Media Gateway Control (Megaco) Julian Mitchell Internet Draft Tom Taylor Document: draft-ietf-megaco-naspkg-03.txt Alan V. Whitton Category: Standards Track Nortel Networks Ravi Subramaniam Cisco Systems July 2001 Megaco/H.248 NAS Packages Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Abstract This document is work in progress, intended to satisfy the requirements in section 11.2.5 of the Megaco/H.248 requirements document [5]. It defines five packages: - the base NAS package contains properties and events supported by all NAS terminations; - the NAS Incoming package contains properties and events supported by NAS terminations involved in calls initiated by the circuit network; - the NAS Outgoing package contains properties supported by NAS terminations involved in calls outgoing to the circuit network; - the NAS Control package contains an event supported by a NAS Control termination, which allows the MG to indicate a request to initiate a data connection to a terminal served by the switched circuit network; - the NAS ROOT package contains properties supported by an MG which is also capable of supporting at least the NAS and NAS Incoming packages. Taylor Standards Track - Expires January 2002 1 Megaco/H.248 NAS Package July 2001 The present version differs from the previous one as follows: - the text encoding of sessid in section 5.1.1 and of HANDLE in sections 7.1.2 and 8.2.1 is clarified, by defining it to be a hex string; - the relation of dialled digits to their hex-encoded representations has been clarified in sections 6, 7.1.1, and 8.2.1; - "parameterId" has been changed to "propertyID" in sections 7.1.1 and 7.1.2; - in section 9.1.2, the note on auditing of the ctlnam property has been amended to allow the MG to return the reserved value "." in text encoding or an empty octet string in ASN.1 to indicate that outgoing data calls are not supported 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [1]. 3. ABBREVIATIONS AND DEFINITIONS AAA: Authentication, authorization, and accounting NAS: Network Access Server VPN: Virtual Private Network NAS termination: an ephemeral termination which represents the data network side of a modem connection. It shares a context with a termination which carries the modem tones, but the NAS termination supports no explicit media flows. NAS Control termination: a persistent termination representing all data network entities capable of originating outgoing data calls. It resides in the NULL context. 4. ARCHITECTURE RFC 2805 [5] section 11.2.5 shows the gross arrangement of network elements assumed in the present document. As is usual for Megaco/H.248 systems, call signalling is processed at the MGC. The MG performs the NAS function, which mediates between dial-up modem connections and one or more data networks. The MG and MGC are supported by one or more AAA servers, the interface to which is out of scope of this document (see e.g. RADIUS [2]). Typically the MG will have the task of communicating with the AAA server, and this is a basic assumption of the present document. To set up an incoming NAS call, the MGC sends to the MG: Taylor Standards Track - Expires January 2002 2 Megaco/H.248 NAS Package July 2001 - a session identifier, to allow correlation of billing records between the circuit and packet network sides of the call - the calling number, if available - calling number status, which may indicate that it is private - the called number - information about the incoming circuit, possibly including continuity test requirements. All of this information except the session identifier is derived from call signalling. An incoming NAS call is modelled in the MG as a circuit or circuit- emulating termination sharing a context with a NAS termination. The session identifier and calling and called number attributes are properties of the NAS termination. Outgoing NAS calls can be originated in several ways: (a) as callback to a dialled-in user (b) as outgoing service for a dialled-in user (c) as outgoing service for an user connected to the NAS via the data network. In all of these cases, the MG must provide the MGC with the number to be dialled for the outgoing call. However, the detailed procedures and modelling differ between them. Case (a) (callback) begins with the context with the original circuit and NAS terminations. The original circuit is subtracted when the incoming call is released, and a new circuit is added when the outgoing call is made. Case (b) begins like case (a), with a