PANA Working Group Internet Draft R. Maglione Expires: December, 2006 M. Ullio V. Vercellone Telecom Italia June 2006 Problem Statement for a time-basis accounting in an "always-on" Broadband Network access scenario draft-maglione-pana-acct-time-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract Two main models for providing DSL Internet Access are currently available: one is based on PPP protocol and provides flexible AAA (Authentication, Authorization and Accounting) mechanism, dynamic IP address assignment and is generally used by Internet Service Maglione, et al. Expires December, 2006 [Page 1] Problem Statement for a time-basis accounting June 2006 Providers (ISPs) for temporary or semi-permanent Broadband connections which may be billed on a time-basis. The other is based on DHCP or static IP addressing, generally lacks flexible AAA mechanism and is most of the time associated to flat-rate broadband connections. The evolution of services and access techniques may quickly lead to a wide deployment of non-PPP based access model associated with flat rates charge, providing "always-on" Internet connections. However, even in this scenario, ISPs may still require that some services are billed on a time basis. This Internet Draft describes the problem typically faced by ISPs when a time-basis billing model is required for non-PPP Broadband Connections. It also introduces requirements that a possible solution should satisfy in order to address the problem. Moreover the document covers a brief analysis of the Status of Art. Table of Contents 1. Specification of Requirements..................................2 2. Introduction...................................................2 3. Terminology....................................................3 4. Problem Statement..............................................4 5. Requirements of the Solution...................................5 6. Brief analysis of current possible approaches..................6 6.1 Web Portal based approach..................................6 6.2 DHCP based approach........................................7 6.3 PANA based approach........................................7 7. Conclusions....................................................8 8. Security Considerations........................................8 9. IANA Considerations............................................8 10. References....................................................8 Acknowledgments...................................................9 Author's Addresses................................................9 Intellectual Property Statement...................................9 Disclaimer of Validity...........................................10 Copyright Statement..............................................10 1. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. 2. Introduction Maglione, et al. Expires December, 2006 [Page 2] Problem Statement for a time-basis accounting June 2006 Traditionally access to data networks typically involves the establishment of logical connections realized through PPP [1] (Point- to-Point Protocol) protocol sessions. This applies in particular for clients connected on copper lines that use xDSL-type (Digital Subscriber Line) transmission techniques, called Broadband Access techniques, to connect to the Internet. In such scenario, access functionalities are provided by edge routers, called BRAS (Broadband Remote Access Servers), that terminate the access connections and perform the routing functions for the client traffic. The user terminal connects via DSLAM (Digital Subscriber Line Access Multiplexer) to a broadband access network in order to reach dedicated BRAS edge routers that provide Internet connection. ------------- ------- ------ | User Terminal | ---- | DSLAM | --- | BRAS | --- | Internet | ------------- ------- ------ An increasing interest is being currently witnessed for the adoption of "always-on" type access models; in that case, the terminal has a "steady" connectivity to the network. The evolution towards an increasing use of the "always-on" models is also motivated by the need of an integrated offer, on xDSL broadband access lines, of VoIP (Voice over IP) and video communication services; in fact, for this type of applications, the terminal must always be on-line and reachable from the network. In this scenario Internet Service Providers are focused on providing Triple-Play services (a bundle of voice, data and video services) built on top of a convergent network infrastructure based on the IP protocol. The idea to build a single convergent network infrastructure to offer heterogeneous services is mainly driven by a cost reduction objective that an integrated and flexible network could achieve. However the evolution toward a multi-service network will require new mechanism to support different charging and accounting policies according to different service requirements and access methodologies. 