Internet Engineering Task Force (IETF) L. Bertz, Ed. Request for Comments: 8506 Sprint Obsoletes: 4006 D. Dolson, Ed. Category: Standards Track Y. Lifshitz, Ed. ISSN: 2070-1721 Sandvine March 2019
Internet Engineering Task Force (IETF) L. Bertz, Ed. Request for Comments: 8506 Sprint Obsoletes: 4006 D. Dolson, Ed. Category: Standards Track Y. Lifshitz, Ed. ISSN: 2070-1721 Sandvine March 2019
Diameter Credit-Control Application
Diameter信用控制应用程序
Abstract
摘要
This document specifies a Diameter application that can be used to implement real-time credit-control for a variety of end-user services such as network access, Session Initiation Protocol (SIP) services, messaging services, and download services. The Diameter Credit-Control application as defined in this document obsoletes RFC 4006, and it must be supported by all new Diameter Credit-Control application implementations.
本文档指定了一个Diameter应用程序,该应用程序可用于实现各种最终用户服务(如网络访问、会话初始化协议(SIP)服务、消息传递服务和下载服务)的实时信用控制。本文档中定义的Diameter信用控制应用程序淘汰了RFC 4006,并且必须由所有新的Diameter信用控制应用程序实现支持。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8506.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8506.
Copyright Notice
版权公告
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
版权(c)2019 IETF信托基金和被确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction ....................................................6 1.1. Requirements Language ......................................7 1.2. Terminology ................................................7 1.3. Advertising Application Support ............................9 2. Architecture Models .............................................9 3. Credit-Control Messages ........................................11 3.1. Credit-Control-Request (CCR) Command ......................11 3.2. Credit-Control-Answer (CCA) Command .......................12 4. Credit-Control Application Overview ............................13 4.1. Service-Specific Rating Input and Interoperability ........14 4.1.1. Specifying Rating Input AVPs .......................15 4.1.2. Service-Specific Documentation .....................16 4.1.3. Handling of Unsupported/Incorrect Rating Input .....16 4.1.4. RADIUS Vendor-Specific Rating Attributes ...........17 5. Session-Based Credit-Control ...................................17 5.1. General Principles ........................................17 5.1.1. Basic Support for Tariff Time Change ...............18 5.1.2. Credit-Control for Multiple Services within a (Sub-)Session ....................................19 5.2. First Interrogation .......................................23 5.2.1. First Interrogation after Authorization and Authentication .....................................25 5.2.2. First Interrogation Included with Authorization Messages .............................27 5.3. Intermediate Interrogation ................................29 5.4. Final Interrogation .......................................31 5.5. Server-Initiated Credit Re-authorization ..................32 5.6. Graceful Service Termination ..............................34 5.6.1. Terminate Action ...................................37 5.6.2. Redirect Action ....................................38 5.6.3. Restrict Access Action .............................40 5.6.4. Usage of the Server-Initiated Credit Re-authorization ...................................41 5.7. Failure Procedures ........................................41 6. One-Time Event .................................................44 6.1. Service Price Inquiry .....................................45 6.2. Balance Checks ............................................46 6.3. Direct Debiting ...........................................46 6.4. Refunds ...................................................47 6.5. Failure Procedure .........................................48 7. Credit-Control Application State Machines ......................50 8. Credit-Control AVPs ............................................59 8.1. CC-Correlation-Id AVP .....................................61 8.2. CC-Request-Number AVP .....................................62 8.3. CC-Request-Type AVP .......................................62 8.4. CC-Session-Failover AVP ...................................63
1. Introduction ....................................................6 1.1. Requirements Language ......................................7 1.2. Terminology ................................................7 1.3. Advertising Application Support ............................9 2. Architecture Models .............................................9 3. Credit-Control Messages ........................................11 3.1. Credit-Control-Request (CCR) Command ......................11 3.2. Credit-Control-Answer (CCA) Command .......................12 4. Credit-Control Application Overview ............................13 4.1. Service-Specific Rating Input and Interoperability ........14 4.1.1. Specifying Rating Input AVPs .......................15 4.1.2. Service-Specific Documentation .....................16 4.1.3. Handling of Unsupported/Incorrect Rating Input .....16 4.1.4. RADIUS Vendor-Specific Rating Attributes ...........17 5. Session-Based Credit-Control ...................................17 5.1. General Principles ........................................17 5.1.1. Basic Support for Tariff Time Change ...............18 5.1.2. Credit-Control for Multiple Services within a (Sub-)Session ....................................19 5.2. First Interrogation .......................................23 5.2.1. First Interrogation after Authorization and Authentication .....................................25 5.2.2. First Interrogation Included with Authorization Messages .............................27 5.3. Intermediate Interrogation ................................29 5.4. Final Interrogation .......................................31 5.5. Server-Initiated Credit Re-authorization ..................32 5.6. Graceful Service Termination ..............................34 5.6.1. Terminate Action ...................................37 5.6.2. Redirect Action ....................................38 5.6.3. Restrict Access Action .............................40 5.6.4. Usage of the Server-Initiated Credit Re-authorization ...................................41 5.7. Failure Procedures ........................................41 6. One-Time Event .................................................44 6.1. Service Price Inquiry .....................................45 6.2. Balance Checks ............................................46 6.3. Direct Debiting ...........................................46 6.4. Refunds ...................................................47 6.5. Failure Procedure .........................................48 7. Credit-Control Application State Machines ......................50 8. Credit-Control AVPs ............................................59 8.1. CC-Correlation-Id AVP .....................................61 8.2. CC-Request-Number AVP .....................................62 8.3. CC-Request-Type AVP .......................................62 8.4. CC-Session-Failover AVP ...................................63
8.5. CC-Sub-Session-Id AVP .....................................64 8.6. Check-Balance-Result AVP ..................................64 8.7. Cost-Information AVP ......................................64 8.8. Unit-Value AVP ............................................65 8.9. Exponent AVP ..............................................65 8.10. Value-Digits AVP .........................................66 8.11. Currency-Code AVP ........................................66 8.12. Cost-Unit AVP ............................................66 8.13. Credit-Control AVP .......................................66 8.14. Credit-Control-Failure-Handling AVP (CCFH) ...............67 8.15. Direct-Debiting-Failure-Handling AVP (DDFH) ..............68 8.16. Multiple-Services-Credit-Control AVP .....................68 8.17. Granted-Service-Unit AVP .................................70 8.18. Requested-Service-Unit AVP ...............................71 8.19. Used-Service-Unit AVP ....................................71 8.20. Tariff-Time-Change AVP ...................................72 8.21. CC-Time AVP ..............................................72 8.22. CC-Money AVP .............................................72 8.23. CC-Total-Octets AVP ......................................72 8.24. CC-Input-Octets AVP ......................................72 8.25. CC-Output-Octets AVP .....................................73 8.26. CC-Service-Specific-Units AVP ............................73 8.27. Tariff-Change-Usage AVP ..................................73 8.28. Service-Identifier AVP ...................................74 8.29. Rating-Group AVP .........................................74 8.30. G-S-U-Pool-Reference AVP .................................74 8.31. G-S-U-Pool-Identifier AVP ................................75 8.32. CC-Unit-Type AVP .........................................75 8.33. Validity-Time AVP ........................................75 8.34. Final-Unit-Indication AVP ................................76 8.35. Final-Unit-Action AVP ....................................77 8.36. Restriction-Filter-Rule AVP ..............................78 8.37. Redirect-Server AVP ......................................78 8.38. Redirect-Address-Type AVP ................................79 8.39. Redirect-Server-Address AVP ..............................79 8.40. Multiple-Services-Indicator AVP ..........................80 8.41. Requested-Action AVP .....................................80 8.42. Service-Context-Id AVP ...................................81 8.43. Service-Parameter-Info AVP ...............................82 8.44. Service-Parameter-Type AVP ...............................82 8.45. Service-Parameter-Value AVP ..............................83 8.46. Subscription-Id AVP ......................................83 8.47. Subscription-Id-Type AVP .................................83 8.48. Subscription-Id-Data AVP .................................84 8.49. User-Equipment-Info AVP ..................................84 8.50. User-Equipment-Info-Type AVP .............................84 8.51. User-Equipment-Info-Value AVP ............................85 8.52. User-Equipment-Info-Extension AVP ........................85
8.5. CC-Sub-Session-Id AVP .....................................64 8.6. Check-Balance-Result AVP ..................................64 8.7. Cost-Information AVP ......................................64 8.8. Unit-Value AVP ............................................65 8.9. Exponent AVP ..............................................65 8.10. Value-Digits AVP .........................................66 8.11. Currency-Code AVP ........................................66 8.12. Cost-Unit AVP ............................................66 8.13. Credit-Control AVP .......................................66 8.14. Credit-Control-Failure-Handling AVP (CCFH) ...............67 8.15. Direct-Debiting-Failure-Handling AVP (DDFH) ..............68 8.16. Multiple-Services-Credit-Control AVP .....................68 8.17. Granted-Service-Unit AVP .................................70 8.18. Requested-Service-Unit AVP ...............................71 8.19. Used-Service-Unit AVP ....................................71 8.20. Tariff-Time-Change AVP ...................................72 8.21. CC-Time AVP ..............................................72 8.22. CC-Money AVP .............................................72 8.23. CC-Total-Octets AVP ......................................72 8.24. CC-Input-Octets AVP ......................................72 8.25. CC-Output-Octets AVP .....................................73 8.26. CC-Service-Specific-Units AVP ............................73 8.27. Tariff-Change-Usage AVP ..................................73 8.28. Service-Identifier AVP ...................................74 8.29. Rating-Group AVP .........................................74 8.30. G-S-U-Pool-Reference AVP .................................74 8.31. G-S-U-Pool-Identifier AVP ................................75 8.32. CC-Unit-Type AVP .........................................75 8.33. Validity-Time AVP ........................................75 8.34. Final-Unit-Indication AVP ................................76 8.35. Final-Unit-Action AVP ....................................77 8.36. Restriction-Filter-Rule AVP ..............................78 8.37. Redirect-Server AVP ......................................78 8.38. Redirect-Address-Type AVP ................................79 8.39. Redirect-Server-Address AVP ..............................79 8.40. Multiple-Services-Indicator AVP ..........................80 8.41. Requested-Action AVP .....................................80 8.42. Service-Context-Id AVP ...................................81 8.43. Service-Parameter-Info AVP ...............................82 8.44. Service-Parameter-Type AVP ...............................82 8.45. Service-Parameter-Value AVP ..............................83 8.46. Subscription-Id AVP ......................................83 8.47. Subscription-Id-Type AVP .................................83 8.48. Subscription-Id-Data AVP .................................84 8.49. User-Equipment-Info AVP ..................................84 8.50. User-Equipment-Info-Type AVP .............................84 8.51. User-Equipment-Info-Value AVP ............................85 8.52. User-Equipment-Info-Extension AVP ........................85
8.53. User-Equipment-Info-IMEISV AVP ...........................86 8.54. User-Equipment-Info-MAC AVP ..............................86 8.55. User-Equipment-Info-EUI64 AVP ............................86 8.56. User-Equipment-Info-ModifiedEUI64 AVP ....................86 8.57. User-Equipment-Info-IMEI AVP .............................86 8.58. Subscription-Id-Extension AVP ............................87 8.59. Subscription-Id-E164 AVP .................................87 8.60. Subscription-Id-IMSI AVP .................................87 8.61. Subscription-Id-SIP-URI AVP ..............................88 8.62. Subscription-Id-NAI AVP ..................................88 8.63. Subscription-Id-Private AVP ..............................88 8.64. Redirect-Server-Extension AVP ............................88 8.65. Redirect-Address-IPAddress AVP ...........................89 8.66. Redirect-Address-URL AVP .................................89 8.67. Redirect-Address-SIP-URI AVP .............................89 8.68. QoS-Final-Unit-Indication AVP ............................89 9. Result-Code AVP Values .........................................91 9.1. Transient Failures ........................................91 9.2. Permanent Failures ........................................92 10. AVP Occurrence Table ..........................................92 10.1. Credit-Control AVP Table .................................93 10.2. Re-Auth-Request/Re-Auth-Answer AVP Table .................94 11. RADIUS/Diameter Credit-Control Interworking Model .............94 12. IANA Considerations ...........................................97 12.1. Application Identifier ...................................97 12.2. Command Codes ............................................97 12.3. AVP Codes ................................................97 12.4. Result-Code AVP Values ...................................98 12.5. CC-Request-Type AVP ......................................98 12.6. CC-Session-Failover AVP ..................................98 12.7. CC-Unit-Type AVP .........................................99 12.8. Check-Balance-Result AVP .................................99 12.9. Credit-Control AVP .......................................99 12.10. Credit-Control-Failure-Handling AVP .....................99 12.11. Direct-Debiting-Failure-Handling AVP ....................99 12.12. Final-Unit-Action AVP ...................................99 12.13. Multiple-Services-Indicator AVP ........................100 12.14. Redirect-Address-Type AVP ..............................100 12.15. Requested-Action AVP ...................................100 12.16. Subscription-Id-Type AVP ...............................100 12.17. Tariff-Change-Usage AVP ................................100 12.18. User-Equipment-Info-Type AVP ...........................100 13. Parameters Related to the Credit-Control Application .........101 14. Security Considerations ......................................101 14.1. Direct Connection with Redirects ........................102 14.2. Application-Level Redirects .............................103
8.53. User-Equipment-Info-IMEISV AVP ...........................86 8.54. User-Equipment-Info-MAC AVP ..............................86 8.55. User-Equipment-Info-EUI64 AVP ............................86 8.56. User-Equipment-Info-ModifiedEUI64 AVP ....................86 8.57. User-Equipment-Info-IMEI AVP .............................86 8.58. Subscription-Id-Extension AVP ............................87 8.59. Subscription-Id-E164 AVP .................................87 8.60. Subscription-Id-IMSI AVP .................................87 8.61. Subscription-Id-SIP-URI AVP ..............................88 8.62. Subscription-Id-NAI AVP ..................................88 8.63. Subscription-Id-Private AVP ..............................88 8.64. Redirect-Server-Extension AVP ............................88 8.65. Redirect-Address-IPAddress AVP ...........................89 8.66. Redirect-Address-URL AVP .................................89 8.67. Redirect-Address-SIP-URI AVP .............................89 8.68. QoS-Final-Unit-Indication AVP ............................89 9. Result-Code AVP Values .........................................91 9.1. Transient Failures ........................................91 9.2. Permanent Failures ........................................92 10. AVP Occurrence Table ..........................................92 10.1. Credit-Control AVP Table .................................93 10.2. Re-Auth-Request/Re-Auth-Answer AVP Table .................94 11. RADIUS/Diameter Credit-Control Interworking Model .............94 12. IANA Considerations ...........................................97 12.1. Application Identifier ...................................97 12.2. Command Codes ............................................97 12.3. AVP Codes ................................................97 12.4. Result-Code AVP Values ...................................98 12.5. CC-Request-Type AVP ......................................98 12.6. CC-Session-Failover AVP ..................................98 12.7. CC-Unit-Type AVP .........................................99 12.8. Check-Balance-Result AVP .................................99 12.9. Credit-Control AVP .......................................99 12.10. Credit-Control-Failure-Handling AVP .....................99 12.11. Direct-Debiting-Failure-Handling AVP ....................99 12.12. Final-Unit-Action AVP ...................................99 12.13. Multiple-Services-Indicator AVP ........................100 12.14. Redirect-Address-Type AVP ..............................100 12.15. Requested-Action AVP ...................................100 12.16. Subscription-Id-Type AVP ...............................100 12.17. Tariff-Change-Usage AVP ................................100 12.18. User-Equipment-Info-Type AVP ...........................100 13. Parameters Related to the Credit-Control Application .........101 14. Security Considerations ......................................101 14.1. Direct Connection with Redirects ........................102 14.2. Application-Level Redirects .............................103
15. Privacy Considerations .......................................104 15.1. Privacy-Sensitive AVPs ..................................104 15.2. Data Minimization .......................................106 15.3. Diameter Agents .........................................107 16. References ...................................................107 16.1. Normative References ....................................107 16.2. Informative References ..................................110 Appendix A. Credit-Control Sequences .............................111 A.1. Flow I ....................................................111 A.2. Flow II ...................................................113 A.3. Flow III ..................................................116 A.4. Flow IV ...................................................117 A.5. Flow V ....................................................119 A.6. Flow VI ...................................................120 A.7. Flow VII ..................................................121 A.8. Flow VIII .................................................123 A.9. Flow IX ...................................................124 Acknowledgements .................................................130 Authors' Addresses ...............................................130
15. Privacy Considerations .......................................104 15.1. Privacy-Sensitive AVPs ..................................104 15.2. Data Minimization .......................................106 15.3. Diameter Agents .........................................107 16. References ...................................................107 16.1. Normative References ....................................107 16.2. Informative References ..................................110 Appendix A. Credit-Control Sequences .............................111 A.1. Flow I ....................................................111 A.2. Flow II ...................................................113 A.3. Flow III ..................................................116 A.4. Flow IV ...................................................117 A.5. Flow V ....................................................119 A.6. Flow VI ...................................................120 A.7. Flow VII ..................................................121 A.8. Flow VIII .................................................123 A.9. Flow IX ...................................................124 Acknowledgements .................................................130 Authors' Addresses ...............................................130
This document specifies a Diameter application that can be used to implement real-time credit-control for a variety of end-user services such as network access, Session Initiation Protocol (SIP) services, messaging services, and download services. ("Credit-control" is sometimes abbreviated as "CC" in figures and tables throughout this document.) The Diameter Credit-Control application as defined in this document obsoletes [RFC4006], and it must be supported by all new Diameter Credit-Control application implementations. This document provides a general solution to real-time cost and credit-control.
本文档指定了一个Diameter应用程序,该应用程序可用于实现各种最终用户服务(如网络访问、会话初始化协议(SIP)服务、消息传递服务和下载服务)的实时信用控制。(“信用控制”有时在本文档的图和表中缩写为“CC”)。本文档中定义的Diameter信用控制应用程序将淘汰[RFC4006],并且必须由所有新的Diameter信用控制应用程序实现支持。本文档提供了实时成本和信用控制的通用解决方案。
The prepaid model has been shown to be very successful -- for instance, in GSM networks, where network operators offering prepaid services have experienced a substantial growth of their customer base and revenues. Prepaid services are now cropping up in many other wireless and wire-line-based networks.
预付费模式已被证明是非常成功的——例如,在GSM网络中,提供预付费服务的网络运营商的客户群和收入都有了大幅增长。预付费服务现在出现在许多其他无线和有线网络中。
In mobile networks, additional functionality is required beyond that specified in the Diameter base protocol [RFC6733]. For example, the 3GPP charging and billing requirements document [TGPPCHARG] states that an application must be able to rate service information in real time. In addition, it is necessary to check that the end user's account provides coverage for the requested service prior to initiation of that service. When an account is exhausted or expired, the user must be denied the ability to compile additional chargeable events.
在移动网络中,除了Diameter基本协议[RFC6733]中规定的功能外,还需要其他功能。例如,3GPP收费和计费要求文档[TGPPCHARG]指出,应用程序必须能够实时对服务信息进行评级。此外,在启动该服务之前,有必要检查最终用户的帐户是否为请求的服务提供了覆盖范围。当帐户耗尽或过期时,必须拒绝用户编译其他收费事件的能力。
A mechanism has to be provided to allow the user to be informed of the charges to be levied for a requested service. In addition, there are services such as gaming and advertising that may credit as well as debit a user account.
必须提供一种机制,允许用户了解所请求服务的收费。此外,还有一些服务,如游戏和广告,可以贷记或借记用户帐户。
The other Diameter applications provide service-specific authorization, and they do not provide credit authorization for prepaid users. The credit authorization shall be generic and applicable to all the service environments required to support prepaid services.
其他Diameter应用程序提供特定于服务的授权,它们不为预付费用户提供信用授权。信用授权应是通用的,并适用于支持预付费服务所需的所有服务环境。
To fulfill these requirements, it is necessary to facilitate credit-control communication between the network element providing the service (e.g., Network Access Server (NAS), SIP Proxy, Application Server) and a credit-control server.
为了满足这些要求,有必要促进提供服务的网元(例如,网络访问服务器(NAS)、SIP代理、应用服务器)和信用控制服务器之间的信用控制通信。
The scope of this specification is credit authorization. Service-specific authorization and authentication are out of scope.
本规范的范围为信用授权。特定于服务的授权和身份验证超出范围。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。
AAA: Authentication, Authorization, and Accounting.
AAA:身份验证、授权和记帐。
AA-Answer: "AA-Answer" generically refers to a service-specific authorization and authentication answer. AA-Answer commands are defined in service-specific authorization applications, e.g., [RFC7155] [RFC4004].
AA应答:“AA应答”一般指特定于服务的授权和身份验证应答。AA应答命令在特定于服务的授权应用程序中定义,例如[RFC7155][RFC4004]。
AA-Request: "AA-Request" generically refers to a service-specific authorization and authentication request. AA-Request commands are defined in service-specific authorization applications, e.g., [RFC7155] [RFC4004].
AA请求:“AA请求”一般指特定于服务的授权和身份验证请求。AA请求命令在特定于服务的授权应用程序中定义,例如[RFC7155][RFC4004]。
Credit-control: "Credit-control" is a mechanism that directly interacts in real time with an account and controls or monitors the charges related to service usage. Credit-control is a process of (1) checking whether or not credit is available, (2) credit reservation, (3) deduction of credit from the end-user account when service is completed, and (4) refunding of reserved credit that is not used.
信用控制:“信用控制”是一种直接与账户实时交互并控制或监控与服务使用相关的费用的机制。信用控制是(1)检查信用是否可用,(2)信用保留,(3)服务完成时从最终用户帐户扣除信用,以及(4)退还未使用的保留信用的过程。
Diameter Credit-Control server: A Diameter Credit-Control server acts as a prepaid server, performing real-time rating and credit-control. It is located in the home domain and is accessed by Service Elements or Diameter AAA servers in real time, for the purpose of price determination and credit-control before the service event is delivered to the end user. It may also interact with Business Support Systems.
Diameter信用控制服务器:Diameter信用控制服务器充当预付费服务器,执行实时评级和信用控制。它位于主域中,由服务元素或Diameter AAA服务器实时访问,以便在服务事件交付给最终用户之前进行价格确定和信用控制。它还可以与业务支持系统交互。
Diameter Credit-Control client: A Diameter Credit-Control client is an entity that interacts with a credit-control server. It monitors the usage of the granted quota according to instructions returned by the credit-control server.
Diameter信用控制客户端:Diameter信用控制客户端是与信用控制服务器交互的实体。它根据信用控制服务器返回的指令监视已授予配额的使用情况。
Interrogation: The Diameter Credit-Control client uses interrogation to initiate a session-based credit-control process. During the credit-control process, it is used to report the used quota and request a new one. An interrogation maps to a request/answer transaction.
询问:Diameter信用控制客户端使用询问来启动基于会话的信用控制流程。在信用控制过程中,它用于报告已使用的配额并请求新配额。询问映射到请求/应答事务。
One-time event: A charging transaction session comprising a single request and single response.
一次性事件:包含单个请求和单个响应的计费事务会话。
Rating: The act of determining the cost of the service event.
评级:确定服务活动成本的行为。
Service: A type of task performed by a Service Element for an end user.
服务:由服务元素为最终用户执行的任务类型。
Service Element: A network element that provides a service to the end users. The Service Element may include the Diameter Credit-Control client or another entity (e.g., a RADIUS AAA server) that can act as a credit-control client on behalf of the Service Element. In the latter case, the interface between the Service Element and the Diameter Credit-Control client is outside the scope of this specification. Examples of Service Elements include NASs, SIP Proxies, and Application Servers such as messaging servers, content servers, and gaming servers.
服务元素:向最终用户提供服务的网络元素。服务元素可包括Diameter信用控制客户端或可作为代表服务元素的信用控制客户端的另一实体(例如,RADIUS AAA服务器)。在后一种情况下,服务元素和Diameter Credit Control客户端之间的接口不在本规范的范围内。服务元素的示例包括NASs、SIP代理和应用服务器,如消息服务器、内容服务器和游戏服务器。
Service event: An event relating to a service provided to the end user.
服务事件:与提供给最终用户的服务相关的事件。
Session-based credit-control: A credit-control process that makes use of several interrogations: the first, a possible intermediate, and the final. The first interrogation is used to reserve money from the user's account and to initiate the process. Intermediate interrogations (if any) may be needed to request a new quota while the service is being rendered. The final interrogation is used to exit the process. The credit-control server is required to maintain session state for session-based credit-control.
基于会话的信用控制:一个信用控制过程,它利用了几个询问:第一个、一个可能的中间和最后一个。第一次询问用于从用户帐户中预留资金并启动该过程。在提供服务时,可能需要中间询问(如果有)来请求新配额。最后的询问用于退出流程。信用控制服务器需要维护基于会话的信用控制的会话状态。
Diameter nodes conforming to this specification MUST advertise support by including the value of 4 in the Auth-Application-Id of the Capabilities-Exchange-Request and Capabilities-Exchange-Answer commands [RFC6733].
符合本规范的Diameter节点必须通过在功能交换请求和功能交换应答命令[RFC6733]的身份验证应用程序Id中包含值4来公布支持。
The current accounting models specified in the RADIUS accounting and Diameter base specifications [RFC2866] [RFC6733] are not sufficient for real-time credit-control, where creditworthiness is to be determined prior to service initiation. Also, the existing Diameter authorization applications [RFC7155] [RFC4004] only provide service authorization; they do not provide credit authorization for prepaid users. In order to support real-time credit-control, a new type of server is needed in the AAA infrastructure: the Diameter Credit-Control server. The Diameter Credit-Control server is the entity responsible for credit authorization for prepaid subscribers.
RADIUS会计和Diameter base规范[RFC2866][RFC6733]中规定的当前会计模型不足以进行实时信用控制,信用度将在服务启动前确定。此外,现有的Diameter授权应用程序[RFC7155][RFC4004]仅提供服务授权;它们不为预付费用户提供信用授权。为了支持实时信用控制,AAA基础设施中需要一种新型服务器:Diameter信用控制服务器。Diameter信用控制服务器是负责预付费用户信用授权的实体。
A Service Element may authenticate and authorize the end user with the AAA server by using AAA protocols, e.g., RADIUS or the Diameter base protocol (possibly extended via a Diameter application).
服务元素可以通过使用AAA协议,例如RADIUS或Diameter基本协议(可能通过Diameter应用扩展),使用AAA服务器认证和授权最终用户。
Accounting protocols such as RADIUS accounting and the Diameter base accounting protocol can be used to provide accounting data to the accounting server after service is initiated and to provide possible interim reports until service completion. However, for real-time credit-control, these authorization and accounting models are not sufficient.
记帐协议(如RADIUS记帐和Diameter base记帐协议)可用于在服务启动后向记帐服务器提供记帐数据,并在服务完成之前提供可能的临时报告。然而,对于实时信用控制,这些授权和会计模型是不够的。
When real-time credit-control is required, the credit-control client contacts the credit-control server with information about a possible service event. The credit-control process is performed to determine potential charges and to verify whether the end user's account balance is sufficient to cover the cost of the service being rendered.
当需要实时信用控制时,信用控制客户端将与信用控制服务器联系,并提供有关可能的服务事件的信息。执行信贷控制流程以确定潜在费用,并验证最终用户的账户余额是否足以支付所提供服务的成本。
Figure 1 illustrates the typical credit-control architecture, which consists of a Service Element with an embedded Diameter Credit-Control client, a Diameter Credit-Control server, and a AAA server. A Business Support System is usually deployed; at a minimum, it includes billing functionality. The credit-control server and AAA server in this architecture model are logical entities. The real configuration can combine them into a single host. The credit-control protocol is the Diameter base protocol [RFC6733] with the Diameter Credit-Control application.
图1说明了典型的信用控制体系结构,该体系结构由带有嵌入式Diameter信用控制客户端的服务元素、Diameter信用控制服务器和AAA服务器组成。通常部署业务支持系统;至少,它包括计费功能。此体系结构模型中的信用控制服务器和AAA服务器是逻辑实体。真正的配置可以将它们组合到单个主机中。信用控制协议是带有Diameter信用控制应用程序的Diameter基本协议[RFC6733]。
When an end user requests services such as SIP or messaging, the request is typically forwarded to a Service Element (e.g., a SIP Proxy) in the user's home realm as defined in [RFC6733]. In some cases, it might be possible that the Service Element in the local realm [RFC6733] can offer services to the end user; however, a commercial agreement must exist between the local realm and the home realm. Network access is an example of a service offered in the local realm where the NAS, through a AAA infrastructure, authenticates and authorizes the user with the user's home network.
