User Tools

Site Tools


how_it_works

How It Works

This section describes the internal working process of the Evolynx RADIUS accounting engine. This logic is included in the BusLayer.dll file which can be replaced easily by a new DLL to reflect any other business logic. See Using API for more information on how to create your own Business Layer DLL. (The information provided here is for Advanced version.)

Authentication:

When a user tries to login to a RADIUS Client, the Client sends an Access_Request to the RADIUS server. In Evolynx RADIUS, this request is received by the RADIUS engine and forwarded to the Business Layer to be processed. A function named Authenticate is responsible for processing the Access Requests. This function uses the “User-Name” RADIUS attribute to find the correct Customer.

The following steps describe how an Access Request is processed in the Business Layer DLL:

  1. Database is accessed to read the following information about this LoginID (stored in “User-Name” attribute)
    1. Password
    2. Which Customer this Login belongs to
    3. If the customer is disabled or not
    4. Maximum number of concurrent connections for this Customer
    5. “End Date” for Customer
    6. Number of current connection for Customer
    7. Customer's Balance
    8. Which Service is assigned to Customer
    9. Billing Mode (debit, credit)
    10. Charge per minute (if any) (per period)
    11. Minimum minutes (per period)
    12. Charge per Kilo Byte (if any)
    13. If the Service is disabled or not
    14. IP address which should be assigned to customer (if enabled)
    15. If any surcharges should apply

      Note: If the VoIP switch in config file is enabled, “Called-Station-Id” attribute will be used as the destination phone number

  2. If there is no LoginID in the database that matches the User-Name, request will be rejected, with “Invalid User” message.
  3. If there is no Service assigned to this customer, request will be rejected, with “No Service Assigned” message.
  4. Password coming from Access Request is compared with password stored in the database. If they don't match, request will be rejected, with “Invalid xxxx Password” message, which xxxx shows the authentication method. If a client try to authenticate using an authentication protocol which is disabled in config file, request will be rejected, with “xxxx protocol is not allowed.” message.

    Note: If the VoIP switch in config file is enabled, Evolynx will skip the password check process described above.

  5. If the Customer is disabled (using Admin program / Customer Edit page / Service Info tab) then request will be rejected, with “Account Disabled” message.
  6. If today's date is greater than the “End Date” (same location) then request will be rejected, with “Account Expired” message.
  7. If the Service is disabled (using Admin program / Service Edit page), request will be rejected, with “Service is Disabled” message.
  8. If customer has already logged in to the system and (s)he is exceeding the maximum number of allowed concurrent connections (specified in Admin program / Customer Edit page / Service Info tab), then request will be rejected, with “Exceeding Concurrent Connections” message.
  9. At this step, it's determined which Service Period the user is trying to connect. In each service, 24 hours of a day can be divided to two parts; Primary and Secondary Service Periods. This feature gives you the ability to have 2 different rates for usage time, or even disable access at certain times (using “Charge Per Minute” less than 0). If the time of day which user tries to connect is between Start Time and End Time of the Primary Period, Service is considered at Primary Period. If not, Service will be in Secondary Period.
  10. Based on the Service Period determined in previous step, if the “Charge Per Minute” of the Period is less than “0”, request will be rejected, with “Service not allowed in this Period” message.
  11. If there are any surcharges which apply to this call, they will be calculated. Per minute surcharges are added to per minute fees and “per call” surcharges are also summed up to be used later.
  12. If the Customer is assigned a Service which has “Debit/Pre-Paid” billing mode, A minimum call cost is calculated based on per minute fees and per call fees (if any). This minimum call cost is then compared with current Balance to see if customer has enough funds available to make this call. If not request will be rejected, with “Insufficient Credit” message.
  13. If the Customer is assigned a Service which has a non-zero “Charge per Minute” fee, and the Service “Billing Mode” is “Debit/Pre-Paid”, a “Session-Timeout” RADIUS attribute will be sent to the Client, specifying how many seconds this Customer can stay connected. Also, if any of the Service Periods have a “Charge Per Minute” less than 0 meaning that Customer can not stay connected during that period, “Session-Timeout” RADIUS attribute will be calculated and sent to client, regardless of the “Billing Mode”.
  14. If the Accounting Interim Interval value in configuration options is greater than 60 seconds, “Acct-Interim-Interval” attribute will be sent to the client.
  15. If the VoIP switch in configuration options is enabled, “h323-credit-amount” or “h323-credit-time” (depending on “Called-Station-Id”) will be sent to the client.
  16. If customer is set to be assigned an IP address from a pool of IPs, that IP will be sent to the client.
  17. If the “LoadCustomAttributes” switch in configuration options is enabled, and there is any Custom Attribute assigned to the Service or Customer, those attributes will be added to the RADIUS response based on rules defined for those custom attributes.
  18. Since all the conditions met, an Access_Accept RADIUS packet will be sent to the Client.

Accounting Interim Intervals:

This value is used as the value for “Acct-Interim-Interval” attribute in Access-Accept packets (when greater than or equal 60). This will cause the RADIUS Client to send Accounting-Request packets to server in intervals specified by this number. Evolynx RADIUS will receive these Interim Updates and updates the data in “Connected” table. There is an automated maintenance process in Evolynx Server which checks this table and compares the value of “LastUpdated” column with the value of Interim Intervals. If there are users shown as connected, but have not been updated for a period greater than the value of “Interim Intervals” Evolynx will assume that those users are disconnected and removes the user from “Connected” table and updates the “Usage” data. Important: When using this feature, ALL RADIUS Clients MUST sent Accounting Interim Packets, or users will be considered as disconnected.

Accounting:

RADIUS Accounting packets are used to specify when a customer is connected to (Accounting-Start) and disconnected from (Accounting-Stop) the system. When RADIUS server receives the “Accounting-Start” packet, it stores some information in “Connected” table. When “Accounting-Stop” packet is received, RADIUS server will store the call information in “Usage” table and updates balance if required. Extra fees like “Connection Fee” and “Maintenance Fee” are logged in a table called “FeeLog”. VoIP Note: Accounting packets which contain attribute “h323-call-origin=answer” will be ignored.

how_it_works.txt · Last modified: 2014/08/22 19:50 (external edit)