circuit and a NAS termination sharing a context. These terminations remain in the context and another circuit termination is added to it. Physically, this represents demodulation and remodulation of the modem tones as they are forwarded from one circuit to another. Case (c) does not begin with an established context, so an event on a persistent termination established for control purposes only (a NAS Control termination) is used to report the information required by the MGC to set up the call. As well as the number to be dialled, this includes an MG-generated handle to the user data connection. Case (c) eventually results in a context with a NAS termination and a circuit termination. Deletion of a NAS termination from a context terminates NAS service if it is active. If more than one circuit termination is present in the context after the NAS termination is deleted, the context assumes the role of an ordinary circuit-to-circuit connection. Taylor Standards Track - Expires January 2002 3 Megaco/H.248 NAS Package July 2001 5. BASE NAS PACKAGE PackageID: nas(serial number TBD) Version: 1 Extends: None Description: This package is supported by and distinguishes all NAS terminations. It contains the session identifier property, the connection type property, the NAS Failure event and the NAS Release Event. 5.1 Properties 5.1.1 Session Identifier PropertyId: sessid (0x0001) Description: provides a value which may be used to correlate data and circuit network billing records. Type: octet string suitable for use as the value of the RADIUS attribute Acct-Session-Id as defined in RFC2866 [4]. In the text encoding of Megaco/H.248 this is represented as a hex string. Possible Values: as configured in the MGC. Default value is empty. Defined in: TerminationState for a NAS termination. Characteristics: read/write. 5.1.2 Connection Type PropertyId: conntyp (0x0002) Description: indicates the nature of the current connection. Type: integer, 0 to 99. Possible values: 1: incoming dial-up connection to data network (default) 2: callback connection 3: incoming dial-up connection to outgoing circuit 4: data connection to outgoing circuit Defined in: TerminationState for a NAS termination. Characteristics: read/write. Taylor Standards Track - Expires January 2002 4 Megaco/H.248 NAS Package July 2001 5.2 Events 5.2.1 NAS Failure EventID: nasfail (0x0001) Description: indicates a failure in the processing of the NAS connection attempt. Prior to successful initiation of service, it may occur as a result of any failure cause. Once service has begun, it indicates specifically that the NAS was unable to communicate with the AAA server. EventDescriptor Parameters: none added by this package ObservedEventDescriptor Parameters: Error code ParameterID: ec (0x0001) Description: describes the failure reason Type: integer, 0 to 99 Possible values: 1: NAS internal error 2: modems failed to train 3: no response from AAA server 5.2.2 NAS Release EventID: nasrel (0x0002) Description: The NAS Release event indicates that the NAS session has terminated at a point in time subsequent to registration of the first accounting record for the service. EventDescriptor Parameters: none added by this package ObservedEventDescriptor Parameters: reason ParameterID: reason (0x0001) Description: reason for termination of service. Type: integer, 0 to 99 Possible values: as defined for the RADIUS Acct-Terminate-Cause event (see RFC 2866 [4]). The list of values is reproduced here for information. See RFC 2866 for detailed definitions. 1 User Request 2 Lost Carrier 3 Lost Service 4 Idle Timeout 5 Session Timeout 6 Admin Reset 7 Admin Reboot Taylor Standards Track - Expires January 2002 5 Megaco/H.248 NAS Package July 2001 8 Port Error 9 NAS Error 10 NAS Request 11 NAS Reboot 12 Port Unneeded 13 Port Preempted 14 Port Suspended 15 Service Unavailable 16 Callback 17 User Error 18 Host Request 5.3 Signals None. 5.4 Statistics None. 5.5 Error Codes The following additional Megaco/H.248 error codes are documented here: Code Text Explanation 100 ISP Port Limit The call cannot be connected Overrun because allocation of a modem would cause the configured port limit for the ISP to be exceeded. 101 No Modems Available NAS has no more modems available to use for this call. 102 Calling Number The calling number is being Unacceptable blocked or is not allowed to call this service. 103 Called Number The called number supplied is Unacceptable unknown or blocked by this gateway. 