npm

Technical Product DescriptionNetOp PM, Release 6.1.5

DESCRIPTION

Copyright

© Copyright Ericsson AB 2009–2010. All rights reserved. Redback andSmartEdge are trademarks registered at the U.S. Patent & Trademark Officeand in other countries. AOS, NetOp, SMS, and User Intelligent Networks aretrademarks or service marks of Telefonaktiebolaget LM Ericsson. All otherproducts or services mentioned are the trademarks, service marks, registeredtrademarks or registered service marks of their respective owners. All rights incopyright are reserved to the copyright owner. Company and product namesare trademarks or registered trademarks of their respective owners. Neither thename of any third party software developer nor the names of its contributorsmay be used to endorse or promote products derived from this software withoutspecific prior written permission of such third party. Rights and RestrictionsAll statements, specifications, recommendations, and technical informationcontained are current or planned as of the date of publication of this document.They are reliable as of the time of this writing and are presented withoutwarranty of any kind, expressed or implied. In an effort to continuously improvethe product and add features, Redback Networks Inc. ("Redback") or EricssonAB (“Ericsson”) and their affiliate companies reserve the right to change anyspecifications contained in this document without prior notice of any kind.Neither Redback or Ericsson nor its parent or affiliate companies shall be liablefor technical or editorial errors or omissions which may occur in this document.Neither Redback or Ericsson nor its affiliate companies shall be liable forany indirect, special, incidental or consequential damages resulting from thefurnishing, performance, or use of this document.

Disclaimer

No part of this document may be reproduced in any form without the writtenpermission of the copyright owner. The contents of this document are subjectto revision without notice due to continued progress in methodology, designand manufacturing. Redback or Ericsson shall have no liability for any error ordamage of any kind resulting from the use of this document.

221 02-CRA 119 1030/1 Uen D 2010-01-11

Contents

Contents

1 Introduction 1

2 New and Enhanced Software Features in Release6.1.5.3 3

2.1 Enhanced Resource Admission Control FunctionConfiguration and Concurrent Unicast and MulticastResource Admission Control 3


3.1 New Configuration to Set Up a Solaris Container 5


4.1 Solaris Container Requirements for NetOp DatabasePartitions 7

4.2 Resource Admission Control Function 7

4.3 Admission Control Support for Dynamic Congestion PointMatching 8

4.4 Admission Control for Multicast Video Traffic 8

4.5 New RADIUS Attribute Support 9

4.6 Class-Based Accounting and Services 9

4.7 Online Charging for Prepaid Services 10

4.8 WiMAX: Multiple Values and EAP Redirect 10

4.9 WiMAX Outer Identity Enhancements 10

4.10 WiMAX Forum X.509 Certificate Support 11

4.11 Load-Sharing RADIUS Servers 11

4.12 Radiator Version 4.3.1 12

4.13 Solaris Operating System 12

4.14 Solaris Patch Cluster 12

4.15 Support for Java 6 Update 10 13

Glossary 15

221 02-CRA 119 1030/1 Uen D 2010-01-11

Technical Product Description

221 02-CRA 119 1030/1 Uen D 2010-01-11

Introduction

1 Introduction

This document describes the new and enhanced features that are introduced inRelease 6.1.5 of the NetOp Policy Manager (PM) software.

Note: This document does not describe all NetOp PM features; it describesonly those that are new or enhanced in the current release.

1221 02-CRA 119 1030/1 Uen D 2010-01-11


2 221 02-CRA 119 1030/1 Uen D 2010-01-11

New and Enhanced Software Features in Release 6.1.5.3

2 New and Enhanced Software Features inRelease 6.1.5.3

The following configuration is enhanced in this release.

2.1 Enhanced Resource Admission Control FunctionConfiguration and Concurrent Unicast and MulticastResource Admission Control

This release provides an additional service mapping parameter, address-type,that enables the resource admission control interface to differentiate betweenbandwidth requests for unicast (VoD) and multicast (IPTV) service.

3221 02-CRA 119 1030/1 Uen D 2010-01-11


4 221 02-CRA 119 1030/1 Uen D 2010-01-11



The following configuration is enhanced in this release.

3.1 New Configuration to Set Up a Solaris Container

New procedural information appears in Chapter 4, "Set Up a Solaris Container"in the NetOp Policy Manager Installation Guide. Use the corrected procedurewhen setting up a Solaris container for the NetOp PM database.

