IMS AAA Server Release 1.1 Administration Guide > Administering Remote Network Elements > Common Administrative Tasks

Common Administrative Tasks

This section describes administrative tasks that are common to both Diameter and RADIUS Remote Network Elements.

To navigate to the Remote Network Elements dialog select Remote Network Elements, and then select either Diameter Elements or RADIUS Elements. The main dialog for Diameter Remote Network Elements is shown in Figure 37.

Figure 37: Remote Network Elements Dialog

From this dialog you can:

• Add a New Diameter or RADIUS Remote Network Element.
• Edit an Diameter or RADIUS Remote Network Element.
• Delete an existing Diameter or RADIUS Remote Network Element.
• Refresh the list of Diameter or RADIUS Remote Network Elements.

Creating and Naming a Diameter or RADIUS Remote Network Element

To create a new Diameter or RADIUS Remote Network Element:

1. From the main IMS AAA Server Administrator menu, navigate to either:

• Remote Network Elements > Diameter Elements
• Remote Network Elements > RADIUS Elements

2. Click New from the main Diameter or RADIUS Network Elements dialog.
3. Enter the name by which others will refer to this network element in the Name field.

• Optionally, enter a description for the network element in the Description field. The description you associate with a network element is not used during processing.

4. Click OK to save the network element.

Editing a Diameter or RADIUS Remote Network Element Description

To edit the description of a Diameter or RADIUS Network Element:

1. From the main Diameter Network Elements dialog (Figure 37), select the Remote Network Element you want to edit and click Edit.
2. Edit the Description field by highlighting the entire field and typing in the new description.
3. Click OK to save the edited description.

Deleting a Diameter or RADIUS Remote Network Element

1. From the main Diameter Network Elements or RADIUS Network Elements dialog, select the Network Element you want to delete and click Delete.

You are prompted with a Confirm Delete dialog.

2. Click Yes to delete the network element, or No to cancel the operation.

Assigning Functions and Configuring Implicit Routing Rules

This section describes how to assign functions to a Diameter or RADIUS Remote Network Element. Certain functions require you to configure implicit routing rules when you assign the function to the network element. This section also provides an overview of the implicit routing rules.

Functions Supported in the IMS AAA Server

Table 16 provides a description of each functions supported by the IMS AAA Server and specifies whether the function is supported in Diameter, RADIUS, or both.

Table 16: Functions Supported in the IMS AAA Server  

Function	Description	Diameter	RADIUS
WLAN	The WLAN Access Network function is a source of authentication, authorization and accounting for the Direct IP service provided by the WLAN infrastructure.
Downstream	This function is assigned to other 3GPP AAA servers to which this server may forward (proxy) requests. For example, the HSS may indicate the request needs to be redirected to another 3GPP AAA Server; in which case the local IMS AAA Server must proxy the request to the remote 3GPP AAA server. This remote 3GPP server would be assigned the Downstream function. Another example would be when a subscriber's identity or realm decoration indicates roaming, and the IMS AAA Server may need to proxy the request to another 3GPP AAA server outside the HPLMN.
HSS	The Home Subscriber Server is a Diameter-based subscriber and policy database used in 3GPP networks that implement IMS R6 or later. The IMS AAA Server downloads and caches both user credentials and service subscription data (profile data) from the HSS. In addition, the IMS AAA Server coordinates with other 3GPP AAA servers via a registration mechanism in the HSS. The first 3GPP AAA server that authenticates a particular subscriber is registered as the "responsible" server in the HSS. Any subsequent authentications for that subscriber will be redirected to the "responsible" server, as long as it remains registered. After the subscriber has left the network, the registration may be purged by the 3GPP AAA server or the HSS, meaning it is no longer responsible and the next server to authenticate this subscriber may take over. The reference point between IMS AAA Server (3GPP AAA server), and the HSS is Wx, and it is defined only in terms of Diameter. Hence, the HSS function is not available for RADIUS network elements.		-
PDG	The Packet Data Gateway performs authentications and authorizations of tunnel requests, when tunneled IP service (3GPP IP Service) is being provided. The authorization processing of these requests is different from requests received from WLAN AN devices, because a different 3GPP service is used. However, the rest of the processing is very similar to WLAN AN. This function exists only for Diameter network elements, because no RADIUS protocol binding for the reference point (Wm) is defined.		-
CDF	The Charging Data Function is the accounting server for offline charging. Also known as Charging Collection Function, this function receives all chargeable event records from the IMS AAA Server and other network elements.		-
Upstream	The Upstream function represents another 3GPP AAA Server, such as another Juniper IMS AAA Server, or other vendor's AAA server, communicating over the Diameter protocol. This server proxies, or redirects requests to this local IMS AAA Server. These requests may be of the form usually received from WLAN AN or PDG in the local network, but they are actually proxied from some remote network. In this scenario, the exact WLAN AN or PDG the request originated from might not be known to this local IMS AAA Server. For example, if a roaming subscriber is receiving the 3GPP IP service provided by a visited network, the VPLMN might proxy the authentication received from the PDG to the HPLMN's IMS AAA Server. The IMS AAA Server in the HPLMN would not know the actual PDG, but it would still be expected to authorize the access (roaming access in this case).		-
AAA Cluster Peer	This function is assigned to AAA servers that are operating in a cluster with the local server. The local server may forward requests to this AAA server, if the peer can process the request more efficiently.		-
WAG	The WLAN Access Gateway implements an enforcement function. During authorization, the IMS AAA Server pushes routing policy information for the subscriber's current service to the WAG, which will then enforce this routing policy. This is only used for WLAN 3GPP (tunneled) IP Access service.		-
SRC	Policy server sending service activation and deactivation requests. See Enabling Dynamic Authorization for Routers for more information.		-

