Portal Documentation · Service Integration Components · AAA Gateway Manager

Using Portal AAA Gateway Manager

About this documentAbout AAA Gateway ManagerAbout the AAA Gateway Manager system architectureDispatcher pipelineProcessing pipelineOutput pipelineTimeout pipelineException pipelineReplay pipelineMBI_CDR_PlaybackPipelineCommunication between pipelinesAbout supported formats for network requestsAbout installing AAA Gateway ManagerInstalling AAA Gateway ManagerInstalling HP OpenCall ManagerInstalling Diameter Charging ManagerAbout configuring AAA Gateway ManagerConfiguring AAA Gateway ManagerRetrieving DD objectsStarting AAA Gateway ManagerStopping AAA Gateway ManagerMonitoring AAA Gateway ManagerTroubleshooting AAA Gateway ManagerUsing the process logSample registry entryUsing the pipeline logSample registry entryUsing the EDR logSample registry entry

About this document

This document provides an overview of Portal™ AAA Gateway Manager, which receives andresponds to authentication, authorization, and accounting requests from the network forprepaid services. In addition, this document describes how to:

• Install and configure AAA Gateway Manager. See About installing AAA GatewayManager.

• Install and configure the optional HP OpenCall Manager and Diameter ChargingManager. See Installing HP OpenCall Manager and Installing Diameter ChargingManager.

• Monitor and maintain AAA Gateway Manager. See Monitoring AAA GatewayManager.

NoteAAA Gateway Manager is an optional feature that requires a separate license.

About AAA Gateway Manager

AAA Gateway Manager is a Portal component that interfaces between Portal and thenetwork Service Control Point (SCP). It performs the following functions:

• Translates AAA requests that use any network protocol into Portal CommunicationProtocol (PCP) required by Portal.

• Provides a mechanism to communicate with the Revenue Capture Platform (RCP),which includes the Connection Manager (CM), Transactional in-Memory Object Store(TIMOS) Data Manager (DM), and the Portal DM.

• Contains the business logic for processing AAA requests and provides a way for youto configure custom business logic solutions.

• Provides a failover mechanism if an RCP component fails, by connecting to the nextavailable CM when a CM becomes unavailable.

• Process requests from the network in a degraded mode until the failed RCPcomponent is fully functional.

• Distributes the requests from the network among the CMs in the connection pooland balances load.

• Maps the asynchronous requests from the network to synchronous requests in CMby using queues between the pipelines.

AAA Gateway Manager is a stateless component that you can configure for high availabilityby allowing the network to switch to a standby AAA Gateway Manager if the primary onefails.

About the AAA Gateway Manager systemarchitecture

AAA Gateway Manager is a set of real-time pipelines run by the Portal Pipeline Manager.AAA Gateway Manager consists of the following set of pipelines, each of which runs in itsown thread and has its own input buffer:

• Dispatcher pipeline• Processing pipeline• Output pipeline• Timeout pipeline• Exception pipeline• Replay pipeline• (Optional with HP OpenCall Manager) MBI_CDR_PlaybackPipeline

You can configure multiple pipelines to process requests depending on your needs.The following figure shows a high-level view of a basic configuration for AAA GatewayManager:

Dispatcher pipeline

The Dispatcher pipeline reads the data from the network and translates it into an EDR. Formore information, see About supported formats for network requests.Depending on the type of request, the FCT_IRules routing module in the pipeline passes therequest to the appropriate Processing pipeline based on the service and request type. Forexample, a GSM service authorization request is passed to the processing pipeline that hasthe business logic to process GSM authorization requests.

The default router, which is IRL_ROUTER.irl in the pipeline_home/iScriptLib/AAAdirectory, sets timeout values based on the type of request and routes the requests to theappropriate pipeline. You can customize this module or replace it with your own custommodule.For more information about IRules, see Creating iScripts and iRules.The Dispatcher pipeline includes FCT_Timer which sets the time-out limit for each requestand starts the timer. FCT_Timer stores a copy of the original EDR before sending the EDR tothe Processing pipeline. If the EDR is processed successfully, the timer is stopped. When anEDR times out, the Dispatcher pipeline sends the copy of the EDR to the Timeout pipeline.The original EDR is marked as timed out and is sent to the Exception pipeline for furtherprocessing if necessary.The default timeout limit is 200 micro seconds. You can change it to suit your requirementsby editing the timeout entry in the registry file. You can specify a different timeout value fordifferent types of request such as authorization, start accounting, and stop accounting.For more information on FCT_Timer, see FCT_Timer.