5221 02-CRA 119 1030/1 Uen D 2010-01-11


6 221 02-CRA 119 1030/1 Uen D 2010-01-11



The following software features are new or enhanced in this release.

4.1 Solaris Container Requirements for NetOp DatabasePartitions

If your NetOp PM database hosts are deployed on Sun UltraSPARC T2-basedservers, you must create a Solaris container for the NetOp PM database on anydatabase server. On a 4-core UltraSPARC T2 server, dedicate one CPU coreand on an 8-core UltraSPARC T2, dedicate two CPU cores. The two partitions(/u01 and export/home) have specific sizing requirements determined by theconfiguration you are deploying; for information see the “Plan Your Deployment”section in the NetOp PM Installation Guide.

If you are upgrading from a previous release of the NetOp PM software, youmust contact your customer support representative to set up any Solariscontainers and migrate the data into the partitions.

If you are installing the NetOp PM software for the first time, the procedure tocreate a Solaris container before installing the Oracle DBMS software andcreating the NetOp PM database is provided in the NetOp PM Installation Guide.

4.2 Resource Admission Control Function

The NetOp PM system includes a resource admission control function thatresponds to bandwidth reservation requests for unicast (VoD) and multicast(such as IPTV) service. This release complements the existing non-IMSSOAP/XML interface with a new IMS Diameter Rq interface.

In IMS-based IPTV deployments, the set-top box uses Session InitiationProtocol (SIP) requests to trigger the IMS middleware to create and deletebandwidth reservations. Reservations are modified when the set-top boxis turned on, and when the subscriber moves from standard definition tohigh-definition channels or back again.

The NetOp PM client interface has been updated to support a new sampleservice offering, IPTV Multicast Definition, a standard and high-definition IPTVservice where a multicast stream is delivered by a video server through the DSLaccess multiplexer (DSLAM) to a subscriber. This service offering is used bythe resource admission control Diameter Rq interface in response to set-topbox signaling to request bandwidth reservations for the subscriber.

7221 02-CRA 119 1030/1 Uen D 2010-01-11


The Multicast Video service offering previously provided with the NetOp PMsystem for monthly IPTV or video-on-demand (VoD) subscriptions sets theaccess control list (ACL), Internet Group Management Protocol (IGMP), andquality of service (QoS) attributes. The subscriber selects this from the webportal before watching TV. The set-top box will then use IGMP or SIP toreserve bandwidth.

The NetOp PM client interface has been updated to support a new serviceattribute variation, IPTV Multicast Definition, that reserves bandwidth on theresidential gateway once a request is received from the Diameter Rq interface.Because the video is injected at the DSLAM, the default QoS and queueingprofiles are not required.

You must install and deploy the NetOp PM application server prior to deployingand configuring the resource admission control Diameter Rq interface.

4.3 Admission Control Support for Dynamic CongestionPoint Matching

The NetOp PM system admission control function manages bandwidthreservations by matching NAS-Port-Id patterns against congestion points.Dynamic Congestion Point Matching enables administrators to define theNAS-Port-Id patterns to match the port, access, node, and residential gatewaycongestion points.

The following circuit configurations are supported for the admission controlfunction:

• Ethernet—VLAN (Dot1q, QinQ)

• ATM

The admission control function supports the following circuit types:

• PPP

• DHCP CLIPS

• Static CLIPS

4.4 Admission Control for Multicast Video Traffic

This release of the NetOp PM system provides admission control for multicastvideo traffic. This release introduces an admission control policy that enablesyou to specify the type of congestion points subject to admission control in thelast mile. You can now apply admission control in the service offering definitionfor the residential gateway congestion point. Previously, the admission controlfunction applied admission control to all congestion points for a subscribersession.

8 221 02-CRA 119 1030/1 Uen D 2010-01-11


4.5 New RADIUS Attribute Support

The NetOp PM client user interface now supports the following RemoteAuthentication Dial-In User Service (RADIUS) attributes:

• RB-Dynamic-QoS-Param, which changes traffic class rates.

The NetOp PM system uses the RB-Dynamic-Qos-Param if a bandwidthservice attribute variation (SAV) has both RB-Dynamic-Qos-Param and oneor both of RB-Qos-Rate-Inbound and RB-Qos-Rate-Outbound defined.

