Internet Engineering Task Force Internet Draft Schulzrinne/Kundaje/Narayanan draft-schulzrinne-accounting-sip-00.txt Columbia University February 11, 2002 Expires: July 2002 RADIUS accounting for SIP servers STATUS OF THIS MEMO This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress". The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt To view the list Internet-Draft Shadow Directories, see http://www.ietf.org/shadow.html. Abstract This memo defines mappings of RADIUS accounting attributes for use with SIP servers. It also defines several new attributes to support the provision of RADIUS accounting for SIP servers. 1 Introduction The Session Initiation Protocol (SIP) [1] is an application-layer control protocol that can establish, modify and terminate multimedia sessions or calls. A SIP system is composed of a number of logical components such as user agents, proxy servers, redirect servers and registrars. RADIUS (Remote Authentication in Dial-In User Service) [2] can be used for carrying accounting information between a SIP server and a Schulzrinne/Kundaje/Narayanan [Page 1] Internet Draft RADIUS-ACCT-SIP February 11, 2002 RADIUS server. In this architecture, the SIP server operates as a client of the RADIUS server. The client passes user accounting information derived from specific events in a SIP session to a designated RADIUS server in an accounting request packet. The RADIUS server sends back an accounting response to the client indicating that it has successfully received and processed the request. RADIUS servers discard the request packet, if it had an error. Some of the parameters to be logged can be mapped into the attributes defined in RFC 2865[2] and RFC 2866[3]. However, some new SIP specific attributes need to be defined for some SIP-specific accounting and logging information. This document defines a preliminary set of attributes and also provides a mapping for several existing RADIUS attributes. 2 Conventions of This Document In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALLNOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 [4] and indicate requirement levels for compliant implementations. 3 Terminology SIP server: As defined in RFC 2543 [1]. SIP servers come in three main flavors namely, Proxy, Redirect, and Registrar servers. SIP registrar servers provide location services to users by maintaining the current locations of users. SIP proxy servers help in call setup and termination by routing call requests to the user's current location either directly or through a network of intermediate SIP servers. Proxy servers use the SIP Record-Route option to make all SIP requests and responses in a call traverse through them. A third type of SIP server, namely, the redirect server responds to call initiation requests by redirecting the client to another SIP server or user-agent. RADIUS server: As defined in RFC 2865 [2]. In the context of this document, the term RADIUS server refers to a server that accepts RADIUS accounting packets, and responds to them. Accounting Request: As defined in RFC 2865 [2] it is a specific RADIUS attribute, denoted Accounting-Request, used in a packet sent from a client to the RADIUS server. It requests the server to log the contents of the packet. The contents will be interpreted according to the definitions of attributes and types provided in RFC 2866 [3]. Schulzrinne/Kundaje/Narayanan [Page 2] Internet Draft RADIUS-ACCT-SIP February 11, 2002 Accounting Response: As defined in RFC 2865 [2] this is a specific RADIUS attribute, denoted Accounting-Response, used in responses for accounting requests. 4 Table of Attributes The following table provides a guide to which attributes may be found in Accounting-Request packets for SIP. The first part namely, Standard RADIUS attributes, specifies the RADIUS attributes that can be used in SIP servers. The SIP specific attribute section defines new attributes that are specific to SIP. No SIP specific attributes should be found in Accounting-Response packets. A value of 1 in Column 1 indicates that exactly one instance of the corresponding attribute MUST be present in a Accounting-Request packet. A value of 0-1 indicates that zero or one instance of the attribute MAY be present. Standard RADIUS attributes: Request # Attribute 1 1 User-Name 1 4 NAS-IP-Address 1 5 NAS-Port 1 6 Service-Type 1 40 Acct-Status-Type 0-1 41 Acct-Delay-Time 1 44 Acct-Session-Id 0-1 45 Acct-Authentic 0-1 46 Acct-Session-Time 0-1 49 Acct-Terminate-Cause 1 55 Event-Timestamp SIP specific attributes: Request # Attribute 0-1 101 Sip-Method [*] 0-1 102 Sip-Response-Code [*] 1 103 Sip-From 1 104 Sip-To 1 105 Sip-Translated-Request-URI 0-1 106 Sip-Remote-IP-Address 0-1 107 Sip-Remote-Port *: Either the Sip-Method Attribute or the Sip-Response-Code attribute must be present in all Accounting-Request packets. 5 Description of Attributes Schulzrinne/Kundaje/Narayanan [Page 3] Internet Draft RADIUS-ACCT-SIP February 11, 2002 We now describe the semantics of each RADIUS attribute as applied to SIP servers. 