当最终用户请求诸如SIP或消息传递之类的服务时,该请求通常被转发到用户主域中的服务元素(例如,SIP代理),如[RFC6733]中所定义。在某些情况下,本地域[RFC6733]中的服务元素可能会向最终用户提供服务;然而,本地域和本地域之间必须存在商业协议。网络访问是在本地领域中提供的服务的一个示例,其中NAS通过AAA基础设施通过用户的家庭网络对用户进行身份验证和授权。
Service Element AAA and CC +----------+ +---------+ Protocols+-----------+ +--------+ | End |<---->|+-------+|<------------>| AAA | |Business| | User | +->|| CC || | Server |->|Support | | | | || Client||<-----+ | | |System | +----------+ | |+-------+| | +-----------+ | | | +---------+ | ^ +--------+ +----------+ | | CC Protocol | ^ | End |<--+ | +-----v----+ | | User | +------>|Credit- | | +----------+ Credit-Control |Control |--------+ Protocol |Server | +----------+
Service Element AAA and CC +----------+ +---------+ Protocols+-----------+ +--------+ | End |<---->|+-------+|<------------>| AAA | |Business| | User | +->|| CC || | Server |->|Support | | | | || Client||<-----+ | | |System | +----------+ | |+-------+| | +-----------+ | | | +---------+ | ^ +--------+ +----------+ | | CC Protocol | ^ | End |<--+ | +-----v----+ | | User | +------>|Credit- | | +----------+ Credit-Control |Control |--------+ Protocol |Server | +----------+
Figure 1: Typical Credit-Control Architecture
图1:典型的信用控制体系结构
There can be multiple credit-control servers in the system for redundancy and load balancing. The system can also contain separate rating server(s), and accounts can be located in a centralized database. To ensure that the end user's account is not debited or credited multiple times for the same service event, only one entity in the credit-control system should perform duplicate detection. System-internal interfaces can exist to relay messages between servers and an account manager. However, the detailed architecture of the credit-control system and its interfaces is implementation specific and is out of scope for this specification.
系统中可以有多个信用控制服务器,用于冗余和负载平衡。系统还可以包含单独的评级服务器,并且帐户可以位于集中数据库中。为确保最终用户的账户不会因同一服务事件多次借记或贷记,信用控制系统中只有一个实体应执行重复检测。系统内部接口可用于在服务器和帐户管理器之间中继消息。然而,信贷控制系统及其接口的详细架构是具体实施的,不在本规范的范围内。
Protocol-transparent Diameter relays can exist between the credit-control client and credit-control server. Also, Diameter redirect agents that refer credit-control clients to credit-control servers and allow them to communicate directly can exist. These agents transparently support the Diameter Credit-Control application. The different roles of Diameter agents are defined in Diameter base [RFC6733], Section 2.8.
协议透明直径中继可以存在于信用控制客户端和信用控制服务器之间。此外,Diameter重定向代理可以将信用控制客户端引用到信用控制服务器,并允许它们直接通信。这些代理透明地支持Diameter信用控制应用程序。直径代理的不同作用在直径基础[RFC6733]第2.8节中定义。
If Diameter Credit-Control proxies exist between the credit-control client and the credit-control server, they MUST advertise support for the Diameter Credit-Control application.
如果信用控制客户端和信用控制服务器之间存在Diameter信用控制代理,则它们必须公布对Diameter信用控制应用程序的支持。
This section defines new Diameter message Command Code values that MUST be supported by all Diameter implementations that conform to this specification. The Command Codes are as follows:
本节定义了符合本规范的所有Diameter实现必须支持的新Diameter消息命令代码值。命令代码如下:
+------------------------+---------+------+-------------+ | Command Name | Abbrev. | Code | Reference | +------------------------+---------+------+-------------+ | Credit-Control-Request | CCR | 272 | Section 3.1 | | Credit-Control-Answer | CCA | 272 | Section 3.2 | +------------------------+---------+------+-------------+
+------------------------+---------+------+-------------+ | Command Name | Abbrev. | Code | Reference | +------------------------+---------+------+-------------+ | Credit-Control-Request | CCR | 272 | Section 3.1 | | Credit-Control-Answer | CCA | 272 | Section 3.2 | +------------------------+---------+------+-------------+
Table 1: Credit-Control Commands
表1:信贷控制命令
Section 3.2 of [RFC6733] (Diameter base) defines the Command Code Format specification. These formats are observed in credit-control messages.
[RFC6733](直径基准)第3.2节定义了命令代码格式规范。这些格式在信用控制消息中可以看到。
The Credit-Control-Request message (CCR) is indicated by the Command Code field being set to 272 and the 'R' bit being set in the Command Flags field. It is used between the Diameter Credit-Control client and the credit-control server to request credit authorization for a given service.
信用控制请求消息(CCR)由设置为272的命令代码字段和在命令标志字段中设置的“R”位表示。它在Diameter信用控制客户端和信用控制服务器之间用于请求给定服务的信用授权。
The Auth-Application-Id MUST be set to the value 4, indicating the Diameter Credit-Control application.
身份验证应用程序Id必须设置为值4,表示直径信用控制应用程序。
The CCR is extensible via the inclusion of one or more Attribute-Value Pairs (AVPs).
CCR可通过包含一个或多个属性值对(AVP)进行扩展。
Message Format:
信息格式:
<Credit-Control-Request> ::= < Diameter Header: 272, REQ, PXY > < Session-Id > { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Application-Id } { Service-Context-Id } { CC-Request-Type } { CC-Request-Number } [ Destination-Host ] [ User-Name ] [ CC-Sub-Session-Id ] [ Acct-Multi-Session-Id ]
<Credit-Control-Request> ::= < Diameter Header: 272, REQ, PXY > < Session-Id > { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Application-Id } { Service-Context-Id } { CC-Request-Type } { CC-Request-Number } [ Destination-Host ] [ User-Name ] [ CC-Sub-Session-Id ] [ Acct-Multi-Session-Id ]
[ Origin-State-Id ] [ Event-Timestamp ] *[ Subscription-Id ] *[ Subscription-Id-Extension ] [ Service-Identifier ] [ Termination-Cause ] [ Requested-Service-Unit ] [ Requested-Action ] *[ Used-Service-Unit ] [ Multiple-Services-Indicator ] *[ Multiple-Services-Credit-Control ] *[ Service-Parameter-Info ] [ CC-Correlation-Id ] [ User-Equipment-Info ] [ User-Equipment-Info-Extension ] *[ Proxy-Info ] *[ Route-Record ] *[ AVP ]
[ Origin-State-Id ] [ Event-Timestamp ] *[ Subscription-Id ] *[ Subscription-Id-Extension ] [ Service-Identifier ] [ Termination-Cause ] [ Requested-Service-Unit ] [ Requested-Action ] *[ Used-Service-Unit ] [ Multiple-Services-Indicator ] *[ Multiple-Services-Credit-Control ] *[ Service-Parameter-Info ] [ CC-Correlation-Id ] [ User-Equipment-Info ] [ User-Equipment-Info-Extension ] *[ Proxy-Info ] *[ Route-Record ] *[ AVP ]
The Credit-Control-Answer message (CCA) is indicated by the Command Code field being set to 272 and the 'R' bit being cleared in the Command Flags field. It is used between the credit-control server and the Diameter Credit-Control client to acknowledge a Credit-Control-Request command.
信用控制应答消息(CCA)由设置为272的命令代码字段和清除命令标志字段中的“R”位表示。它在信用控制服务器和Diameter信用控制客户端之间用于确认信用控制请求命令。
Message Format:
信息格式:
<Credit-Control-Answer> ::= < Diameter Header: 272, PXY > < Session-Id > { Result-Code } { Origin-Host } { Origin-Realm } { Auth-Application-Id } { CC-Request-Type } { CC-Request-Number } [ User-Name ] [ CC-Session-Failover ] [ CC-Sub-Session-Id ] [ Acct-Multi-Session-Id ] [ Origin-State-Id ] [ Event-Timestamp ] [ Granted-Service-Unit ] *[ Multiple-Services-Credit-Control ] [ Cost-Information ] [ Final-Unit-Indication ] [ QoS-Final-Unit-Indication ]
<Credit-Control-Answer> ::= < Diameter Header: 272, PXY > < Session-Id > { Result-Code } { Origin-Host } { Origin-Realm } { Auth-Application-Id } { CC-Request-Type } { CC-Request-Number } [ User-Name ] [ CC-Session-Failover ] [ CC-Sub-Session-Id ] [ Acct-Multi-Session-Id ] [ Origin-State-Id ] [ Event-Timestamp ] [ Granted-Service-Unit ] *[ Multiple-Services-Credit-Control ] [ Cost-Information ] [ Final-Unit-Indication ] [ QoS-Final-Unit-Indication ]
[ Check-Balance-Result ] [ Credit-Control-Failure-Handling ] [ Direct-Debiting-Failure-Handling ] [ Validity-Time ] *[ Redirect-Host ] [ Redirect-Host-Usage ] [ Redirect-Max-Cache-Time ] *[ Proxy-Info ] *[ Route-Record ] *[ Failed-AVP ] *[ AVP ]
[ Check-Balance-Result ] [ Credit-Control-Failure-Handling ] [ Direct-Debiting-Failure-Handling ] [ Validity-Time ] *[ Redirect-Host ] [ Redirect-Host-Usage ] [ Redirect-Max-Cache-Time ] *[ Proxy-Info ] *[ Route-Record ] *[ Failed-AVP ] *[ AVP ]
The credit authorization process takes place before and during service delivery to the end user and generally requires the user's authentication and authorization before any requests are sent to the credit-control server. The credit-control application defined in this specification supports two different credit authorization models: credit authorization with money reservation and credit authorization with direct debiting. In both models, the credit-control client requests credit authorization from the credit-control server prior to allowing any services to be delivered to the end user.
信用授权过程发生在向最终用户提供服务之前和期间,通常要求用户在向信用控制服务器发送任何请求之前进行身份验证和授权。本规范中定义的信用控制应用程序支持两种不同的信用授权模型:带货币预订的信用授权和带直接借记的信用授权。在这两种模型中,信用控制客户端在允许向最终用户提供任何服务之前,从信用控制服务器请求信用授权。
In the first model, the credit-control server rates the request, reserves a suitable amount of money from the user's account, and returns the amount of credit reserved. Note that credit resources may not imply actual monetary credit; credit resources may be granted to the credit-control client in the form of units (e.g., data volume or time) to be metered.
在第一个模型中,信用控制服务器对请求进行评级,从用户帐户中保留适当数量的资金,并返回保留的信用金额。请注意,信贷资源可能并不意味着实际的货币信贷;信用资源可以以计量单位(如数据量或时间)的形式授予信用控制客户。
Upon receipt of a successful credit authorization answer with a certain amount of credit resources, the credit-control client allows service delivery to the end user and starts monitoring the usage of the granted resources. When the credit resources granted to the user have been consumed or the service has been successfully delivered or terminated, the credit-control client reports back to the server the used amount. The credit-control server deducts the used amount from the end user's account; it may perform rating and make a new credit reservation if the service delivery is continuing. This process is accomplished with session-based credit-control that includes the first interrogation, possible intermediate interrogations, and the final interrogation. For session-based credit-control, both the credit-control client and the credit-control server are required to maintain credit-control session state. Session-based credit-control is described in more detail, with more variations, in Section 5.
在收到具有一定数量信用资源的成功信用授权应答后,信用控制客户端允许向最终用户提供服务,并开始监控所授予资源的使用情况。当授予用户的信贷资源已被消耗或服务已成功交付或终止时,信贷控制客户端将向服务器报告已使用的金额。信用控制服务器从最终用户的帐户中扣除已使用金额;如果继续提供服务,它可以执行评级并进行新的信用保留。此过程通过基于会话的信用控制完成,包括第一次询问、可能的中间询问和最终询问。对于基于会话的信用控制,信用控制客户端和信用控制服务器都需要维护信用控制会话状态。第5节对基于会话的信用控制进行了更详细的描述,但有更多的变化。
In contrast, credit authorization with direct debiting is a single-transaction process wherein the credit-control server directly deducts a suitable amount of money from the user's account as soon as the credit authorization request is received. Upon receipt of a successful credit authorization answer, the credit-control client allows service delivery to the end user. This process is accomplished with the one-time event. Session state is not maintained.
相比之下,直接借记的信用授权是一个单一的交易过程,其中信用控制服务器在收到信用授权请求后立即直接从用户的帐户中扣除适当的金额。在收到成功的信用授权应答后,信用控制客户端允许向最终用户提供服务。此过程通过一次性事件完成。未维护会话状态。
In a multi-service environment, an end user can issue an additional service request (e.g., data service) during an ongoing service (e.g., voice call) toward the same account. Alternatively, during an active multimedia session, an additional media type is added to the session, causing a new simultaneous request toward the same account. Consequently, this needs to be considered when credit resources are granted to the services.
在多服务环境中,最终用户可以在正在进行的服务(例如,语音呼叫)期间向同一帐户发出额外的服务请求(例如,数据服务)。或者,在活动多媒体会话期间,会向会话添加其他媒体类型,从而导致向同一帐户同时发出新的请求。因此,在向服务提供信贷资源时,需要考虑这一点。
The credit-control application also supports operations such as service price inquiries, user's balance checks, and refunds of credit on the user's account. These operations are accomplished with the one-time event. Session state is not maintained.
信用控制应用程序还支持服务价格查询、用户余额检查和用户帐户信用退款等操作。这些操作通过一次性事件完成。未维护会话状态。
Flexible failure handling, specific to the credit-control application, is defined in the application. This allows the service provider to control the credit-control client's behavior according to its own risk management policy.
应用程序中定义了特定于信贷控制应用程序的灵活故障处理。这允许服务提供商根据其自身的风险管理政策控制信贷控制客户的行为。
The Credit-Control-Failure-Handling AVP (also referred to as the CCFH) and the Direct-Debiting-Failure-Handling AVP (also referred to as the DDFH) are defined to determine what is done if the sending of credit-control messages to the credit-control server has been temporarily prevented. The usage of the CCFH and the DDFH allows flexibility, as failure handling for the credit-control session and one-time event direct debiting may be different.
定义了信用控制故障处理AVP(也称为CCFH)和直接借记故障处理AVP(也称为DDFH),以确定在暂时阻止向信用控制服务器发送信用控制消息时应采取的措施。CCFH和DDFH的使用允许灵活性,因为信用控制会话和一次性事件直接借记的故障处理可能不同。
The Diameter Credit-Control application defines the framework for credit-control; it provides generic credit-control mechanisms supporting multiple service applications. The credit-control application therefore does not define AVPs that could be used as input in the rating process. Listing the possible services that could use this Diameter application is out of scope for this generic mechanism.
Diameter信用控制应用程序定义了信用控制框架;它提供支持多个服务应用程序的通用信用控制机制。因此,信贷控制应用程序未定义可在评级过程中用作输入的AVP。列出可能使用此Diameter应用程序的服务超出了此通用机制的范围。
It is reasonable to expect that a service level agreement will exist between providers of the credit-control client and the credit-control server covering the charging, services offered, roaming agreements, agreed-upon rating input (i.e., AVPs), and so on.
可以合理预期,信用控制客户端和信用控制服务器的提供商之间将存在服务级别协议,涵盖收费、提供的服务、漫游协议、商定的评级输入(即AVP)等。
Therefore, it is assumed that a Diameter Credit-Control server will provide service only for Diameter Credit-Control clients that have agreed beforehand as to the content of credit-control messages. Naturally, it is possible that any arbitrary Diameter Credit-Control client can interchange credit-control messages with any Diameter Credit-Control server, but with a higher likelihood that unsupported services/AVPs could be present in the credit-control message, causing the server to reject the request with an appropriate Result-Code.
因此,假设Diameter信用控制服务器将仅为事先就信用控制消息的内容达成一致的Diameter信用控制客户端提供服务。当然,任何Diameter信用控制客户端都有可能与任何Diameter信用控制服务器交换信用控制消息,但信用控制消息中可能存在不受支持的服务/AVP的可能性更高,从而导致服务器以适当的结果代码拒绝请求。
There are two ways to provide rating input to the credit-control server: by either using AVPs or including the rating input in the Service-Parameter-Info AVP. The general principles for sending rating parameters are as follows:
有两种方法可以向信用控制服务器提供评级输入:使用AVP或将评级输入包含在服务参数信息AVP中。发送额定参数的一般原则如下:
1. Using AVPs:
1. 使用AVP:
A. The service SHOULD reuse existing AVPs if it can use AVPs defined in existing Diameter applications (e.g., [RFC7155] for network access services). [RFC6733] strongly recommends the reuse of existing AVPs.
A.如果服务可以使用现有Diameter应用程序中定义的AVP(例如,[RFC7155]用于网络访问服务),则应重用现有AVP。[RFC6733]强烈建议重用现有AVP。
For AVPs of type Enumerated, the service may require a new value to be defined. Allocation of new AVP values is done as specified in [RFC6733], Section 1.3.
对于枚举类型的AVP,服务可能需要定义新值。按照[RFC6733]第1.3节的规定分配新的AVP值。
B. New AVPs can be defined if the existing AVPs do not provide sufficient rating information. In this case, the procedures defined in [RFC6733] for creating new AVPs MUST be followed.
B.如果现有AVP未提供足够的评级信息,则可以定义新的AVP。在这种情况下,必须遵循[RFC6733]中定义的创建新AVP的程序。
C. For services specific only to one vendor's implementation, a vendor-specific AVP code for private use can be used. Where a vendor-specific AVP is implemented by more than one vendor, allocation of global AVPs is encouraged instead; refer to [RFC6733].
C.对于仅针对一个供应商实施的服务,可使用专用于供应商的AVP代码。如果供应商特定的AVP由多个供应商实施,则鼓励分配全球AVP;请参阅[RFC6733]。
2. The Service-Parameter-Info AVP MAY be used as a container to pass legacy rating information in its original encoded form (e.g., ASN.1 BER). This method can be used to avoid unnecessary conversions from an existing data format to an AVP format. In this case, the rating input is embedded in the Service-Parameter-Info AVP as defined in Section 8.43.
2. 服务参数Info AVP可用作传递原始编码形式(例如,ASN.1 BER)的传统评级信息的容器。此方法可用于避免从现有数据格式到AVP格式的不必要转换。在这种情况下,额定值输入嵌入在第8.43节中定义的服务参数信息AVP中。
New service applications SHOULD favor the use of explicitly defined AVPs as described in items 1a and 1b, to simplify interoperability.
新的服务应用程序应支持使用第1a和1b项中所述的明确定义的AVP,以简化互操作性。
The service-specific rating input AVPs, and the contents of the Service-Parameter-Info AVP or Service-Context-Id AVP (defined in Section 8.42), are not within the scope of this document. To facilitate interoperability, it is RECOMMENDED that the rating input and the values of the Service-Context-Id be coordinated via an informational RFC or other permanent and readily available reference (preferably that of another cooperative standardization body, e.g., 3GPP, the Open Mobile Alliance (OMA), or 3GPP2). However, private services may be deployed that are subject to agreements between providers of the credit-control server and client. In this case, vendor-specific AVPs can be used.
服务特定评级输入AVP以及服务参数信息AVP或服务上下文Id AVP(定义见第8.42节)的内容不在本文件范围内。为了促进互操作性,建议通过信息RFC或其他永久且随时可用的参考(优选另一个合作标准化机构的参考,例如3GPP、开放移动联盟(OMA)或3GPP2)来协调评级输入和服务上下文Id的值。然而,可以部署受信用控制服务器和客户端的提供者之间的协议约束的私有服务。在这种情况下,可以使用特定于供应商的AVP。
This specification, together with the above-mentioned service-specific documents, governs the credit-control message. Service-specific documents (i.e., those documents that do not define new credit-control applications) define which existing AVPs or new AVPs are used as input to the rating process; thus, the AVPs in question have to be included in the Credit-Control-Request command by a Diameter Credit-Control client supporting a given service as "* [AVP]". Should the Service-Parameter-Info AVP be used, the service-specific document MUST specify the exact content of this Grouped AVP.
本规范以及上述特定于服务的文件共同管理信贷控制信息。服务特定文件(即未定义新信用控制应用程序的文件)定义了哪些现有AVP或新AVP用作评级流程的输入;因此,问题中的AVP必须由支持给定服务的Diameter信用控制客户端作为“*[AVP]”包含在信用控制请求命令中。如果使用服务参数Info AVP,则特定于服务的文档必须指定此分组AVP的确切内容。
The Service-Context-Id AVP MUST be included at the command level of a Credit-Control-Request to identify the service-specific document that applies to the request. The specific service or rating-group the request relates to is uniquely identified by the combination of Service-Context-Id and Service-Identifier or rating-group.
服务上下文Id AVP必须包含在信用控制请求的命令级别,以标识应用于该请求的特定于服务的文档。请求所涉及的特定服务或分级组由服务上下文Id和服务标识符或分级组的组合唯一标识。
Diameter Credit-Control implementations are required to support mandatory rating-related AVPs defined in service-specific documents for the services they support, according to the 'M' bit rules in [RFC6733].
根据[RFC6733]中的“M”位规则,Diameter信用控制实施需要支持服务特定文档中为其支持的服务定义的强制性评级相关AVP。
If a rating input required for the rating process is incorrect in the Credit-Control-Request or if the credit-control server does not support the requested service context (identified by the Service-Context-Id AVP at the command level), the Credit-Control-Answer MUST contain the error code DIAMETER_RATING_FAILED. A CCA message with this error MUST contain one or more Failed-AVP AVPs containing the missing and/or unsupported
如果评级过程所需的评级输入在信用控制请求中不正确,或者如果信用控制服务器不支持请求的服务上下文(由命令级别的服务上下文Id AVP标识),则信用控制应答必须包含错误代码DIAMETER\u rating\u FAILED。出现此错误的CCA消息必须包含一个或多个失败的AVP AVP,其中包含丢失和/或不支持的
AVPs that caused the failure. A Diameter Credit-Control client that receives the error code DIAMETER_RATING_FAILED in response to a request MUST NOT send similar requests in the future.
导致故障的AVP。收到错误代码Diameter_RATING_响应请求失败的Diameter信用控制客户端以后不得发送类似请求。
When service-specific documents include RADIUS vendor-specific attributes that could be used as input in the rating process, the rules described in [RFC7155] for formatting the Diameter AVP MUST be followed.
当特定于服务的文档包括RADIUS供应商的特定属性,这些属性可以用作评级过程中的输入时,必须遵循[RFC7155]中描述的用于格式化直径AVP的规则。
For example, if the AVP code used is the vendor attribute type code, the Vendor-Specific flag MUST be set to 1 and the Vendor-Id MUST be set to the IANA Vendor identification value. The Diameter AVP Data field contains only the attribute value of the RADIUS attribute.
例如,如果使用的AVP代码是供应商属性类型代码,则供应商特定标志必须设置为1,供应商Id必须设置为IANA供应商标识值。直径AVP数据字段仅包含半径属性的属性值。
For session-based credit-control, several interrogations are needed: the first, the intermediate (optional), and the final. This is illustrated in Figures 3 and 4 (Sections 5.2.1 and 5.2.2).
对于基于会话的信用控制,需要几个询问:第一个、中间(可选)和最后一个。图3和图4(第5.2.1和5.2.2节)对此进行了说明。
If the credit-control client performs credit reservation before granting service to the end user, it MUST use several interrogations toward the credit-control server (i.e., session-based credit-control). In this case, the credit-control server MUST maintain the credit-control session state.
如果信用控制客户端在向最终用户授予服务之前执行信用保留,则必须对信用控制服务器进行多次询问(即,基于会话的信用控制)。在这种情况下,信用控制服务器必须保持信用控制会话状态。
Each credit-control session MUST have a globally unique Session-Id as defined in [RFC6733]; this Session-Id MUST NOT be changed during the lifetime of a credit-control session.
每个信贷控制会话必须具有[RFC6733]中定义的全局唯一会话Id;在信用控制会话的生存期内,不得更改此会话Id。
Certain applications require multiple credit-control sub-sessions. These applications would send messages with a constant Session-Id AVP but with a different CC-Sub-Session-Id AVP. If several credit sub-sessions will be used, all sub-sessions MUST be closed separately before the main session is closed so that units per sub-session may be reported. The absence of the CC-Sub-Session-Id AVP implies that no sub-sessions are in use.
某些应用程序需要多个信用控制子会话。这些应用程序将发送具有固定会话Id AVP但具有不同CC子会话Id AVP的消息。如果将使用多个信贷子会话,则必须在主会话关闭之前分别关闭所有子会话,以便可以报告每个子会话的单位。没有CC子会话Id AVP意味着没有子会话在使用。
Note that the Service Element might send a service-specific re-authorization message to the AAA server due to expiration of the authorization lifetime during an ongoing credit-control session. However, the service-specific re-authorization does not influence the credit authorization that is ongoing between the credit-control client and credit-control server, as credit authorization is controlled by the burning rate of the granted quota.
请注意,由于正在进行的信用控制会话期间的授权生存期到期,服务元素可能会向AAA服务器发送特定于服务的重新授权消息。但是,特定于服务的重新授权不会影响信用控制客户端和信用控制服务器之间正在进行的信用授权,因为信用授权由授予配额的燃烧率控制。
If service-specific re-authorization fails, the user will be disconnected, and the credit-control client MUST send a final interrogation to the credit-control server.
如果特定于服务的重新授权失败,用户将断开连接,信用控制客户端必须向信用控制服务器发送最终询问。
The Diameter Credit-Control server may seek to control the validity time of the granted quota and/or the production of intermediate interrogations. Thus, it MAY include the Validity-Time AVP in the Answer message to the credit-control client. Upon expiration of the Validity-Time, the credit-control client MUST generate a credit-control update request and report the used quota to the credit-control server. It is up to the credit-control server to determine the value of the Validity-Time to be used for consumption of the granted service unit(s) (G-S-U). If the Validity-Time is used, its value SHOULD be given as input to set the session supervision timer Tcc (the session supervision timer MAY be set to two times the value of the Validity-Time, as defined in Section 13). Since credit-control update requests are also produced at the expiry of granted service units and/or for mid-session service events, the omission of Validity-Time does not mean that intermediate interrogation for the purpose of credit-control is not performed.
Diameter信用控制服务器可寻求控制授予配额的有效时间和/或中间询问的产生。因此,它可以在到信用控制客户端的应答消息中包括有效时间AVP。有效期到期后,信用控制客户端必须生成信用控制更新请求,并将使用的配额报告给信用控制服务器。由信用控制服务器确定用于使用授权服务单元(G-s-U)的有效时间值。如果使用有效时间,则应将其值作为输入,以设置会话监督计时器Tcc(会话监督计时器可设置为有效时间值的两倍,如第13节所定义)。由于信用控制更新请求也是在授权服务单元到期和/或会话中服务事件时产生的,因此省略有效期并不意味着不执行用于信用控制目的的中间询问。
The Diameter Credit-Control server and client MAY optionally support a tariff change mechanism. The Diameter Credit-Control server may include a Tariff-Time-Change AVP in the Answer message. Note that the granted units should be allocated based on the worst-case scenario, so that the overall reported used units would never exceed the credit reservation. For example, in the case of a forthcoming tariff change, in which the new rate is higher, the allocation should be given so it does not exceed the credit, assuming that all of it is used after the tariff changed.
Diameter信用控制服务器和客户端可选择性地支持费率变更机制。Diameter信用控制服务器可以在应答消息中包括费率时间变化AVP。请注意,应根据最坏情况分配授予的单位,以便总报告使用的单位不会超过信用保留。例如,在即将发生的关税变化的情况下,如果新税率更高,则应进行分配,以使其不超过信用额度,假设所有分配都在关税变化后使用。
When the Diameter Credit-Control client reports the used units and a tariff change has occurred during the reporting period, the Diameter Credit-Control client MUST separately itemize the units used before and after the tariff change. If the client is unable to distinguish whether units straddling the tariff change were used before or after the tariff change, the credit-control client MUST itemize those units in a third category.
当Diameter信用控制客户报告使用的机组,并且在报告期内发生了电价变化时,Diameter信用控制客户必须单独列出电价变化前后使用的机组。如果客户无法区分跨越电价变动的单位是在电价变动之前还是之后使用的,信贷控制客户必须将这些单位列为第三类。
If a client does not support the tariff change mechanism and it receives a CCA message carrying the Tariff-Time-Change AVP, it MUST terminate the credit-control session, giving a reason of DIAMETER_BAD_ANSWER in the Termination-Cause AVP.