• RB-Redirect-URL, which specifies the URL to which a subscriber will beredirected.

If both RB-HTTP-Redirect-URL and RB-HTTP-Redirect-Profile-Name aredefined, the NetOp PM system sends RB-HTTP-Redirect-URL to theSmartEdge OS.

You can view the values for the new attributes in the definition ofSAVs in the NetOp client or you can view the XML definitions in the/usr/local/npm/soap_client/xml/service_attribute_variation directory.

4.6 Class-Based Accounting and Services

This release of the NetOp PM system provides support for class-basedaccounting and services , which enables you to classify network traffic ascounted or uncounted within the same subscriber session. For example, localtraffic can be unlimited and free, and international traffic can be metered andbilled. A class-based service deploys QoS parameters on a certain trafficflow—for example, a bandwidth boost for video traffic only.

Class-based accounting and services are supported for clientless IP serviceselection (CLIPS), Point-to-Point Protocol (PPP), and Simple IP circuit types.

Note: Volume metering for class-based accounting is not supported.

Mid-session change of class-based accounting service in notsupported.

The NetOp client interface now supports two new sample access serviceofferings and service attribute variations:

• PostPaid Internet, which enables class-based accounting on the datatraffic class.

• Premium PostPaid Internet, which enables class-based accounting on thedata traffic class where QoS rates are higher than PostPaid Internet.

9221 02-CRA 119 1030/1 Uen D 2010-01-11


4.7 Online Charging for Prepaid Services

Prepaid services ensure revenue by verifying that the subscriber’s accountbalance can cover the requested service before initiating that service. Whenthe balance in the subscriber’s account is exhausted or expired, the subscriberis redirected to a captive portal to purchase additional quota or take anotheraction.

In addition to support for prepaid scenarios in stand-alone deploymentscenarios using the NetOp PM service manager, the software now supportsprepaid scenarios for time-based services in an integrated deploymentscenario. In this case, the NetOp PM system coordinates with an externalcredit-control server through the Diameter Ro interface and uses the DiameterCredit Control Application (DCCA), as specified in RFC 4006, to providereal-time credit control or online charging.

You must purchase a license for NetOp PM Credit Control to use the DCCA toprovide credit authorization for prepaid users.

4.8 WiMAX: Multiple Values and EAP Redirect

To comply with WiMAX NWG 1.3, this release of the NetOp PM systemsupports provisioning multiple values for the native RADIUS attributesWiMAX-QoS Descriptor and WiMAX-Time-Of-Day-Time.

Under the ASNGW-EAP SAV, you can now redirect a WiMAX session at theASN Gateway, using the new NAS-Filter-Rule and HTTP-Redirection-Ruleattributes to implement Extensible Authentication Protocol (EAP) redirect of asubscriber with value-added service offerings. The NetOp PM system supportsnew session hotlining using EAP hotline redirect for the Account RegistrationLogin sample service offering.

4.9 WiMAX Outer Identity Enhancements

When a mobile subscriber attempts a network entry from a foreign network,an EAP authentication request can be routed through a series of visitedAAA (VAAA) servers until it reaches the home AAA (HAAA) server to beauthenticated. The EAP authentication request carries an outer identity in theUser-Name attribute, which is used as the network access identifier (NAI) whenthe NetOp PM system is configured.

WiMAX outer identity is enhanced in the Release 6.1.5.1 to support pseudo IDand WiMAX decoration in the User-Name attribute. The pseudo ID providesincreased security by hiding the subscriber’s true identity—for example, a MACaddress. The NetOp PM system accepts WiMAX decoration, but currentlyis nonfunctional.

To authenticate subscribers using WiMAX outer identity, configure the ASNgateway and NetOp PM to process EAP access-requests according to

10 221 02-CRA 119 1030/1 Uen D 2010-01-11


predefined rules to determine whether the subscriber session is mobile IP orsimple IP. NetOp PM generates the user NAI during EAP authentication andsends it to the ASN gateway for the network access server (NAS) to use as ausername for establishing a simple or mobile IP subscriber session.

These rules allow the NetOp PM system to determine the authenticated NAIvalue used for the subscriber session after EAP authentication, and if thesubscriber has already been successfully authenticated for network entry.