5.6 Procedures If the MGC specifies a non-empty Session Identifier value for an incoming dial-up session and callback or outgoing service is authorized, the MGC MUST set a new Session Identifier value at the beginning of the outgoing phase, at the same time as it updates the Connection Type. If the Session Identifier is non-empty, the MG MUST use the supplied value as the value of the Acct-Session-Id Taylor Standards Track - Expires January 2002 6 Megaco/H.248 NAS Package July 2001 attribute for the corresponding session in communications with the AAA server. If the Session Identifier is empty (unspecified), the MG provides its own value for the Acct-Session-Id. The MGC initially sets the Connection Type property either to 1 (incoming dial-up call) or 4 (outgoing from data connection) as the case may be. Where the call starts as an incoming dial-up call and either moves to callback or to an outgoing call, the MGC resets the Connection Type property accordingly to ensure state synchronization with the MG. The MGC will normally enable the NAS Failure event for the life of the NAS termination. The MGC will typically enable the NAS Release event if it is prepared to initiate call clearing to the circuit network upon receipt of a notification of that event, but it must then also be prepared to handle race conditions due to simultaneous call release by the subscriber. 6. NAS INCOMING PACKAGE PackageID: nasin (serial number TBD) Version: 1 Extends: nas (0xTBD) Description: This package provides the Authorization Exception event and additional properties which the MGC must supply to the MG for an incoming dial-up NAS call. These properties are assigned to the NAS termination when it is created and given a Connection Type value of 1 (incoming dial-up connection). 6.1 Properties 6.1.1 Calling Number Status PropertyId: clgstat (0x0003) Description: indicates whether the calling number has not been set as it was unavailable at the MGC, has not been set by the MGC as it was witheld, has been set but is private (may not be used for presentation purposes on the AAA server), or has been set and may be passed to the AAA server. Type: integer, 0 to 99 Possible values: 1: calling number has not been set as it is unavailable (default) 2: calling number has not been set as it is witheld 3: calling number has been set but is presentation restricted 4: calling number has been set and may be presented. Taylor Standards Track - Expires January 2002 7 Megaco/H.248 NAS Package July 2001 Defined in: TerminationState for a NAS termination Characteristics: read/write 6.1.2 Calling Number PropertyId: clgnum (0x0004) Description: value of the calling number. This property MUST NOT be specified if clgstat is set to 1 (calling number unavailable) or 2 (calling number withheld); it MUST be specified otherwise. Type: string of hexadecimal digits, with no preceding "0x". Each hex digit represents one dialled digit. Possible values: as determined by the numbering plan. Default value if unspecified is "absent". Defined in: TerminationState for a NAS termination Characteristics: read/write 6.1.3 Called Number PropertyId: cldnum (0x0005) Description: value of the called number as provided by call signalling. Type: string of hexadecimal digits, with no preceding "0x". Each hex digit represents one dialled digit. Possible values: as determined by the numbering plan. No default value. Defined in: TerminationState for a NAS termination Characteristics: read/write. 6.2 Events 6.2.1 Authorization Exception EventID: authex (0x0003) Description: this event reports an unexpected outcome of a request for authorization of the network access request. The expected outcome is that the request is accepted and involves straightforward incoming service. EventDescriptor Parameters: none added by this package Taylor Standards Track - Expires January 2002 8 Megaco/H.248 NAS Package July 2001 ObservedEventDescriptor Parameters: result ParameterID: res (0x0001) Description: outcome of the service request to the AAA server (see for example RFC 2865 (RADIUS) [2]). Type: integer, 0 to 99 Possible values: 1: service denied 2: callback service authorized 3: outgoing service authorized number to dial ParameterID: dialnum (0x0002) Description: number to dial for call-back or outgoing service, as conveyed, for example, by the Callback number in RADIUS [2]. Type: string of hexadecimal digits, without preceding "0x". Each hex digit represents one digit to be dialled/signalled. Possible values: as determined by the