如果客户机不支持电价变更机制,并且收到带有电价时间变更AVP的CCA消息,则必须终止信用控制会话,并在终止原因AVP中给出DIAMETER_BAD_答案的原因。
For time-based services, the quota is consumed at the rate of the passage of real time (ignoring leap seconds). That is, precisely 1 second of quota is consumed per second of real time. At the time when credit resources are allocated, the server already knows how many units will be consumed before the tariff time change and how many units will be consumed afterward. Similarly, the server can determine the units consumed at the "before" rate and the units consumed at the "afterward" rate in the event that the end user closes the session before the consumption of the allotted quota. There is no need for additional traffic between the client and server in the case of tariff time changes for continuous time-based service. Therefore, the tariff change mechanism is not used for such services. For time-based services in which the quota is NOT continuously consumed at a regular rate, the tariff change mechanism described for volume and event units MAY be used.
对于基于时间的服务,配额以实时通过的速率消耗(忽略闰秒)。也就是说,每秒实时消耗的配额正好是1秒。在分配信贷资源时,服务器已经知道在电价时间变化之前将消耗多少单位,之后将消耗多少单位。类似地,如果最终用户在消耗分配的配额之前关闭会话,服务器可以确定以“之前”速率消耗的单位和以“之后”速率消耗的单位。在连续基于时间的服务的费率时间变化的情况下,客户端和服务器之间不需要额外的流量。因此,此类服务不采用电价变动机制。对于配额不以正常速率持续消耗的基于时间的服务,可以使用针对数量和事件单位描述的费率变化机制。
When multiple services are used within the same user session and each service or group of services is subject to different cost, it is necessary to perform credit-control for each service independently. Making use of credit-control sub-sessions to achieve independent credit-control will result in increased signaling load and usage of resources in both the credit-control client and the credit-control server. For instance, during one network access session, the end user may use several HTTP-based services that could be charged with different costs. The network-access-specific attributes, such as Quality of Service (QoS), are common to all the services carried within the access bearer, but the cost of the bearer may vary, depending on its content.
当在同一用户会话中使用多个服务且每个服务或服务组的成本不同时,有必要对每个服务单独执行信用控制。使用信用控制子会话来实现独立的信用控制将导致信用控制客户端和信用控制服务器中的信令负载和资源使用增加。例如,在一个网络访问会话期间,最终用户可能使用多个基于HTTP的服务,这些服务可能收取不同的费用。特定于网络接入的属性,例如服务质量(QoS),对于接入承载内承载的所有服务来说是公共的,但是承载的成本可以根据其内容而变化。
To support these scenarios optimally, the credit-control application enables independent credit-control of multiple services in a single credit-control (sub-)session. This is achieved by including the optional Multiple-Services-Credit-Control AVP in Credit-Control-Request/Credit-Control-Answer messages. It is possible to request and allocate resources as a credit pool shared between multiple services. The services can be grouped into rating-groups in order to achieve even further aggregation of credit allocation. It is also possible to request and allocate quotas on a per-service basis. Where quotas are allocated to a pool by means of the Multiple-Services-Credit-Control AVP, the quotas remain independent objects
为了最佳地支持这些场景,信用控制应用程序可以在单个信用控制(子)会话中对多个服务进行独立的信用控制。这是通过在信用控制请求/信用控制应答消息中包含可选的多服务信用控制AVP来实现的。可以请求和分配资源作为多个服务之间共享的信用池。这些服务可以分为评级组,以实现信贷分配的进一步聚合。还可以根据每个服务请求和分配配额。在通过多服务信用控制AVP将配额分配给池的情况下,配额仍然是独立的对象
that can be re-authorized independently at any time. Quotas can also be given independent result codes, validity times, and Final-Unit-Indication AVP values or QoS-Final-Unit-Indication AVP values.
可在任何时候独立重新授权。配额也可以给出独立的结果代码、有效时间和最终单元指示AVP值或QoS最终单元指示AVP值。
A rating-group gathers a set of services, identified by a Service-Identifier and subject to the same cost and rating type (e.g., $0.1/minute). It is assumed that the Service Element is provided with rating-groups, service-identifiers, and their associated parameters that define what has to be metered by means outside the scope of this specification. (Examples of parameters associated to service-identifiers are IP 5-tuples and HTTP URLs.) Service-identifiers enable authorization on a per-service-based credit as well as itemized reporting of service usage. It is up to the credit-control server whether to authorize credit for one or more services or for the whole rating-group. However, the client SHOULD always report used units at the finest supported level of granularity. Where a quota is allocated to a rating-group, all the services belonging to that group draw from the allotted quota. Figure 2 provides a graphical representation of the relationship between service-identifiers, rating-groups, credit pools, and credit-control (sub-)sessions.
评级组收集一组服务,由服务标识符标识,并遵循相同的成本和评级类型(例如,0.1美元/分钟)。假定服务元素具有评级组、服务标识符及其相关参数,这些参数定义了必须通过本规范范围之外的方式进行计量的内容。(与服务标识符关联的参数示例为IP 5元组和HTTP URL。)服务标识符支持基于每个服务的信用的授权以及服务使用情况的逐项报告。由信用控制服务器决定是为一项或多项服务授权信用,还是为整个评级组授权信用。但是,客户机应始终以支持的最佳粒度级别报告已使用的单元。当配额分配给评级组时,属于该组的所有服务都从分配的配额中提取。图2提供了服务标识符、评级组、信用池和信用控制(子)会话之间关系的图形表示。
Diameter Credit-Control (Sub-)Session | +------------+-----------+-------------+--------------- + | | | | | Service-Id a Service-Id b Service-Id c Service-Id d.....Service-Id z \ / \ / / \ / \ / / \ / Rating-Group 1.......Rating-Group n \ / | | Quota ---------------Quota Quota | / | | / | Credit Pool Credit Pool
Diameter Credit-Control (Sub-)Session | +------------+-----------+-------------+--------------- + | | | | | Service-Id a Service-Id b Service-Id c Service-Id d.....Service-Id z \ / \ / / \ / \ / / \ / Rating-Group 1.......Rating-Group n \ / | | Quota ---------------Quota Quota | / | | / | Credit Pool Credit Pool
Figure 2: Multiple-Service (Sub-)Session Example
图2:多服务(子)会话示例
If independent credit-control of multiple services is used, the Validity-Time AVP, and the Final-Unit-Indication AVP or QoS-Final-Unit-Indication AVP, SHOULD be present either in the Multiple-Services-Credit-Control AVP(s) or at the command level as single AVPs. However, the Result-Code AVP MAY be present both at the command level and within the Multiple-Services-Credit-Control AVP. If the Result-Code AVP at the command level indicates a value other than SUCCESS, then the Result-Code AVP at the command level takes precedence over any other AVPs included in the Multiple-Services-Credit-Control AVP.
如果使用多个服务的独立信用控制,有效时间AVP和最终单元指示AVP或QoS最终单元指示AVP应以单个AVP的形式出现在多个服务信用控制AVP或命令级。然而,结果代码AVP可能同时存在于命令级和多服务信用控制AVP中。如果命令级的结果代码AVP指示的值不是SUCCESS,则命令级的结果代码AVP优先于多服务信用控制AVP中包含的任何其他AVP。
The credit-control client MUST indicate support for independent credit-control of multiple services within a (sub-)session by including the Multiple-Services-Indicator AVP in the first interrogation. A credit-control server not supporting this feature MUST treat the Multiple-Services-Indicator AVP and any received Multiple-Services-Credit-Control AVPs as invalid AVPs.
信用控制客户机必须通过在第一次询问中包括多个服务指示符AVP来表明对(子)会话中多个服务的独立信用控制的支持。不支持此功能的信用控制服务器必须将多服务指示器AVP和任何接收到的多服务信用控制AVP视为无效AVP。
If the client indicated support for independent credit-control of multiple services, a credit-control server that wishes to use the feature MUST return the granted units within the Multiple-Services-Credit-Control AVP associated to the corresponding service-identifier and/or rating-group.
如果客户表示支持多个服务的独立信用控制,则希望使用该功能的信用控制服务器必须返回与相应服务标识符和/或评级组关联的多个服务信用控制AVP中的授权单位。
To avoid a situation where several parallel (and typically also small) credit reservations must be made on the same account (i.e., credit fragmentation), and also to avoid unnecessary load on the credit-control server, it is possible to provide service units as a pool that applies to multiple services or rating-groups. This is achieved by providing the service units in the form of a quota for a particular service or rating-group in the Multiple-Services-Credit-Control AVP, and also by including a reference to a credit pool for that unit type.
为了避免必须在同一帐户上进行多个并行(通常也是小的)信用预订的情况(即信用碎片化),也为了避免信用控制服务器上不必要的负载,可以将服务单元作为应用于多个服务或评级组的池提供。这是通过在多服务信用控制AVP中以特定服务或评级组的配额形式提供服务单元来实现的,并且还通过包括对该单元类型的信用池的引用来实现的。
The reference includes a multiplier derived from the rating parameter, which translates from service units of a specific type to the abstract service units in the pool. For instance, if the rating parameter for service 1 is $1/MB and the rating parameter for service 2 is $0.5/MB, the multipliers could be 10 and 5 for services 1 and 2, respectively.
该引用包括从rating参数派生的乘数,该参数将特定类型的服务单元转换为池中的抽象服务单元。例如,如果服务1的评级参数为$1/MB,服务2的评级参数为$0.5/MB,那么服务1和服务2的乘数可能分别为10和5。
If (1) S is the total service units within the pool, (2) M1, M2, ..., Mn are the multipliers provided for services 1, 2, ..., n, and (3) C1, C2, ..., Cn are the used resources within the session, then the pool's credit is exhausted and re-authorization MUST be sought when:
如果(1)S是池内的总服务单元,(2)M1,M2,…,Mn是为服务1,2,…,n提供的乘数,(3)C1,C2,…,Cn是会话内使用的资源,则池的信用耗尽,并且在以下情况下必须寻求重新授权:
C1*M1 + C2*M2 + ... + Cn*Mn >= S
C1*M1 + C2*M2 + ... + Cn*Mn >= S
The total credit in the pool, S, is calculated from the quotas, which are currently allocated to the pool as follows:
池中的总积分S根据配额计算,配额当前分配给池,如下所示:
S = Q1*M1 + Q2*M2 + ... + Qn*Mn
S = Q1*M1 + Q2*M2 + ... + Qn*Mn
If services or rating-groups are added to or removed from the pool, then the total credit is adjusted appropriately. Note that when the total credit is adjusted because services or rating-groups are removed from the pool, the value that needs to be removed is the consumed one (i.e., Cx*Mx).
如果将服务或评级组添加到池中或从池中移除,则适当调整总信用。请注意,当由于服务或评级组从池中删除而对总信用进行调整时,需要删除的值是消耗的值(即Cx*Mx)。
Re-authorizations for an individual service or rating-group may be sought at any time -- for example, if a "non-pooled" quota is used up or the Validity-Time expires.
可以在任何时候为单个服务或评级组寻求重新授权——例如,如果“非集合”配额用完或有效期到期。
Where multiple G-S-U-Pool-Reference AVPs (Section 8.30) with the same G-S-U-Pool-Identifier are provided within a Multiple-Services-Credit-Control AVP (Section 8.16) along with the Granted-Service-Unit AVP, these AVPs MUST have different CC-Unit-Type values, and they all draw from the credit pool separately. For instance, if one multiplier for time (M1t) and one multiplier for volume (M1v) are given, then the used resources from the pool yield the sum of C1t*M1t + C1v*M1v, where C1t is the time unit and C1v is the volume unit.
如果多个G-S-U-Pool-Reference AVP(第8.30节)具有相同G-S-U-Pool-Identifier的多个G-S-U-Pool-Reference AVP(第8.16节)与授权服务单位AVP一起提供在多个服务信用控制AVP(第8.16节)中,则这些AVP必须具有不同的CC单位类型值,并且它们都分别从信用池中提取。例如,如果给定一个时间乘数(M1t)和一个体积乘数(M1v),那么池中使用的资源将产生C1t*M1t+C1v*M1v之和,其中C1t是时间单位,C1v是体积单位。
Where service units are provided within a Multiple-Services-Credit-Control AVP without a corresponding G-S-U-Pool-Reference AVP, these units are handled independently from any credit pools and from any other services or rating-groups within the session.
如果在多服务信用控制AVP中提供服务单元,而没有相应的G-S-U-Pool-Reference AVP,则这些单元独立于任何信用池以及会话中的任何其他服务或评级组进行处理。
The "credit pool" concept is an optimal tool to avoid the over-reservation effect of the basic single-quota tariff time change mechanism (Section 5.1.1). Therefore, Diameter Credit-Control clients and servers implementing the independent credit-control of multiple services SHOULD leverage the credit pool concept when supporting the tariff time change. The Diameter Credit-Control server SHOULD include both the Tariff-Time-Change AVP and the Tariff-Change-Usage AVP in two quota allocations in the Answer message (i.e., two instances of the Multiple-Services-Credit-Control AVP). One of the grants is allocated to be used before the potential tariff change, while the second grant is for use after a tariff change. Both granted unit quotas MUST contain the same Service-Identifier and/or rating-group. This dual-quota mechanism ensures that the overall reported used units would never exceed the credit reservation. The Diameter Credit-Control client reports the used units both before and after the tariff change in a single instance of the Multiple-Services-Credit-Control AVP.
“信贷池”概念是避免基本单一配额关税时间变化机制(第5.1.1节)的过度保留效应的最佳工具。因此,实施多个服务独立信用控制的Diameter信用控制客户端和服务器在支持费率时间变化时应利用信用池概念。Diameter信用控制服务器应在应答消息中的两个配额分配中包括电价时间变化AVP和电价变化使用AVP(即,多服务信用控制AVP的两个实例)。其中一笔赠款分配用于潜在关税变化之前,而第二笔赠款用于关税变化之后。两个授予的单元配额必须包含相同的服务标识符和/或评级组。这种双重配额机制确保总报告使用的单位不会超过信贷保留。Diameter信用控制客户端在多服务信用控制AVP的单个实例中报告电价变化前后使用的机组。
Failure handling for credit-control sessions is defined in Section 5.7 and reflected in the basic credit-control state machines defined in Section 7. Credit-control clients and servers implementing the functionality of independent credit-control of multiple services in a (sub-)session MUST ensure failure handling and general behavior fully consistent with Sections 5.7 and 7 while maintaining the ability to handle parallel ongoing credit re-authorization within a (sub-)session. Therefore, it is RECOMMENDED that Diameter Credit-Control clients maintain a PendingU message queue (Section 7) and restart the Tx timer (Section 13) every time a CCR message with the value UPDATE_REQUEST is sent while they are in PendingU state. When answers to all pending messages are
第5.7节定义了信贷控制会话的故障处理,并反映在第7节定义的基本信贷控制状态机中。在(子)会话中实现多个服务独立信用控制功能的信用控制客户端和服务器必须确保故障处理和一般行为完全符合第5.7节和第7节的规定,同时保持在(子)会话中处理并行进行的信用再授权的能力。因此,建议Diameter Credit Control客户端维护一个PendingU消息队列(第7节),并在其处于PendingU状态时,每次发送带有值UPDATE_请求的CCR消息时重新启动Tx计时器(第13节)。当所有挂起消息的答案都被删除时
received, the state machine moves to Open state, and the Tx timer is stopped. Naturally, when a problem is detected and acted upon per Section 5.7, all of the ongoing services are affected (e.g., failover to a backup server affects all of the CCR messages in the PendingU queue).
接收后,状态机移动到打开状态,发送计时器停止。当然,当根据第5.7节检测到问题并采取行动时,所有正在进行的服务都会受到影响(例如,到备份服务器的故障切换会影响PendingU队列中的所有CCR消息)。
Since the client may send CCR messages with the value UPDATE_REQUEST while in PendingU state (i.e., without waiting for an answer to ongoing credit re-authorization), the time space between these requests may be very short, and the server may not have received the previous request(s) yet. Therefore, in this situation the server may receive out-of-sequence requests and SHOULD NOT consider this an error condition. A proper answer is to be returned to each of those requests.
由于客户端可能在挂起状态下(即,不等待对正在进行的信用再授权的答复)发送带有值UPDATE_请求的CCR消息,因此这些请求之间的时间间隔可能很短,服务器可能尚未收到以前的请求。因此,在这种情况下,服务器可能接收到无序的请求,并且不应认为这是错误情况。对每一个请求都要给出正确的答案。
When session-based credit-control is required (e.g., the authentication server indicated a prepaid user), the first interrogation MUST be sent before the Diameter Credit-Control client allows any service events for the end user. The CC-Request-Type AVP is set to the value INITIAL_REQUEST in the request message.
当需要基于会话的信用控制时(例如,认证服务器指示预付费用户),必须在Diameter信用控制客户端允许最终用户的任何服务事件之前发送第一次询问。CC请求类型AVP设置为请求消息中的值INITIAL_Request。
If the Diameter Credit-Control client knows the cost of the service event (e.g., a content server delivering ringing tones may know their cost) the monetary amount to be charged is included in the Requested-Service-Unit AVP. If the Diameter Credit-Control client does not know the cost of the service event, the Requested-Service-Unit AVP MAY contain the number of requested service events. Where the Multiple-Services-Credit-Control AVP is used, it MUST contain the Requested-Service-Unit AVP to indicate that the quota for the associated service/rating-group is requested. In the case of multiple services, the Service-Identifier AVP or the Rating-Group AVP within the Multiple-Services-Credit-Control AVP always indicates the service concerned. Additional service event information to be rated MAY be sent as service-specific AVPs or MAY be sent within the Service-Parameter-Info AVP at the command level. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
如果Diameter Credit Control客户端知道服务事件的成本(例如,传送铃声的内容服务器可能知道其成本),则要收取的货币金额包括在请求的服务单元AVP中。如果Diameter信用控制客户端不知道服务事件的成本,则请求的服务单元AVP可能包含请求的服务事件的数量。如果使用多服务信用控制AVP,它必须包含请求的服务单元AVP,以指示请求相关服务/评级组的配额。在多个服务的情况下,多个服务信用控制AVP中的服务标识符AVP或评级组AVP始终指示相关的服务。待评级的附加服务事件信息可以作为特定于服务的AVP发送,也可以在命令级别的服务参数信息AVP中发送。服务上下文Id AVP指示适用于请求的特定于服务的文档。
The Event-Timestamp AVP SHOULD be included in the request and contains the time when the service event is requested in the Service Element. The Subscription-Id AVP or the Subscription-Id-Extension AVP SHOULD be included to identify the end user in the credit-control server. The credit-control client MAY include the User-Equipment-Info AVP or User-Equipment-Info-Extension AVP so that the
事件时间戳AVP应包含在请求中,并包含服务元素中请求服务事件的时间。应包括订阅Id AVP或订阅Id扩展AVP,以识别信用控制服务器中的最终用户。信用控制客户端可以包括用户设备信息AVP或用户设备信息扩展AVP,以便
credit-control server has some indication of the type and capabilities of the end-user access device. How the credit-control server uses this information is outside the scope of this document.
信用控制服务器对最终用户访问设备的类型和功能有一些指示。信用控制服务器如何使用此信息超出了本文档的范围。
The credit-control server SHOULD rate the service event and make a credit reservation from the end user's account that covers the cost of the service event. If the type of the Requested-Service-Unit AVP is "money", no rating is needed, but the corresponding monetary amount is reserved from the end user's account.
信用控制服务器应该对服务事件进行评级,并从最终用户的帐户进行信用预订,以支付服务事件的成本。如果请求的服务单元AVP的类型为“货币”,则不需要评级,但从最终用户的帐户中保留相应的货币金额。
The credit-control server returns the Granted-Service-Unit AVP in the Answer message to the Diameter Credit-Control client. The Granted-Service-Unit AVP contains the amount of service units that the Diameter Credit-Control client can provide to the end user until a new Credit-Control-Request MUST be sent to the credit-control server. If several unit types are sent in the Answer message, the credit-control client MUST handle each unit type separately. The type of the Granted-Service-Unit AVP can be time, volume, service-specific, or money, depending on the type of service event. The unit type(s) SHOULD NOT be changed within an ongoing credit-control session.
信用控制服务器将应答消息中授予的服务单元AVP返回给Diameter信用控制客户端。授权服务单位AVP包含Diameter信用控制客户端可以向最终用户提供的服务单位数量,直到必须向信用控制服务器发送新的信用控制请求为止。如果应答消息中发送了多个单位类型,则信贷控制客户端必须分别处理每个单位类型。根据服务事件的类型,授予的服务单元AVP的类型可以是时间、数量、特定服务或金钱。在正在进行的信贷控制会话中,不应更改单位类型。
There MUST be a maximum of one instance of the same unit type in one Answer message. However, if multiple quotas are conveyed to the credit-control client in the Multiple-Services-Credit-Control AVPs, it is possible to carry two instances of the same unit type associated to a service-identifier/rating-group. This is typically the case when a tariff time change is expected and the credit-control server wants to make a distinction between the granted quota before the tariff change and the granted quota after the tariff change.
一条应答消息中最多必须有一个相同单元类型的实例。然而,如果在多服务信用控制avp中向信用控制客户端传送多个配额,则可能携带与服务标识符/评级组相关联的相同单元类型的两个实例。通常情况下,当预计电价时间发生变化,并且信用控制服务器希望在电价变化前的授予配额和电价变化后的授予配额之间进行区分时,会出现这种情况。
If the credit-control server determines that no further control is needed for the service, it MAY include the result code indicating that the credit-control is not applicable (e.g., if the service is free of charge). This result code, at the command level, implies that the credit-control session is to be terminated.
如果信用控制服务器确定服务不需要进一步的控制,它可以包括指示信用控制不适用的结果代码(例如,如果服务是免费的)。在命令级别,此结果代码表示将终止信用控制会话。
The Credit-Control-Answer message MAY also include the Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP to indicate that the Answer message contains the final units for the service. After the end user has consumed these units, the Diameter Credit-Control client MUST behave as described in Section 5.6.
信用控制应答消息还可以包括最终单元指示AVP或QoS最终单元指示AVP,以指示应答消息包含用于服务的最终单元。最终用户使用这些装置后,Diameter信用控制客户机必须按照第5.6节中的说明进行操作。
This document defines two different approaches for performing the first interrogation to be used in different network architectures. The first approach uses credit-control messages after the user's authorization and authentication take place. The second approach uses (1) service-specific authorization messages to perform the first
本文档定义了两种不同的方法,用于在不同的网络体系结构中执行第一次询问。第一种方法在用户进行授权和身份验证后使用信用控制消息。第二种方法使用(1)特定于服务的授权消息来执行第一种方法
interrogation during the user's authorization/authentication phase and (2) credit-control messages for the intermediate and final interrogations. If an implementation of the credit-control client supports both methods, determining which method to use SHOULD be configurable.
用户授权/认证阶段的询问和(2)中间和最终询问的信用控制消息。如果信贷控制客户机的实现支持这两种方法,那么确定使用哪种方法应该是可配置的。
In service environments such as NAS environments, it is desired to perform the first interrogation as part of the authorization/ authentication process for the sake of protocol efficiency. Further credit authorizations after the first interrogation are performed with credit-control commands defined in this specification. Implementations of credit-control clients operating in the environments mentioned in this document SHOULD support this method. If the credit-control server and AAA server are separate physical entities, the Service Element sends the request messages to the AAA server, which then issues an appropriate request or proxies the received request forward to the credit-control server.
在诸如NAS环境之类的服务环境中,为了提高协议效率,需要在授权/身份验证过程中执行第一次询问。在第一次询问后,使用本规范中定义的信用控制命令执行进一步的信用授权。在本文档中提到的环境中运行的信贷控制客户端的实现应支持此方法。如果信用控制服务器和AAA服务器是独立的物理实体,则服务元素向AAA服务器发送请求消息,然后AAA服务器发出适当的请求或将接收到的请求转发给信用控制服务器。
In other service environments, such as the 3GPP network and some SIP scenarios, there is a substantial decoupling between registration/ access to the network and the actual service request (i.e., the authentication/authorization is executed once during registration/ access to the network and is not executed for every service event requested by the subscriber). In these environments, it is more appropriate to perform the first interrogation after the user has been authenticated and authorized. The first, intermediate, and final interrogations are executed with credit-control commands defined in this specification.
在其他服务环境中,例如3GPP网络和一些SIP场景,对网络的注册/访问与实际服务请求之间存在实质性的分离(即,认证/授权在注册/访问网络期间执行一次,而不是针对用户请求的每个服务事件执行)。在这些环境中,更适合在用户经过身份验证和授权后执行第一次询问。使用本规范中定义的信用控制命令执行第一次、中间和最终询问。
Other IETF standards or standards developed by other standardization bodies may define the most suitable method in their architectures.
其他IETF标准或其他标准化机构制定的标准可在其架构中定义最合适的方法。
The Diameter Credit-Control client in the Service Element may get information from the authorization server as to whether credit-control is required, based on its knowledge of the end user. If credit-control is required, the credit-control server needs to be contacted prior to initiating service delivery to the end user. The accounting protocol and the credit-control protocol can be used in parallel. The authorization server may also determine whether the parallel accounting stream is required.
服务元素中的Diameter信用控制客户端可以基于其对最终用户的了解,从授权服务器获取关于是否需要信用控制的信息。如果需要信用控制,则需要在开始向最终用户提供服务之前联系信用控制服务器。记帐协议和信用控制协议可以并行使用。授权服务器还可以确定是否需要并行记帐流。
Figure 3 illustrates the case where both protocols are used in parallel and the Service Element sends credit-control messages directly to the credit-control server. More credit-control sequence examples are given in Appendix A.
图3说明了两个协议并行使用,服务元素直接向信用控制服务器发送信用控制消息的情况。附录A中给出了更多信贷控制顺序示例。
Diameter End User Service Element AAA Server CC Server (CC Client) | Registration | AA-Request/Answer(accounting, CC, or both)| |<----------------->|<------------------>| | | : | | | | : | | | | Service Request | | | |------------------>| | | | | CCR(Initial, Credit-Control AVPs) | | +|------------------------------------------>| | CC stream|| | CCA(Granted-Units)| | +|<------------------------------------------| | Service Delivery | | | |<----------------->| ACR(start, Accounting AVPs) | | : |------------------->|+ | | : | ACA || Accounting stream | | |<-------------------|+ | | : | | | | : | | | | | CCR(Update, Used-Units) | | |------------------------------------------>| | | | CCA(Granted-Units)| | |<------------------------------------------| | : | | | | : | | | | End of Service | | | |------------------>| CCR(Termination, Used-Units) | | |------------------------------------------>| | | | CCA | | |<------------------------------------------| | | ACR(stop) | | | |------------------->| | | | ACA | | | |<-------------------| |
Diameter End User Service Element AAA Server CC Server (CC Client) | Registration | AA-Request/Answer(accounting, CC, or both)| |<----------------->|<------------------>| | | : | | | | : | | | | Service Request | | | |------------------>| | | | | CCR(Initial, Credit-Control AVPs) | | +|------------------------------------------>| | CC stream|| | CCA(Granted-Units)| | +|<------------------------------------------| | Service Delivery | | | |<----------------->| ACR(start, Accounting AVPs) | | : |------------------->|+ | | : | ACA || Accounting stream | | |<-------------------|+ | | : | | | | : | | | | | CCR(Update, Used-Units) | | |------------------------------------------>| | | | CCA(Granted-Units)| | |<------------------------------------------| | : | | | | : | | | | End of Service | | | |------------------>| CCR(Termination, Used-Units) | | |------------------------------------------>| | | | CCA | | |<------------------------------------------| | | ACR(stop) | | | |------------------->| | | | ACA | | | |<-------------------| |
ACR: Accounting-Request ACA: Accounting-Answer
ACR:会计请求ACA:会计回答
Figure 3: Protocol Example with First Interrogation after User's Authorization/Authentication
图3:用户授权/认证后第一次询问的协议示例
The Diameter Credit-Control client in the Service Element MUST actively co-operate with the authorization/authentication client in the construction of the AA-Request by adding appropriate Credit-Control AVPs. The credit-control client MUST add the Credit-Control AVP to indicate credit-control capabilities and MAY add other relevant credit-control-specific AVPs to the proper authorization/authentication command to perform the first interrogation toward the home Diameter AAA server. The Auth-Application-Id is set to the appropriate value, as defined in service-specific authorization/authentication application document (e.g., [RFC7155] [RFC4004]). The home Diameter AAA server authenticates/authorizes the subscriber and determines whether credit-control is required.
服务元素中的Diameter信用控制客户端必须通过添加适当的信用控制AVP,在构建AA请求时与授权/认证客户端积极合作。信用控制客户端必须添加信用控制AVP以指示信用控制能力,并且可以将其他相关的信用控制特定AVP添加到适当的授权/认证命令中,以执行对home Diameter AAA服务器的第一次询问。验证应用程序Id设置为适当的值,如特定于服务的授权/验证应用程序文档(例如,[RFC7155][RFC4004])中所定义。home Diameter AAA服务器对订户进行身份验证/授权,并确定是否需要信用控制。
If credit-control is not required for the subscriber, the home Diameter AAA server will respond as usual, with an appropriate AA-Answer message. If credit-control is required for the subscriber and the Credit-Control AVP with the value set to CREDIT_AUTHORIZATION was present in the authorization request, the home AAA server MUST contact the credit-control server to perform the first interrogation. If credit-control is required for the subscriber and the Credit-Control AVP was not present in the authorization request, the home AAA server MUST send an authorization reject Answer message.