3. Terminology Session: a generic context that is created for every user who interacts with the edge router device. Various types of sessions may be defined, depending on the packet types that are being handled by the session. In this problem statement the term session refers namely to an IP session. This is a Maglione, et al. Expires December, 2006 [Page 3] Problem Statement for a time-basis accounting June 2006 Layer 3 session because it includes all IP packets exchanged with a subscriber device at a single IP address. Broadband Remote Access Server (BRAS): the edge router device that provides Internet connection. ISP: Internet Service Provider (ISP): a company that supplies Internet connectivity to home and business customers. Public Switched Telephone Network (PSTN): the established international telephone system carrying voice data over circuit switched connections. Digital Subscriber Line (DSL): a technology for bringing high-bandwidth information to homes and small businesses over ordinary copper PSTN lines. The widely used term xDSL refers to different variations of DSL, such as ADSL, HDSL, VDSL and SDSL. Network Access Provider (NAP): a service provider that provides physical and link-layer connectivity to an access network it manages. Walled Garden: in this context, the term is used to designate an environment allowing to control the access from the users to a restricted set of network resources, e.g. Web content and services. 4. Problem Statement DSL access to the Service Provider network is currently based on logical links built using PPP protocol. This model is usually called "virtual dial-up" because it simulates the traditional narrowband connection originally built by using modem devices connected to PSTN lines. The transition to the "virtual dial-up" technique happened smoothly for two main reasons: it was based on standard and widely deployed protocols like PPP and RADIUS [2] (and therefore could easily be Maglione, et al. Expires December, 2006 [Page 4] Problem Statement for a time-basis accounting June 2006 integrated by ISP's in their network infrastructure) and it provided the same user experience as the traditional dial-up service to end users. The evolution of xDSL technology will rapidly increase available bandwidth for final users, driving the demand for value-added services, such as VoIP, Video and Online Gaming (also known as "triple" and "quadruple" play services) requiring "always on" broadband connections. In such scenarios, the classical virtual dial up approach is affected by scalability issues, and therefore it will be gradually replaced by an "always-on" model based on IP sessions. Evolving towards purely IP based access models also implies the absence of Authorization and Accounting records which are normally available when using virtual dial up approach: in this case, deploying service charged on a time basis would be extremely difficult. It could be argued that an always-on connection is normally associated to a flat-rate charge; however the evolution of ISP's service portfolio may still require a time base charging method for value added services going beyond standard offers. In other words, even with an "always-on" paradigm, it may still be required to identify "sessions" associated with special services in order to measure the exact duration of such services and charge them on a time basis. 5. Requirements of the Solution This section describes the requirements for a solution that provides a non-PPP based access method to an IP network: 1)it MUST be able to authenticate the users before allowing them the network access; this is required to guarantee an appropriate security level and for associating to each user his profile typically specifying also the accounting policies to be applied to the user; 2)it SHOULD support different authentication methods, in order to be able to select the proper/adapted security level for different scenarios; 3)it MUST support different accounting policies like time-basis charging, volume-basis charging, flat and prepaid charging in order to be applied to most common Service Provider commercial offers; 4)it MUST be able to dynamically modify the session attributes when a particular event happens. Typical situation that may require ISPs to modify user capabilities is when prepaid credit expires: in this case ISP may want to provide to the user limited or no access to the network; Maglione, et al. Expires December, 2006 [Page 5] Problem Statement for a time-basis accounting June 2006 5)it MUST be able to modify the accounting policy related to a specific session, without terminating the established session; this allows ISPs to offer dynamic activation of new services that may require different charging policy. Moreover, in a particular scenario where the ISP and the NAP are not the same entity, the ability to dynamically select the Internet Service Provider MAY translate into an additional requirement for a suitable solution. 6. Brief analysis of current possible approaches There are currently different approaches that try to address the time-basis billing problem in non-PPP based network scenario; they can all be classified in three main categories: a)a Service Selection architecture, based on the interaction with a dedicated service access Web portal; b)an architecture based on dynamic address assignment functionality through DHCP (Dynamic Host Configuration Protocol) servers [4]; c)a solution based on PANA protocol [5] [6]. As the next sections will show, none of these approaches completely satisfies all the requirements listed above, thus either a new solution or an extension of an existing one, is required to solve the problem. 