To assign functions to a Diameter or RADIUS Remote Network Element, select the function from the predefined list in the IMS AAA Server Administrator. Most functions require no further configuration. However, certain functions require you to configure implicit routing rules when you assign the function. For instance, when you assign the HSS function to a Diameter Remote Network Element, you need to specify which subscribers are served by the HSS. This is done by assigning the HSS function and configuring the implicit routing in the function configuration.

NOTE: You can configure only one element of the SRC network for the SRC function.

NOTE: If you assigned the SRC function, the server does not start listening for incoming RADIUS request until you establish at least one SRC connection in a network element.

Implicit Routing Rules

Implicit routing is based on subscriber identity or realm, except for the WAG function. In 3GPP WLAN networks, the subscriber identity is the IMSI (International Mobile Subscriber Identity) of the mobile device.

Table 17 shows the functions that use implicit routing rules, and the type of routing rules used by each function.

Table 17: Functions That Use Implicit Routing Rules

Function	IMSI Prefix Routing	Realm Routing	Origin-Host Routing	Origin-Realm Routing
HSS			-	-
CDF			-	-
Downstream	-		-	-
WAG	-	-

IMSI Prefix Routing-Allows you to specify which IMSI prefix numbers are associated with the remote peer (function). For example, entering 3000 for the IMSI prefix routing for an HSS, instructs the IMS AAA Server to use this HSS for all requests that have an IMSI beginning with 3000. Optionally, you can instruct the server to route all local subscribers to this HSS by selecting the Default route for all local users option.

Realm Routing-Allows you to specify which realms are routed to the remote peer (function). When a request is received, the server examines the NAI decoration to determine the realm to which the request should be routed. If the request does not contain an NAI decoration, the Destination-Realm in the request is used; this applies to Diameter requests only. For example, if you entered XYZ.com under the realm routing rule for an HSS function, the IMS AAA Server would retrieve subscriber credentials from this HSS for processing any requests with an NAI decoration that includes XYZ.com. Optionally, you could use the HSS for processing all requests from all realms by selecting the Default route for all users from all realms option.

Origin-Host Routing-(Used for WAG function only) Allows you to specify which PDG's Origin-Host names have their requests routed to the remote peer. Optionally, requests from any PDG's Origin-Host can be routed to the remote peer by selecting the Default route for all origin host option.

Origin-Realm Routing-(Used for WAG function only) Allows you to specify which PDG's Origin-Realm names have their requests routed to the remote peer. Optionally, requests from any PDG's Origin-Realm can be routed to the remote peer by selecting the Default route for all origin realm option.

Implicit Routing Rule Priorities

The server uses the following priorities to process implicit routing rules:

1. IMSI
2. Realm
3. Default IMSI route (default route for local users)
4. Default Realm route (default route for all users from all realms)

For example, if both IMSI and realm routing rules are defined for the function, IMSI routing rules take priority over realm routing rules.

NOTE: Any Explicit routing rules defined for a function, take priority over Implicit routing rules.

For more information on routing rules see Request Routing Rules.

Assigning Functions to a Remote Network Element

To assign a function to a Diameter or RADIUS Remote Network Element:

1. From the main Diameter or RADIUS Network Element dialog, click New next to the Functions Assigned list.

The server displays the list of functions supported by the Diameter or RADIUS Network Element. Figure 38 shows a sample dialog for Diameter Network Elements.