dialling plan. 6.3 Signals None. 6.4 Statistics None. 6.5 Procedures It is assumed that a NAS incoming connection is identified by the MGC on the basis of incoming call signalling. The MGC maps from signalled circuit identifier to the incoming terminationId in the usual way. It may perform continuity testing on the incoming termination before beginning the procedures described here. It will typically add the bearer capability properties (described in a separate document) to the circuit termination based on call signalling. To enable modem tones to be sent and received, the MGC MUST set streamMode in the LocalDescriptor on the circuit termination to SendReceive. The MGC adds a NAS termination to the context in which the incoming termination has also been placed, setting the properties defined by the NAS and NAS Incoming packages and enabling the NAS Failure and Authorization Exception events of the NAS package. The MGC may also enable the NAS Release event. The MG may be unable to carry out the Add command for the NAS termination, in which case it will return the appropriate error code, typically one of the codes documented in section 5.5 above. Taylor Standards Track - Expires January 2002 9 Megaco/H.248 NAS Package July 2001 Once the incoming termination and the NAS termination have been associated in the same context, modem training is carried out and the MG issues a request for authorization to the AAA server. If either of these tasks is unsuccessful, the NAS termination generates a NAS Failure event with the appropriate reason code: 1: NAS internal error, if an internal condition such as hardware or software failure is recognized 2: modems failed to train, if loss of carrier is detected or the NAS times out waiting for the connection to be established. 3: no response from AAA server, if no response to the authorization request was received. Assuming that the AAA server response is received, the NAS termination may generate an Authorization Exception event. Depending on the result, the MGC should take the following actions: Result = 1 (denied): Subtract all terminations from the context. Either initiate call clearing or wait for the subscriber to clear the call, depending on local policy. Result = 2 (callback): Initiate call clearing for the current circuit connection. Remaining actions as for the next case. Note that if the NAS Release event is enabled an instance will be generated with reason code 16 (callback) following the Authorization Exception event. Result = 3 (outgoing): Update the Session Identifier and Connection Type of the NAS termination and add Dialout Number (see the NAS Outgoing package). Select and add a new circuit termination (possibly wildcarded) for the outgoing call. Initiate an outgoing call to the number provided by the Authorization Exception event. Add bearer capability parameters to the new circuit termination when available. Perform continuity testing on the new circuit termination if required, before setting streamMode to SendReceive. If no Authorization Exception event has been received, or in the two success cases once other actions have been taken, maintain the connection until cleared by call signalling or alerted by a NAS Release or NAS Failure event. In all cases of failure, or if the NAS Release event is enabled and reported, the MGC has the option of waiting for call clearing from the circuit network or initiating call clearing to the circuit network. In the latter case, as already mentioned, it must be Taylor Standards Track - Expires January 2002 10 Megaco/H.248 NAS Package July 2001 prepared to handle signalling race conditions due to simultaneous release at the subscriber end. 7. NAS OUTGOING PACKAGE PackageID: nasout (serial number TBD) Version: 1 Extends: nas (0xTBD) Description: This package provides two properties used for outgoing NAS service: the Dialout Number and the Data User Handle. 