so on.
l Query rollback recharging record
The local prepaid subscriber can query rollback cash recharging record through
business hall. The record is usually saved for 3 month.
l Query subscriber information
End user can query information about their accounts such as user name, user type,
port restriction status, and balance, etc.

IV. Managing CDMA service parameters
You can manage various CDMA service parameters. For example, manage CDMA
service configuration parameters, realm attributes, extended attributes and proxy
attributes.
The CDMA service configuration parameters mainly include maximum monitored
duration (second) per session, maximum monitored traffic (Kbytes) per session,
maximum password reattempts, idle time-out time (second), the period of reserving
deregistered user data (day), the access range of prepaid users, and proxy priority. You
can query and modify the parameters.
You can configure various CDMA service parameters, realm attributes, extended
RADIUS attributes, proxy attributes the mapping of IMSIs and realms to satisfy the
requirements for flexible configuration of parameters, and thereby realize dynamic
delivery of attributes in the CDMA service.
V. Managing accounting Parameters
You can manage various accounting parameters, including time-segment-based

discount parameters, accumulative discount parameters, charge rate parameters and
charge policy parameters. You can configure and manage the accounting parameters
to satisfy the accounting requirements of the CDMA service, such as monthly-fee
charge, charge by flow, measurement-based discount, subscription preference (by
duration, by flow) and accumulative discount.
VI. Managing Users Profile
By means of user management, you can manage the user profile. The user profile
includes the user's NAI, IMSI, status, password, service type, and QoS information.
You can manage users by NAI or by IMSI.
The values of QoS include:
0=Best Effort
10=AF11
12=AF12
14=AF13
18=AF21
20=AF22
22=AF23
26=AF31
28=AF32
30=AF33

34=AF41
36=AF42
38=AF43
46=EF.
The IMSI is the unique identifier of a user, and is used by the proxy AAA in user
authentication.
Through user management, you can manage user groups, user information, user
password, user authentication mode, and user password protection, freeze a single
user or freeze users in batches, and realize scheduled deletion of deregistered user
data.
The main attributes of a user are described in the following table.
Table 4-5 User attributes list
Attribute description
User Name
User Service Type
Home Realm
IMSI
MDN
Static IP address
User status
4.3.3 System Management
Through the remote Web management interface provided by the infoX-AAA system or
through command lines, you can manage system data, and manage the open JDBC
interface between the background and the database.
System management is mainly to manage operator data, user data, accounting data,
network nodes and system alarms, monitor system resources and back up the
database.
I. Managing network nodes
In the CDMA service, you can add, load, modify, update, unload and delete PDSN
nodes and CDMA proxy nodes.

The information of a PDSN node includes node type, node number, basic IP address,
basic port number, backup IP address, and equipment type, public key and extended
attribute ID.
The information of a CDMA proxy node includes node type, node number, basic IP
address, basic port number, backup IP address, equipment type, protocol code and
public key.
The information of an HA node includes node type, node number, basic IP address,
basic port number, backup IP address, equipment type, RADIUS Share Secret, and
IKE Pre-shared Secret.
The infoX-AAA uses the defined parameters of a network node to communicate with
the corresponding external entity and satisfy the requirements of the CDMA service.
4.4 Prepaid Service

4.4.1 Overview
The prepaid service solution allows a user to buy a certain amount of services in
advance (In the prepaid data service, it is a certain quantity of usage time or data traffic).
In this solution, the prepaid service traces the user's consumption of resources (time or
traffic) and deducts the service fees from the user's account in real time. Before the
account balance runs out, the prepaid service allows the user to recharge the account,
and thereby ensures that the user can uninterruptedly enjoy various services provided
by the carrier.
Note:
It can’t support IN prepaid service and local prepaid service at the same time in the
infoX-AAA system.
4.4.2 IN Prepaid Service
At present, almost all the wireless carriers in the world have deployed the prepaid
service in the voice service field. In some areas, the quantity of prepaid voice service
users has reached 70% of the total quantity of users. It is found by carriers that the
provisioning of prepaid services can not only popularize wireless services, but also
bring considerable profits for them. The CDMA carriers worldwide are now upgrading
their networks to CDMA 1x, and begin to provide optimized data services. They
strongly demand equipment manufacturers to provide a prepaid service solution
oriented to data services. This complete prepaid service solution provided for CDMA1x
carriers by Huawei is to meet this demand.
The implementation schemes for prepaid data services are classified into two types:

l In one scheme, an independent prepaid data service system must be

constructed, and is separated from the prepaid voice service system. Each user has
an independent prepaid data service account.
l In the other scheme, the prepaid data service system is integrated with the
prepaid voice service system. Each user only has one prepaid account, which can
either be user for voice services or data services, or other services such as the short
message service.
To facilitate flexible deployment and better integration of various services for the carrier,
Huawei prepaid service platform adopts the latter scheme. When making this scheme,
Huawei consulted many international standards, mainly the standards related to
3GPP2, and also considered the carrier's current equipment conditions. So there is a
sound theoretical and realistic basis for the feasibility of this scheme.
The following figure shows the network structure of Huawei prepaid data service
platform.
Figure 4-2 Networking of the prepaid service
The Home-AAA (Here, it refers to the infoX-AAA) server can provide authentication,
authorization and accounting services for prepaid users, and can identify prepaid users.
Huawei intelligent network (H-IN) controls the account balance of each user. The
Home-AAA needs to request a certain amount of money from the H-IN and allocate it to
the user. If the amount is not used up, the remaining shall be refunded to the H-IN. The
interface between the AAA and H-IN adopts Huawei open HMPP protocol.

4.4.3 Local Prepaid Service
If the AAA of the current CDMA network is provide by infoX-AAA. There is no Huawei IN
rd
or the IN provide 3 party vendor who can’t follow the HMPP protocol, provided by
Huawei, to connect with infoX-AAA system. In order to implement the prepaid service,
the infoX-AAA provides local prepaid service function. The network structure as
following shows:
Figure 4-3 Networking of the Local Prepaid service
The Web Portal system is provided by OSS/BILLING system of the carrier. If there is no
OSS/BILLING system, the web portal basic function provided by infoX-AAA. The
interface between the infoX-AAA and Web Portal adopts Huawei open MML protocol
In the situation, an independent prepaid data service system is separated from the
prepaid voice service system. Each user has an independent prepaid data service
account.
The Home-AAA (Here, it refers to the infoX-AAA) server can provide authentication,
authorization and accounting services for local prepaid users, and can identify local
prepaid users. The infoX-AAA controls the account balance of each user. The
Home-AAA needs to request a certain amount of money from local prepaid account
and allocate it to the user. If the amount is not used up, the remaining shall be refunded
to the local prepaid account.
The infoX-AAA system issues recharging card. The local prepaid user can use
recharging card recharge account through Web Portal system.

4.5 Web-based Self-care Portal
Note:
We recommend the carrier provides the Web Portal system when infoX-AAA provides
the local prepaid service. The infoX-AAA just provides basic function Web Portal
system.
The Self-care Portal is an optional component of the infoX-AAA system of the local
prepaid service. Through the Self-care Portal, the carrier can provide Web-based
customer self-care services to users.
The following figure is a sample page of the Web-based self-care Portal:
1) In the operation area on the left, users can operate self-care local prepaid service.
2) In the demonstration area on the right, users can view the operation results.
4.5.1 Functions
I. Querying user information
End user can query information about their accounts such as user name, user type,
account balance, and so on.
II. Changing password
End users can log in to the self-care center to change their authentication password.

III. Online recharging through rechargeable card
After a local prepaid user buy a rechargeable card, he can login in to the self-care
center to recharge.
IV. Querying Bills
The local prepaid user can query bills by the month on the self-service portal. The user
can query the detailed online information in this period, such as online time, duration,
volume, and consumption amount.

Chapter 5 Reliability
The infoX-AAA is designed on the basis of comprehensive reliability analysis. It uses

advanced protection mechanisms to ensure reliability.
This chapter details the following aspects of the reliability of the infoX-AAA:
l Hardware Reliability
l Software Reliability
5.1 Hardware Reliability

The hardware reliability of the infoX-AAA is ensured by:
l Host Reliability
l Disk Reliability
l Power and Network Reliability
5.1.1 Host Reliability
The infoX-AAA adopts UNIX-based cluster architecture to realize high availability,