Figure 38: Sample Functions Dialog

2. Select the desired function and click Next.

A dialog opens that displays a brief description of the function and a Description field. If the function supports implicit routing, the respective configuration tabs will also be shown in the dialog. Figure 39 shows an example dialog for the HSS function.

Figure 39: Sample Assign Function Dialog for Function=HSS

For functions that do not support implicit routing, proceed to step 3. For functions that do support implicit routing proceed to Configuring Implicit Routing Rules.

3. Enter a description for the function in the Description field.
4. Click Finish.

The function is added to the Functions Assigned list.

5. Click OK to save the configuration.

Configuring Implicit Routing Rules

The following section describes how to configure the various types of implicit routing rules including:

• Configuring IMSI Routing Rules
• Configuring Realm Routing Rules
• Configuring Origin-Host Routing Rules (WAG Function only)
• Configuring Origin-Realm Routing Rules (WAG Function only)

Configuring IMSI Routing Rules

To configure IMSI Routing rules:

1. Select the IMSI Routing tab.

• Select New from the IMSI Routing tab.

The New IMSI Prefix Routing Rule dialog is displayed (Figure 40).

or

• Select the Default route for local users option. This option specifies that all local subscribers use this function. If you select this option, proceed to step 3.

Figure 40: New IMSI Prefix Routing Rule Dialog

2. Enter the IMSI prefix and click OK.

The IMSI prefix is added to the list of IMSI prefixes.

3. Click Finish.

The function is added to the Functions Assigned list.

4. Click OK to save the configuration.

Configuring Realm Routing Rules

To configure Realm Routing rules:

1. Select the Realm Routing tab.

• Select New from the Realm Routing tab.

The New Realm Routing Rule dialog opens (Figure 41).

or

• Select the Default route for all users from all realms option. This option specifies that requests from all realms be routed to the remote peer. If you select this option, proceed to step 3.

Figure 41: New Realm Routing Rule dialog

2. Enter the Realm name you want routed to the function and click OK.

The realm name is added to the list of Realms.

3. Click Finish.

The function is added to the Functions Assigned list.

4. Click OK to save the configuration.

Configuring Origin-Host Routing Rules (WAG Function only)

If you selected the WAG function, use the following steps to configure the Origin-Host routing rules:

1. Select the Origin-Host Routing tab.

• Select New from the Origin-Host Routing tab.

The New Origin-Host Routing Rule dialog opens (Figure 42).

or

• Select the Default routing rule for all Origin-Host option. This option specifies that requests from any Origin-Host be routed to the remote function. If you select this option, proceed to step 3.

Figure 42: New Origin-Host Routing Rule Dialog

2. Enter the Origin-Host you want routed to the function and click OK.

The Origin-Host is added to the list of Origin-Hosts.

3. Click Finish.

The function is added to the Functions Assigned list.

4. Click OK to save the configuration.

Configuring Origin-Realm Routing Rules (WAG Function only)

If you selected the WAG function, use the following steps to configure the Origin-Realm routing rules:

1. Select the Origin-Realm Routing tab.

• Select New from the Origin-Realm Routing tab.

The New Origin-Realm Routing Rule dialog opens (Figure 43).

or

• Select the Default routing rule for all Origin-Realm option. This option specifies that requests from any realm be routed to the remote function. If you select this option, proceed to step 3.

Figure 43: New Origin-Realm Routing Rule Dialog

2. Enter the Origin-Realm you want routed to the function and click OK.

The Origin-Realm is added to the list of Origin-Realms.

3. Click Finish.

The function is added to the Functions Assigned list.

4. Click OK to save the configuration.

Editing Functions and Implicit Routing Rules

1. From the main Diameter Network Elements or RADIUS Network Elements dialog, select the Remote Network Element you want to edit and click Edit.
2. Select the function from the Functions Assigned list and click Edit.

The edit dialog for the particular function opens.

3. Make the desired changes by following the steps in Assigning Functions and Configuring Implicit Routing Rules.
4. Click OK to save the edited function.
5. Click OK to save the Remote Network Element.

Deleting a Function from a Diameter or RADIUS Remote Network Element

1. From the main Diameter Network Elements or RADIUS Network Elements dialog, select the Remote Network Element you want to delete the function from and click Edit.
2. Select the function you want to delete from the Functions Assigned list and click Delete.

The function is deleted from the Functions Assigned list.

3. Click OK.