6.1 Web Portal based approach In the case of a Service Selection architecture, a Web portal could typically be used to manage with the login for those users wishing to access services with a time-based accounting. The Web portal allows the selection of the desired service among those offered from the network. This occurs by using the HTTP (HyperText Transfer Protocol) [3] protocol, through an edge element of the IP network. As the user opens the HTTP browser, his traffic is re-directed by the edge network element towards the Web server, hosting the services access portal, located on a specific IP subnet. The Web server asks the user for its authentication credentials and, if that step is successful, the Web server presents to the user a menu of the available services out of which the desired service may be selected. Upon a service request, an appropriate session is created and the associated RADIUS accounting function started. This approach has two main limitations: it relies on redirection of http traffic thus it requires pre- establishing an http session even if the end-user does not need to send http traffic; it is not based on a standard solution but it relies on proprietary methodologies. Maglione, et al. Expires December, 2006 [Page 6] Problem Statement for a time-basis accounting June 2006 6.2 DHCP based approach DHCP protocol is built on a client-server model, where designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured hosts. DHCP supports three mechanisms for IP address allocation: "automatic allocation", "dynamic allocation" and "manual allocation". In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). Dynamic allocation is particularly useful for assigning an address to a client that will only need temporary connection to the network or for sharing a limited pool of IP addresses among a group of clients that do not need permanent IP addresses. The session duration can be identified by the interval between the time the IP address request is received and the time the IP address is released. Time-basis accounting based on this approach may be inaccurate in case the customer disconnects from the network without releasing the address. In that case the DHCP server removes the related association only when the configured lease time expires. While the initial address request to the DHCP server can in fact be used to start a time-based accounting procedure, the accounting stop can be adversely affected in terms of accuracy if the client disconnects without sending an explicit disconnection message, thus making it necessary to wait for the lease time expiry. On the other hand a reduction in the value of the lease time entails a more frequent interaction in terms of messages with the DHCP server, thus finally limiting scalability. 6.3 PANA based approach PANA protocol has been designed to provide users authentication and authorization in an IP-Based access network; it is able to transport EAP protocol, thus it can work with EAP authentication methods. As PANA is based on the IP protocol, it is independent from the link layer technologies used. Therefore it can be adopted in an heterogeneous access technology environment. PANA is a very flexible protocol, it provides the capability to dynamically modify different parameters of an established session, but it is not currently able to change the accounting policy associated to a specific session. This is a limitation for an ISP that would like to offer a service that requires modifying the charging policy according to the user behavior. For example, in the broadband scenario, a user could subscribe to a service that allows access to a controlled network portion, called Walled Garden, for a flat rate charge. When the user tries to access to a destination Maglione, et al. Expires December, 2006 [Page 7] Problem Statement for a time-basis accounting June 2006 outside the Walled Garden the ISP may want to adopt a time-basis charging model for that specific traffic. This should be accomplished without interrupting the user established session. 7. Conclusions From the preliminary analysis described above, it appears that PANA protocol is flexible and extensible enough to potentially address the problem presented. We think that PANA framework could be leveraged, with minimal impact, to satisfy the aforementioned requirements, that will be further discussed in a next version of the contribution. Therefore we ask the PANA Working Group to consider the time-basis accounting problem as a discussion item within the PANA framework. 8. Security Considerations This document raises no security issue. 9. IANA Considerations This document has no actions for IANA. 10. References [1] Simpson, W., "The Point-to-Point Protocol (PPP)", RFC1661, July 1994 [2] C. Rigney, S. Willens, Livingston, A. Rubens, Merit, W. Simpson, Daydreamer "Remote Authentication Dial In User Service (RADIUS)", RFC2865, June 2000 [3] Droms, R., "Dynamic Host Configuration Protocol", RFC2131, March 1997 [4] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999 [5] Jayaraman, P., "PANA Framework", draft-ietf-pana-framework-06 (work in progress), March 2006 Maglione, et al. Expires December, 2006 [Page 8] Problem Statement for a time-basis accounting June 2006 [6] Forsberg, D., "Protocol for Carrying Authentication for Network Access (PANA)", draft-ietf-pana-pana-11 (work in progress), March 2006 Acknowledgments We would like to thank Gerardo Giaretta for his valuable comments to this document. Author's Addresses Roberta Maglione Telecom Italia Via G. Reiss Romoli 274 10148 Torino Italy Email: roberta.maglione@telecomitalia.it Mario Ullio Telecom Italia Via G. Reiss Romoli 274 10148 Torino Italy Email: mario.ullio@telecomitalia.it Vinicio Vercellone Telecom Italia Via G. Reiss Romoli 274 10148 Torino Italy Email: vinicio.vercellone@telecomitalia.it Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Maglione, et al. Expires December, 2006 [Page 9] Problem Statement for a time-basis accounting June 2006 Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Maglione, et al. Expires December, 2006 [Page 10]