Processing pipeline

The Processing pipeline contains a sequence of modules to convert the EDR to an input flist,call Portal opcodes, and convert the results returned by the opcode to an EDR. TheFCT_Opcode module in the pipeline interacts with Portal CM and calls the appropriateopcode for the request.For more information on FCT_Opcode, see FCT_Opcode.The post opcode module, ISC_GenericPostOpcode.isc, which is an iScript that you cancustomize, checks the results of the opcode call for ebuf and timer state. The module thensends the EDR to the Exception pipeline if the response timed out because of any Portalcomponent failure.The Processing pipeline also includes FCT_CancelTimer which cancels the timer if the EDR issuccessfully processed within the time limit.For more information on FCT_CancelTimer, see FCT_CancelTimer.By default, each processing pipeline can process authorization, start accounting, and stopaccounting requests.

Output pipeline

The Output pipeline translates the EDR containing the AAA results back to the protocolspecific representation and sends it to Intelligent Network (IN). The Output pipeline collectsall the results from the pipelines, makes a single connection, and sends them to thenetwork.For information about network protocols supported, see About supported formats fornetwork requests.

Timeout pipeline

The Timeout pipeline implements a degraded process mode for timed-out EDRs from any ofthe process and authorizes or rejects a request based on a policy that you specify. TheTimeout pipeline includes the following pipelines:

• TimeoutRouter pipeline. This pipeline uses the rules in theIRL_TimeoutRouter.irl module to direct the authorization and reauthorizationrequests to the TimeoutProcess pipeline and other requests to the TimeoutDefault

pipeline. You can customize the IRL_TimeoutRouter.irl module in thepipeline_home/iScript/AAA directory to implement your own routing rules.

• TimeoutDefault pipeline. This pipeline uses theISC_TimeoutDefaultResponse.isc iScript to send a standard response decliningall requests except authorization and reauthorization. You can customize theISC_TimeoutDefaultResponse.isc in the pipeline_home/iScript/AAA directoryto change the default response or to implement custom business logic.

• TimeoutProcess pipeline. This pipeline processes the authorization andreauthorization requests and sends a response to the network.

By default, a set of iScript modules in this pipeline identifies the category of the call such asfree call or emergency call or the call zones such as local, long distance, or international.Based on a static set of rules and using the impact category, this module authorizes free,local, and emergency calls and rejects the other requests.The following iScript modules are included in this pipeline and you can customize them andimplement your own business logic to handle the timed-out requests:

• ISC_TimeoutPreZone.isc populates the fields in the request required for the zonemodule.

• ISC_TimeoutProcessedResponse.isc. Based on a static set of configurable rulesand the impact category determined by the FCT_Zone module, this moduleauthorizes or rejects a request.For more information on FCT_Zone module, see FCT_Zone in the Portaldocumentation.

The AAA Gateway Manager framework marks an EDR as timed out if it is not processedbecause of a Portal process failure within the time interval that you configure. The originalEDR is marked as timed out and sent to the Exception pipeline for playback in the futurewhen a failed process starts again.

Exception pipeline

The Exception pipeline records EDRs from any of the pipelines that have been marked ascontaining an error by the business logic components. The Exception pipeline also recordstimed-out EDRs. By default, the Exception pipeline stores requests such as stop accountingfor later replay. You can configure it to store any EDRs that you want to replay, for exampleEDRs from the stop accounting process.To prevent revenue loss, the saved EDRs are written by default to an XML file and replayedlater by the Replay pipeline.

Replay pipeline

The Replay pipeline processes timed-out EDRs when Portal becomes available. For example,if a timed-out call request was authorized or if an activity was recorded in the Portaldatabase when the time out occurred, you can capture those activities and record them inthe database.By default, the Replay pipeline includes the following modules that you can customize:

• IRL_ReplayRouter.irl. This iRules module enables replaying of only end call, INstartup, and IN shutdown requests.

• ISC_ReplayPostOpcode.isc. When replaying the serialized requests, if there areany errors, this iScript logs the errors. If the RCP is down again, it sends therequests to the Exception pipeline for replaying later.

NoteThese modules are installed in the pipeline_home/iScriptlib/AAA directory.

You can implement your business logic by customizing an iScript to process the EDRs andrecord the results in Portal database if necessary.

MBI_CDR_PlaybackPipeline

ImportantThis pipeline is installed only when you install HP OpenCall Manager to processrequests that use the Message Based Interface (MBI) protocol.