fail-over and reliability for the service application system. A cluster is a collection of
loosely coupled computing nodes, and provides a single client view of network services
and applications, including databases, web services, and file services.
Each cluster node is a stand-alone server that runs its own processes. These
processes can communicate with each other to form like a single system that
cooperatively provides applications, system resources, and data to users.
The goals of Cluster Architecture are as follows:
Reduce or eliminate system downtime because of software or hardware failure.
Ensure availability of data and applications to end users, regardless of the kind of
failure that would normally take down a single server system.
The cluster achieves high availability through a combination of hardware and software.
Redundant cluster interconnections, storage, and public networks protect against
single points of failure. The cluster monitors applications and their dependent system
resources, and fails over or restarts applications in case of failures.
Huawei infoX-AAA provides the function of dual system cold backup on the cluster
architecture. The dual system adopts the shared disk array, better guaranteeing the
security and saving the investment for the carrier. With the dual system backup function,
the system can switch over to the standby host in a short time when the active host
becomes faulty. Due to the asynchronies of the application programs on the active and
standby hosts, the call or operation being processed may be lost. The switchover time
of the dual system is no more than 300 seconds.
Active
Active machine
machine
application
application software
software
Lock On standby machine,
Lockdisk
disk only OS is running.
Informix
Informix Server
Server
Active Standby Heartbeat Active Standby Heartbeat

network network network network network network
card card card Disk
Diskarray
array card card card
Data space
Active
Active network
network
segement
segement
Standby
Standby network
network
segment
segment
Heartbeat network
Figure 5-1 Networking of the dual system cold backup
There are two nodes and two shared disk arrays in the infoX-AAA dual system. All the
application files and data in the database are put on the shared disks. Simultaneously
infoX-AAA applications are split into two application groups. Each group corresponds to
a predefined logical host. The logical host is a virtual host which can switch between
the two nodes. The logical host has a floating IP address which is bound to the
hardware node but floats with the logical host between the two hardware nodes. So the
client system does not need to care which node the application group is presently on.
The two application groups that correspond to the two logical hosts include:
Group1: RADIUS & billing system and other relative processes.
Group2: service management system and Web application processes.
At normal time, the two logical hosts are active separately on the two hardware nodes.
When one node is running abnormally, the cluster monitor will probe the failure, and
then switch the logical host to another node, and subsequently start up the
corresponding applications.
Figure 5-2 describes the configuration of the cluster dual system.

Admin Client
console System
Public Network
Public network Console access device(TC) Public network

interface interface
ttya ttya
NAFO NAFO
Group Group
Interconnect
adaptors
Node 1 Node 2
Interconnect cables
Storage SCSI
interfaces
Local disk Multihost shared disks Local disk
Figure 5-2 Cluster configuration
5.1.2 Disk Reliability
Regarding disk reliability, infoX-AAA ensures high reliability and availability of data in
centralized storage array mode. The infoX-AAA system includes two storage disk
arrays. (For example, Sun StorEdge3320. A single array can support up to 12*73G
Ultra SCSI disks.) In the centralized storage array system, the infoX-AAA adopts the
RAID 1+0 technologies to provide disk redundancy and ensure high performance.
Thereby, it can prevent system data from being affected by any single point failure.
The data redundancy function is to use redundant information to recover data after user
data is corrupted, so as to ensure security for the user data. From the view point of the
user, the disk volume is like a hard disk. Operations on a disk array are basically
consistent with those on a single hard disk. The mere difference is as follows: The
storage performance of a disk array is much higher than that of a single hard disk.
Moreover, the disk array can provide data redundancy.
RAID stands for Redundant Array of Independent Disks. Simply speaking, a RAID is a
hard disk volume (logical hard disk) formed by several independent hard disks
(physical hard disks). Compared with a single hard disk, a RAID provides data
redundancy and higher storage performance. Various modes for forming RAIDs are
called RAID levels.

RAID 0, also called stripe or striping, and represents the highest storage performance
among all RAID levels. For RAID 0, the principle of enhancing storage performance is
to scatter successive data to multiple disks for access. In this way, when there is a data
request in the system, the requested operation will be implemented on multiple disks in
parallel, and each disk only fulfills the part of data of its own. This kind of parallel
operation can make full use of the bus bandwidth and remarkably enhance the overall
access performance of the disks.
RAID 1 is also called mirror or mirroring. Its purpose is to maximally ensure the
availability and recoverability of user data. The operation mode of RAID 1 is to
automatically duplicate all the data written by a user on a hard disk to another hard disk.
Due to 100% backup of stored data, among all the RAID levels, RAID 1 provides the
highest data security guarantee. However, because the backup data occupies half of
the total storage space, the mirror disk features lower space utilization ratio and high
storage cost.
RAID 1+0 is the combination of RAID 0 and RAID 1. As a scheme that has taken both
storage performance and data security into consideration, RAID 1+0 provides data
security guarantee equivalent to that of RAID 1, and storage performance approximate
to that of RAID 0.
Here take RAID 1+0 formed by four disks as an example. Figure 5-3 shows its data
storage mode.
Figure 5-3 RAID 1+0
In addition, the infoX-AAA adopts VERITAS Volume Manager to manage the volumes
of the whole disk array, and thereby ensures that each disk volume can be orderly
accessed by multiple hosts in parallel.