1. User-Name: The User-Name attribute refers to the SIP address of the user responsible for the session. The values in SIP From or To or the userid field of Authorization header can be mapped to this attribute. The specific choice is a policy decision. This attribute MUST be present in all Accounting-Request Packets. For ease of reference, we summarize the attribute format below. The fields are transmitted from left to right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | Type (=1) | Length (>=3) | String ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- String The String field is one or more octets. The RADIUS server may limit the maximum length of the User-Name. However, the ability to handle at least 63 octets is recommended. The format of the username SHOULD be a standard SIP address of the form user@host. 2. NAS-IP-Address: The NAS-IP-Address attribute indicates the IP Address of the SIP server which is requesting the accounting service provided by the RADIUS server. This attribute MUST be present in Accounting-Request Packets. A summary of the NAS-IP-Address Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Schulzrinne/Kundaje/Narayanan [Page 4] Internet Draft RADIUS-ACCT-SIP February 11, 2002 | Type (=4) | Length (=6)| Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address The Address field is four octets, and contains an IPv4 address. 3. NAS-Port: The NAS-Port attribute indicates the port number of the SIP Server that provides service to the user. In practice, this is usually 5060. This attribute MUST be present in Accounting-Request packets. A summary of the NAS-Port Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=5) | Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets. It contains a TCP or UDP port number. 4. Service-Type: The Service-Type attribute indicates the type of service the user has requested, or the type of service to be provided. For SIP accounting the value MUST be 15 indicating Sip-Session. It MUST be present in Accounting-Request Packets. A summary of the Service-Type attribute format is shown below. The fields are transmitted from left to right. Schulzrinne/Kundaje/Narayanan [Page 5] Internet Draft RADIUS-ACCT-SIP February 11, 2002 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=6) | Length (=6)| Value (=15) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets and contains the value 15 representing Sip-Session. 5. Acct-Status-Type: The Acct-Status-Type attribute indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). This attribute is used by the SIP server to mark the start of accounting (for example, upon booting) by specifying Accounting-On and to mark the end of accounting (for example, just before a scheduled reboot) by specifying Accounting-Off. It MUST be present in Accounting-request Packets. A summary of the Acct-Status-Type attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=40)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets and can contain one of the following RADIUS codes: 1 Start 2 Stop Schulzrinne/Kundaje/Narayanan [Page 6] Internet Draft RADIUS-ACCT-SIP February 11, 2002 3 Interim-Update 7 Accounting-On 8 Accounting-Off 15 Reserved for Failures 6. Acct-Delay-Time: The Acct-Delay-Time attribute indicates, in seconds, the time between the receipt of an INVITE at the SIP server and the arrival of the corresponding ACK at the same SIP server. It SHOULD be present in Accounting-Request Packets. A summary of the Acct-Delay-Time attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=41)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets. 7. Acct-Session-Id: The Acct-Session-Id attribute maps into the Call-ID of the SIP session. The Call-ID is a SIP general-header field uniquely identifies a particular invitation or all registrations of a particular client. This attribute also makes it easy to correlate start and stop records in the RADIUS server log. The start and stop records for a given accounting session MUST have the same Acct-Session-Id. This attribute must be present in Accounting-Request Packets. A summary of the Acct-Session-Id attribute format is shown Schulzrinne/Kundaje/Narayanan [Page 7] Internet Draft RADIUS-ACCT-SIP February 11, 2002 below. The fields are transmitted from left to right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=44)| Length(>=6)| Text ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ String The String field SHOULD be be a string . 