如果订户不需要信用控制,home Diameter AAA服务器将像往常一样响应,并显示相应的AA应答消息。如果订户需要信用控制,并且授权请求中存在设置为credit_AUTHORIZATION的值的信用控制AVP,则家庭AAA服务器必须联系信用控制服务器以执行第一次询问。如果订户需要信用控制,且信用控制AVP未出现在授权请求中,则家庭AAA服务器必须发送授权拒绝应答消息。
The Diameter AAA server supporting credit-control is required to send the Credit-Control-Request command (CCR) defined in this document to the credit-control server. The Diameter AAA server populates the CCR based on service-specific AVPs used for input to the rating process, and possibly on Credit-Control AVPs received in the AA-Request. The credit-control server will reserve money from the user's account, will rate the request, and will send a Credit-Control-Answer message to the home Diameter AAA server. The Answer message includes the Granted-Service-Unit AVP(s) and MAY include other credit-control-specific AVPs, as appropriate. Additionally, the credit-control server MAY set the Validity-Time and MAY include the CCFH and the DDFH to determine what to do if the sending of credit-control messages to the credit-control server has been temporarily prevented.
支持信用控制的Diameter AAA服务器需要将本文档中定义的信用控制请求命令(CCR)发送到信用控制服务器。Diameter AAA服务器根据用于输入评级过程的特定于服务的AVP,以及AA请求中收到的信用控制AVP,填充CCR。信用控制服务器将从用户帐户中预留资金,对请求进行评级,并向home Diameter AAA服务器发送信用控制应答消息。应答消息包括被授予的服务单元AVP,并可酌情包括其他特定于信用控制的AVP。此外,信用控制服务器可以设置有效时间,并且可以包括CCFH和DDFH,以确定如果已经临时阻止向信用控制服务器发送信用控制消息,该怎么办。
Upon receiving the Credit-Control-Answer message from the credit-control server, the home Diameter AAA server will populate the AA-Answer with the received Credit-Control AVPs and with the appropriate service attributes according to the authorization/ authentication-specific application (e.g., [RFC7155] [RFC4004]). It will then forward the packet to the credit-control client. If the home Diameter AAA server receives a credit-control reject message, it
收到来自信用控制服务器的信用控制应答消息后,home Diameter AAA服务器将根据授权/认证特定应用程序(例如,[RFC7155][RFC4004])使用收到的信用控制AVP和适当的服务属性填充AA应答。然后,它将数据包转发给信用控制客户端。如果home Diameter AAA服务器收到信用控制拒绝消息,则
will simply generate an appropriate authorization reject message to the credit-control client, including the credit-control-specific error code.
只需向信贷控制客户机生成适当的授权拒绝消息,包括信贷控制特定的错误代码。
In this model, the credit-control client sends further credit-control messages to the credit-control server via the home Diameter AAA server. Upon receiving a successful authorization Answer message with the Granted-Service-Unit AVP(s), the credit-control client will grant the service to the end user and will generate an intermediate Credit-Control-Request, if required, by using credit-control commands. The CC-Request-Number of the first UPDATE_REQUEST MUST be set to 1 (for details regarding how to produce a unique value for the CC-Request-Number AVP, see Section 8.2).
在此模型中,信用控制客户端通过home Diameter AAA服务器向信用控制服务器发送进一步的信用控制消息。在接收到带有授权服务单元AVP的成功授权应答消息后,信用控制客户端将向最终用户授权服务,并在需要时使用信用控制命令生成中间信用控制请求。第一次更新请求的CC请求编号必须设置为1(有关如何为CC请求编号AVP生成唯一值的详细信息,请参阅第8.2节)。
If service-specific re-authorization is performed (i.e., the authorization lifetime expires), the credit-control client MUST add to the service-specific re-authorization request the Credit-Control AVP with a value set to RE_AUTHORIZATION to indicate that the credit-control server MUST NOT be contacted. When session-based credit-control is used for the subscriber, a constant credit-control message stream flows through the home Diameter AAA server. The home Diameter AAA server can make use of this credit-control message flow to deduce that the user's activity is ongoing; therefore, it is recommended to set the authorization lifetime to a reasonably high value when credit-control is used for the subscriber.
如果执行特定于服务的重新授权(即,授权有效期到期),信用控制客户端必须向特定于服务的重新授权请求中添加信用控制AVP,其值设置为“重新授权”,以指示不得联系信用控制服务器。当订户使用基于会话的信用控制时,恒定的信用控制消息流流经home Diameter AAA服务器。home Diameter AAA服务器可以利用该信用控制消息流推断用户的活动正在进行中;因此,当用户使用信用控制时,建议将授权寿命设置为合理的高值。
In this scenario, the home Diameter AAA server MUST advertise support for the credit-control application to its peers during the capability exchange process.
在这种情况下,home Diameter AAA服务器必须在能力交换过程中向其对等方公布对信用控制应用程序的支持。
Figure 4 illustrates the use of authorization/authentication messages to perform the first interrogation. The parallel accounting stream is not shown in the figure.
图4说明了使用授权/身份验证消息执行第一次询问。图中未显示并行记帐流。
Diameter Service Element AAA Server CC Server End User (CC Client) | Service Request | AA-Request (CC AVPs) | | |------------------>|--------------------->| | | | | CCR(Initial, CC AVPs) | | |-------------------->| | | | CCA(Granted-Units)| | | |<--------------------| | | AA-Answer(Granted-Units) | | Service Delivery |<---------------------| | |<----------------->| | | | : | | | | : | | | | : | | | | | | | | | CCR(Update, Used-Units) | | |--------------------->| CCR(Update, Used-Units) | | |-------------------->| | | | CCA(Granted-Units)| | | CCA(Granted-Units)|<--------------------| | |<---------------------| | | : | | | | : | | | | End of Service | | | |------------------>| CCR(Termination, Used-Units) | | |--------------------->| CCR(Term., Used-Units) | | |-------------------->| | | | CCA | | | CCA |<--------------------| | |<---------------------| |
Diameter Service Element AAA Server CC Server End User (CC Client) | Service Request | AA-Request (CC AVPs) | | |------------------>|--------------------->| | | | | CCR(Initial, CC AVPs) | | |-------------------->| | | | CCA(Granted-Units)| | | |<--------------------| | | AA-Answer(Granted-Units) | | Service Delivery |<---------------------| | |<----------------->| | | | : | | | | : | | | | : | | | | | | | | | CCR(Update, Used-Units) | | |--------------------->| CCR(Update, Used-Units) | | |-------------------->| | | | CCA(Granted-Units)| | | CCA(Granted-Units)|<--------------------| | |<---------------------| | | : | | | | : | | | | End of Service | | | |------------------>| CCR(Termination, Used-Units) | | |--------------------->| CCR(Term., Used-Units) | | |-------------------->| | | | CCA | | | CCA |<--------------------| | |<---------------------| |
Figure 4: Protocol Example with Use of Authorization Messages for the First Interrogation
图4:第一次询问使用授权消息的协议示例
When all the granted service units for one unit type are spent by the end user or the Validity-Time has expired, the Diameter Credit-Control client MUST send a new Credit-Control-Request to the credit-control server. In the event that credit-control for multiple services is applied in one credit-control session (i.e., units associated to Service-Identifier(s) or the rating-group are granted), a new Credit-Control-Request MUST be sent to the credit-control
当最终用户使用了一种单元类型的所有授权服务单元或有效期已过期时,Diameter信用控制客户端必须向信用控制服务器发送新的信用控制请求。如果在一个信用控制会话中应用了多个服务的信用控制(即,授予与服务标识符或评级组关联的单元),则必须向信用控制会话发送新的信用控制请求
server when the credit reservation has been wholly consumed or upon expiration of the Validity-Time. It is always up to the Diameter Credit-Control client to send a new request well in advance of the expiration of the previous request in order to avoid interruption in the Service Element. Even if the granted service units reserved by the credit-control server have not been spent upon expiration of the Validity-Time, the Diameter Credit-Control client MUST send a new Credit-Control-Request to the credit-control server.
当信用预订已全部使用或有效期到期时,服务器。Diameter Credit Control客户端总是在前一个请求到期之前发送一个新请求,以避免服务元素中断。即使信用控制服务器保留的授权服务单元在有效期到期时尚未使用,Diameter信用控制客户端也必须向信用控制服务器发送新的信用控制请求。
There can also be mid-session service events, which might affect the rating of the current service events. In this case, a spontaneous update (a new Credit-Control-Request) SHOULD be sent, including information related to the service event, even if all the granted service units have not been spent or the Validity-Time has not expired.
还可能存在中间会话服务事件,这可能会影响当前服务事件的评级。在这种情况下,应发送自发更新(新的信用控制请求),包括与服务事件相关的信息,即使所有授予的服务单元尚未使用或有效期尚未到期。
When the used units are reported to the credit-control server, the credit-control client will not have any units in its possession before new granted units are received from the credit-control server. When the new granted units are received, these units apply from the point where the measurement of the reported used units stopped. Where independent credit-control of multiple services is supported, this process may be executed for one or more services, a single rating-group, or a pool within the (sub-)session.
当使用的单位报告给信用控制服务器时,在从信用控制服务器收到新的授权单位之前,信用控制客户端将不会拥有任何单位。当收到新的授权单位时,这些单位从报告使用单位的测量停止点开始应用。如果支持对多个服务进行独立的信用控制,则可以对(子)会话中的一个或多个服务、单个评级组或池执行此过程。
The CC-Request-Type AVP is set to the value UPDATE_REQUEST in the intermediate request message. The Subscription-Id AVP or Subscription-Id-Extension AVP SHOULD be included in the intermediate message to identify the end user in the credit-control server. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
CC请求类型AVP设置为中间请求消息中的值UPDATE_Request。订阅Id AVP或订阅Id扩展AVP应包含在中间消息中,以标识信贷控制服务器中的最终用户。服务上下文Id AVP指示适用于请求的特定于服务的文档。
The Requested-Service-Unit AVP MAY contain the new amount of requested service units. Where the Multiple-Services-Credit-Control AVP is used, it MUST contain the Requested-Service-Unit AVP if a new quota is requested for the associated service/rating-group. The Used-Service-Unit AVP contains the amount of used service units measured from the point when the service became active or, if interim interrogations are used during the session, from the point when the previous measurement ended. The same unit types used in the previous message SHOULD be used. If several unit types were included in the previous Answer message, the used service units for each unit type MUST be reported.
请求的服务单元AVP可以包含请求的服务单元的新数量。在使用多服务信用控制AVP的情况下,如果为相关服务/评级组请求新配额,则必须包含请求的服务单元AVP。已用服务单位AVP包含从服务激活时开始测量的已用服务单位数量,或者,如果在会话期间使用临时询问,则包含从上一次测量结束时开始测量的已用服务单位数量。应使用上一条消息中使用的相同单元类型。如果前一个应答消息中包含多个单元类型,则必须报告每个单元类型使用的服务单元。
The Event-Timestamp AVP SHOULD be included in the request and contains the time of the event that triggered the sending of the new Credit-Control-Request.
事件时间戳AVP应包含在请求中,并包含触发发送新信用控制请求的事件的时间。
The credit-control server MUST deduct the used amount from the end user's account. It MAY rate the new request and make a new credit reservation from the end user's account that covers the cost of the requested service event.
信用控制服务器必须从最终用户的帐户中扣除已使用金额。它可以对新请求进行评级,并从最终用户的帐户中进行新的信用预订,以支付请求的服务事件的费用。
A Credit-Control-Answer message with the CC-Request-Type AVP set to the value UPDATE_REQUEST MAY include the Cost-Information AVP containing the accumulated cost estimation for the session, without taking any credit reservations into account.
CC请求类型AVP设置为值UPDATE_Request的信用控制应答消息可以包括包含会话的累积成本估计的成本信息AVP,而不考虑任何信用保留。
The Credit-Control-Answer message MAY also include the Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP to indicate that the Answer message contains the final units for the service. After the end user has consumed these units, the Diameter Credit-Control client MUST behave as described in Section 5.6.
信用控制应答消息还可以包括最终单元指示AVP或QoS最终单元指示AVP,以指示应答消息包含用于服务的最终单元。最终用户使用这些装置后,Diameter信用控制客户机必须按照第5.6节中的说明进行操作。
There can be several intermediate interrogations within a session.
在一个会话中可以有几个中间询问。
When the end user terminates the service session or when graceful service termination (described in Section 5.6) takes place, the Diameter Credit-Control client MUST send a final Credit-Control-Request message to the credit-control server. The CC-Request-Type AVP is set to the value TERMINATION_REQUEST. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
当最终用户终止服务会话或正常服务终止(如第5.6节所述)发生时,Diameter信用控制客户端必须向信用控制服务器发送最终信用控制请求消息。CC请求类型AVP设置为终止请求的值。服务上下文Id AVP指示适用于请求的特定于服务的文档。
The Event-Timestamp AVP SHOULD be included in the request and contains the time when the session was terminated.
事件时间戳AVP应包含在请求中,并包含会话终止的时间。
The Used-Service-Unit AVP contains the amount of used service units measured from the point when the service became active or, if interim interrogations are used during the session, from the point when the previous measurement ended. If several unit types were included in the previous Answer message, the used service units for each unit type MUST be reported.
已用服务单位AVP包含从服务激活时开始测量的已用服务单位数量,或者,如果在会话期间使用临时询问,则包含从上一次测量结束时开始测量的已用服务单位数量。如果前一个应答消息中包含多个单元类型,则必须报告每个单元类型使用的服务单元。
After final interrogation, the credit-control server MUST refund the reserved credit amount not used to the end user's account and deduct the used monetary amount from the end user's account.
最终询问后,信用控制服务器必须将未使用的保留信用金额退还给最终用户的帐户,并从最终用户的帐户中扣除已使用的货币金额。
A Credit-Control-Answer message with the CC-Request-Type AVP set to the value TERMINATION_REQUEST MAY include the Cost-Information AVP containing the estimated total cost for the session in question.
将CC请求类型AVP设置为值TERMINATION_Request的信用控制应答消息可以包括包含所述会话的估计总成本的成本信息AVP。
If the user logs off during an ongoing credit-control session or if the user becomes logged off for some other reason (e.g., a final-unit indication causes user logoff according to local policy), the Service Element, according to application-specific policy, may send a Session-Termination-Request (STR) to the home Diameter AAA server as usual [RFC6733]. Figure 5 illustrates the case when the final-unit indication causes user logoff upon consumption of the final granted units and the generation of an STR.
如果用户在正在进行的信用控制会话期间注销,或者如果用户由于某些其他原因注销(例如,最终单元指示导致用户根据本地策略注销),则根据特定于应用程序的策略,服务元素可以像往常一样向home Diameter AAA服务器发送会话终止请求(STR)[RFC6733]。图5说明了最终单位指示导致用户在使用最终授予的单位并生成STR时注销的情况。
The Diameter AAA server responds with a Session-Termination-Answer (STA).
Diameter AAA服务器响应会话终止应答(STA)。
Service Element AAA Server CC Server End User (CC Client) | Service Delivery | | | |<----------------->| | | | : | | | | : | | | | : | | | | | | | | | CCR(Update, Used-Units) | | |-------------------->| CCR(Update, Used-Units) | | |-------------------->| | | CCA(Final-Unit, Terminate) | CCA(Final-Unit, Terminate)|<--------------------| | |<--------------------| | | : | | | | : | | | | Disconnect user | | | |<------------------| CCR(Termination, Used-Units) | | |-------------------->| CCR(Term., Used-Units) | | |-------------------->| | | | CCA | | | CCA |<--------------------| | |<--------------------| | | | STR | | | |-------------------->| | | | STA | | | |<--------------------| |
Service Element AAA Server CC Server End User (CC Client) | Service Delivery | | | |<----------------->| | | | : | | | | : | | | | : | | | | | | | | | CCR(Update, Used-Units) | | |-------------------->| CCR(Update, Used-Units) | | |-------------------->| | | CCA(Final-Unit, Terminate) | CCA(Final-Unit, Terminate)|<--------------------| | |<--------------------| | | : | | | | : | | | | Disconnect user | | | |<------------------| CCR(Termination, Used-Units) | | |-------------------->| CCR(Term., Used-Units) | | |-------------------->| | | | CCA | | | CCA |<--------------------| | |<--------------------| | | | STR | | | |-------------------->| | | | STA | | | |<--------------------| |
Figure 5: User Disconnected Due to Exhausted Account
图5:用户由于帐户耗尽而断开连接
The Diameter Credit-Control application supports server-initiated re-authorization. The credit-control server MAY optionally initiate the credit re-authorization by issuing a Re-Auth-Request (RAR) as defined in the Diameter base protocol [RFC6733]. The
Diameter信用控制应用程序支持服务器启动的重新授权。信用控制服务器可以选择通过发出Diameter基本协议[RFC6733]中定义的重新授权请求(RAR)来启动信用重新授权。这个
Auth-Application-Id in the RAR message is set to 4 to indicate "Diameter Credit Control", and the Re-Auth-Request-Type is set to AUTHORIZE_ONLY.
RAR消息中的身份验证应用程序Id设置为4以表示“直径信用控制”,并且重新身份验证请求类型设置为仅授权。
Section 5.1.2 defines the feature to enable credit-control for multiple services within a single (sub-)session where the server can authorize credit usage at a different level of granularity. Further, the server may provide credit resources to multiple services or rating-groups as a pool (see Section 5.1.2 for details and definitions). Therefore, the server, based on its service logic and its knowledge of the ongoing session, can decide to request credit re-authorization for a whole (sub-)session, a single credit pool, a single service, or a single rating-group. To request credit re-authorization for a credit pool, the server includes in the RAR message the G-S-U-Pool-Identifier AVP indicating the affected pool. To request credit re-authorization for a service or a rating-group, the server includes in the RAR message the Service-Identifier AVP or the Rating-Group AVP, respectively. To request credit re-authorization for all the ongoing services within the (sub-)session, the server includes none of the above-mentioned AVPs in the RAR message.
第5.1.2节定义了在单个(子)会话中为多个服务启用信用控制的功能,其中服务器可以在不同的粒度级别授权信用使用。此外,服务器可将信用资源作为一个池提供给多个服务或评级组(有关详细信息和定义,请参阅第5.1.2节)。因此,服务器可以根据其服务逻辑和对正在进行的会话的了解,决定为整个(子)会话、单个信用池、单个服务或单个评级组请求信用重新授权。为了请求信用池的信用再授权,服务器在RAR消息中包括指示受影响池的G-S-U-pool-Identifier AVP。为了请求服务或评级组的信用再授权,服务器在RAR消息中分别包括服务标识符AVP或评级组AVP。为了请求(子)会话中所有正在进行的服务的信用再授权,服务器在RAR消息中不包括上述AVP。
If a credit re-authorization is not already ongoing (i.e., the credit-control session is in Open state), a credit-control client that receives an RAR message with Session-Id equal to a currently active credit-control session MUST acknowledge the request by sending the Re-Auth-Answer (RAA) message and MUST initiate the credit re-authorization toward the server by sending a Credit-Control-Request message with the CC-Request-Type AVP set to the value UPDATE_REQUEST. The Result-Code 2002 (DIAMETER_LIMITED_SUCCESS) SHOULD be used in the RAA message to indicate that an additional message (i.e., a CCR message with the value UPDATE_REQUEST) is required to complete the procedure. If a quota was allocated to the service, the credit-control client MUST report the used quota in the Credit-Control-Request. Note that the end user does not need to be prompted for the credit re-authorization, since the credit re-authorization is transparent to the user (i.e., it takes place exclusively between the credit-control client and the credit-control server).
如果信用再授权尚未进行(即信用控制会话处于打开状态),则接收会话Id等于当前活动信用控制会话的RAR消息的信用控制客户端必须通过发送再授权应答(RAA)来确认请求消息,并且必须通过发送信用控制请求消息,将CC请求类型AVP设置为值UPDATE_Request,向服务器发起信用再授权。RAA消息中应使用结果代码2002(DIAMETER_LIMITED_SUCCESS),以指示完成该过程需要额外的消息(即,带有值更新请求的CCR消息)。如果为服务分配了配额,则信用控制客户端必须在信用控制请求中报告已使用的配额。请注意,无需提示最终用户进行信用再授权,因为信用再授权对用户是透明的(即,它只在信用控制客户端和信用控制服务器之间发生)。
Where multiple services in a user's session are supported, the procedure in the above paragraph will be executed at the granularity requested by the server in the RAR message.
如果支持用户会话中的多个服务,则将按照服务器在RAR消息中请求的粒度执行上面段落中的过程。
If credit re-authorization is ongoing at the time when the RAR message is received (i.e., an RAR-CCR collision), the credit-control client successfully acknowledges the request but does not initiate a new credit re-authorization. The Result-Code 2001 (DIAMETER_SUCCESS)
如果在收到RAR消息(即RAR-CCR冲突)时正在进行信用再授权,信用控制客户端将成功确认该请求,但不会启动新的信用再授权。结果代码2001(DIAMETER_SUCCESS)
SHOULD be used in the RAA message to indicate that a credit re-authorization procedure is already ongoing (i.e., the client was in PendingU state when the RAR was received). The credit-control server SHOULD process the Credit-Control-Request as if it was received in answer to the server-initiated credit re-authorization and should consider the server-initiated credit re-authorization process successful upon reception of the RAA message.
应在RAA消息中使用,以表明信贷再授权程序已在进行中(即,收到RAR时,客户处于待处理状态)。信用控制服务器应该处理信用控制请求,好像它是在接收到服务器发起的信用重新授权时接收的,并且应该考虑服务器发起的信用重新授权过程在接收RAA消息时成功。
When multiple services are supported in a user's session, the server may request credit re-authorization for a credit pool (or for the (sub-)session) while a credit re-authorization is already ongoing for some of the services or rating-groups. In this case, the client acknowledges the server request with an RAA message and MUST send a new Credit-Control-Request message to perform re-authorization for the remaining services/rating-groups. The Result-Code 2002 (DIAMETER_LIMITED_SUCCESS) SHOULD be used in the RAA message to indicate that an additional message (i.e., a CCR message with the value UPDATE_REQUEST) is required to complete the procedure. The server processes the received requests and returns an appropriate answer to both requests.
当一个用户的会话中支持多个服务时,服务器可能会请求信用池(或(子)会话)的信用重新授权,而某些服务或评级组的信用重新授权已经在进行中。在这种情况下,客户端使用RAA消息确认服务器请求,并且必须发送新的信用控制请求消息,以便对其余服务/评级组执行重新授权。RAA消息中应使用结果代码2002(DIAMETER_LIMITED_SUCCESS),以指示完成该过程需要额外的消息(即,带有值更新请求的CCR消息)。服务器处理接收到的请求,并对这两个请求返回适当的答案。
The above-defined procedures are enabled for each of the possibly active Diameter Credit-Control sub-sessions. The server MAY request re-authorization for an active sub-session by including the CC-Sub-Session-Id AVP in the RAR message in addition to the Session-Id AVP.
上述定义的过程针对每个可能活动的Diameter信用控制子会话启用。除了会话Id AVP之外,服务器还可以通过在RAR消息中包括CC子会话Id AVP来请求对活动子会话的重新授权。
When the user's account runs out of money, the user may not be allowed to compile additional chargeable events. However, the home service provider may offer some services -- for instance, access to a service portal where it is possible to refill the account -- from which the user is allowed to benefit for a limited time. The length of this time is usually dependent on the home service provider policy.
当用户的帐户耗尽资金时,可能不允许用户编译其他收费事件。然而,家庭服务提供商可以提供一些服务——例如,访问服务门户,在那里可以重新充值帐户——允许用户在有限的时间内受益。这段时间的长短通常取决于家庭服务提供商的策略。
This section defines the optional graceful service termination feature. This feature MAY be supported by the credit-control server. Credit-control client implementations MUST support the Final-Unit-Indication AVP or QoS-Final-Unit-Indication AVP with at least the teardown of the ongoing service session once the subscriber has consumed all the final granted units.
本节定义可选的优雅服务终止功能。信用控制服务器可能支持此功能。信用控制客户端实现必须支持最终单元指示AVP或QoS最终单元指示AVP,并且在订户消费完所有最终授予的单元后,至少要拆除正在进行的服务会话。
Where independent credit-control of multiple services in a single credit-control (sub-)session is supported, it is possible to use graceful service termination for each of the services/rating-groups independently. Naturally, the graceful service termination process defined in the following subsections will apply to the specific service/rating-group as requested by the server.
如果支持在单个信用控制(子)会话中对多个服务进行独立的信用控制,则可以独立地为每个服务/评级组使用优雅的服务终止。当然,以下小节中定义的服务终止过程将根据服务器的请求应用于特定的服务/评级组。
In some service environments (e.g., NAS), graceful service termination may be used to redirect the subscriber to a service portal for online balance refill or other services offered by the home service provider. In this case, the graceful service termination process installs a set of packet filters to restrict the user's access capability only to/from the specified destinations. All the IP packets not matching the filters will be dropped or, possibly, redirected to the service portal. The user may also be sent an appropriate notification as to why the access has been limited. These actions may be communicated explicitly from the server to the client or may be configured "per service" at the client. Explicitly signaled redirection or restriction instructions always take precedence over configured ones.
在某些服务环境(例如,NAS)中,可以使用服务终止将订户重定向到服务门户,以便在线余额补充或家庭服务提供商提供的其他服务。在这种情况下,优雅服务终止过程安装一组数据包过滤器,以限制用户仅对指定目的地的访问能力。所有与筛选器不匹配的IP数据包都将被丢弃,或者可能重定向到服务门户。还可以向用户发送关于访问被限制的原因的适当通知。这些动作可以从服务器显式地传送到客户端,或者可以在客户端“每个服务”进行配置。显式信号重定向或限制指令始终优先于配置的指令。
It is also possible to use graceful service termination to connect the prepaid user to a top-up server that plays an announcement and prompts the user to replenish the account. In this case, the credit-control server sends only the address of the top-up server where the prepaid user shall be connected after the final granted units have been consumed. An example of this case is given in Appendix A.7.
还可以使用优雅的服务终止将预付费用户连接到充值服务器,充值服务器播放公告并提示用户补充帐户。在这种情况下,信用控制服务器仅发送充值服务器的地址,预付费用户应在最终授予的单位消耗后连接充值服务器。附录A.7中给出了这种情况的示例。
The credit-control server MAY initiate graceful service termination by including the Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP in the Credit-Control-Answer to indicate that the message contains the final units for the service.
信用控制服务器可以通过在信用控制应答中包括最终单元指示AVP或QoS最终单元指示AVP来发起优雅的服务终止,以指示消息包含服务的最终单元。
When the credit-control client receives the Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP in the answer from the server, its behavior depends on the value indicated in the Final-Unit-Action AVP. The server may request the following actions: TERMINATE, REDIRECT, or RESTRICT_ACCESS.
当信用控制客户端从服务器收到应答中的最终单元指示AVP或QoS最终单元指示AVP时,其行为取决于最终单元操作AVP中指示的值。服务器可能会请求以下操作:终止、重定向或限制\u访问。
Figure 6 illustrates the graceful service termination procedure described in the following subsections.