5.1.3 Power and Network Reliability
All the power supplies, signaling links and data networks of Huawei infoX-AAA host are
backed up to guarantee the normal operation of the system in case any fault occurs on
the active node.
The data links of the dual system work in active/standby mode. Each node of the
cluster is provided with two network adapters (one active and one standby), which are
respectively connected to the active sub-network and the standby sub-network. The
two sub-networks are connected via links. If the active network adapter on a host is
faulty, the standby network adapter will be used for network communication. If the
connector in the active network segment is faulty, the equipment running on the
network can continue to work in the standby network segment.
The entity with dual system represents one IP address, that is, the floating IP address,
to the outside. Therefore, the IP address accessed by the external entity remains
unchanged after the switchover of the dual system. Both the data network and the
signaling network link are configured in pairs. If one link is faulty, the system can
automatically switch over to the other link.
5.2 Software Reliability

The software reliability of the infoX-AAA is ensured by:
l Progress exception handling
l Application Subsystem alarm
l Communication exception handling
l Overload control mechanism.
5.2.1 Progress exception handling
The handling of various exceptions has been considered during the design of each
functional entity. For example, when one process of the RADIUS server is abnormal, it
can be automatically restarted.
5.2.2 Application Subsystem alarm
Any application Subsystem that has detected abnormal running will report the alarm
information to the EMS system, and the EMS system generates an alarm to inform the
operator for handling.
5.2.3 Communication exception handling
In case of communication exception, each functional entity can automatically detect the
communication exception with the external entity, and will save the messages sent to
the outside. When the communication recovers, it will re-send the messages.
5.2.4 Overload control mechanism
The RADIUS server makes real-time access statistics, and will start overload control to
ensure that the system can resist very high call impact when the system load exceeds
the threshold value or when the response speed is very slow. Meanwhile, it ensures
that the processing capability of the system can be recovered quickly after the impact,
and the service capability will not drop greatly in peak hours.

Chapter 6 Operation and Maintenance
The M2000 is a centralized management system for the Huawei mobile network
products. It is platform software implementing centralized management for different
mobile network products. The M2000 communicates with the infoX-AAA through the
TCP/IP protocol.
6.1 O&M Functions

Brief introduction to O&M functions related to the infoX-AAA system.
Table 6-1 O&M brief function list
Category Alarm/Performance Description

Alarm CPU overload The CPU usage exceeds 90%.
Log file oversize A log file is too big, exceeding 30 MB.
The alarm client fails to The alarm client fails to connect to the
connect to the SMP SMP.
Connecting to the SCP fails The SMP is disconnected from the
iSCC.
The CPU used by a The percentage of CPU used by a
process exceeds the limit single process exceeds 20%.
The disk space usage The disk space usage exceeds 80%.
exceeds the limit
The memory used by a The memory used by a process
process exceeds the limit exceeds 60%
Performance Statistics of authentication Statistics on
performance l Authentication request messages
received by the infoX-AAA
l Successful authentication
messages sent by the infoX-AAA
l Denied authentication messages
sent by the infoX-AAA
Statistics of accounting Statistics on
performance l Accounting request messages
received by the infoX-AAA
l Accounting response messages
sent by the infoX-AAA
Performance Statistics of authentication Statistics on
proxy performance l Authentication request messages
forwarded by the infoX-AAA
Category Alarm/Performance Description

l Successful authentication
messages forwarded by the
infoX-AAA
l Denied authentication messages
Statistics of accounting Statistics on
proxy performance l Accounting request messages
l Accounting response messages