8. Acct-Authentic: The Acct-Authentic attribute MAY be included in an Accounting-Request to indicate how the user was authenticated, whether by RADIUS, the SIP server itself, or another remote authentication protocol. A summary of the Acct-Authentic attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=45)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets. 1 RADIUS 2 Local 3 Remote 9. Acct-Session-Time: The Acct-Session-Time attribute indicates how many seconds the user has received service for, and can only be present Schulzrinne/Kundaje/Narayanan [Page 8] Internet Draft RADIUS-ACCT-SIP February 11, 2002 in Accounting-Request records where the Acct-Status-Type is set to Stop. It is used to represent the time between the arrival of an INVITE request and the arrival of the corresponding BYE request, if the SIP server uses record routing[1]. A summary of the Acct-Session-Time attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=46)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets. 10. Acct-Terminate-Cause: The Acct-Terminate-Cause attribute indicates how the session was terminated, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop. A summary of the Acct-Terminate-Cause attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=49)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets, containing an integer specifying the cause of session termination, as follows: 1 User Request Schulzrinne/Kundaje/Narayanan [Page 9] Internet Draft RADIUS-ACCT-SIP February 11, 2002 3 Lost Service 4 Idle Timeout 5 Session Timeout 6 Admin Reset 7 Admin Reboot 8 Port Error 9 NAS Error 10 NAS Request 11 NAS Reboot 15 Service Unavailable 17 User Error 18 Host Request 11. Event-Timestamp: The Event-Timestamp attribute is included in an Accounting-Request packet to record the time that this event occurred on the SIP server, in seconds since January 1, 1970 00:00 UTC. This attribute MAY be present. It is useful for profiling and traffic measurement purposes. A summary of the Event-Timestamp attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=55)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets encoding an unsigned integer with the number of seconds since January 1, 1970 00:00 UTC. 12. Sip-Method: The Sip-Method attribute indicates the SIP method. It can take values corresponding to INVITE, ACK, OPTIONS, CANCEL, BYE, REGISTER, SUBSCRIBE and NOTIFY. This attribute MUST be present in Accounting-Request Schulzrinne/Kundaje/Narayanan [Page 10] Internet Draft RADIUS-ACCT-SIP February 11, 2002 Packets in the absence of a SIP-Response-Code attribute in the packet. A summary of the Sip-Method attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=101)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets, containing an integer specifying the Method, as follows: 0 INVITE 1 BYE 2 REGISTER 3 CANCEL 4 OPTIONS 5 ACK 6 SUBSCRIBE 7 NOTIFY 13. Sip-Response-Code: The Sip-Response-Code attribute indicates the SIP Response code/Status code present in the header of the SIP request/response to the SIP server. For example, a successfull call setup may result in 200. This attribute MUST be present in Accounting-request packets in the absence of a Sip-Method Attribute in the packet. A summary of the Sip-Response-Code attribute format is shown below. The fields are transmitted from left to right. 0 1 2 Schulzrinne/Kundaje/Narayanan [Page 11] Internet Draft RADIUS-ACCT-SIP February 11, 2002 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type(=102)| Length (6)| value ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The value field is 4 octets and contains the SIP response code. 14. Sip-From: The Sip-From attribute is the URL present in SIP From header and identifies a SIP caller of any request or response through a SIP server. It MUST be present in Accounting-Request packets. A summary of the Sip-From attribute format is shown below. The fields are transmitted from left to right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type(=103) | Length (>=3) | Text ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Text The Text field SHOULD be be a string of UTF-8 encoded 10646 [6] characters. It SHOULD be a URL of the form from@host. 15. Sip-To: The Sip-To attribute is the URL present in SIP From header and identifies a SIP callee of any request or response through a SIP server. It MUST be present in Accounting-Request packets. A summary of the Sip-To attribute format is shown below. The fields are transmitted from left to right. Schulzrinne/Kundaje/Narayanan [Page 12] Internet Draft RADIUS-ACCT-SIP February 11, 2002 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=104)| Length (>=3) | Text ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Text The Text field SHOULD be be a string of UTF-8 encoded 10646 [6] characters. It SHOULD be a SIP of the form from@host. 16. Sip-Translated-Request-URI: The Sip-Translated-Request-URI attribute indicates the Request-URI of the SIP request, translated as per the SIP server's processing rules into a "canonical" URI. For an INVITE request, the "canonical" URI is the URI that the SIP server uses for proxying. For example, if the Request-URI is sip:alice@wonderland.com, a SIP server might translate this to sip:alice@p42.wonderland.com. The latter is then called as the translated request URI. In other cases, such as a REGISTER request, the Sip- Translated-Request-URI MAY be same as the Request-URI. For example, if the Request-URI for the registrar serving wonderland.com is sip:wonderland.com, the Sip-Translated- Request-URI will be just wonderland.com. However, other Request-URIs such as sip:registrar.wonderland.com MAY be translated to sip:wonderland.com. This attribute MUST be present