图6说明了以下小节中描述的服务终止过程。
Diameter End User Service Element AAA Server CC Server (CC Client) | Service Delivery | | | |<----------------->| | | | |CCR(Update, Used-Units) | | |-------------------->|CCR(Update, Used-Units) | : | |-------------------->| | : | |CCA(Final-Unit, Action) | : | |<--------------------| | |CCA(Final-Unit, Action) | | |<--------------------| | | | | | | : | | | | : | | | | /////////////// |CCR(Update, Used-Units) | |/Final Units End/->|-------------------->|CCR(Update, Used-Units) |/Action and // | |-------------------->| |/Restrictions // | | CCA(Validity-Time)| |/Start // | CCA(Validity-Time)|<--------------------| | ///////////// |<--------------------| | | : | | | | : | | | | Replenish account | +-------+ | |<--------------------------------------------->|Account| | | | | +-------+ | | | | RAR | | + | RAR |<====================| | | |<====================| | | | | RAA | | | ///////////// | |====================>| RAA | | /If supported / | | CCR(Update) |====================>| | /by CC Server/ | |====================>| CCR(Update) | | ///////////// | | |====================>| | | | | CCA(Granted-Units)| | | | CCA(Granted-Units)|<====================| | Restrictions ->+ |<====================| | | removed | | | | : | | | | OR | CCR(Update) | | | Validity-Time ->|-------------------->| CCR(Update) | | expires | |-------------------->| | | | CCA(Granted-Units)| | | CCA(Granted-Units)|<--------------------| | Restrictions ->|<--------------------| | | removed | | |
Diameter End User Service Element AAA Server CC Server (CC Client) | Service Delivery | | | |<----------------->| | | | |CCR(Update, Used-Units) | | |-------------------->|CCR(Update, Used-Units) | : | |-------------------->| | : | |CCA(Final-Unit, Action) | : | |<--------------------| | |CCA(Final-Unit, Action) | | |<--------------------| | | | | | | : | | | | : | | | | /////////////// |CCR(Update, Used-Units) | |/Final Units End/->|-------------------->|CCR(Update, Used-Units) |/Action and // | |-------------------->| |/Restrictions // | | CCA(Validity-Time)| |/Start // | CCA(Validity-Time)|<--------------------| | ///////////// |<--------------------| | | : | | | | : | | | | Replenish account | +-------+ | |<--------------------------------------------->|Account| | | | | +-------+ | | | | RAR | | + | RAR |<====================| | | |<====================| | | | | RAA | | | ///////////// | |====================>| RAA | | /If supported / | | CCR(Update) |====================>| | /by CC Server/ | |====================>| CCR(Update) | | ///////////// | | |====================>| | | | | CCA(Granted-Units)| | | | CCA(Granted-Units)|<====================| | Restrictions ->+ |<====================| | | removed | | | | : | | | | OR | CCR(Update) | | | Validity-Time ->|-------------------->| CCR(Update) | | expires | |-------------------->| | | | CCA(Granted-Units)| | | CCA(Granted-Units)|<--------------------| | Restrictions ->|<--------------------| | | removed | | |
Figure 6: Optional Graceful Service Termination Procedure
图6:可选的服务终止过程
In addition, the credit-control server MAY reply with the Final-Unit-Indication AVP or QoS-Final-Unit-Indication AVP holding a Granted-Service-Unit (G-S-U) with a zero grant, indicating that the service SHOULD be terminated immediately, and no further reporting is required. Figure 7 illustrates a graceful service termination procedure that applies immediately after receiving a zero grant.
此外,信用控制服务器可以用最终单元指示AVP或QoS最终单元指示AVP来回复,AVP持有具有零授权的授权服务单元(G-S-U),指示服务应当立即终止,并且不需要进一步报告。图7展示了一个优雅的服务终止过程,该过程在收到零授权后立即应用。
Diameter End User Service Element AAA Server CC Server (CC Client) | Service Delivery | | | |<----------------->| | | | |CCR(Update, Used-Units) | | |--------------------->|CCR(Update, Used-Units) | : | |-------------------->| | : | |CCA(Final-Unit, Action, | : | | Zero G-S-U) | : | |<--------------------| | |CCA(Final-Unit, Action, | | | Zero G-S-U) | | |<---------------------| | | /////////////// | | | |/Action and // | | | |/Restrictions // | | | |/Start // | | | | ///////////// | | | | : | | | | : | | |
Diameter End User Service Element AAA Server CC Server (CC Client) | Service Delivery | | | |<----------------->| | | | |CCR(Update, Used-Units) | | |--------------------->|CCR(Update, Used-Units) | : | |-------------------->| | : | |CCA(Final-Unit, Action, | : | | Zero G-S-U) | : | |<--------------------| | |CCA(Final-Unit, Action, | | | Zero G-S-U) | | |<---------------------| | | /////////////// | | | |/Action and // | | | |/Restrictions // | | | |/Start // | | | | ///////////// | | | | : | | | | : | | |
Figure 7: Optional Immediate Graceful Service Termination Procedure
图7:可选的即时服务终止过程
The Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP with Final-Unit-Action set to TERMINATE does not include any other information. When the subscriber has consumed the final granted units, the Service Element MUST terminate the service. This is the default handling applicable whenever the credit-control client receives an unsupported Final-Unit-Action value and MUST be supported by all the Diameter Credit-Control client implementations conforming to this specification. A final Credit-Control-Request message to the credit-control server MUST be sent if the Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP indicating action TERMINATE was present at the command level. The CC-Request-Type AVP in the request is set to the value TERMINATION_REQUEST.
最终单元指示AVP或最终单元动作设置为终止的QoS最终单元指示AVP不包括任何其他信息。当订户已使用最终授予的单元时,服务元素必须终止服务。当信贷控制客户机收到不受支持的最终单位操作值时,这是适用的默认处理,并且必须得到符合本规范的所有Diameter信贷控制客户机实施的支持。如果在命令级别存在表示操作终止的最终单元指示AVP或QoS最终单元指示AVP,则必须向信用控制服务器发送最终信用控制请求消息。请求中的CC请求类型AVP设置为终止请求的值。
The Final-Unit-Indication AVP or the QoS-Final-Unit-Indication AVP with Final-Unit-Action set to REDIRECT indicates to the Service Element supporting this action that, upon consumption of the final granted units, the user MUST be redirected to the address specified in the Redirect-Server AVP or Redirect-Server-Extension AVP as follows.
最终单元指示AVP或QoS最终单元指示AVP(最终单元操作设置为重定向)向支持此操作的服务元素指示,在使用最终授予的单元时,用户必须重定向到重定向服务器AVP或重定向服务器扩展AVP中指定的地址,如下所示。
The credit-control server sends the Redirect-Server AVP or Redirect-Server-Extension AVP in the Credit-Control-Answer message. In such a case, the Service Element MUST redirect or connect the user to the destination specified in the Redirect-Server AVP or Redirect-Server-Extension AVP, if possible. When the end user is redirected (by using protocols other than Diameter) to the specified server or connected to the top-up server, an additional authorization (and possibly authentication) may be needed before the subscriber can replenish the account; however, this scenario is out of scope for this specification.
信用控制服务器在信用控制应答消息中发送重定向服务器AVP或重定向服务器扩展AVP。在这种情况下,如果可能,服务元素必须将用户重定向或连接到重定向服务器AVP或重定向服务器扩展AVP中指定的目标。当最终用户被重定向(通过使用Diameter以外的协议)到指定服务器或连接到充值服务器时,可能需要额外的授权(以及可能的身份验证),然后订户才能补充帐户;但是,此场景超出了本规范的范围。
In addition to the Redirect-Server AVP or Redirect-Server-Extension AVP, the credit-control server MAY include one or more Restriction-Filter-Rule AVPs, one or more Filter-Rule AVPs, or one or more Filter-Id AVPs in the Credit-Control-Answer message to enable the user to access other services (for example, zero-rated services). In such a case, the access device MUST treat all packets according to the Restriction-Filter-Rule AVPs, Filter-Rule AVPs, and the rules referred to by the Filter-Id AVP. After treatment is applied according to these rules, all traffic that has not been dropped or already forwarded MUST be redirected to the destination specified in the Redirect-Server AVP or Redirect-Server-Extension AVP.
除了重定向服务器AVP或重定向服务器扩展AVP之外,信用控制服务器可以在信用控制应答消息中包括一个或多个限制过滤规则AVP、一个或多个过滤规则AVP或一个或多个过滤Id AVP,以使用户能够访问其他服务(例如,零评级服务)。在这种情况下,接入设备必须根据限制过滤规则AVPs、过滤规则AVPs和由过滤Id AVP引用的规则来处理所有分组。根据这些规则进行处理后,所有未丢弃或已转发的流量必须重定向到重定向服务器AVP或重定向服务器扩展AVP中指定的目的地。
An entity other than the credit-control server may provision the access device with appropriate IP packet filters to be used in conjunction with the Diameter Credit-Control application. This case is considered in Section 5.6.3.
除信用控制服务器之外的实体可以向接入设备提供与Diameter信用控制应用一起使用的适当IP分组过滤器。第5.6.3节考虑了这种情况。
When the final granted units have been consumed, the credit-control client MUST perform an intermediate interrogation. The purpose of this interrogation is to indicate to the credit-control server that the specified action started and to report the used units. The credit-control server MUST deduct the used amount from the end user's account but MUST NOT make a new credit reservation. The credit-control client, however, may send intermediate interrogations before all the final granted units have been consumed for which rating and money reservation may be needed -- for instance, upon Validity-Time expiration or upon mid-session service events that affect the rating of the current service. Therefore, the
当消耗了最终授予的单位时,信贷控制客户必须执行中间查询。此询问的目的是向信贷控制服务器指示指定操作已启动,并报告使用的单位。信用控制服务器必须从最终用户的帐户中扣除已用金额,但不得进行新的信用预订。然而,信用控制客户机可能会在所有最终授予的单元被使用之前发送中间询问,而这些单元可能需要进行评级和资金预留——例如,在有效期到期时或在影响当前服务评级的会话中服务事件发生时。因此,
credit-control client MUST NOT include any rating-related AVPs in the request sent once all the final granted units have been consumed, as an indication to the server that (1) the requested final unit action started and (2) rating and money reservation are not required (when the Multiple-Services-Credit-Control AVP is used, the Service-Identifier AVP or the Rating-Group AVP is included to indicate the services concerned). Naturally, the Credit-Control-Answer message does not contain any granted service units and MUST include the Validity-Time AVP to indicate to the credit-control client how long the subscriber is allowed to use network resources before a new intermediate interrogation is sent to the server.
一旦消耗了所有最终授予的单位,信用控制客户端不得在发送的请求中包含任何与评级相关的AVP,以向服务器表明(1)已启动请求的最终单位操作,以及(2)不需要评级和资金预留(当使用多服务信用控制AVP时,包括服务标识符AVP或评级组AVP以指示相关服务)。当然,信用控制应答消息不包含任何授予的服务单元,并且必须包含有效时间AVP,以向信用控制客户端指示在向服务器发送新的中间询问之前,允许订户使用网络资源的时间。
At the expiry of Validity-Time, the credit-control client sends a Credit-Control-Request (UPDATE_REQUEST) as usual. This message does not include the Used-Service-Unit AVP, as there is no allotted quota to report. The credit-control server processes the request and MUST perform the credit reservation. If during this time the subscriber did not replenish their account, whether they will be disconnected or will be granted access to services not controlled by a credit-control server for an unlimited time is dependent on the home service provider policy. (Note: The latter option implies that the Service Element should not remove the restriction filters upon termination of the credit-control.) The server will return the appropriate Result-Code (see Section 9.1) in the Credit-Control-Answer message in order to implement the policy-defined action. Otherwise, a new quota will be returned, and the Service Element MUST remove all the possible restrictions activated by the graceful service termination process and continue the credit-control session and service session as usual.
在有效期到期时,信用控制客户端像往常一样发送信用控制请求(更新请求)。此消息不包括已使用的服务单元AVP,因为没有分配的配额报告。信用控制服务器处理该请求,并且必须执行信用保留。如果在此期间,订户未补充其帐户,则他们是否将被断开连接,或是否将被授予无限期访问不受信用控制服务器控制的服务的权限,取决于家庭服务提供商的策略。(注意:后一个选项意味着服务元素不应在信用控制终止时删除限制过滤器。)服务器将在信用控制应答消息中返回相应的结果代码(参见第9.1节),以实施策略定义的操作。否则,将返回一个新配额,并且服务元素必须移除由优雅服务终止过程激活的所有可能限制,并像往常一样继续信用控制会话和服务会话。
The credit-control client may not wait until the expiration of the Validity-Time and may send a spontaneous update (a new Credit-Control-Request) if the Service Element can determine, for instance, that communication between the end user and the top-up server took place. An example of this case is given in Appendix A.8 (Figure 18).
例如,如果服务元素能够确定最终用户和充值服务器之间发生了通信,则信用控制客户端可以不等待直到有效时间到期,并且可以发送自发更新(新的信用控制请求)。附录A.8(图18)给出了这种情况的示例。
Note that the credit-control server may already have initiated the above-described process for the first interrogation. However, the user's account might be empty when this first interrogation is performed. In this case, the subscriber can be offered a chance to replenish the account and continue the service. When the credit-control client receives (at either the session level or a service-specific level) a Final-Unit-Indication AVP or QoS-Final-Unit-Indication AVP, together with Validity-Time AVPs, but without a Granted-Service-Unit AVP, it immediately starts the graceful service termination process without sending any messages to the server. An example of this case is illustrated in Appendix A.8 (Figure 18).
注意,信用控制服务器可能已经为第一次询问启动了上述过程。但是,当执行第一次询问时,用户的帐户可能为空。在这种情况下,用户可以有机会补充帐户并继续服务。当信用控制客户端(在会话级别或特定于服务的级别)接收到最终单元指示AVP或QoS最终单元指示AVP,以及有效期AVP,但没有被授予的服务单元AVP时,它立即启动正常服务终止过程,而不向服务器发送任何消息。附录A.8(图18)说明了这种情况的示例。
A Final-Unit-Indication AVP with Final-Unit-Action set to RESTRICT_ACCESS indicates to the device supporting this action that, upon consumption of the final granted units, the user's access MUST be restricted according to the IP packet filters given in the Restriction-Filter-Rule AVP(s) or according to the IP packet filters identified by the Filter-Id AVP(s). The credit-control server SHOULD include either the Restriction-Filter-Rule AVP or the Filter-Id AVP in the Final-Unit-Indication group AVP of the Credit-Control-Answer message.
最终单元指示AVP(最终单元操作设置为限制访问)向支持此操作的设备指示,在使用最终授予的单元时,必须根据限制过滤器规则AVP中给出的IP数据包过滤器限制用户访问或者根据由过滤器Id AVP(s)标识的IP分组过滤器。信用控制服务器应在信用控制应答消息的最终单元指示组AVP中包括限制过滤器规则AVP或过滤器Id AVP。
A QoS-Final-Unit-Indication AVP with Final-Unit-Action set to RESTRICT_ACCESS indicates to the device supporting this action that, upon consumption of the final granted units, the actions specified in Filter-Rule AVP(s) MUST restrict the traffic according to the classifiers in the Filter-Rule AVP(s). If one or more Filter-Id AVPs are provided in the Credit-Control-Answer message, the credit-control client MUST restrict the traffic according to the IP packet filters identified by the Filter-Id AVP(s). The credit-control server SHOULD include either the Filter-Rule AVP or the Filter-Id AVP in the QoS-Final-Unit-Indication group AVP of the Credit-Control-Answer message.
QoS最终单元指示AVP(其最终单元操作设置为限制访问)向支持此操作的设备指示,在消耗最终授予的单元时,过滤规则AVP中指定的操作必须根据过滤规则AVP中的分类器限制流量。如果信用控制应答消息中提供了一个或多个过滤器Id AVP,则信用控制客户端必须根据过滤器Id AVP标识的IP包过滤器限制流量。信用控制服务器应在信用控制应答消息的QoS最终单元指示组AVP中包括过滤规则AVP或过滤Id AVP。
If both the Final-Unit-Indication AVP and the QoS-Final-Unit-Indication AVP exist in the Credit-Control-Answer message, a credit-control client that supports the QoS-Final-Unit-Indication AVP SHOULD follow the directives included in the QoS-Final-Unit-Indication AVP and SHOULD ignore the Final-Unit-Indication AVP.
如果信用控制应答消息中同时存在最终单元指示AVP和QoS最终单元指示AVP,则支持QoS最终单元指示AVP的信用控制客户端应遵循QoS最终单元指示AVP中包含的指令,并应忽略最终单元指示AVP。
An entity other than the credit-control server may provision the access device with appropriate IP packet filters to be used in conjunction with the Diameter Credit-Control application. Such an entity may, for instance, configure the access device with IP flows to be passed when the Diameter Credit-Control application indicates RESTRICT_ACCESS or REDIRECT. The access device passes IP packets according to the filter rules that may have been received in the Credit-Control-Answer message, in addition to those rules that may have been configured by the other entity. However, when the user's account cannot cover the cost of the requested service, the action taken is the responsibility of the credit-control server that controls the prepaid subscriber.
除信用控制服务器之外的实体可以向接入设备提供与Diameter信用控制应用一起使用的适当IP分组过滤器。例如,这样的实体可以使用当Diameter信用控制应用程序指示RESTRICT\u访问或重定向时要传递的IP流来配置接入设备。接入设备根据可能已经在信用控制应答消息中接收到的过滤规则以及可能已经由其他实体配置的那些规则来传递IP分组。但是,当用户的帐户无法支付所请求服务的费用时,所采取的行动由控制预付费订户的信用控制服务器负责。
If another entity working in conjunction with the Diameter Credit-Control application already provisions the access device with all the required filter rules for the end user, the credit-control server presumably need not send any additional filters. Therefore, it is RECOMMENDED that credit-control server implementations
如果与Diameter Credit Control应用程序一起工作的另一个实体已经为接入设备提供了最终用户所需的所有过滤规则,则信用控制服务器可能不需要发送任何额外的过滤。因此,建议对信用控制服务器实施
supporting graceful service termination be configurable for sending the Restriction-Filter-Rule AVP, the Filter-Rule AVP, the Filter-Id AVP, or none of the above.
支持优雅服务终止可以配置为发送限制过滤规则AVP、过滤规则AVP、过滤Id AVP或以上任何一种。
When the final granted units have been consumed, the credit-control client MUST perform an intermediate interrogation. The credit-control client and the credit-control server process this intermediate interrogation and execute subsequent procedures, as specified in Section 5.6.2.
当消耗了最终授予的单位时,信贷控制客户必须执行中间查询。信贷控制客户端和信贷控制服务器处理此中间询问并执行第5.6.2节规定的后续程序。
The credit-control server may initiate graceful service termination when replying with the action RESTRICT_ACCESS for the first interrogation. This is similar to the behavior specified in Section 5.6.2.
信用控制服务器可在回复第一次询问的操作“限制访问”时启动正常服务终止。这类似于第5.6.2节中规定的行为。
Once the subscriber replenishes the account, they presumably expect all the restrictions applied by the graceful service termination procedure to be removed immediately and unlimited service access to be resumed. For the best user experience, the credit-control server implementation MAY support the server-initiated credit re-authorization (see Section 5.5). In such a case, upon the successful account top-up, the credit-control server sends the Re-Auth-Request (RAR) message to solicit the credit re-authorization. The credit-control client initiates the credit re-authorization by sending the Credit-Control-Request message with the CC-Request-Type AVP set to the value UPDATE_REQUEST. The Used-Service-Unit AVP is not included in the request, as there is no allotted quota to report. The Requested-Service-Unit AVP MAY be included in the request. After the credit-control client successfully receives the Credit-Control-Answer with a new Granted-Service-Unit AVP, all the possible restrictions activated for the purpose of graceful service termination MUST be removed in the Service Element. The credit-control session and the service session continue as usual.
一旦订户补充帐户,他们可能希望立即取消优雅服务终止程序应用的所有限制,并恢复无限服务访问。为了获得最佳用户体验,信用控制服务器实现可能支持服务器发起的信用再授权(参见第5.5节)。在这种情况下,在成功的帐户充值后,信用控制服务器发送重新授权请求(RAR)消息以请求信用重新授权。信用控制客户端通过发送信用控制请求消息,将CC Request Type AVP设置为值UPDATE_Request,启动信用再授权。请求中不包括已使用的服务单元AVP,因为没有分配的报告配额。请求的服务单元AVP可以包括在请求中。在信用控制客户端成功接收到带有新授权服务单元AVP的信用控制应答后,必须在服务元素中删除为正常服务终止而激活的所有可能限制。信贷控制会话和服务会话照常继续。
The CCFH, as described in this section, determines the behavior of the credit-control client in fault situations. The CCFH may be (1) received from the Diameter home AAA server, (2) received from the credit-control server, or (3) configured locally. The CCFH value received from the home AAA server overrides the locally configured value. The CCFH value received from the credit-control server in the Credit-Control-Answer message always overrides any existing values.
如本节所述,CCFH确定信贷控制客户在故障情况下的行为。CCFH可以(1)从Diameter home AAA服务器接收,(2)从信用控制服务器接收,或者(3)在本地配置。从家庭AAA服务器接收的CCFH值覆盖本地配置的值。信用控制应答消息中从信用控制服务器接收的CCFH值始终覆盖任何现有值。
The authorization server MAY include the Accounting-Realtime-Required AVP to determine what to do if the sending of accounting records to the accounting server has been temporarily prevented, as defined in [RFC6733]. It is RECOMMENDED that the client complement the credit-control failure procedures with a backup accounting flow toward an accounting server. By using different combinations of the Accounting-Realtime-Required AVP and the CCFH, different safety levels can be built. For example, by choosing a CCFH equal to CONTINUE for the credit-control flow and an Accounting-Realtime-Required AVP equal to DELIVER_AND_GRANT for the accounting flow, the service can be granted to the end user even if the connection to the credit-control server is down, as long as the accounting server is able to collect the accounting information and information exchange is taking place between the accounting server and credit-control server.
授权服务器可能包括会计实时所需的AVP,以确定如果暂时阻止向会计服务器发送会计记录,该怎么办,如[RFC6733]中所定义。建议客户机使用通向记帐服务器的备份记帐流来补充信贷控制失败过程。通过使用会计实时要求的AVP和CCFH的不同组合,可以建立不同的安全级别。例如,通过为信贷控制流选择等于CONTINUE的CCFH和等于DELIVER_和_GRANT的Accounting Realtime Required AVP,即使与信贷控制服务器的连接中断,也可以将服务授予最终用户,只要会计服务器能够收集会计信息,并且会计服务器和信用控制服务器之间正在进行信息交换。
As the credit-control application is based on real-time bidirectional communication between the credit-control client and the credit-control server, the usage of alternative destinations and the buffering of messages may not be sufficient in the event of communication failures. Because the credit-control server has to maintain session states, moving the credit-control message stream to a backup server requires a complex context transfer solution. Whether the credit-control message stream is moved to a backup credit-control server during an ongoing credit-control session depends on the value of the CC-Session-Failover AVP. However, failover may occur at any point in the path between the credit-control client and the credit-control server if a transport failure is detected with a peer, as described in [RFC6733]. As a consequence, the credit-control server might receive duplicate messages. These duplicate or out-of-sequence messages can be detected in the credit-control server based on the credit-control server session state machine (Section 7), Session-Id AVP, and CC-Request-Number AVP.
由于信用控制应用程序基于信用控制客户端和信用控制服务器之间的实时双向通信,因此在通信失败的情况下,使用替代目的地和消息缓冲可能不够。由于信用控制服务器必须维护会话状态,因此将信用控制消息流移动到备份服务器需要复杂的上下文传输解决方案。在正在进行的信用控制会话期间,信用控制消息流是否移动到备份信用控制服务器取决于CC会话故障转移AVP的值。但是,如[RFC6733]中所述,如果对等方检测到传输故障,则故障转移可能发生在信用控制客户端和信用控制服务器之间路径的任何点上。因此,信用控制服务器可能会收到重复的消息。根据信用控制服务器会话状态机(第7节)、会话Id AVP和CC请求号AVP,可以在信用控制服务器中检测到这些重复或无序消息。
If a failure occurs during an ongoing credit-control session, the credit-control client may move the credit-control message stream to an alternative server if the credit-control server indicated FAILOVER_SUPPORTED in the CC-Session-Failover AVP. A secondary credit-control server name, either received from the home Diameter AAA server or configured locally, can be used as an address of the backup server. If the CC-Session-Failover AVP is set to FAILOVER_NOT_SUPPORTED, the credit-control message stream MUST NOT be moved to a backup server.
如果在正在进行的信用控制会话期间发生故障,则如果信用控制服务器指示CC会话故障切换AVP中支持的故障切换,则信用控制客户端可以将信用控制消息流移动到备用服务器。从home Diameter AAA服务器接收或在本地配置的辅助信用控制服务器名称可以用作备份服务器的地址。如果CC会话故障转移AVP设置为“故障转移不受支持”,则不得将信用控制消息流移动到备份服务器。
For new credit-control sessions, failover to an alternative credit-control server SHOULD be performed, if possible. For instance, if an implementation of the credit-control client can determine primary credit-control server unavailability, it can establish the new credit-control sessions with a possibly available secondary credit-control server.
对于新的信用控制会话,如果可能,应执行到备用信用控制服务器的故障切换。例如,如果信用控制客户端的实现可以确定主信用控制服务器不可用,则它可以与可能可用的辅助信用控制服务器建立新的信用控制会话。
The AAA transport profile [RFC3539] defines an application-layer watchdog algorithm that enables failover from a peer that has failed and is controlled by a watchdog timer (Tw) (defined in [RFC3539]). The recommended default initial value for Tw (Twinit) is 30 seconds. Twinit may be set as low as 6 seconds; however, according to [RFC3539], setting too low a value for Twinit is likely to result in an increased probability of duplicates, as well as an increase in spurious failover and failback attempts. The Diameter base protocol [RFC6733] is common to several different types of Diameter AAA applications that may be run in the same Service Element. Therefore, tuning the timer for Twinit to a lower value in order to satisfy the requirements of real-time applications, such as the Diameter Credit-Control application, will certainly cause the above-mentioned problems. For prepaid services, however, the end user expects an answer from the network in a reasonable time. Thus, the Diameter Credit-Control client will react more quickly than would the underlying base protocol. Therefore, this specification defines the Tx timer (as defined in Section 13), which is used by the credit-control client to supervise communication with the credit-control server. When the Tx timer elapses, the credit-control client takes action for the end user according to the CCFH.
AAA传输配置文件[RFC3539]定义了一种应用层看门狗算法,该算法支持从发生故障的对等方进行故障切换,并由看门狗定时器(Tw)(在[RFC3539]中定义)控制。Tw(Twinit)的建议默认初始值为30秒。Twinit可设置为低至6秒;但是,根据[RFC3539],将Twinit的值设置得太低可能会导致重复的概率增加,以及虚假故障切换和回切尝试的增加。Diameter基本协议[RFC6733]对于可能在同一服务元素中运行的几种不同类型的Diameter AAA应用程序是通用的。因此,将Twinit的计时器调整为较低的值以满足实时应用(如Diameter Credit Control应用)的要求,肯定会导致上述问题。然而,对于预付费服务,最终用户期望在合理的时间内从网络得到答复。因此,Diameter Credit Control客户端的反应将比底层基本协议更快。因此,本规范定义了Tx定时器(如第13节所定义),信贷控制客户端使用该定时器来监督与信贷控制服务器的通信。当Tx计时器过期时,信用控制客户端根据CCFH为最终用户采取操作。
When the Tx timer expires, the Diameter Credit-Control client always terminates the service if the CCFH is set to the value TERMINATE. The credit-control session may be moved to an alternative server only if a protocol error DIAMETER_TOO_BUSY or DIAMETER_UNABLE_TO_DELIVER is received before the Tx timer expires. Therefore, the value TERMINATE is not appropriate if proper failover behavior is desired.
Tx计时器到期时,如果CCFH设置为TERMINATE值,Diameter Credit Control客户端始终终止服务。只有在发送计时器过期之前收到协议错误DIAMETER\u太忙或DIAMETER\u无法\u交付时,才能将信用控制会话移动到备用服务器。因此,如果需要正确的故障切换行为,则值TERMINATE不合适。
If the CCFH is set to the value CONTINUE or RETRY_AND_TERMINATE, the service will be granted to the end user when the Tx timer expires. An Answer message with granted units may arrive later if the base protocol transport failover occurred in the path to the credit-control server. (The Twinit default value is 3 times more than the recommended Tx timeout value.) The credit-control client SHOULD grant the service to the end user, start monitoring resource usage, and wait for the possible late answer until the timeout of the request (e.g., 120 seconds). If the request fails and the CC-Session-Failover AVP is set to FAILOVER_NOT_SUPPORTED, the
如果CCFH设置为值CONTINUE或RETRY_和_TERMINATE,则当Tx定时器到期时,将向最终用户授予服务。如果到信用控制服务器的路径中发生基本协议传输故障转移,则具有已授予单位的应答消息可能会稍后到达。(Twinit默认值是建议的Tx超时值的3倍。)信用控制客户端应将服务授予最终用户,开始监控资源使用情况,并等待可能的延迟应答,直到请求超时(例如120秒)。如果请求失败,并且CC会话故障转移AVP设置为“不支持故障转移”,则
credit-control client terminates or continues the service -- depending on the value set in the CCFH -- and MUST free all the reserved resources for the credit-control session. If the protocol error DIAMETER_UNABLE_TO_DELIVER or DIAMETER_TOO_BUSY is received or the request times out and the CC-Session-Failover AVP is set to FAILOVER_SUPPORTED, the credit-control client MAY send the request to a backup server, if possible. If the credit-control client receives a successful answer from the backup server, it continues the credit-control session with such a server. If the retransmitted request also fails, the credit-control client terminates or continues the service -- depending on the value set in the CCFH -- and MUST free all the reserved resources for the credit-control session.