7.1 Properties 7.1.1 Dialout Number PropertyID: dialnum (0x0003) Description: the number to dial for an outgoing connection, copied from the dialnum parameter of an Authorization Result event or an Outgoing Call event (see NAS Control package). Type: string of hexadecimal digits, not preceded by "0x". Each hex digit represents one dialled digit. Possible values: as defined by the dialling plan. Default if unspecified is "absent". Defined in: TerminationState for a NAS termination Characteristics: read/write 7.1.2 Data User Handle PropertyID: handle (0x0004) Description: handle to an existing user data network connection which is to be provided outgoing service. This value is generated by and is of local significance to the MG. It is copied from the handle parameter of an Outgoing Call event (see NAS Control package). Type: a binary value represented as a hexadecimal string (text encoding) or OCTET STRING (binary encoding). Possible values: as set by the MG. Default if unspecified is "absent". Defined in: TerminationState for a NAS termination Taylor Standards Track - Expires January 2002 11 Megaco/H.248 NAS Package July 2001 Characteristics: read/write 7.2 Events None. 7.3 Signals None 7.4 Statistics None 7.5 Procedures The Dialout Number property MUST be specified if and only if the Connection Type is 2 (callback), 3 (dial-in to circuit), or 4 (outgoing from data network). The Data User Handle property MUST be specified if and only if the connection type is 4 (outgoing from data network). 8. NAS CONTROL PACKAGE PackageId: nasctl (serial number TBD) Version: 1 Extends: none Description: This package is supported by and distinguishes all NAS Control terminations. It contains one event, used by the MG to indicate that a data network user has requested outgoing service. 8.1 Properties None. 8.2 Events 8.2.1 Outgoing Call EventID: callreq (0x0001) Description: this event indicates that a data network user wishes to make an outgoing call to the circuit network. EventDescriptor Parameters: none added by this package Taylor Standards Track - Expires January 2002 12 Megaco/H.248 NAS Package July 2001 ObservedEventDescriptor Parameters: number to dial ParameterID: dialnum (0x0001) Description: number to dial for outgoing service, as conveyed, for example, by the Callback number in RADIUS [2]. Type: string of hexadecimal digits, not preceded by "0x". Each hex digit represents one digit to be dialled/signalled. Possible values: as determined by the dialling plan. data user handle ParameterID: handle (0x0002) Description: handle to an existing user data network connection which is to be provided outgoing service. This value is generated by and is of local significance to the MG. Type: a binary value represented as a hexadecimal string (text encoding) or OCTET STRING (binary encoding). 8.3 Signals None. 8.4 Statistics None. 8.5 Procedures The NAS Control termination is a persistent termination logically present in the NULL context of an MG which supports outgoing service initiated from data network users. The MGC must enable the Outgoing Call event on this termination in order to receive requests for such service. When a data network user requests outgoing service (by means outside the scope of this document) and the MG has obtained authorization for such service from the AAA server, it generates an Outgoing Call event. The value of the dialnum property is set to the value provided directly by the data network user or (possibly) provided by the AAA server. (Note that no attribute is specifically defined for this purpose in RADIUS.) The handle property is set to a value which the MG can use to retrieve the state of the call, including the data connection and information passed to it by the AAA server. Upon receipt of an Outgoing Call event, the MGC initiates a call to the number provided in dialnum. It passes a request back to the MG to add a terminationId (possibly wildcarded) of a circuit termination to a context. During call setup it may perform continuity testing on the circuit, and will typically add Bearer Capability parameter values to it in the Local/Remote descriptors. Taylor Standards Track - Expires January 2002 13 Megaco/H.248 NAS Package July 2001 At an appropriate point it will request the MG to add a NAS termination to the context. Session Identifier for this termination MAY be set. Connection Type MUST be set to 4 (outgoing call from data network). Both the nasout/dialnum and nasout/handle properties MUST be set as described in the NAS Outgoing package. The MGC SHOULD enable the NAS Failure event and MAY enable the NAS Release event. Processing from this point onwards is similar to that for an incoming call, except that no Authorization Result event is expected. 9. NAS ROOT PACKAGE PackageId: nasroot (serial number TBD) Version: 1 Extends: none Description: this package provides properties applicable to an MG which provides NAS services. These include the naming pattern for NAS terminations, the name of the NAS Control termination (if any), the maximum number of NAS terminations supported by the MG, and the expected execution time for adding NAS terminations to a context. 