in all Accounting-Request packets. A summary of the Sip-Translated-request-URI attribute format is shown below. The fields are transmitted from left to right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=105) | Length(>=3) | Text ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ String The String field SHOULD be be a string of UTF-8 encoded 10646 [6] characters and SHOULD represent a SIP URI. Schulzrinne/Kundaje/Narayanan [Page 13] Internet Draft RADIUS-ACCT-SIP February 11, 2002 17. Sip-Remote-IP-Address: The Sip-Remote-IP-Address attribute indicates the IP address of an upstream entity such as a SIP-UAC or another SIP server if any, that sent the request/response which triggered the particular accounting request. A summary of the Sip-Remote-IP-Address Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=106)| Length (=6)| Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address The Address field is four octets and contains an IPv4 address. 18. Sip-Remote-Port: The Sip-Remote-Port attribute indicates the port number of an upstream entity such as a SIP-UAC or another SIP server from which the request or response that triggered this particular accounting request was received. A summary of the Sip-Remote-Port Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type (=107)| Length (=6)| Value +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value (cont) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Value The Value field is four octets and represents a TCP or UDP port. Schulzrinne/Kundaje/Narayanan [Page 14] Internet Draft RADIUS-ACCT-SIP February 11, 2002 6 Reliability of accounting messages Radius servers discard packets in case of an error, such as malformed or tampered packets. If the packet is accepted as valid, they send back an accounting response. In the absence of a response: 1. It is recommended that the client continue attempting to send the Accounting-Request packet until it receives an acknowledgement, using some form of "backoff". If no response is returned within a length of time, the request SHOULD be resent a number of times. 2. The client can also forward requests to an alternate server/servers in the event that the primary server is down or unreachable. 7 Security Considerations If a SIP proxy server is used for call accounting, the proxy uses the SIP Record-Route option during call setup to ensure that all subsequent signaling messages traverse through it. This is needed, for example, to know when the call ends. Security policies should make sure that the proxy server is not bypassed. For example, a gateway should be configured to reject all BYE requests that do not originate from the proxy server. Additional security issues considered in RFC 2865 [2] and RFC 2543 [1] are also applicable. 8 IANA Considerations The Packet Type Codes, Attribute Types, and Attribute Values defined in this document are registered by the Internet Assigned Numbers Authority (IANA) from the RADIUS name spaces. 9 Authors' Addresses Henning Schulzrinne Dept. of Computer Science Columbia University 1214 Amsterdam Avenue, MC 0401 New York, NY 10027 USA electronic mail: schulzrinne@cs.columbia.edu Anshul Kundaje Dept. of Electrical Engineering Columbia University 1214 Amsterdam Avenue, MC 0401 New York, NY 10027 Schulzrinne/Kundaje/Narayanan [Page 15] Internet Draft RADIUS-ACCT-SIP February 11, 2002 USA electronic mail: abk2001@cs.columbia.edu Sankaran Narayanan Dept. of Computer Science Columbia University 1214 Amsterdam Avenue, MC 0401 New York, NY 10027 USA electronic mail: sankaran@cs.columbia.edu 10 Bibliography [1] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, "SIP: session initiation protocol," Request for Comments 2543, Internet Engineering Task Force, Mar. 1999. [2] C. Rigney, S. Willens, A. Rubens, and W. Simpson, "Remote authentication dial in user service (RADIUS)," Request for Comments 2865, Internet Engineering Task Force, June 2000. [3] C. Rigney, "RADIUS accounting," Request for Comments 2866, Internet Engineering Task Force, June 2000. [4] S. Bradner, "Key words for use in RFCs to indicate requirement levels," Request for Comments 2119, Internet Engineering Task Force, Mar. 1997. Full Copyright Statement Copyright (c) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be Schulzrinne/Kundaje/Narayanan [Page 16] Internet Draft RADIUS-ACCT-SIP February 11, 2002 revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Table of Contents 1 Introduction ........................................ 1 2 Conventions of This Document ........................ 2 3 Terminology ......................................... 2 4 Table of Attributes ................................. 3 5 Description of Attributes ........................... 3 6 Reliability of accounting messages .................. 15 7 Security Considerations ............................. 15 8 IANA Considerations ................................. 15 9 Authors' Addresses .................................. 15 10 Bibliography ........................................ 16 Schulzrinne/Kundaje/Narayanan [Page 17]