信用控制客户端终止或继续服务(取决于CCFH中设置的值),并且必须释放信用控制会话的所有保留资源。如果收到协议错误DIAMETER\u UNABLE\u TO\u DELIVER或DIAMETER\u TO\u BUSY,或者请求超时,并且CC会话故障转移AVP设置为Failover\u SUPPORTED,则信用控制客户端可能会将请求发送到备份服务器(如果可能)。如果信用控制客户端从备份服务器收到成功的应答,它将继续与该服务器的信用控制会话。如果重新传输的请求也失败,则信用控制客户端将终止或继续服务(取决于CCFH中设置的值),并且必须释放信用控制会话的所有保留资源。
If a communication failure occurs during the graceful service termination procedure, the Service Element SHOULD always terminate the ongoing service session.
如果在正常服务终止过程中发生通信故障,服务元素应始终终止正在进行的服务会话。
If the credit-control server detects a failure during an ongoing credit-control session, it will terminate the credit-control session and return the reserved units back to the end user's account.
如果信用控制服务器在正在进行的信用控制会话期间检测到故障,它将终止信用控制会话并将保留的单元返回给最终用户的帐户。
The supervision session timer Tcc (as defined in Section 13) is used in the credit-control server to supervise the credit-control session.
信用控制服务器中使用监控会话计时器Tcc(如第13节所定义)来监控信用控制会话。
In order to support failover between credit-control servers, information transfer about the credit-control session and account state SHOULD take place between the primary and secondary credit-control servers. Implementations supporting credit-control session failover MUST also ensure proper detection of duplicate or out-of-sequence messages. Communication between the servers is regarded as an implementation issue and is outside the scope of this specification.
为了支持信用控制服务器之间的故障切换,有关信用控制会话和帐户状态的信息传输应在主信用控制服务器和辅助信用控制服务器之间进行。支持信用控制会话故障切换的实现还必须确保正确检测重复或无序消息。服务器之间的通信被视为实现问题,不在本规范的范围内。
The one-time event is used when there is no need to maintain any state in the Diameter Credit-Control server -- for example, inquiring about the price of the service. The use of a one-time event implies that the user has been authenticated and authorized beforehand.
当不需要维护Diameter Credit Control server中的任何状态(例如,查询服务价格)时,使用一次性事件。使用一次性事件意味着用户事先已经过身份验证和授权。
The one-time event can be used when the credit-control client wants to know the cost of the service event or to check the account balance without any credit reservations. It can also be used for refunding service units on the user's account or for direct debiting without any credit reservations. The one-time event is shown in Figure 8.
当信贷控制客户希望了解服务事件的成本或在没有任何信贷保留的情况下检查帐户余额时,可以使用一次性事件。它还可用于退还用户帐户上的服务单位,或直接借记,无需任何信用卡预订。一次性事件如图8所示。
Diameter End User Service Element AAA Server CC Server (CC Client) | Service Request | | | |------------------>| | | | | CCR(Event) | | | |------------------->| CCR(Event) | | | |------------------->| | | | CCA(Granted-Units)| | | CCA(Granted-Units)|<-------------------| | Service Delivery |<-------------------| | |<----------------->| | |
Diameter End User Service Element AAA Server CC Server (CC Client) | Service Request | | | |------------------>| | | | | CCR(Event) | | | |------------------->| CCR(Event) | | | |------------------->| | | | CCA(Granted-Units)| | | CCA(Granted-Units)|<-------------------| | Service Delivery |<-------------------| | |<----------------->| | |
Figure 8: One-Time Event
图8:一次性事件
In environments such as the 3GPP architecture, the one-time event can be sent from the Service Element directly to the credit-control server.
在诸如3GPP架构之类的环境中,一次性事件可以从服务元素直接发送到信用控制服务器。
The credit-control client may need to know the price of the service event. Services offered by application service providers whose prices are not known in the credit-control client might exist. The end user might also want to get an estimate of the price of a service event before requesting it.
信用控制客户可能需要知道服务事件的价格。信用控制客户端中价格未知的应用程序服务提供商提供的服务可能存在。最终用户可能还希望在请求服务事件之前获得服务事件价格的估计值。
A Diameter Credit-Control client requesting the cost information MUST set the CC-Request-Type AVP equal to EVENT_REQUEST, include the Requested-Action AVP set to PRICE_ENQUIRY, and set the requested service event information in the Service-Identifier AVP in the Credit-Control-Request message. Additional service event information may be sent as service-specific AVPs or within the Service-Parameter-Info AVP. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
请求成本信息的Diameter信用控制客户端必须将CC请求类型AVP设置为事件请求,将请求的操作AVP设置为价格查询,并在信用控制请求消息的服务标识符AVP中设置请求的服务事件信息。附加服务事件信息可作为特定于服务的AVP或在服务参数信息AVP中发送。服务上下文Id AVP指示适用于请求的特定于服务的文档。
The credit-control server calculates the cost of the requested service event, but it does not perform any account-balance checks or credit reservations from the account.
信用控制服务器计算请求的服务事件的成本,但不执行任何帐户余额检查或帐户信用保留。
The estimated cost of the requested service event is returned to the credit-control client in the Cost-Information AVP in the Credit-Control-Answer message.
请求的服务事件的估计成本在信用控制应答消息的成本信息AVP中返回给信用控制客户端。
The Diameter Credit-Control client may only have to verify that the end user's account balance covers the cost of a certain service without reserving any units from the account at the time of the inquiry. This method does not guarantee that credit would be left when the Diameter Credit-Control client requests the debiting of the account with a separate request.
Diameter Credit Control客户端可能只需验证最终用户的账户余额是否涵盖某项服务的成本,而无需在查询时从账户中保留任何单位。此方法不保证Diameter credit Control客户端通过单独请求借记账户时会留下信用。
A Diameter Credit-Control client requesting a balance check MUST set the CC-Request-Type AVP equal to EVENT_REQUEST, include a Requested-Action AVP set to CHECK_BALANCE, and include the Subscription-Id AVP or Subscription-Id-Extension AVP in order to identify the end user in the credit-control server. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
请求余额检查的Diameter信用控制客户端必须将CC请求类型AVP设置为等于EVENT_Request,包括请求的操作AVP设置为check_balance,并包括订阅Id AVP或订阅Id扩展AVP,以便在信用控制服务器中识别最终用户。服务上下文Id AVP指示适用于请求的特定于服务的文档。
The credit-control server makes the balance check, but it does not make any credit reservations from the account.
信用控制服务器进行余额检查,但不会对帐户进行任何信用预订。
The result of the balance check (ENOUGH_CREDIT/NO_CREDIT) is returned to the credit-control client in the Check-Balance-Result AVP in the Credit-Control-Answer message.
余额检查的结果(足够的信用/没有信用)在信用控制应答消息的检查余额结果AVP中返回给信用控制客户端。
There are certain service events for which service execution is always successful in the service environment. The delay between the service invocation and the actual service delivery to the end user can be sufficiently long that the use of session-based credit-control would lead to unreasonably long credit-control sessions. In these cases, the Diameter Credit-Control client can use the one-time event scenario for direct debiting. The Diameter Credit-Control client SHOULD be sure that the requested service event execution would be successful when this scenario is used.
在服务环境中,某些服务事件的服务执行总是成功的。服务调用和向最终用户实际交付服务之间的延迟可能足够长,以至于使用基于会话的信用控制将导致不合理的长信用控制会话。在这些情况下,Diameter Credit Control客户端可以使用一次性事件场景进行直接借记。Diameter Credit Control客户端应确保在使用此场景时请求的服务事件执行将成功。
In the Credit-Control-Request message, the CC-Request-Type AVP is set to the value EVENT_REQUEST and the Requested-Action AVP is set to DIRECT_DEBITING. The Subscription-Id AVP or Subscription-Id-Extension AVP SHOULD be included to identify the end user in the credit-control server. The Event-Timestamp AVP SHOULD be included in the request and contain the time when the service event is requested in the Service Element. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
在信用控制请求消息中,CC请求类型AVP设置为值EVENT_Request,请求的操作AVP设置为DIRECT_DEBITING。应包括订阅Id AVP或订阅Id扩展AVP,以识别信用控制服务器中的最终用户。事件时间戳AVP应包含在请求中,并包含在服务元素中请求服务事件的时间。服务上下文Id AVP指示适用于请求的特定于服务的文档。
If it knows the cost of the service event, the Diameter Credit-Control client MAY include in the Requested-Service-Unit AVP the monetary amount to be charged. If the Diameter Credit-Control client does not know the cost of the service event, the Requested-Service-Unit AVP MAY contain the number of requested service events. The Service-Identifier AVP always indicates the service concerned. Additional service event information to be rated MAY be sent as service-specific AVPs or within the Service-Parameter-Info AVP.
如果知道服务事件的成本,Diameter Credit Control客户端可以在请求的服务单元AVP中包括要收取的货币金额。如果Diameter信用控制客户端不知道服务事件的成本,则请求的服务单元AVP可能包含请求的服务事件的数量。服务标识符AVP始终指示相关的服务。待评级的附加服务事件信息可作为特定于服务的AVP或在服务参数信息AVP中发送。
The credit-control server SHOULD rate the service event and deduct the corresponding monetary amount from the end user's account. If the type of the Requested-Service-Unit AVP is "money", no rating is needed, but the corresponding monetary amount is deducted from the end user's account.
信用控制服务器应对服务事件进行评级,并从最终用户的帐户中扣除相应的金额。如果请求的服务单元AVP类型为“货币”,则不需要评级,但相应的货币金额将从最终用户的帐户中扣除。
The credit-control server returns the Granted-Service-Unit AVP in the Credit-Control-Answer message to the Diameter Credit-Control client. The Granted-Service-Unit AVP contains the amount of service units that the Diameter Credit-Control client can provide to the end user. The type of the Granted-Service-Unit can be time, volume, service-specific, or money, depending on the type of service event.
信用控制服务器将信用控制应答消息中授予的服务单元AVP返回给Diameter信用控制客户端。授权服务单位AVP包含Diameter信用控制客户端可向最终用户提供的服务单位数量。根据服务事件的类型,授予的服务单位的类型可以是时间、数量、特定服务或金钱。
If the credit-control server determines that no credit-control is needed for the service, it can include the result code indicating that the credit-control is not applicable (e.g., the service is free of charge).
如果信用控制服务器确定该服务不需要信用控制,它可以包括指示信用控制不适用的结果代码(例如,该服务是免费的)。
For informative purposes, the Credit-Control-Answer message MAY also include the Cost-Information AVP containing the estimated total cost of the requested service.
出于信息目的,信用控制应答消息还可以包括包含所请求服务的估计总成本的成本信息AVP。
Some services may refund service units to the end user's account -- for example, gaming services.
一些服务可能会将服务单位退还给最终用户的帐户,例如,游戏服务。
The credit-control client MUST set the CC-Request-Type AVP to the value EVENT_REQUEST and the Requested-Action AVP to REFUND_ACCOUNT in the Credit-Control-Request message. The Subscription-Id AVP or Subscription-Id-Extension AVP SHOULD be included to identify the end user in the credit-control server. The Service-Context-Id AVP indicates the service-specific document applicable to the request.
信用控制客户端必须在信用控制请求消息中将CC请求类型AVP设置为值EVENT_Request,并将请求的操作AVP设置为return_ACCOUNT。应包括订阅Id AVP或订阅Id扩展AVP,以识别信用控制服务器中的最终用户。服务上下文Id AVP指示适用于请求的特定于服务的文档。
The Diameter Credit-Control client MAY include the monetary amount to be refunded in the Requested-Service-Unit AVP. The Service-Identifier AVP always indicates the service concerned. If the Diameter Credit-Control client does not know the monetary amount to
Diameter Credit Control客户端可能会在请求的服务单元AVP中包含要退款的金额。服务标识符AVP始终指示相关的服务。如果Diameter信用控制客户不知道要支付的金额
be refunded, in addition to the Service-Identifier AVP it MAY send service-specific AVPs or the Service-Parameter-Info AVP containing additional service event information to be rated.
退款时,除服务标识符AVP外,还可发送特定于服务的AVP或服务参数信息AVP,其中包含待评级的其他服务事件信息。
For informative purposes, the Credit-Control-Answer message MAY also include the Cost-Information AVP containing the estimated monetary amount of refunded units.
出于提供信息的目的,信用控制应答消息还可以包括包含退款单位的估计货币金额的成本信息AVP。
Failover to an alternative credit-control server is allowed for a one-time event, as the server is not maintaining session states. For instance, if the credit-control client receives a protocol error DIAMETER_UNABLE_TO_DELIVER or DIAMETER_TOO_BUSY, it can resend the request to an alternative server, if possible. There MAY be protocol-transparent Diameter relays and redirect agents or Diameter Credit-Control proxies between the credit-control client and credit-control server. Failover may occur at any point in the path between the credit-control client and the credit-control server if a transport failure is detected with a peer, as described in [RFC6733]. Because there can be duplicate requests for various reasons, the credit-control server is responsible for real-time duplicate detection. Implementation issues for duplicate detection are discussed in [RFC6733], Appendix C.
一次性事件允许故障切换到备用信用控制服务器,因为服务器未维护会话状态。例如,如果信用控制客户端接收到协议错误DIAMETER\u UNABLE\u TO\u DELIVER或DIAMETER\u TO\u BUSY,它可以在可能的情况下将请求重新发送到备用服务器。信用控制客户端和信用控制服务器之间可能存在协议透明的Diameter中继和重定向代理或Diameter信用控制代理。如[RFC6733]中所述,如果对等方检测到传输故障,则故障转移可能发生在信用控制客户端和信用控制服务器之间路径的任何点上。由于各种原因可能存在重复请求,因此信用控制服务器负责实时重复检测。[RFC6733]附录C中讨论了重复检测的实现问题。
When the credit-control client detects a communication failure with the credit-control server, its behavior depends on the requested action. The Tx timer (as defined in Section 13) is used in the credit-control client to supervise communication with the credit-control server.
当信用控制客户端检测到与信用控制服务器的通信故障时,其行为取决于请求的操作。Tx定时器(定义见第13节)用于信贷控制客户端,以监督与信贷控制服务器的通信。
If the requested action is PRICE_ENQUIRY or CHECK_BALANCE and a communication failure is detected, the credit-control client SHOULD forward the request messages to an alternative credit-control server, if possible. The secondary credit-control server name, if received from the home Diameter AAA server, can be used as an address of the backup server.
如果请求的操作是价格查询或检查余额,并且检测到通信故障,则信用控制客户端应将请求消息转发到备用信用控制服务器(如果可能)。辅助信用控制服务器名称(如果从home Diameter AAA服务器接收)可以用作备份服务器的地址。
If the requested action is DIRECT_DEBITING, the DDFH controls the credit-control client's behavior. The DDFH may be received from the home Diameter AAA server or may be locally configured. The credit-control server may also send the DDFH in any CCA messages to be used for direct-debiting events compiled thereafter. The DDFH value received from the home Diameter AAA server overrides the locally configured value, and the DDFH value received from the credit-control server in a Credit-Control-Answer message always overrides any existing values.
如果请求的操作是直接借记,DDFH将控制信贷控制客户的行为。DDFH可以从home Diameter AAA服务器接收,也可以本地配置。信用控制服务器还可以在任何CCA消息中发送DDFH,以用于此后编译的直接借记事件。从home Diameter AAA服务器接收的DDFH值覆盖本地配置的值,并且在信用控制应答消息中从信用控制服务器接收的DDFH值始终覆盖任何现有值。
If the DDFH is set to TERMINATE_OR_BUFFER, the credit-control client SHOULD NOT grant the service if, after a possible retransmission attempt to an alternative credit-control server, the credit-control client can eventually determine from the result code or error code in the Answer message that units have not been debited. Otherwise, the credit-control client SHOULD grant the service to the end user and store the request in credit-control application-level non-volatile storage. (Note that resending the request at a later time is not a guarantee that the service will be debited, as the user's account may be empty when the server successfully processes the request.) The credit-control client MUST mark these request messages as possible duplicates by setting the T flag in the command header as described in [RFC6733], Section 3.
如果DDFH被设置为终止_或_缓冲区,则信用控制客户机不应授予服务,如果在可能的重新传输尝试后,信用控制客户机最终可以根据应答消息中的结果代码或错误代码确定未借记单位。否则,信用控制客户端应将服务授予最终用户,并将请求存储在信用控制应用程序级非易失性存储器中。(请注意,稍后重新发送请求并不保证服务将被借记,因为当服务器成功处理请求时,用户的帐户可能为空。)信用控制客户端必须通过在命令头中设置T标志将这些请求消息标记为可能的重复消息,如[RFC6733]中所述,第3节。
If the DDFH is set to CONTINUE, the service SHOULD be granted, even if credit-control messages cannot be delivered and messages are not buffered.
如果DDFH设置为继续,则应授予服务,即使无法传递信用控制消息且消息未缓冲。
If the Tx timer expires, the credit-control client MUST continue the service and wait for a possible late answer. If the request times out, the credit-control client retransmits the request (marked with the T flag) to a backup credit-control server, if possible. If the retransmitted request also times out or if a temporary error is received in answer, the credit-control client buffers the request if the value of the DDFH is set to TERMINATE_OR_BUFFER. If a failed answer is received for the retransmitted request, the credit-control client frees all the resources reserved for the event message and deletes the request regardless of the value of the DDFH.
如果发送计时器过期,信用控制客户端必须继续服务并等待可能的延迟应答。如果请求超时,信用控制客户端将请求(用T标志标记)重新传输到备份信用控制服务器(如果可能)。如果重新传输的请求也超时,或者如果在应答中收到临时错误,则如果DDFH的值设置为TERMINATE_或_BUFFER,则信用控制客户端将缓冲该请求。如果为重新传输的请求接收到失败的应答,则信用控制客户端将释放为事件消息保留的所有资源,并删除该请求,而不考虑DDFH的值。
The Credit-Control-Request with the requested action REFUND_ACCOUNT should always be stored in credit-control application-level non-volatile storage in case a temporary failure occurs. The credit-control client MUST mark the retransmitted request message as a possible duplicate by setting the T flag in the command header as described in [RFC6733], Section 3.
带有请求的操作退款账户的信贷控制请求应始终存储在信贷控制应用程序级非易失性存储器中,以防发生临时故障。信用控制客户端必须按照[RFC6733]第3节所述,通过在命令头中设置T标志,将重新传输的请求消息标记为可能的副本。
For stored requests, the implementation may choose to limit the number of retransmission attempts and to define a retransmission interval.
对于存储的请求,实现可以选择限制重传尝试的次数并定义重传间隔。
Note that only one entity in the credit-control system SHOULD be responsible for duplicate detection. If there is only one credit-control server within the given realm, the credit-control server may perform duplicate detection. If there is more than one credit-control server in a given realm, only one entity in the credit-control system should be responsible, to ensure that the end user's account is not debited or credited multiple times for the same service event.
请注意,信贷控制系统中只有一个实体负责重复检测。如果给定领域内只有一个信用控制服务器,信用控制服务器可能会执行重复检测。如果给定领域中有多个信用控制服务器,则信用控制系统中只有一个实体负责,以确保最终用户的帐户不会因同一服务事件多次借记或贷记。
This section defines five credit-control application state machines. The first four state machines are to be observed by credit-control clients.
本节定义了五种信用控制应用程序状态机。信用控制客户端将观察前四个状态机。
The first state machine describes session-based credit-control where the first interrogation is executed as part of the authorization/ authentication process. The second state machine describes session-based credit-control where the first interrogation is executed after the authorization/authentication process. The requirements regarding what has to be supported for these two state machines are discussed in Section 5.2.
第一状态机描述基于会话的信用控制,其中第一询问作为授权/认证过程的一部分执行。第二个状态机描述基于会话的信用控制,其中在授权/认证过程之后执行第一次询问。第5.2节讨论了关于这两个状态机必须支持的内容的要求。
The third state machine describes session-based credit-control for the intermediate and final interrogations. The fourth state machine describes event-based credit-control. These two state machines are to be observed by all implementations that conform to this specification.
第三状态机描述了中间和最终询问的基于会话的信用控制。第四个状态机描述基于事件的信用控制。符合本规范的所有实现都要遵守这两个状态机。
The fifth state machine describes the credit-control session from a credit-control server's perspective.
第五个状态机从信用控制服务器的角度描述信用控制会话。
Any event not listed in the state machines MUST be considered an error condition, and a corresponding answer, if applicable, MUST be returned to the originator of the message.
任何未在状态机中列出的事件都必须视为错误情况,并且如果适用,必须将相应的答案返回给消息的发起人。
In Tables 3, 4, and 5, the event "failure to send" means that the Diameter Credit-Control client is unable to communicate with the desired destination or, if a failover procedure is supported, with a possibly defined alternative destination (e.g., the request times out and the Answer message is not received). This could be due to (1) the peer being down or (2) a physical link failure in the path to or from the credit-control server.
在表3、4和5中,“发送失败”事件意味着Diameter Credit Control客户端无法与所需目的地通信,或者如果支持故障转移过程,则无法与可能定义的备用目的地通信(例如,请求超时且未收到应答消息)。这可能是由于(1)对等机停机或(2)进出信用控制服务器的路径中的物理链路故障造成的。
The event "temporary error" means that the Diameter Credit-Control client received a protocol error notification (DIAMETER_TOO_BUSY, DIAMETER_UNABLE_TO_DELIVER, or DIAMETER_LOOP_DETECTED) in the Result-Code AVP of the Credit-Control-Answer command. This type of notification may ultimately be received in answer to the retransmitted request to a defined alternative destination, if failover is supported.
事件“临时错误”表示Diameter信用控制客户端在信用控制应答命令的结果代码AVP中收到协议错误通知(Diameter\u太忙、Diameter\u无法\u交付或检测到Diameter\u循环)。如果支持故障转移,则最终可能会收到此类通知,以响应到定义的备用目的地的重新传输请求。
The event "failed answer" means that the Diameter Credit-Control client received a non-transient failure (permanent failure) notification in the Credit-Control-Answer command. This type of notification may ultimately be received in answer to the retransmitted request to a defined alternative destination, if failover is supported.
事件“应答失败”表示Diameter信用控制客户端在信用控制应答命令中收到非暂时性故障(永久性故障)通知。如果支持故障转移,则最终可能会收到此类通知,以响应到定义的备用目的地的重新传输请求。
The action "store request" means that a request is stored in credit-control application-level non-volatile storage.
操作“存储请求”表示请求存储在信用控制应用程序级非易失性存储器中。
The event "not successfully processed" means that the credit-control server could not process the message, e.g., due to an unknown end user, an account being empty, or errors defined in [RFC6733].
事件“未成功处理”表示信用控制服务器无法处理消息,例如,由于未知最终用户、帐户为空或[RFC6733]中定义的错误。
The event "user service terminated" can be triggered for various reasons, e.g., normal user termination, network failure, and ASR (Abort-Session-Request). The Termination-Cause AVP contains information about the reason for termination, as specified in [RFC6733].
“用户服务终止”事件可因各种原因触发,例如,正常用户终止、网络故障和ASR(中止会话请求)。终止原因AVP包含[RFC6733]中规定的有关终止原因的信息。
The Tx timer, which is used to control the waiting time in the credit-control client in the Pending state, is stopped upon exit of the Pending state. The stopping of the Tx timer is omitted in the state machine when the new state is Idle, as moving to Idle state implies the clearing of the session and all the variables associated to it.
Tx定时器用于控制处于挂起状态的信用控制客户端中的等待时间,在挂起状态退出时停止。当新状态为Idle时,状态机中的Tx定时器停止被忽略,因为移动到Idle状态意味着清除会话和与之相关的所有变量。
The states PendingI, PendingU, PendingT, PendingE, and PendingB stand for pending states to wait for an answer to a credit-control request related to Initial, Update, Termination, Event, or Buffered request, respectively.
PendingI、PendingU、PendingT、PendingE和PendingB状态分别代表等待与初始、更新、终止、事件或缓冲请求相关的信用控制请求的响应的挂起状态。
In Table 2, failover to a secondary server upon "temporary error" or "failure to send" is not explicitly described. However, moving an ongoing credit-control message stream to an alternative server is possible if the CC-Session-Failover AVP is set to FAILOVER_SUPPORTED, as described in Section 5.7.
在表2中,没有明确描述在“临时错误”或“发送失败”时故障切换到辅助服务器。但是,如第5.7节所述,如果CC会话故障转移AVP设置为故障转移受支持,则可以将正在进行的信用控制消息流移动到备用服务器。
Resending a credit-control event to an alternative server is supported as described in Section 6.5.