Chapter 7 Technical Specifications
The chapter describes the following technical specifications of the infoX-AAA:
l System Performance
l Physical and Electrical Specifications 删除的内容: Physical and
Electrical Specifications
l Reliability Specifications
删除的内容: Reliability
l Compliant Safety Standards
Specifications
l EMC Specifications
删除的内容: EMC
Specifications
7.1 System Performance
Table 7-1 lists the system performance specifications of the infoX-AAA which runs in
SUN V440 Dual, 4*1.593GHz, 8G, 4*73G.
1
Table 7-1 system performance specifications
Item Performance
The max amount of database
l 500 thousand
subscribers
The max active subscribers l 130 thousand
l Postpaid
RADIUS authentication 167 pieces per second
message processing rate l Prepaid
50 pieces per second
l Postpaid
RADIUS accounting message 334 pieces per second
processing rate l Prepaid
l Postpaid
RADIUS transaction processing 167 pieces per second
rate l Prepaid
l < 3 seconds (for 95% of the authentication
Response time for an requests)
authentication request l < 5 seconds (for 99% of the authentication
requests)
1
According to the calling mode provided by infoX-AAA.
l < 3 seconds (for 95% of the accounting

Response time for an accounting requests)
request l < 5 seconds (for 99% of the accounting
requests)
7.2 Physical and Electrical Specifications

Table 7-2 lists the physical and electrical specifications of the infoX-AAA.
Table 7-2 physical and electrical specifications of the infoX-AAA
Item Sun solution

Cabinet N610 cabinet
H: 2200 mm
Dimensions W: 600 mm
D: 1000 mm
Total weight 800 kg
2
Weight capacity of floor >600 kg/m
Power input 220 V AC
Power consumption 5000 W
7.3 Reliability Specifications

Table 7-3 lists the reliability specifications of the infoX-AAA.
Table 7-3 reliability specifications of the infoX-AAA
Item Specification
Availability Is more than 99.995%.
Time needed to switch in the two-node system Is less than 5 minutes.
Mean Time Between Failure (MTBF) Is more than 17520 hours.
Mean Time To Recover (MTTR) Is less than 48 minutes.
7.4 Compliant Safety Standards

The infoX-AAA meets the following safety standards:
l EN 60950-1:2001
7.5 EMC Specifications

The infoX-AAA meets the following Electromagnetic Compatibility (EMC) standards:
l EN 55022: 1998 + A1: 2000 + A2: 2003

l ETSI EN 300 386 V1.3.3: 2005

Chapter 8 Installation
This chapter describes the following aspects of the installation of infoX-AAA:
l System Installation
l System Expansion
8.1 System Installation

The infoX-AAA system is assembled in the factory.
To facilitate the time consuming installation and make it error free, the infoX-AAA
system provides an auto installation tool. This tool can install the system automatically.
This tool can be used to:
l Check the installation environment
l Install and configure the system
l Check the installation result
8.2 System Expansion

With the development of services, data services are becoming more and more
popularized. When a node of the system cannot meet the service demands, system
expansion should be considered.
The infoX AAA supports two expansion modes, and can be expanded smoothly.
l Vertical expansion
You can enhance the performance indexes of a node such as the processing capability,
storage capability, and I/O processing capability by increasing the number of CPUs,
memory capacity and the number of hard disks. Thereby the service processing
capability of this node is enhanced.
l Horizontal expansion
The Radius server supports load-balancing mechanism. The load-balancing servers

distribute the traffic of authentication request messages and accounting request
messages to different nodes. Each node can process the request message separately.
Once a node is faulty, the request messages are sent to the other node.
When the processing capability of a node cannot meet the service running requirement,
the system can use the cluster technology to realize distributed service processing on
multiple nodes.

Chapter 9 Appendix Acronyms and

Abbreviations
A
AAA Authentication, Authorization and Accounting
ADSL Asymmetric Digital Subscriber Line
ASN Access service network
ASN-GW ASN Gateway
ASP Application service provider
B
BSC Base Station Controller
BS Base Station
BSS Base Station Subsystem
BTS Base Transceiver Station
C
CDR Call Detail Record
CDMA Code Division Multiple Access
CDPD Cellular Digital Packet Data
CSD Circuit Switched Data
CSN Connectivity service network
CP/SP Content/Service Provider
D
DHCP Dynamic host configuration protocol
DSMP Data Service Management Platform
DSSP Data Service Switch Point
E
EAP Extensible authentication protocol
F
FA Foreign Agent
FTAM File Transfer Access Management
FTP File Transfer Protocol
G
GGSN Gateway GPRS Support Node
GMSC Gateway Mobile Switching Center
GSM Global System for Mobile Communication
H
HA Home Agent
HLR Host Location Register
HTTP Hyper Text Transfer Protocol
I
ICP Internet Content Provide
IGW Interconnecting Gateway
IN Intelligent Network
iSMS Integrated Service Management System
ISDN Integrated Services Digital Network
ISN Intelligent Service Node
ISP Internet Service Provider
M
MDN Mobile Directory Number