There are four possible EAP access-request scenarios from the ASN gateway:

• Simple IP with WiMAX capability.

• Simple IP without WiMAX capability.

• Mobile IP with WiMAX capability.

• Mobile IP without WiMAX capability.

Note: To authenticate WiMAX outer identity on the NetOp PM system withoutWiMAX capability, contact customer support staff for more information.

4.10 WiMAX Forum X.509 Certificate Support

Release 6.1.5.1 of the NetOp PM system recognizes and authenticates WiMAXForum X.509 certificates from WiMAX devices attempting to access thenetwork. Only WiMAX devices using EAP-TLS authentication are supported.

The NetOp PM system validates WiMAX devices by:

• Converting Calling-Station-ID to the WiMAX MAC address form.

• Stripping the modem model name from the certificate CommonName toextract the MAC address.

• Verifying that the two MAC addresses above are the same.

Supported Calling-Station-ID formats include:

• Binary format: 6 octets binary value.

• String format: aa-bb-cc-dd-ee-ff.

• String format: aabbccddee.

String formats of Calling-Station-ID are case-insensitive.

4.11 Load-Sharing RADIUS Servers

In this release, the NetOp PM system enables load-sharing RADIUS servers.External load-balancers and NAS-initiated round-robin RADIUS messagedistribution is no longer required. Load-sharing RADIUS servers can detect

11221 02-CRA 119 1030/1 Uen D 2010-01-11


RADIUS requests through a single authentication port (1812) and singleaccounting port (1813) for each Solaris host. Scalability is achieved byincreasing the number of RADIUS processes that monitor the standardRADIUS ports 1812 and 1813—for example, on Sun UltraSPARC T2-basedservers, the NetOp PM starts 10 RADIUS processes for authentication and 10RADIUS processes for accounting.

All circuit types are supported, and there is no requirement to configure multipleports or to dedicate ports for EAP authentication. For existing NetOp PMdeployments, RADIUS requests continue to be detected on all configuredauthentication and accounting ports. RADIUS port availability is not affectedby the failure of a RADIUS server monitoring the port, and any terminatedservers are automatically restarted.

Note: This load-sharing enhancement is dependent on the Radiator-4.3.1upgrade in the 6.1.5.1 Release of the NetOp PM system. Radiator4.3.1 allows multiple Radiator processes to monitor RADIUS requestson the same RADIUS port.

4.12 Radiator Version 4.3.1

This release of the NetOp PM system now includes Radiator version 4.3.1.This version of Radiator is installed and configured automatically when youinstall the NetOp PM software.

4.13 Solaris Operating System

The NetOp PM software Release 6.1.5.1 requires the Solaris 10 Update 6,October 2008 distribution. This software is not provided with the NetOp PMsoftware. For information on installing the Solaris OS, see the “Install theSolaris OS” chapter in the NetOp PM Installation Guide.

4.14 Solaris Patch Cluster

The NetOp PM software Release 6.1.5.1 requires the Solaris 10 Sun AlertPatch Cluster dated January 16, 2009. To download Solaris patch clusters, youmust have a SunSolve account and the associated maintenance contract. Werecommend that you read the solaris10_patch_readme file before installingthe patch cluster.

After installing the updates, check the Solaris patch cluster log file in the/var/sadm/install_data directory. Reboot the Solaris host if you find messagesin the patch cluster log file that instruct you to do so.

12 221 02-CRA 119 1030/1 Uen D 2010-01-11


4.15 Support for Java 6 Update 10

This release ships with Java 6 update 10. It is installed and configuredautomatically when you install the NetOp PM software.

13221 02-CRA 119 1030/1 Uen D 2010-01-11


14 221 02-CRA 119 1030/1 Uen D 2010-01-11

Glossary

Glossary

ACLaccess control list

CLIPSclientless IP service selection

DCCADiameter Credit Control Application

DSLAMDSL access multiplexer

EAPExtensible Authentication Protocol

PMPolicy Manager

PPPPoint-to-Point Protocol

QoSquality of service

RADIUSRemote Authentication Dial-In User Service

SAVservice attribute variation

SIPSession Initiation Protocol

15221 02-CRA 119 1030/1 Uen D 2010-01-11

npm

Documents

Transcript of npm