如第6.5节所述,支持向备用服务器重新发送信用控制事件。
+----------+-------------------------------+-------------+----------+ | State | Event | Action | New | | | | | State | +----------+-------------------------------+-------------+----------+ | Idle | Client or device requests | Send | PendingI | | | access/service | AA-Request | | | | | with added | | | | | CC AVPs, | | | | | start Tx | | | | | timer | | | | | | | | PendingI | Successful answer to | Grant | Open | | | AA-Request received | service to | | | | | end user, | | | | | stop Tx | | | | | timer | | | | | | | | PendingI | Tx timer expired | Disconnect | Idle | | | | user/dev | | | | | | | | PendingI | Failed AA-Answer received | Disconnect | Idle | | | | user/dev | | | | | | | | PendingI | AA-Answer received with | Grant | Idle | | | Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE | end user | | | | | | | | PendingI | User service terminated | Queue | PendingI | | | | termination | | | | | event | | | | | | | | PendingI | Change in rating condition | Queue | PendingI | | | | changed | | | | | rating | | | | | condition | | | | | event | | +----------+-------------------------------+-------------+----------+
+----------+-------------------------------+-------------+----------+ | State | Event | Action | New | | | | | State | +----------+-------------------------------+-------------+----------+ | Idle | Client or device requests | Send | PendingI | | | access/service | AA-Request | | | | | with added | | | | | CC AVPs, | | | | | start Tx | | | | | timer | | | | | | | | PendingI | Successful answer to | Grant | Open | | | AA-Request received | service to | | | | | end user, | | | | | stop Tx | | | | | timer | | | | | | | | PendingI | Tx timer expired | Disconnect | Idle | | | | user/dev | | | | | | | | PendingI | Failed AA-Answer received | Disconnect | Idle | | | | user/dev | | | | | | | | PendingI | AA-Answer received with | Grant | Idle | | | Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE | end user | | | | | | | | PendingI | User service terminated | Queue | PendingI | | | | termination | | | | | event | | | | | | | | PendingI | Change in rating condition | Queue | PendingI | | | | changed | | | | | rating | | | | | condition | | | | | event | | +----------+-------------------------------+-------------+----------+
Table 2: Session-Based Client State Machine for the First Interrogation with AA-Request
表2:AA请求第一次询问的基于会话的客户端状态机
+----------+-------------------------------+-------------+----------+ | State | Event | Action | New | | | | | State | +----------+-------------------------------+-------------+----------+ | Idle | Client or device requests | Send CC | PendingI | | | access/service | initial | | | | | req., start | | | | | Tx timer | | | | | | | | PendingI | Successful CC initial answer | Stop Tx | Open | | | received | timer | | | | | | | | PendingI | Failure to send, or temporary | Grant | Idle | | | error and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingI | Failure to send, or temporary | Terminate | Idle | | | error and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | | | PendingI | Tx timer expired and CCFH | Terminate | Idle | | | equal to TERMINATE | end user's | | | | | service | | | | | | | | PendingI | Tx timer expired and CCFH | Grant | PendingI | | | equal to CONTINUE or to | service to | | | | RETRY_AND_TERMINATE | end user | | | | | | | | PendingI | CC initial answer received | Terminate | Idle | | | with Result-Code equal to | end user's | | | | END_USER_SERVICE_DENIED or to | service | | | | USER_UNKNOWN | | | | | | | | | PendingI | CC initial answer received | Grant | Idle | | | with Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE | end user | | | | | | | | PendingI | Failed CC initial answer | Grant | Idle | | | received and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingI | Failed CC initial answer | Terminate | Idle | | | received and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | |
+----------+-------------------------------+-------------+----------+ | State | Event | Action | New | | | | | State | +----------+-------------------------------+-------------+----------+ | Idle | Client or device requests | Send CC | PendingI | | | access/service | initial | | | | | req., start | | | | | Tx timer | | | | | | | | PendingI | Successful CC initial answer | Stop Tx | Open | | | received | timer | | | | | | | | PendingI | Failure to send, or temporary | Grant | Idle | | | error and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingI | Failure to send, or temporary | Terminate | Idle | | | error and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | | | PendingI | Tx timer expired and CCFH | Terminate | Idle | | | equal to TERMINATE | end user's | | | | | service | | | | | | | | PendingI | Tx timer expired and CCFH | Grant | PendingI | | | equal to CONTINUE or to | service to | | | | RETRY_AND_TERMINATE | end user | | | | | | | | PendingI | CC initial answer received | Terminate | Idle | | | with Result-Code equal to | end user's | | | | END_USER_SERVICE_DENIED or to | service | | | | USER_UNKNOWN | | | | | | | | | PendingI | CC initial answer received | Grant | Idle | | | with Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE | end user | | | | | | | | PendingI | Failed CC initial answer | Grant | Idle | | | received and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingI | Failed CC initial answer | Terminate | Idle | | | received and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | |
| PendingI | User service terminated | Queue | PendingI | | | | termination | | | | | event | | | | | | | | PendingI | Change in rating condition | Queue | PendingI | | | | changed | | | | | rating | | | | | condition | | | | | event | | +----------+-------------------------------+-------------+----------+
| PendingI | User service terminated | Queue | PendingI | | | | termination | | | | | event | | | | | | | | PendingI | Change in rating condition | Queue | PendingI | | | | changed | | | | | rating | | | | | condition | | | | | event | | +----------+-------------------------------+-------------+----------+
Table 3: Session-Based Client State Machine for the First Interrogation with CCR
表3:CCR第一次询问的基于会话的客户端状态机
+----------+-------------------------------+-------------+----------+ | State | Event | Action | New | | | | | State | +----------+-------------------------------+-------------+----------+ | Open | Granted unit elapses and no | Send CC | PendingU | | | final-unit indication | update | | | | received | req., start | | | | | Tx timer | | | | | | | | Open | Granted unit elapses and | Terminate | PendingT | | | final unit action equal to | end user's | | | | TERMINATE received | service, | | | | | send CC | | | | | termination | | | | | req. | | | | | | | | Open | Change in rating condition in | Send CC | PendingU | | | queue | update | | | | | req., start | | | | | Tx timer | | | | | | | | Open | Service terminated in queue | Send CC | PendingT | | | | termination | | | | | req. | | | | | | | | Open | Change in rating condition or | Send CC | PendingU | | | Validity-Time elapses | update | | | | | req., start | | | | | Tx timer | | | | | | | | Open | User service terminated | Send CC | PendingT | | | | termination | | | | | req. | |
+----------+-------------------------------+-------------+----------+ | State | Event | Action | New | | | | | State | +----------+-------------------------------+-------------+----------+ | Open | Granted unit elapses and no | Send CC | PendingU | | | final-unit indication | update | | | | received | req., start | | | | | Tx timer | | | | | | | | Open | Granted unit elapses and | Terminate | PendingT | | | final unit action equal to | end user's | | | | TERMINATE received | service, | | | | | send CC | | | | | termination | | | | | req. | | | | | | | | Open | Change in rating condition in | Send CC | PendingU | | | queue | update | | | | | req., start | | | | | Tx timer | | | | | | | | Open | Service terminated in queue | Send CC | PendingT | | | | termination | | | | | req. | | | | | | | | Open | Change in rating condition or | Send CC | PendingU | | | Validity-Time elapses | update | | | | | req., start | | | | | Tx timer | | | | | | | | Open | User service terminated | Send CC | PendingT | | | | termination | | | | | req. | |
| | | | | | Open | RAR received | Send RAA | PendingU | | | | followed by | | | | | CC update | | | | | req., start | | | | | Tx timer | | | | | | | | PendingU | Successful CC update answer | Stop Tx | Open | | | received | timer | | | | | | | | PendingU | Failure to send, or temporary | Grant | Idle | | | error and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingU | Failure to send, or temporary | Terminate | Idle | | | error and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | | | PendingU | Tx timer expired and CCFH | Terminate | Idle | | | equal to TERMINATE | end user's | | | | | service | | | | | | | | PendingU | Tx timer expired and CCFH | Grant | PendingU | | | equal to CONTINUE or to | service to | | | | RETRY_AND_TERMINATE | end user | | | | | | | | PendingU | CC update answer received | Terminate | Idle | | | with Result-Code equal to | end user's | | | | END_USER_SERVICE_DENIED | service | | | | | | | | PendingU | CC update answer received | Grant | Idle | | | with Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE | end user | | | | | | | | PendingU | Failed CC update answer | Grant | Idle | | | received and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingU | Failed CC update answer | Terminate | Idle | | | received and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | | | PendingU | User service terminated | Queue | PendingU | | | | termination | | | | | event | | | | | | |
| | | | | | Open | RAR received | Send RAA | PendingU | | | | followed by | | | | | CC update | | | | | req., start | | | | | Tx timer | | | | | | | | PendingU | Successful CC update answer | Stop Tx | Open | | | received | timer | | | | | | | | PendingU | Failure to send, or temporary | Grant | Idle | | | error and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingU | Failure to send, or temporary | Terminate | Idle | | | error and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | | | PendingU | Tx timer expired and CCFH | Terminate | Idle | | | equal to TERMINATE | end user's | | | | | service | | | | | | | | PendingU | Tx timer expired and CCFH | Grant | PendingU | | | equal to CONTINUE or to | service to | | | | RETRY_AND_TERMINATE | end user | | | | | | | | PendingU | CC update answer received | Terminate | Idle | | | with Result-Code equal to | end user's | | | | END_USER_SERVICE_DENIED | service | | | | | | | | PendingU | CC update answer received | Grant | Idle | | | with Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE | end user | | | | | | | | PendingU | Failed CC update answer | Grant | Idle | | | received and CCFH equal to | service to | | | | CONTINUE | end user | | | | | | | | PendingU | Failed CC update answer | Terminate | Idle | | | received and CCFH equal to | end user's | | | | TERMINATE or to | service | | | | RETRY_AND_TERMINATE | | | | | | | | | PendingU | User service terminated | Queue | PendingU | | | | termination | | | | | event | | | | | | |
| PendingU | Change in rating condition | Queue | PendingU | | | | changed | | | | | rating | | | | | condition | | | | | event | | | | | | | | PendingU | RAR received | Send RAA | PendingU | | | | | | | PendingT | Successful CC termination | | Idle | | | answer received | | | | | | | | | PendingT | Failure to send, temporary | | Idle | | | error, or failed answer | | | | | | | | | PendingT | Change in rating condition | | PendingT | +----------+-------------------------------+-------------+----------+
| PendingU | Change in rating condition | Queue | PendingU | | | | changed | | | | | rating | | | | | condition | | | | | event | | | | | | | | PendingU | RAR received | Send RAA | PendingU | | | | | | | PendingT | Successful CC termination | | Idle | | | answer received | | | | | | | | | PendingT | Failure to send, temporary | | Idle | | | error, or failed answer | | | | | | | | | PendingT | Change in rating condition | | PendingT | +----------+-------------------------------+-------------+----------+
Table 4: Session-Based Client State Machine for Intermediate and Final Interrogations
表4:用于中间和最终询问的基于会话的客户端状态机
+----------+--------------------------------+------------+----------+ | State | Event | Action | New | | | | | State | +----------+--------------------------------+------------+----------+ | Idle | Client or device requests a | Send CC | PendingE | | | one-time service | event | | | | | req., | | | | | start Tx | | | | | timer | | | | | | | | Idle | Request in storage | Send | PendingB | | | | stored | | | | | request | | | | | | | | PendingE | Successful CC event answer | Grant | Idle | | | received | service to | | | | | end user | | | | | | | | PendingE | Failure to send, temporary | Indicate | Idle | | | error, failed CC event answer | service | | | | received, or Tx timer expired; | error | | | | requested action CHECK_BALANCE | | | | | or PRICE_ENQUIRY | | | | | | | |
+----------+--------------------------------+------------+----------+ | State | Event | Action | New | | | | | State | +----------+--------------------------------+------------+----------+ | Idle | Client or device requests a | Send CC | PendingE | | | one-time service | event | | | | | req., | | | | | start Tx | | | | | timer | | | | | | | | Idle | Request in storage | Send | PendingB | | | | stored | | | | | request | | | | | | | | PendingE | Successful CC event answer | Grant | Idle | | | received | service to | | | | | end user | | | | | | | | PendingE | Failure to send, temporary | Indicate | Idle | | | error, failed CC event answer | service | | | | received, or Tx timer expired; | error | | | | requested action CHECK_BALANCE | | | | | or PRICE_ENQUIRY | | | | | | | |
| PendingE | CC event answer received with | Terminate | Idle | | | Result-Code equal to | end user's | | | | END_USER_SERVICE_DENIED or to | service | | | | USER_UNKNOWN and Tx timer | | | | | running | | | | | | | | | PendingE | CC event answer received with | Grant | Idle | | | Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE; | end user | | | | requested action | | | | | DIRECT_DEBITING | | | | | | | | | PendingE | Failure to send, temporary | Grant | Idle | | | error, or failed CC event | service to | | | | answer received; requested | end user | | | | action DIRECT_DEBITING; DDFH | | | | | equal to CONTINUE | | | | | | | | | PendingE | Failed CC event answer | Terminate | Idle | | | received or temporary error; | end user's | | | | requested action | service | | | | DIRECT_DEBITING; DDFH equal to | | | | | TERMINATE_OR_BUFFER and Tx | | | | | timer running | | | | | | | | | PendingE | Tx timer expired; requested | Grant | PendingE | | | action DIRECT_DEBITING | service to | | | | | end user | | | | | | | | PendingE | Failure to send; requested | Store | Idle | | | action DIRECT_DEBITING; DDFH | request | | | | equal to TERMINATE_OR_BUFFER | with | | | | | T flag | | | | | | | | PendingE | Temporary error; requested | Store | Idle | | | action DIRECT_DEBITING; DDFH | request | | | | equal to TERMINATE_OR_BUFFER; | | | | | Tx timer expired | | | | | | | | | PendingE | Failed answer or answer | | Idle | | | received with Result-Code | | | | | equal to END_USER_SERVICE | | | | | DENIED or to USER_UNKNOWN; | | | | | requested action | | | | | DIRECT_DEBITING; Tx timer | | | | | expired | | | | | | | |
| PendingE | CC event answer received with | Terminate | Idle | | | Result-Code equal to | end user's | | | | END_USER_SERVICE_DENIED or to | service | | | | USER_UNKNOWN and Tx timer | | | | | running | | | | | | | | | PendingE | CC event answer received with | Grant | Idle | | | Result-Code equal to | service to | | | | CREDIT_CONTROL_NOT_APPLICABLE; | end user | | | | requested action | | | | | DIRECT_DEBITING | | | | | | | | | PendingE | Failure to send, temporary | Grant | Idle | | | error, or failed CC event | service to | | | | answer received; requested | end user | | | | action DIRECT_DEBITING; DDFH | | | | | equal to CONTINUE | | | | | | | | | PendingE | Failed CC event answer | Terminate | Idle | | | received or temporary error; | end user's | | | | requested action | service | | | | DIRECT_DEBITING; DDFH equal to | | | | | TERMINATE_OR_BUFFER and Tx | | | | | timer running | | | | | | | | | PendingE | Tx timer expired; requested | Grant | PendingE | | | action DIRECT_DEBITING | service to | | | | | end user | | | | | | | | PendingE | Failure to send; requested | Store | Idle | | | action DIRECT_DEBITING; DDFH | request | | | | equal to TERMINATE_OR_BUFFER | with | | | | | T flag | | | | | | | | PendingE | Temporary error; requested | Store | Idle | | | action DIRECT_DEBITING; DDFH | request | | | | equal to TERMINATE_OR_BUFFER; | | | | | Tx timer expired | | | | | | | | | PendingE | Failed answer or answer | | Idle | | | received with Result-Code | | | | | equal to END_USER_SERVICE | | | | | DENIED or to USER_UNKNOWN; | | | | | requested action | | | | | DIRECT_DEBITING; Tx timer | | | | | expired | | | | | | | |
| PendingE | Failed CC event answer | Indicate | Idle | | | received; requested action | service | | | | REFUND_ACCOUNT | error and | | | | | delete | | | | | request | | | | | | | | PendingE | Failure to send or Tx timer | Store | Idle | | | expired; requested action | request | | | | REFUND_ACCOUNT | with | | | | | T flag | | | | | | | | PendingE | Temporary error; requested | Store | Idle | | | action REFUND_ACCOUNT | request | | | | | | | | PendingB | Successful CC answer received | Delete | Idle | | | | request | | | | | | | | PendingB | Failed CC answer received | Delete | Idle | | | | request | | | | | | | | PendingB | Failure to send or temporary | | Idle | | | error | | | +----------+--------------------------------+------------+----------+
| PendingE | Failed CC event answer | Indicate | Idle | | | received; requested action | service | | | | REFUND_ACCOUNT | error and | | | | | delete | | | | | request | | | | | | | | PendingE | Failure to send or Tx timer | Store | Idle | | | expired; requested action | request | | | | REFUND_ACCOUNT | with | | | | | T flag | | | | | | | | PendingE | Temporary error; requested | Store | Idle | | | action REFUND_ACCOUNT | request | | | | | | | | PendingB | Successful CC answer received | Delete | Idle | | | | request | | | | | | | | PendingB | Failed CC answer received | Delete | Idle | | | | request | | | | | | | | PendingB | Failure to send or temporary | | Idle | | | error | | | +----------+--------------------------------+------------+----------+
Table 5: One-Time Event Client State Machine
表5:一次性事件客户端状态机
+-------+------------------------+--------------------------+-------+ | State | Event | Action | New | | | | | State | +-------+------------------------+--------------------------+-------+ | Idle | CC initial request | Send CC initial answer, | Open | | | received and | reserve units, start Tcc | | | | successfully processed | | | | | | | | | Idle | CC initial request | Send CC initial answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS | | | | | | | | Idle | CC event request | Send CC event answer | Idle | | | received and | | | | | successfully processed | | | | | | | | | Idle | CC event request | Send CC event answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS | | | | | | |
+-------+------------------------+--------------------------+-------+ | State | Event | Action | New | | | | | State | +-------+------------------------+--------------------------+-------+ | Idle | CC initial request | Send CC initial answer, | Open | | | received and | reserve units, start Tcc | | | | successfully processed | | | | | | | | | Idle | CC initial request | Send CC initial answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS | | | | | | | | Idle | CC event request | Send CC event answer | Idle | | | received and | | | | | successfully processed | | | | | | | | | Idle | CC event request | Send CC event answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS | | | | | | |
| Open | CC update request | Send CC update answer, | Open | | | received and | debit used units, | | | | successfully processed | reserve new units, | | | | | restart Tcc | | | | | | | | Open | CC update request | Send CC update answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS, debit used | | | | | units | | | | | | | | Open | CC termination request | Send CC termin. answer, | Idle | | | received and | stop Tcc, debit used | | | | successfully processed | units | | | | | | | | Open | CC termination request | Send CC termin. answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS, debit used | | | | | units | | | | | | | | Open | Session supervision | Release reserved units | Idle | | | timer Tcc expired | | | +-------+------------------------+--------------------------+-------+
| Open | CC update request | Send CC update answer, | Open | | | received and | debit used units, | | | | successfully processed | reserve new units, | | | | | restart Tcc | | | | | | | | Open | CC update request | Send CC update answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS, debit used | | | | | units | | | | | | | | Open | CC termination request | Send CC termin. answer, | Idle | | | received and | stop Tcc, debit used | | | | successfully processed | units | | | | | | | | Open | CC termination request | Send CC termin. answer | Idle | | | received but not | with Result-Code != | | | | successfully processed | SUCCESS, debit used | | | | | units | | | | | | | | Open | Session supervision | Release reserved units | Idle | | | timer Tcc expired | | | +-------+------------------------+--------------------------+-------+
Table 6: Session-Based and Event-Based Server State Machine
表6:基于会话和基于事件的服务器状态机
This section defines the Credit-Control AVPs that are specific to the Diameter Credit-Control application and that MAY be included in the Diameter Credit-Control messages.
本节定义了特定于Diameter信用控制应用程序且可能包含在Diameter信用控制消息中的信用控制AVP。
The AVPs defined in this section MAY also be included in authorization commands defined in authorization-specific applications, such as [RFC7155] and [RFC4004], if the first interrogation is performed as part of the authorization/ authentication process, as described in Section 5.2.
如第5.2节所述,如果第一次询问是作为授权/认证过程的一部分执行的,则本节中定义的AVP也可包括在授权特定应用程序(如[RFC7155]和[RFC4004])中定义的授权命令中。
The Diameter AVP rules are defined in [RFC6733], Section 4. These AVP rules are observed in AVPs defined in this section.
[RFC6733]第4节定义了直径AVP规则。这些AVP规则在本节定义的AVP中得到遵守。
The following table describes the Diameter AVPs defined in the credit-control application, their AVP Code values, types, and possible flag values. The AVP Flag rules ('M', 'V') are explained in [RFC6733], Section 4.1.
下表描述了信贷控制应用程序中定义的直径AVP、其AVP代码值、类型和可能的标志值。[RFC6733]第4.1节解释了AVP标志规则(“M”、“V”)。
+---------------+ |AVP Flag Rules | Defined |----+-----+----| AVP in | | |MUST| Attribute Name Code Section Data Type |MUST| MAY |NOT | ----------------------------------------------------|----+-----+----| CC-Correlation-Id 411 8.1 OctetString | | M | V | CC-Input-Octets 412 8.24 Unsigned64 | M | | V | CC-Money 413 8.22 Grouped | M | | V | CC-Output-Octets 414 8.25 Unsigned64 | M | | V | CC-Request-Number 415 8.2 Unsigned32 | M | | V | CC-Request-Type 416 8.3 Enumerated | M | | V | CC-Service-Specific- 417 8.26 Unsigned64 | M | | V | Units | | | | CC-Session-Failover 418 8.4 Enumerated | M | | V | CC-Sub-Session-Id 419 8.5 Unsigned64 | M | | V | CC-Time 420 8.21 Unsigned32 | M | | V | CC-Total-Octets 421 8.23 Unsigned64 | M | | V | CC-Unit-Type 454 8.32 Enumerated | M | | V | Check-Balance-Result 422 8.6 Enumerated | M | | V | Cost-Information 423 8.7 Grouped | M | | V | Cost-Unit 424 8.12 UTF8String | M | | V | Credit-Control 426 8.13 Enumerated | M | | V | Credit-Control- 427 8.14 Enumerated | M | | V | Failure-Handling | | | | Currency-Code 425 8.11 Unsigned32 | M | | V | Direct-Debiting- 428 8.15 Enumerated | M | | V | Failure-Handling | | | | Exponent 429 8.9 Integer32 | M | | V | Final-Unit-Action 449 8.35 Enumerated | M | | V | Final-Unit-Indication 430 8.34 Grouped | M | | V | QoS-Final-Unit-Indication 669 8.68 Grouped | | M | V | Granted-Service-Unit 431 8.17 Grouped | M | | V | G-S-U-Pool-Identifier 453 8.31 Unsigned32 | M | | V | G-S-U-Pool-Reference 457 8.30 Grouped | M | | V | Multiple-Services- 456 8.16 Grouped | M | | V | Credit-Control | | | | Multiple-Services- 455 8.40 Enumerated | M | | V | Indicator | | | | Rating-Group 432 8.29 Unsigned32 | M | | V | Redirect-Address-Type 433 8.38 Enumerated | M | | V | Redirect-Server 434 8.37 Grouped | M | | V | Redirect-Server-Address 435 8.39 UTF8String | M | | V | Redirect-Server-Extension 665 8.64 Grouped | | M | V | Redirect-Address- 666 8.65 Address | | M | V | IPAddress | | | | Redirect-Address-URL 667 8.66 UTF8String | | M | V | Redirect-Address-SIP-URI 668 8.67 UTF8String | | M | V |
+---------------+ |AVP Flag Rules | Defined |----+-----+----| AVP in | | |MUST| Attribute Name Code Section Data Type |MUST| MAY |NOT | ----------------------------------------------------|----+-----+----| CC-Correlation-Id 411 8.1 OctetString | | M | V | CC-Input-Octets 412 8.24 Unsigned64 | M | | V | CC-Money 413 8.22 Grouped | M | | V | CC-Output-Octets 414 8.25 Unsigned64 | M | | V | CC-Request-Number 415 8.2 Unsigned32 | M | | V | CC-Request-Type 416 8.3 Enumerated | M | | V | CC-Service-Specific- 417 8.26 Unsigned64 | M | | V | Units | | | | CC-Session-Failover 418 8.4 Enumerated | M | | V | CC-Sub-Session-Id 419 8.5 Unsigned64 | M | | V | CC-Time 420 8.21 Unsigned32 | M | | V | CC-Total-Octets 421 8.23 Unsigned64 | M | | V | CC-Unit-Type 454 8.32 Enumerated | M | | V | Check-Balance-Result 422 8.6 Enumerated | M | | V | Cost-Information 423 8.7 Grouped | M | | V | Cost-Unit 424 8.12 UTF8String | M | | V | Credit-Control 426 8.13 Enumerated | M | | V | Credit-Control- 427 8.14 Enumerated | M | | V | Failure-Handling | | | | Currency-Code 425 8.11 Unsigned32 | M | | V | Direct-Debiting- 428 8.15 Enumerated | M | | V | Failure-Handling | | | | Exponent 429 8.9 Integer32 | M | | V | Final-Unit-Action 449 8.35 Enumerated | M | | V | Final-Unit-Indication 430 8.34 Grouped | M | | V | QoS-Final-Unit-Indication 669 8.68 Grouped | | M | V | Granted-Service-Unit 431 8.17 Grouped | M | | V | G-S-U-Pool-Identifier 453 8.31 Unsigned32 | M | | V | G-S-U-Pool-Reference 457 8.30 Grouped | M | | V | Multiple-Services- 456 8.16 Grouped | M | | V | Credit-Control | | | | Multiple-Services- 455 8.40 Enumerated | M | | V | Indicator | | | | Rating-Group 432 8.29 Unsigned32 | M | | V | Redirect-Address-Type 433 8.38 Enumerated | M | | V | Redirect-Server 434 8.37 Grouped | M | | V | Redirect-Server-Address 435 8.39 UTF8String | M | | V | Redirect-Server-Extension 665 8.64 Grouped | | M | V | Redirect-Address- 666 8.65 Address | | M | V | IPAddress | | | | Redirect-Address-URL 667 8.66 UTF8String | | M | V | Redirect-Address-SIP-URI 668 8.67 UTF8String | | M | V |
Requested-Action 436 8.41 Enumerated | M | | V | Requested-Service-Unit 437 8.18 Grouped | M | | V | Restriction-Filter-Rule 438 8.36 IPFilterRule| M | | V | Service-Context-Id 461 8.42 UTF8String | M | | V | Service-Identifier 439 8.28 Unsigned32 | M | | V | Service-Parameter-Info 440 8.43 Grouped | | M | V | Service-Parameter-Type 441 8.44 Unsigned32 | | M | V | Service-Parameter-Value 442 8.45 OctetString | | M | V | Subscription-Id 443 8.46 Grouped | M | | V | Subscription-Id-Data 444 8.48 UTF8String | M | | V | Subscription-Id-Type 450 8.47 Enumerated | M | | V | Subscription-Id-Extension 659 8.58 Grouped | | M | V | Subscription-Id-E164 660 8.59 UTF8String | | M | V | Subscription-Id-IMSI 661 8.60 UTF8String | | M | V | Subscription-Id-SIP-URI 662 8.61 UTF8String | | M | V | Subscription-Id-NAI 663 8.62 UTF8String | | M | V | Subscription-Id-Private 664 8.63 UTF8String | | M | V | Tariff-Change-Usage 452 8.27 Enumerated | M | | V | Tariff-Time-Change 451 8.20 Time | M | | V | Unit-Value 445 8.8 Grouped | M | | V | Used-Service-Unit 446 8.19 Grouped | M | | V | User-Equipment-Info 458 8.49 Grouped | | M | V | User-Equipment-Info-Type 459 8.50 Enumerated | | M | V | User-Equipment-Info-Value 460 8.51 OctetString | | M | V | User-Equipment-Info- 653 8.52 Grouped | | M | V | Extension | | | | User-Equipment-Info- 654 8.53 OctetString | | M | V | IMEISV | | | | User-Equipment-Info-MAC 655 8.54 OctetString | | M | V | User-Equipment-Info-EUI64 656 8.55 OctetString | | M | V | User-Equipment-Info- 657 8.56 OctetString | | M | V | ModifiedEUI64 | | | | User-Equipment-Info-IMEI 658 8.57 OctetString | | M | V | Value-Digits 447 8.10 Integer64 | M | | V | Validity-Time 448 8.33 Unsigned32 | M | | V |
Requested-Action 436 8.41 Enumerated | M | | V | Requested-Service-Unit 437 8.18 Grouped | M | | V | Restriction-Filter-Rule 438 8.36 IPFilterRule| M | | V | Service-Context-Id 461 8.42 UTF8String | M | | V | Service-Identifier 439 8.28 Unsigned32 | M | | V | Service-Parameter-Info 440 8.43 Grouped | | M | V | Service-Parameter-Type 441 8.44 Unsigned32 | | M | V | Service-Parameter-Value 442 8.45 OctetString | | M | V | Subscription-Id 443 8.46 Grouped | M | | V | Subscription-Id-Data 444 8.48 UTF8String | M | | V | Subscription-Id-Type 450 8.47 Enumerated | M | | V | Subscription-Id-Extension 659 8.58 Grouped | | M | V | Subscription-Id-E164 660 8.59 UTF8String | | M | V | Subscription-Id-IMSI 661 8.60 UTF8String | | M | V | Subscription-Id-SIP-URI 662 8.61 UTF8String | | M | V | Subscription-Id-NAI 663 8.62 UTF8String | | M | V | Subscription-Id-Private 664 8.63 UTF8String | | M | V | Tariff-Change-Usage 452 8.27 Enumerated | M | | V | Tariff-Time-Change 451 8.20 Time | M | | V | Unit-Value 445 8.8 Grouped | M | | V | Used-Service-Unit 446 8.19 Grouped | M | | V | User-Equipment-Info 458 8.49 Grouped | | M | V | User-Equipment-Info-Type 459 8.50 Enumerated | | M | V | User-Equipment-Info-Value 460 8.51 OctetString | | M | V | User-Equipment-Info- 653 8.52 Grouped | | M | V | Extension | | | | User-Equipment-Info- 654 8.53 OctetString | | M | V | IMEISV | | | | User-Equipment-Info-MAC 655 8.54 OctetString | | M | V | User-Equipment-Info-EUI64 656 8.55 OctetString | | M | V | User-Equipment-Info- 657 8.56 OctetString | | M | V | ModifiedEUI64 | | | | User-Equipment-Info-IMEI 658 8.57 OctetString | | M | V | Value-Digits 447 8.10 Integer64 | M | | V | Validity-Time 448 8.33 Unsigned32 | M | | V |
The CC-Correlation-Id AVP (AVP Code 411) is of type OctetString and contains information to correlate credit-control requests generated for different components of the service, e.g., transport and service level. Whoever allocates the Service-Context-Id (i.e., a unique identifier of a service-specific document) is also responsible for defining the content and encoding of the CC-Correlation-Id AVP.
CC Correlation Id AVP(AVP代码411)是OctetString类型,包含用于关联为服务的不同组件(例如,传输和服务级别)生成的信用控制请求的信息。分配服务上下文Id(即,特定于服务的文档的唯一标识符)的人也负责定义CC Correlation Id AVP的内容和编码。
The CC-Request-Number AVP (AVP Code 415) is of type Unsigned32 and identifies this request within one session. As Session-Id AVPs are globally unique, the combination of the Session-Id AVP and the CC-Request-Number AVP is also globally unique and can be used in matching credit-control messages with confirmations. An easy way to produce unique numbers is to set the value of the CC-Request-Number AVP to 0 for a credit-control request with a CC-Request-Type AVP of INITIAL_REQUEST (the initial request in a session). The value of the CC-Request-Number AVP should be set to 1 for the first UPDATE_REQUEST, to 2 for the second, and so on until the value for TERMINATION_REQUEST is one more than the value for the last UPDATE_REQUEST. In the case of event charging (when the CC-Request-Type AVP has the value EVENT_REQUEST), the CC-Request-Number AVP should be set to 0 for a credit-control request.