MIP Mobile IP
MML Man Machine Interface Language
MMSC Multi-Media Message Service Center
MS Mobile Station
MSC Mobile Switching Center
MSISDN Mobile Station ISDN
MSID Mobile Station Identification
MSK Master Session Key
N
NAP Network Access Provider
NSP Network service provider
O
OSS/BSS Operation and Support System/Business
Support System
P
PAP Push Access Protocol
PCF Packet Control Function
ASN-GW Packet Data Serving Node
PLMN Public Land Mobile Network
POD Package Of Disconnect
PPC Prepaid Client
PPS Prepaid Server
PPAC Prepaid Accounting Capability
PPAQ Prepaid Accounting Quota
PPP Point-to-Point Protocol
PPPoE Point-to-Point over Ethernet
PSTN Public Switched Telephone Network
R
RADIUS Remote Authentication Dial In User Service
S
SCP Service Control Point
SSL Secure Sockets Layer
SMAP Service Management Agent Point
T
TLS Transport Layer Security
TTLS Tunneled TLS
U
URL Uniform Resource Locator
V
VLR Visitor Location Register
VQ Volume Quota
VT Volume Threshold
W
WiMAX Worldwide Interoperability for Microwave
Access Forum
WMAS Web-based Management Access Server
WWW World W ide Web


4-Infox CDMA MN AAA V200R002 Product Description V1 20

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

4-Infox CDMA MN AAA V200R002 Product Description V1 20

Caricato da

Copyright:

Formati disponibili

infoX CDMA MN AAA

Document Version T2-040201-20060301-C-2.50

Product Version V200R002

Huawei Technologies Co., Ltd. provides customers with comprehensive technical

Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co.,

Ltd., Bantian, Longgang District, Shenzhen, P. R. China

Postal Code: 518129

written consent of Huawei Technologies Co., Ltd.

Chapter 1 Introduction to the infoX CDMA MN AAA............................................................... 1-1

Confidential Information of Huawei. No Spreading without

Chapter 7 Technical Specifications......................................................................................... 7-1

Confidential Information of Huawei. No Spreading without

Chapter 1 Introduction to the infoX CDMA MN AAA

1.1 Functions of the infoX CDMA MN AAA

1.2 Position of the infoX CDMA MN AAA in the CDMA

Figure 1-1 CDMA network and orientation of the infoX-AAA

1.3 Interfaces of the infoX CDMA MN AAA

Figure 1-2 System external interfaces

1.3.2 Interface with PDSN

Confidential Information of Huawei. No Spreading without

1.3.3 Interface with 3rd Party Radius Server

1.3.4 Interface with Home Agent

1.3.5 Interface with OSS/BSS

I. MML protocol interface

l Changing user password

II. FTP interface

1.3.6 Interface with Huawei IN

The AAP is an interconnecting and inter-working module between Huawei CIN/FIN

1.4 Standards and Specifications

l RFC 1101: DNS encoding of network names and other types

Confidential Information of Huawei. No Spreading without

l RFC 2138:Remote Authentication Dial In User Service (RADIUS)

Confidential Information of Huawei. No Spreading without

Chapter 2 Key Benefits

2.1 Supporting Visited-AAA/Broker-AAA/Home-AAA

2.2 Supporting VPDN

2.3 Supporting Local Prepaid Account User

2.4 Supporting IN Prepaid Account User

Confidential Information of Huawei. No Spreading without

2.5 Access Policy Limitation for Prepaid User

2.6 Supporting Postpaid Accounting

2.7 Providing Massive Capacity

2.8 Support Multi-Vendor Equipment

2.9 Supporting Integration of CDMA AAA

2.10 Supporting VSA attribute delivering

Confidential Information of Huawei. No Spreading without

2.11 Manageability and Maintainability

Confidential Information of Huawei. No Spreading without

Chapter 3 System Structure

The infoX-AAA system is mainly composed of five Subsystems: RADIUS Server,

Figure 3-1 Architecture of the infoX-AAA System

3.2 RADIUS Server

3.3 Accounting Server

Confidential Information of Huawei. No Spreading without

3.4 Management System

3.5 Centralized Database

3.6 CDR Processor

3.7 General External gateway

Confidential Information of Huawei. No Spreading without

Chapter 4 Services and Functions

4.1 RADIUS Server

4.1.1 Supporting standard RADIUS and 3GPP2 extended RADIUS protocol