The MBI_CDR_PlaybackPipeline processes requests in CDR format. When the AAA requeststime out because the prepaid system becomes unavailable, the Open Call Service AccessController (OCSAC) records the END requests as CDRs in files. When the prepaid systembecomes available, you can send the CDRs to the AAA Gateway Manager for processing.MBI_CDR_PlaybackPipeline is similar to the Replay pipeline. It contains a sequence ofmodules to convert the CDR to an input flist and to call Portal opcodes which process therequest, calculate the charges if any, and update the balances.The FCT_Opcode module in this pipeline interacts with Portal CM and calls the appropriateopcode for the request.For more information on FCT_Opcode, see FCT_Opcode.

Communication between pipelines

AAA Gateway Manager uses queues to communicate between the pipelines. The queues arecreated at startup before the pipelines are instantiated and are used by pipelines to orderthe requests for processing. Each pipeline, for example Processing pipeline or Timeoutpipeline, has its own dedicated input queue, from which the pipeline’s input module readsthe EDR container. The output module in each pipeline writes the EDR container to a queuefor the next pipeline.NoteThe output from a pipeline can also be written to a file or a database, depending on

the pipeline. For example, by default, the output of the Exception pipeline is written toan XML file.

About supported formats for network requests

AAA Gateway Manager can process data only in EDR container format. TheInSocketManager in the Dispatcher pipeline reads requests from IN, which can be in flist, HPOpenCall MBI, or Diameter protocol formats, and constructs an EDR container that apipeline can process. The OutSocketManager in the Output pipeline converts the responsesto the requests, which are EDR containers, to the format required by the IN and sends themto the IN over TCP/IP.NoteWhen the Dispatcher pipeline receives MBI requests in CDRs, it forwards the CDRs to

the MBI_CDR_Playback pipeline for processing.For more information on the AAA Gateway EDR container, see AAA EDR containerdescription.By default, AAA Gateway Manager supports requests in flist format. Optionally, you canprocess network requests that use the following protocols:

• MBI protocol by installing the optional Portal HP OpenCall Manager. See InstallingHP OpenCall Manager.When you install the HP OpenCall Manager, you can also process timed-out requestssaved by the OCSAC in the MBI CDR formats.

• Diameter protocol by installing the optional Portal Diameter Charging Manager. SeeInstalling Diameter Charging Manager.

For more information about MBI and Diameter protocol support, see Aboutsupported formats for network requests.

All the fields required for processing AAA requests by the Portal opcodes are alreadymapped to EDR container fields for flist format and the MBI and Diameter protocols. You canprocess custom fields by defining the new fields in the EDR container and by editing theinput and output mapping grammar. For more information, see About AAA GatewayManager protocol support.You can also write your own input and output mapping grammar by using the iScript syntaxto convert any other network format to EDR containers.For EDR container description, see About the AAA EDR container description.For a description of the iScript syntax, see Creating iScripts and iRules.

About installing AAA Gateway Manager

To install and use AAA Gateway Manager, you must install and configure the followingsoftware:

1. Portal. See Installing Portal on UNIX and Installing Portal on Windows.2. Third-Party software, which includes the PERL libraries and JRE required for

installing Portal components. See Installing the Third-Party software.3. AAA Gateway Manager. See Installing AAA Gateway Manager4. (Optional) Portal HP OpenCall Manager to support network requests using MBI

protocol. See Installing HP OpenCall Manager.5. (Optional) Portal Diameter Charging Manager to support network requests using

Diameter protocol. See Installing Diameter Charging Manager.NoteBy default, AAA Gateway Manager supports flist formats for network requests.

Installing AAA Gateway Manager

1. Download the 7.2_AAA_Gateway_platform_64_opt.bin from the Portal softwaredownload Web site to a temporary directory (temp_dir).

2. To set up environment variables for JRE and PERL libraries for installing AAAGateway Manager, go to the ThirdParty installation directory, and source thesource.me.sh for the shell:% source source.me.shNote

◦ The default installation directory for the ThirdParty software is opt/Portal/ThirdParty.

◦ The source.me.sh is for a bash shell. If you use a C shell, entersource.me.csh.

3. Go to the temp directory, and enter this command to install AAA Gateway Manager:cd temp_dir7.2_AAA_Gateway_platform_64_opt.binNoteYou can use the -console option to run the installation in a command line

mode. To use the graphical user interface (GUI) for installation, make sureyou have X Windows installed in your computer.

4. When prompted, enter the directory where you want to install AAA GatewayManager.The default directory for installing AAA Gateway Manager is opt/ifw.

