Overview of Managing and Controlling Sessions in SBR Carrier
Introduction
SBR Carrier tracks the status of user connections that it authenticates in a current sessions table (CST). Because the CST is based on RADIUS accounting data, the list of active sessions is accurate only if all of your network access servers (NAS) are configured to support RADIUS accounting. To accurately track session activity, you need to ensure:
- All clients in your configuration support RADIUS accounting
- All clients are configured to send accounting messages to SBR Carrier
Session Management and Control Capabilities
The session management and control capabilities in Steel-Belted Radius Carrier can be divided into two separate categories:
- The ability to view and delete active sessions
- The ability to dynamically disconnect sessions or change the state of a session
Viewing and Deleting Sessions
The ability to view and delete sessions is available with the basic Steel-Belted Radius Carrier license. With this basic license, you can search for all sessions, or specify certain criteria and display only sessions that match those criteria. You can then select a session or multiple sessions and delete them.
 |
NOTE: Deleting a session deletes the session from the Steel-Belted Radius Carrier Current Sessions Table (CST). However, the session remains active. To inactivate a session, you must perform a disconnect, which requires the optional Session Control module. For more information, see Overview of the Optional Session Control Module577. |
Disconnecting or Changing the State of Active Sessions
Under some circumstances, you may want to disconnect or make changes to active sessions without requiring the NAS to initiate the change. For example, you may want to terminate an active user's session by issuing a Disconnect Message (DM) request to the NAS, or you may want to modify the authorization level of an active user's session issuing a Change of Authorization (CoA) request to the NAS. For example, as a service provider, you may be required to comply with lawful intercept regulations by providing legal organizations with voice and data intercept capabilities. These might include access to private communications between organizations or individuals such as phone calls, e-mail, VoIP, or instant messaging. These lawful intercept capabilities can be performed by issuing a CoA request.
The optional Session Control module enables you to offer dynamic service changes to reinforce current service offerings. Using the Session Control module, you can customize the CoA/DM requests you want to support in your network. You can define actions that can be invoked on active sessions such as disconnecting an active session, increasing the bandwidth of an active session, or any other action you want to define. For more information, see Overview of the Optional Session Control Module577.
You can control sessions using SBR Administrator, a command line utility, or you can develop your own client management application to interface with the Steel-Belted Radius Carrier CoA/DM XML interface.
Available User Interfaces for Managing and Controlling Sessions
You can use the following user interfaces to manage and control sessions in Steel-Belted Radius Carrier:
SBR Administrator
You can use SBR Administrator to view and delete sessions, as well as execute actions on active sessions. After you define an action in the deviceModels.xml file, a button for invoking the action becomes visible in SBR Administrator. You simply perform a query to locate and select one or more active sessions, and then select the action button to execute the action on the selected sessions. For more information, see Using SBR Administrator to Manage and Control Sessions589.
Command Line Utility
You can use the command line utility to view sessions and to execute actions on active sessions. After you define an action in the deviceModels.xml file, you can use the action name as an argument in the command line utility to execute the action on the selected sessions.
|
NOTE: The command line utility (scscli.sh) |
For more information, see Using the Command Line Utility to Manage and Control Sessions599.
XML over HTTPS Application Programming interface
Steel-Belted Radius Carrier includes an application programming interface (API), which is a proprietary XML request/response interface that runs over an HTTPS connection (HTTPS over TLS). Both the SBR Administrator management client and the command line utility management client interact with this API when issuing CoA/DM (actions) requests and when receiving responses to those requests. The protocol used for this interface is mirrored on the Simple Object Access Protocol (SOAP), though it is not identical to it.
You can develop your own XML management client to integrate with this API in order to customize the CoA/DM actions you want to support in your network. If you choose to develop your own XML management client to issue CoA/DM actions, all client requests must be in the XML format specified in Client Request Schema Example. In addition, your client management application must be capable of handling client responses from Steel-Belted Radius Carrier in the XML format specified in Client Response Schema Example. Refer to Overview of the Optional Session Control Module577 for a discussion on how Steel-Belted Radius Carrier processes CoA/DM requests.
Administrative Scripts
If you have purchased the optional Subscriber State Register option, you can use the ShowSessions.sh and DelSession.sh scripts to view and delete sessions. For more information, see Session State Register Administration517.