9.1 Properties 9.1.1 NAS Termination Naming Pattern PropertyId: nampat (0x0001) Description: pattern of termination identifiers specifically used to identify NAS terminations. Type: ASN.1 type TerminationIDList or ABNF type terminationIDList, depending on the encoding in use. The CHOOSE wildcard MUST NOT be used in any of the terms. Typically individual terms will contain ALL wildcards at one or more positions. Possible values: as configured in the MG. Defined in: TerminationState for ROOT. Characteristics: read only. 9.1.2 NAS Control Termination Name PropertyId: ctlnam (0x0002) Description: name of the NAS Control Termination, if any, supported by the MG. Taylor Standards Track - Expires January 2002 14 Megaco/H.248 NAS Package July 2001 Type: ASN.1 type TerminationID or ABNF type terminationId, depending on the encoding in use. Possible values: as provisioned in the MG. The value MUST NOT contain a wildcard. If the MG does not support outgoing calls originated from the data network, the MG MUST return an empty value for this property to any audit. Defined in: TerminationState for ROOT. Characteristics: read only. 9.1.3 Available Modems PropertyId: avalmodems (0x0003) Description: number of idle in-service modems currently available on the MG for assignment. Type: integer. Possible values: 1 to 9999999. Defined in: TerminationState for ROOT. Characteristics: read only. 9.1.4 Maximum Time To Add A NAS Termination PropertyId: nasaddtime (0x0004) Type: integer. Possible values: as configured in the MG. Maximum expected time required to add a NAS termination to a context, milliseconds. See procedural description below. Defined in: TerminationState for ROOT. Characteristics: read only. 9.2 Events None. 9.3 Signals None. 9.4 Statistics None. Taylor Standards Track - Expires January 2002 15 Megaco/H.248 NAS Package July 2001 9.5 Procedures The MGC reads the values of the NAS Root Package properties by performing an AuditValue of ROOT. If these properties have been set, they indicate that the MG supports the NAS function. The value of nasroot/nasaddtime is advisory. The MGC SHOULD take this value into account if it sets the value of the base root property root/normalMGexecutiontime. The MGC may manage load balancing between alternative MGs by periodically auditing the value of nasroot/avalmodems and assigning calls according to a policy based on this value. 10. Security Implications Security for Megaco/H.248 signalling is considered in the base protocol specification [6]. Special consideration must be given to protection of caller privacy, as this is the subject of regulatory requirements in many jurisdictions. The basic principle is that if the caller has requested privacy (typically through subscription), then: - the requirement for protection of caller identity MUST be propagated between successive entities in the call chain; - caller identity itself MUST NOT be sent to an untrusted entity. In the NAS case, the trust boundary may lie between the MGC and MG, between the MG and the AAA server, or beyond the AAA server. The MGC MUST be provisioned to be able to distinguish between a trusted and untrusted MG. Where the MG is trusted, the MG MUST be provisioned with the knowledge of whether the AAA server is trusted or untrusted. 11. IANA Considerations This document adds the Megaco/H.248 error codes defined in section 5.5. 12. Acknowledgements This document was improved by comments from Matt Holdrege and Christian Groves. 13. References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In Service (RADIUS)", RFC 2865, June 2000. Taylor Standards Track - Expires January 2002 16 Megaco/H.248 NAS Package July 2001 [3] Townsley, W., et al, "Layer Two Tunneling Protocol(L2TP)", RFC 2661, August 1999 [4] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [5] N. Greene, M. Ramalho, B. Rosen, "Media Gateway control protocol architecture and requirements", RFC 2805, April 2000. [6] F. Cuervo, N. Greene, C. Huitema, A. Rayhan, B. Rosen, J. Segers, "Media Gateway Control Protocol", RFC 3015, November 2000. 14. AUTHORS' ADDRESSES Tom Taylor Nortel Networks Phone: +1 613 736 0961 Email: taylor@nortelnetworks.com Alan V. Whitton Nortel Networks Phone: +1 613 763 8871 Email: awhitton@nortelnetworks.com Julian Mitchell Nortel Networks Phone: +44-(0)1628-434695 Email: julianm@nortelnetworks.com Ravi Subramaniam Cisco Systems Email: ravis@cisco.com Taylor Standards Track - Expires January 2002 17