The installation program installs AAA Gateway Manager and the Pipeline Manager frameworkfiles in the specified directory.

Installing HP OpenCall Manager

1. Download the 7.2_HP_Opencall_platform_64_opt.bin from the Portal softwaredownload web site to a temporary directory (temp).

2. To set up environment variables for JRE and PERL libraries for installing HP OpenCallManager, go to the ThirdParty installation directory, and source the source.me.shfor the shell:% source source.me.shNote

◦ The default installation directory for the ThirdParty software is opt/Portal/ThirdParty.

◦ The source.me.sh is for a bash shell. If you use a C shell, entersource.me.csh.

3. To install HP OpenCall Manager, go to the temp directory where you downloaded theHP OpenCall Manager software package and enter this command:cd temp7.2_HP_Opencall_platform_64_opt.binNoteYou can use the -console option to run the installation in a command line

mode. To use the graphical user interface (GUI) for installation, make sureyou have X Windows installed in your computer.

HP OpenCall Manager is installed in same directory where AAA Gateway Manager isinstalled.

Installing Diameter Charging Manager

1. Download the 7.2_Diameter_platform_64_opt.bin from the Portal softwaredownload web site to a temporary directory (temp_dir).

2. To set up environment variables for JRE and PERL libraries for installing DiameterCharging Manager, go to the Third_Party installation directory, and source thesource.me.sh for the shell:% source source.me.shNote

◦ The default installation directory for the ThirdParty software is opt/Portal/ThirdParty.

◦ The source.me.sh is for a bash shell. If you use a C shell, entersource.me.csh.

3. To install Diameter Charging Manager, go to the temp directory where youdownloaded the Diameter Charging Manager software package and enter thiscommand:cd temp_dir7.2_Diameter_platform_64_opt.binNoteYou can use the -console option to run the installation in a command line

mode. To use the graphical user interface (GUI) for installation, make sureyou have X Windows installed in your computer.

Diameter Charging Manager is installed in the same directory where AAA Gateway Manageris installed.

About configuring AAA Gateway Manager

AAA Gateway Manager includes a registry file with default entries that you can modify tosuit your business.To configure AAA Gateway Manager, you need to perform the following tasks:

• Configure the Gateway to connect to the CM or CM pool in a high-availabilitysystem.For information on high-availability Portal systems, see Understanding a high-availability Portal system.

• Configure the pipelines with any custom modules you have implemented.• Modify the default entries to suit your business.

Configuring AAA Gateway Manager

When you install AAA Gateway Manager, a registry file with default values for the entries isinstalled in the directory where you installed AAA Gateway Manager.NoteThe flist.reg file is installed with AAA Gateway Manager; the MBI.reg file is installed

with HP OpenCall Manager; and the diameter.reg file is installed with the DiameterCharging Manager.

You can change the configuration to suit your installation.1. Open the *.reg file from the opt/ifw/ directory.2. Specify the format of your network requests, such as flist or MBI, and the grammar

mapping files for input and output mapping in the DataDescription entry. Thedefault is for mapping flists. If you use the MBI or Diameter protocol, you mustspecify the corresponding mapping files.

3. Specify the path to the EDR container.4. In the EXT_InSocketMgr entry, specify the port number for AAA Gateway Manager

to listen to flist, MBI, or Diameter requests.5. Configure the following modules in the function pool sections of the pipelines:• FCT_Timer in the Dispatcher pipeline block. See FCT_Timer.• FCT_Opcode in the processing pipeline block. See FCT_Opcode.• FCT_CancelTimer in the Processing pipeline block. See FCT_CancelTimer.• The custom module that you implement in the Replay pipeline.

• Specify the path to any custom iScript or iRules modules you create in the pipelines.• (Optional) Change the size of the queues and buffers to suit your business.• (Optional) If the Diameter credit control application in the external network uses accounting

commands, add this entry to the ifw section of the diameter.reg file:isAccountingEnabled = 1

• Configure EDR_Dumps for debugging purposes.• Configure process logs for debugging purposes.• Set the DisableStreamLog entry to True, if you don’t want to log all the stream

processing information. The default value is False.• Save and close the file.

Retrieving DD objects

The Connection Manager (CM) in the connection pool can only read packets that are lessthan 16 K in size. To retrieve Data Dictionary (DD) objects from the database, which aremore than 16 K in size, AAA Gateway uses a pin.conf file once at connection time toconnect to the CM specified in that file.

Starting AAA Gateway Manager

1. To set the environment variables to run AAA Gateway Manager, go to the AAAGateway Manager installation directory and source the source.me.sh for the shell:% source source.me.shNote

◦ The default installation directory for AAA Gateway Manager is opt/ifw.◦ The source.me.sh is for a bash shell. If you use a C shell, enter

source.me.csh.2. To start AAA Gateway Manager, use the following command:

ifw -r RegistryFile | -h | -v [-r RegistryFile]Where:-r RegistryFileStarts the AAA Gateway pipelines with the specified registry file.-hDisplays the syntax and parameters.-v [-r RegistryFile]Displays the version of the pipeline framework. If you use the -r option, it alsodisplays the version and name of data and function modules. For example:ifw -v -r conf/flist.regModule ifw.DataPool.Listener.Module Name: DAT_Listener, Version: 10010

AAA Gateway Manager displays Ready for processing when startup procedures havecompleted.

Stopping AAA Gateway Manager

You stop AAA Gateway Manager by using the following semaphore entry:ifw.Active = FALSEAAA Gateway Manager shuts down after 10 or more seconds.For information on semaphores and how to create semaphore files, see Updatingconfiguration settings during runtime by using semaphore files.

Monitoring AAA Gateway Manager

The information about queues that are shared by multiple Processing pipelines are recordedin the process log. You can access the process log by using your Web browser and monitorthe status of the processing pipelines.For more information about the process log, see Using the process log.

1. To enable monitoring the AAA Gateway processes through a Web browser, add thefollowing entry to the AAA.reg file:Web{WebServerPort = port_numberFileServerAddress = file_server_path}

2. To view the status of processes, point your browser to the file server.TipSet the process loop timeout (ProcessLoopTimeout) in the AAA.reg file to 10 to log

the status of the queues every ten seconds.

Troubleshooting AAA Gateway Manager

To troubleshoot AAA Gateway Manager, you configure log files at different points in thepipeline processes. You check them to identify specific problems and fix them. You canconfigure three kinds of log files to identify problems in three different areas of AAAGateway Manager:

• Using the process log• Using the pipeline log• Using the EDR log

Note If AAA Gateway Manager can’t write to log files because of a system error, it logs themessage to the standard error, cerr. The messages then appear on the consolewindow. You can redirect standard error to a file and read the messages in the file tofind the system error.

Using the process log

This file contains information about the status of all the AAA Gateway processes. You canset the following log levels depending on the information you want to capture, for exampleall process information or only serious errors:

• Normal, which is the default• Major• Minor• Warning• Critical

You can also specify whether to indicate the specific process for which the loggedinformation applies by setting the ShowOriginator entry to True.ImportantConfigure this log before all the pipelines in the registry file.

Sample registry entry

ProcessLog{

ModuleName = LOGModule{

ITO{

FilePath = ./logFileName = processSIMPLEFileSuffix = .logProcessName = ifwMessageGroup = IFWShowOriginator = TRUELogLevel = Critical

}Buffer

{Size = 1000

}}

}

Using the pipeline log

The pipeline log is a buffer to log specific information about a pipeline. Each pipeline has itsown log file with information about that pipeline.

Sample registry entry

PipelineLog{

ModuleName = LOGModule{

ITO{

FilePath = ./samples/simple/data/log/pipelineFileName = testDispatcherPipeline.logProcessName = ifwMessageGroup = IFWShowOriginator = TRUE

SuppressErrors{

ERR_SPEC_VERSION_INVALIDERR_RELEASE_VERSION_INVALID

}}

Buffer{

Size = 1000}

}}

Using the EDR log

You can configure FCT_EDRDump at various points in the pipelines to collect informationabout the EDRs. You can verify if an EDR is populated with the output of the appropriatepipeline and if the EDR output is correct.For example, if the input grammar cannot translate the input data because the data is notmapped correctly in the grammar description, the INSocketManager discards the input dataand does not generate an EDR. You can configure an EDR dump after the INSocketManagerto check if an EDR is generated. The EDR dump has information about the particular fieldsthat are problematic.Or you can configure an EDR dump after the FCT_Opcode module. When an EDR is sent tothe CM for processing and an error occurs in any component in the Portal server, the erroris propagated in an ebuf to the EDR with all the debugging information. You can check theEDR dump to see if the EDR contains an output block or an ebuf block and if it is an ebufblock, find out what the error is.

Sample registry entry

EdrDump_Socket{

ModuleName = FCT_EdrDumpModule{Active = TRUEFileName = ./log/dump/DispatcherEdrDump.txt}

}Copyright © 2006 Portal Software, Inc. All rights reserved.Last Modified: March 2006Please send us your comments.