CC请求号AVP(AVP代码415)的类型为Unsigned32,并且在一个会话内标识该请求。由于会话Id AVP是全局唯一的,会话Id AVP和CC请求号AVP的组合也是全局唯一的,并且可以用于将信用控制消息与确认匹配。生成唯一编号的一种简单方法是,对于CC请求类型AVP为INITIAL_Request(会话中的初始请求)的信用控制请求,将CC请求编号AVP的值设置为0。对于第一个更新请求,CC请求编号AVP的值应设置为1,对于第二个更新请求,应设置为2,依此类推,直到终止请求的值比最后一个更新请求的值多一个。在事件计费的情况下(当CC请求类型AVP的值为event_Request时),信用控制请求的CC请求编号AVP应设置为0。
The CC-Request-Type AVP (AVP Code 416) is of type Enumerated and contains the reason for sending the Credit-Control-Request message. It MUST be present in all Credit-Control-Request messages. The following values are defined for the CC-Request-Type AVP (the value of 0 (zero) is reserved):
CC请求类型AVP(AVP代码416)属于枚举类型,并且包含发送信用控制请求消息的原因。它必须出现在所有信用控制请求消息中。为CC请求类型AVP定义了以下值(保留0(零)的值):
INITIAL_REQUEST 1
初始请求1
This request is used to initiate a credit-control session. It contains credit-control information that is relevant to the initiation.
此请求用于启动信用控制会话。它包含与启动相关的信用控制信息。
UPDATE_REQUEST 2
更新请求2
This request contains credit-control information for an existing credit-control session. Credit-control requests of this type SHOULD be sent every time a credit-control re-authorization is needed at the expiry of the allocated quota or validity time. Further, additional service-specific events MAY trigger a spontaneous UPDATE_REQUEST.
此请求包含现有信用控制会话的信用控制信息。在分配的配额或有效期到期时,每次需要信用控制重新授权时,都应发送此类信用控制请求。此外,其他特定于服务的事件可能会触发自发的更新请求。
TERMINATION_REQUEST 3
终止请求3
This request is sent to terminate a credit-control session. It contains credit-control information relevant to the existing session.
发送此请求以终止信用控制会话。它包含与现有会话相关的信用控制信息。
EVENT_REQUEST 4
事件请求4
This request is used when there is no need to maintain any credit-control session state in the credit-control server. It contains all information relevant to the service and is the only request of the service. The reason for this request is further detailed in the Requested-Action AVP. The Requested-Action AVP MUST be included in the Credit-Control-Request message when CC-Request-Type is set to EVENT_REQUEST.
当不需要在信用控制服务器中维护任何信用控制会话状态时,使用此请求。它包含与服务相关的所有信息,是服务的唯一请求。请求的原因在请求的行动AVP中有进一步详细说明。当CC Request Type设置为EVENT_Request时,请求的操作AVP必须包含在信贷控制请求消息中。
The CC-Session-Failover AVP (AVP Code 418) is of type Enumerated and contains information as to whether moving the credit-control message stream to a backup server during an ongoing credit-control session is supported. In the case of communication failures, the credit-control message streams can be moved to an alternative destination if the credit-control server supports failover to an alternative server. The secondary credit-control server name, if received from the home Diameter AAA server, can be used as an address of the backup server. An implementation is not required to support moving a credit-control message stream to an alternative server, as this also requires moving information related to the credit-control session to the backup server.
CC会话故障转移AVP(AVP代码418)属于枚举类型,并且包含关于是否支持在正在进行的信用控制会话期间将信用控制消息流移动到备份服务器的信息。在通信失败的情况下,如果信用控制服务器支持故障切换到备用服务器,则信用控制消息流可以移动到备用目标。辅助信用控制服务器名称(如果从home Diameter AAA服务器接收)可以用作备份服务器的地址。不需要实现来支持将信用控制消息流移动到备用服务器,因为这还需要将与信用控制会话相关的信息移动到备份服务器。
The following values are defined for the CC-Session-Failover AVP:
为CC会话故障转移AVP定义了以下值:
FAILOVER_NOT_SUPPORTED 0
故障转移\u不受\u支持0
When the CC-Session-Failover AVP is set to FAILOVER_NOT_SUPPORTED, the credit-control message stream MUST NOT be moved to an alternative destination in the case of a communication failure. This is the default behavior if the AVP isn't included in the reply from the authorization or credit-control server.
当CC Session Failover AVP设置为Failover_NOT_SUPPORTED(不支持故障转移)时,在通信失败的情况下,不得将信用控制消息流移动到备用目标。如果来自授权或信用控制服务器的回复中未包含AVP,则这是默认行为。
FAILOVER_SUPPORTED 1
故障转移\u支持1
When the CC-Session-Failover AVP is set to FAILOVER_SUPPORTED, the credit-control message stream SHOULD be moved to an alternative destination in the case of a communication failure. Moving the credit-control message stream to a backup server MAY require that information related to the credit-control session should also be forwarded to an alternative server.
当CC会话故障转移AVP设置为故障转移受支持时,在通信失败的情况下,应将信用控制消息流移动到备用目标。将信用控制消息流移动到备份服务器可能需要将与信用控制会话相关的信息也转发到备用服务器。
The CC-Sub-Session-Id AVP (AVP Code 419) is of type Unsigned64 and contains the credit-control sub-session identifier. The combination of the Session-Id AVP and this AVP MUST be unique per sub-session, and the value of this AVP MUST be monotonically increased by one for all new sub-sessions. The absence of this AVP implies that no sub-sessions are in use.
CC子会话Id AVP(AVP代码419)的类型为Unsigned64,包含信用控制子会话标识符。会话Id AVP和该AVP的组合在每个子会话中必须是唯一的,并且对于所有新的子会话,该AVP的值必须单调地增加1。没有此AVP意味着没有使用子会话。
The Check-Balance-Result AVP (AVP Code 422) is of type Enumerated and contains the result of the balance check. This AVP is applicable only when the Requested-Action AVP indicates CHECK_BALANCE in the Credit-Control-Request command. The following values are defined for the Check-Balance-Result AVP:
检查余额结果AVP(AVP代码422)属于枚举类型,并且包含余额检查的结果。仅当请求的操作AVP在信贷控制请求命令中指示检查余额时,此AVP才适用。为校验平衡结果AVP定义了以下值:
ENOUGH_CREDIT 0
足够的学分0
There is enough credit in the account to cover the requested service.
账户中有足够的信用来支付所请求的服务。
NO_CREDIT 1
无学分1
There isn't enough credit in the account to cover the requested service.
帐户中没有足够的信用来支付请求的服务。
The Cost-Information AVP (AVP Code 423) is of type Grouped, and it is used to return the cost information of a service, which the credit-control client can transfer transparently to the end user. The included Unit-Value AVP contains the cost estimate (always of type "money") of the service in the case of price inquiries, or the accumulated cost estimation in the case of a credit-control session.
成本信息AVP(AVP代码423)是分组的类型,用于返回服务的成本信息,信用控制客户端可以将该信息透明地传输给最终用户。包含的单位价值AVP包含价格查询情况下服务的成本估算(始终为“货币”类型),或信用控制会话情况下的累计成本估算。
The Currency-Code AVP specifies in which currency the cost was given. The Cost-Unit AVP specifies the unit when the service cost is a cost per unit (e.g., cost for the service is $1 per minute).
货币代码AVP指定成本以何种货币计算。成本单位AVP指定服务成本为每单位成本时的单位(例如,服务成本为每分钟1美元)。
When the Requested-Action AVP with the value PRICE_ENQUIRY is included in the Credit-Control-Request command, the Cost-Information AVP sent in the succeeding Credit-Control-Answer command contains the cost estimation for the requested service, without any reservations being made.
当信用控制请求命令中包含带有价值价格查询的请求操作AVP时,在后续信用控制应答命令中发送的成本信息AVP包含请求服务的成本估算,无任何保留。
The Cost-Information AVP included in the Credit-Control-Answer command with the CC-Request-Type set to UPDATE_REQUEST contains the accumulated cost estimation for the session, without taking any credit reservations into account.
信用控制应答命令中包含的成本信息AVP(CC Request Type设置为UPDATE_Request)包含会话的累积成本估算,而不考虑任何信用保留。
The Cost-Information AVP included in the Credit-Control-Answer command with the CC-Request-Type set to EVENT_REQUEST or TERMINATION_REQUEST contains the estimated total cost for the requested service.
信用控制应答命令中包含的成本信息AVP(CC请求类型设置为事件请求或终止请求)包含所请求服务的估计总成本。
The Cost-Information AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
成本信息AVP定义如下(根据[RFC6733]中定义的分组AVP定义):
Cost-Information ::= < AVP Header: 423 > { Unit-Value } { Currency-Code } [ Cost-Unit ]
Cost-Information ::= < AVP Header: 423 > { Unit-Value } { Currency-Code } [ Cost-Unit ]
The Unit-Value AVP is of type Grouped (AVP Code 445) and specifies the cost as a floating-point value. The Unit-Value is a significand with an exponent; i.e., Unit-Value = Value-Digits AVP * 10^Exponent. This representation avoids unwanted rounding off. For example, the value of 2,3 is represented as Value-Digits = 23 and Exponent = -1. The absence of the exponent part MUST be interpreted as an exponent equal to zero.
单位值AVP为分组类型(AVP代码445),并将成本指定为浮点值。单位值是带指数的有效位;i、 例如,单位值=数值位数AVP*10^指数。这种表示避免了不必要的舍入。例如,2,3的值表示为数值位数=23,指数=1。没有指数部分必须解释为指数等于零。
The Unit-Value AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
单位值AVP定义如下(根据[RFC6733]中定义的分组AVP def):
Unit-Value ::= < AVP Header: 445 > { Value-Digits } [ Exponent ]
Unit-Value ::= < AVP Header: 445 > { Value-Digits } [ Exponent ]
The Exponent AVP is of type Integer32 (AVP Code 429) and contains the exponent value to be applied for the Value-Digits AVP within the Unit-Value AVP.
指数AVP的类型为Integer32(AVP代码429),并包含要应用于单位值AVP内的数值位数AVP的指数值。
The Value-Digits AVP is of type Integer64 (AVP Code 447) and contains the significant digits of the number. If decimal values are needed to present the units, the scaling MUST be indicated with the related Exponent AVP. For example, for the monetary amount $0.05, the value of the Value-Digits AVP MUST be set to 5, and the scaling MUST be indicated with the Exponent AVP set to -2.
数值数字AVP的类型为Integer64(AVP代码447),包含数字的有效位。如果需要十进制值来表示单位,则必须用相关指数AVP指示缩放比例。例如,对于货币金额$0.05,值位AVP的值必须设置为5,并且必须使用指数AVP设置为-2来指示缩放。
The Currency-Code AVP (AVP Code 425) is of type Unsigned32 and contains a currency code that specifies in which currency the values of AVPs containing monetary units were given. It is specified by using the numeric values defined in the ISO 4217 standard [ISO4217].
货币代码AVP(AVP代码425)的类型为Unsigned32,并包含一个货币代码,该代码指定包含货币单位的AVP值是以何种货币给出的。它通过使用ISO 4217标准[ISO4217]中定义的数值来指定。
The Cost-Unit AVP (AVP Code 424) is of type UTF8String, and it is used to display a human-readable string to the end user. It specifies the applicable unit to the Cost-Information AVP when the service cost is a cost per unit (e.g., cost of the service is $1 per minute). The Cost-Unit setting can be minutes, hours, days, kilobytes, megabytes, etc.
成本单位AVP(AVP代码424)为UTF8String类型,用于向最终用户显示人类可读的字符串。当服务成本为每单位成本(例如,服务成本为每分钟1美元)时,它指定了成本信息AVP的适用单位。成本单位设置可以是分钟、小时、天、千字节、兆字节等。
The Credit-Control AVP (AVP Code 426) is of type Enumerated and MUST be included in AA-Request messages when the Service Element has credit-control capabilities. The following values are defined for the Credit-Control AVP:
信用控制AVP(AVP代码426)属于枚举类型,当服务元素具有信用控制功能时,必须将其包括在AA请求消息中。为信贷控制AVP定义了以下值:
CREDIT_AUTHORIZATION 0
信用卡授权0
If the home Diameter AAA server determines that the user has a prepaid subscription, this value indicates that the credit-control server MUST be contacted to perform the first interrogation. The value of the Credit-Control AVP MUST always be set to 0 in an AA-Request sent to perform the first interrogation and to initiate a new credit-control session.
如果home Diameter AAA服务器确定用户具有预付费订阅,则此值表示必须联系信用控制服务器以执行第一次询问。在发送的AA请求中,信用控制AVP的值必须始终设置为0,以执行第一次询问并启动新的信用控制会话。
RE_AUTHORIZATION 1
重新授权1
This value indicates to the Diameter AAA server that a credit-control session is ongoing for the subscriber and that the credit-control server MUST NOT be contacted. The Credit-Control AVP set to the value of 1 is to be used only when the first interrogation has been successfully performed and the credit-control session is ongoing
此值向Diameter AAA服务器指示订户的信用控制会话正在进行,并且不得联系信用控制服务器。设置为1的信用控制AVP仅在成功执行第一次询问且信用控制会话正在进行时使用
(i.e., re-authorization triggered by authorization lifetime). This value MUST NOT be used in an AA-Request sent to perform the first interrogation.
(即,由授权生存期触发的重新授权)。此值不得用于发送以执行第一次询问的AA请求。
The CCFH (AVP Code 427) is of type Enumerated. The credit-control client uses information in this AVP to decide what to do if sending credit-control messages to the credit-control server has been, for instance, temporarily prevented due to a network problem. Depending on the service logic, the credit-control server can order the client to terminate the service immediately when there is a reason to believe that the service cannot be charged, or to try failover to an alternative server, if possible. The server could then either terminate or grant the service, should the alternative connection also fail.
CCFH(AVP代码427)属于枚举类型。信用控制客户端使用此AVP中的信息来决定在向信用控制服务器发送信用控制消息(例如,由于网络问题而暂时被阻止)时要做什么。根据服务逻辑,信用控制服务器可以命令客户端在有理由相信服务无法收费时立即终止服务,或者在可能的情况下尝试故障切换到备用服务器。如果备用连接也失败,服务器可以终止或授予服务。
The following values are defined for the CCFH:
为CCFH定义了以下值:
TERMINATE 0
终止0
When the CCFH is set to TERMINATE, the service MUST only be granted for as long as there is a connection to the credit-control server. If the credit-control client does not receive any Credit-Control-Answer messages before the Tx timer (as defined in Section 13) expires, the credit-control request is regarded as failed, and the end user's service session is terminated.
当CCFH设置为终止时,只有在连接到信用控制服务器的情况下才能授予服务。如果信用控制客户端在Tx定时器(如第13节所定义)到期之前未收到任何信用控制应答消息,则信用控制请求被视为失败,最终用户的服务会话终止。
This is the default behavior if the AVP isn't included in the reply from the authorization or credit-control server.
如果来自授权或信用控制服务器的回复中未包含AVP,则这是默认行为。
CONTINUE 1
继续1
When the CCFH is set to CONTINUE, the credit-control client SHOULD resend the request to an alternative server in the case of transport or temporary failures, provided that (1) a failover procedure is supported in the credit-control server and the credit-control client and (2) an alternative server is available. Otherwise, the service SHOULD be granted, even if credit-control messages can't be delivered.
当CCFH设置为继续时,在传输或临时故障的情况下,信用控制客户端应将请求重新发送到备用服务器,前提是(1)信用控制服务器和信用控制客户端支持故障切换过程,以及(2)备用服务器可用。否则,即使无法传递信用控制消息,也应授予服务。
RETRY_AND_TERMINATE 2
重试,\u并\u终止2
When the CCFH is set to RETRY_AND_TERMINATE, the credit-control client SHOULD resend the request to an alternative server in the case of transport or temporary failures, provided that (1) a failover procedure is supported in the credit-control server and the credit-control client and (2) an alternative server is available.
当CCFH设置为“重试”和“终止”时,如果出现传输或临时故障,信用控制客户端应将请求重新发送到备用服务器,前提是(1)信用控制服务器和信用控制客户端支持故障切换过程,并且(2)备用服务器可用。
Otherwise, the service SHOULD NOT be granted when the credit-control messages can't be delivered.
否则,当信用控制消息无法传递时,不应授予服务。
The DDFH (AVP Code 428) is of type Enumerated. The credit-control client uses information in this AVP to decide what to do if sending credit-control messages (Requested-Action AVP set to DIRECT_DEBITING) to the credit-control server has been, for instance, temporarily prevented due to a network problem.
DDFH(AVP代码428)属于枚举类型。例如,如果由于网络问题暂时阻止向信用控制服务器发送信用控制消息(请求的操作AVP设置为DIRECT_DEBITING),信用控制客户端将使用此AVP中的信息来决定要做什么。
The following values are defined for the DDFH:
为DDFH定义了以下值:
TERMINATE_OR_BUFFER 0
终止\u或\u缓冲区0
When the DDFH is set to TERMINATE_OR_BUFFER, the service MUST be granted for as long as there is a connection to the credit-control server. If the credit-control client does not receive any Credit-Control-Answer messages before the Tx timer (as defined in Section 13) expires, the credit-control request is regarded as failed. The client SHOULD terminate the service if it can determine from the failed answer that units have not been debited. Otherwise, the credit-control client SHOULD grant the service, store the request in application-level non-volatile storage, and try to resend the request. These requests MUST be marked as possible duplicates by setting the T flag in the command header as described in [RFC6733], Section 3. This is the default behavior if the AVP isn't included in the reply from the authorization server.
当DDFH设置为终止_或_缓冲区时,只要与信用控制服务器有连接,就必须授予服务。如果信用控制客户端在发送计时器(如第13节所定义)到期之前未收到任何信用控制应答消息,则信用控制请求被视为失败。如果客户可以从失败的回答中确定未借记单位,则应终止服务。否则,信用控制客户端应授予服务,将请求存储在应用程序级非易失性存储器中,并尝试重新发送请求。如[RFC6733]第3节所述,必须通过在命令头中设置T标志将这些请求标记为可能的重复请求。如果来自授权服务器的回复中未包含AVP,则这是默认行为。
CONTINUE 1
继续1
When the DDFH is set to CONTINUE, the service SHOULD be granted, even if credit-control messages can't be delivered, and the request should be deleted.
当DDFH设置为继续时,即使无法传递信用控制消息,也应授予服务,并且应删除请求。
The Multiple-Services-Credit-Control AVP (AVP Code 456) is of type Grouped and contains the AVPs related to the independent credit-control of multiple services. Note that each instance of this AVP carries units related to one or more services or related to a single rating-group.
多服务信用控制AVP(AVP代码456)属于分组类型,包含与多个服务的独立信用控制相关的AVP。请注意,此AVP的每个实例都包含与一个或多个服务相关的单元或与单个评级组相关的单元。
The Service-Identifier AVP and the Rating-Group AVP are used to associate the granted units to a given service or rating-group. If both the Service-Identifier AVP and the Rating-Group AVP are included, the target of the service units is always the service(s) indicated by the value of the Service-Identifier AVP(s). If only the
服务标识符AVP和评级组AVP用于将授予的单位与给定的服务或评级组相关联。如果包括服务标识符AVP和评级组AVP,则服务单元的目标始终是由服务标识符AVP的值指示的服务。但愿
Rating-Group AVP is present, the Multiple-Services-Credit-Control AVP relates to all the services that belong to the specified rating-group.
如果存在评级组AVP,则多服务信用控制AVP与属于指定评级组的所有服务相关。
The G-S-U-Pool-Reference AVP allows the server to specify a G-S-U-Pool-Identifier identifying a credit pool within which the units of the specified type are considered pooled. If a G-S-U-Pool-Reference AVP is present, then actual service units of the specified type MUST also be present. For example, if the G-S-U-Pool-Reference AVP specifies a CC-Unit-Type value of TIME (Section 8.32), then the CC-Time AVP MUST be present.
G-S-U-Pool-Reference AVP允许服务器指定一个G-S-U-Pool-Identifier,标识一个信贷池,在该信贷池中,指定类型的单位被视为池。如果存在G-S-U-Pool-Reference AVP,则还必须存在指定类型的实际服务单元。例如,如果G-S-U-Pool-Reference AVP指定了CC单位类型的时间值(第8.32节),则CC TIME AVP必须存在。
The Requested-Service-Unit AVP MAY contain the amount of requested service units or the requested monetary value. It MUST be present in the initial interrogation and within the intermediate interrogations in which a new quota is requested. If the credit-control client does not include the Requested-Service-Unit AVP in a request command -- because, for instance, it has determined that the end user terminated the service -- the server MUST debit the used amount from the user's account but MUST NOT return a new quota in the corresponding answer. The Validity-Time, Result-Code, and Final-Unit-Indication or QoS-Final-Unit-Indication AVPs MAY be present in a Credit-Control-Answer command as defined in Sections 5.1.2 and 5.6 for graceful service termination.
请求的服务单位AVP可以包含请求的服务单位的数量或请求的货币价值。它必须出现在初始询问和请求新配额的中间询问中。如果信用控制客户端未在请求命令中包含请求的服务单元AVP(例如,因为它已确定最终用户终止了服务),则服务器必须从用户帐户中扣除已用金额,但不得在相应的回答中返回新配额。有效时间、结果代码和最终单元指示或QoS最终单元指示AVP可出现在第5.1.2节和第5.6节中定义的信用控制应答命令中,用于正常服务终止。
When both the Tariff-Time-Change AVP and the Tariff-Change-Usage AVP are present, the server MUST include two separate instances of the Multiple-Services-Credit-Control AVP with the Granted-Service-Unit AVP associated to the same service-identifier and/or rating-group. Where the two quotas are associated to the same pool or to different pools, the credit-pooling mechanism defined in Section 5.1.2 applies. When the client is reporting used units before and after the tariff time change, it MUST use the Tariff-Change-Usage AVP inside the Used-Service-Unit AVP.
当电价时间变更AVP和电价变更使用AVP同时存在时,服务器必须包括多服务信用控制AVP的两个单独实例,且授权服务单元AVP与同一服务标识符和/或评级组关联。如果两个配额关联到同一个池或不同的池,则第5.1.2节中定义的信贷池机制适用。当客户在电价时间变更前后报告已用机组时,必须在已用服务机组AVP内使用电价变更使用AVP。
A server not implementing the independent credit-control of multiple services MUST treat the Multiple-Services-Credit-Control AVP as an invalid AVP.
未实现多个服务的独立信用控制的服务器必须将多个服务信用控制AVP视为无效的AVP。
The Multiple-Services-Credit-Control AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
多服务信贷控制AVP定义如下(根据[RFC6733]中定义的分组AVP定义):
Multiple-Services-Credit-Control ::= < AVP Header: 456 > [ Granted-Service-Unit ] [ Requested-Service-Unit ] *[ Used-Service-Unit ] [ Tariff-Change-Usage ] *[ Service-Identifier ] [ Rating-Group ] *[ G-S-U-Pool-Reference ] [ Validity-Time ] [ Result-Code ] [ Final-Unit-Indication ] [ QoS-Final-Unit-Indication ] *[ AVP ]
Multiple-Services-Credit-Control ::= < AVP Header: 456 > [ Granted-Service-Unit ] [ Requested-Service-Unit ] *[ Used-Service-Unit ] [ Tariff-Change-Usage ] *[ Service-Identifier ] [ Rating-Group ] *[ G-S-U-Pool-Reference ] [ Validity-Time ] [ Result-Code ] [ Final-Unit-Indication ] [ QoS-Final-Unit-Indication ] *[ AVP ]
The Granted-Service-Unit AVP (AVP Code 431) is of type Grouped and contains the amount of units that the Diameter Credit-Control client can provide to the end user until the service must be released or the new Credit-Control-Request must be sent. A client is not required to implement all the unit types, and it must treat unknown or unsupported unit types in the Answer message as an incorrect CCA. In this case, the client MUST terminate the credit-control session and indicate the reason as DIAMETER_BAD_ANSWER in the Termination-Cause AVP.
授权服务单元AVP(AVP代码431)属于分组类型,包含Diameter信用控制客户端可以向最终用户提供的单元数量,直到必须发布服务或发送新的信用控制请求为止。客户端不需要实现所有单元类型,它必须将应答消息中的未知或不支持的单元类型视为不正确的CCA。在这种情况下,客户必须终止信用控制会话,并在终止原因AVP中以DIAMETER_BAD_ANSWER的形式指出原因。
The Granted-Service-Unit AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
授权服务单元AVP定义如下(根据[RFC6733]中定义的分组AVP def):
Granted-Service-Unit ::= < AVP Header: 431 > [ Tariff-Time-Change ] [ CC-Time ] [ CC-Money ] [ CC-Total-Octets ] [ CC-Input-Octets ] [ CC-Output-Octets ] [ CC-Service-Specific-Units ] *[ AVP ]
Granted-Service-Unit ::= < AVP Header: 431 > [ Tariff-Time-Change ] [ CC-Time ] [ CC-Money ] [ CC-Total-Octets ] [ CC-Input-Octets ] [ CC-Output-Octets ] [ CC-Service-Specific-Units ] *[ AVP ]
The Requested-Service-Unit AVP (AVP Code 437) is of type Grouped and contains the amount of requested units specified by the Diameter Credit-Control client. A server is not required to implement all the unit types, and it must treat unknown or unsupported unit types as invalid AVPs.
请求的服务单元AVP(AVP代码437)属于分组类型,包含Diameter信用控制客户端指定的请求单元数量。服务器不需要实现所有单元类型,它必须将未知或不受支持的单元类型视为无效AVP。
The Requested-Service-Unit AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
请求的服务单元AVP定义如下(根据[RFC6733]中定义的分组AVP def):
Requested-Service-Unit ::= < AVP Header: 437 > [ CC-Time ] [ CC-Money ] [ CC-Total-Octets ] [ CC-Input-Octets ] [ CC-Output-Octets ] [ CC-Service-Specific-Units ] *[ AVP ]
Requested-Service-Unit ::= < AVP Header: 437 > [ CC-Time ] [ CC-Money ] [ CC-Total-Octets ] [ CC-Input-Octets ] [ CC-Output-Octets ] [ CC-Service-Specific-Units ] *[ AVP ]
The Used-Service-Unit AVP is of type Grouped (AVP Code 446) and contains the amount of used units measured from the point when the service became active or, if interim interrogations are used during the session, from the point when the previous measurement ended. Note: The value reported in a Used-Service-Unit AVP is not necessarily related to the grant provided in a Granted-Service-Unit AVP, e.g., the value in this AVP may exceed the value in the grant.
使用的服务单元AVP为分组类型(AVP代码446),包含从服务激活时点或(如果在会话期间使用临时询问)从上一次测量结束时开始测量的使用单元量。注:已使用服务单元AVP中报告的值不一定与已授予服务单元AVP中提供的授权相关,例如,此AVP中的值可能超过授权中的值。
The Used-Service-Unit AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
所用维修装置AVP的定义如下(根据[RFC6733]中定义的分组AVP def):
Used-Service-Unit ::= < AVP Header: 446 > [ Tariff-Change-Usage ] [ CC-Time ] [ CC-Money ] [ CC-Total-Octets ] [ CC-Input-Octets ] [ CC-Output-Octets ] [ CC-Service-Specific-Units ] *[ AVP ]
Used-Service-Unit ::= < AVP Header: 446 > [ Tariff-Change-Usage ] [ CC-Time ] [ CC-Money ] [ CC-Total-Octets ] [ CC-Input-Octets ] [ CC-Output-Octets ] [ CC-Service-Specific-Units ] *[ AVP ]
The Tariff-Time-Change AVP (AVP Code 451) is of type Time. It is sent from the server to the client and includes the time in seconds since January 1, 1900, 00:00 UTC, when the tariff of the service will be changed.
电价时间变化AVP(AVP代码451)为时间类型。它从服务器发送到客户端,并包括自1900年1月1日00:00 UTC起的时间(以秒为单位),该时间将更改服务的费率。
The tariff change mechanism is optional for the client and server, and it is not used for time-based services (Section 5). If a client does not support the tariff time change mechanism, it MUST treat the Tariff-Time-Change AVP in the Answer message as an incorrect CCA. In this case, the client terminates the credit-control session and indicates the reason as DIAMETER_BAD_ANSWER in the Termination-Cause AVP.
费率变更机制对于客户端和服务器是可选的,不用于基于时间的服务(第5节)。如果客户机不支持费率时间变更机制,则必须将应答消息中的费率时间变更AVP视为不正确的CCA。在这种情况下,客户机终止信用控制会话,并在终止原因AVP中将原因指示为DIAMETER_BAD_ANSWER。
Omission of this AVP means that no tariff change is to be reported.
省略本AVP意味着不报告电价变化。
The CC-Time AVP (AVP Code 420) is of type Unsigned32 and indicates the length of the requested, granted, or used time in seconds.
CC Time AVP(AVP代码420)的类型为Unsigned32,表示请求、授予或使用的时间长度(以秒为单位)。
The CC-Money AVP (AVP Code 413) is of type Grouped and specifies the monetary amount in the given currency. The Currency-Code AVP SHOULD be included. The CC-Money AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
CC Money AVP(AVP代码413)属于分组类型,指定给定货币的货币金额。应包括货币代码AVP。CC Money AVP定义如下(根据[RFC6733]中定义的分组AVP定义):
CC-Money ::= < AVP Header: 413 > { Unit-Value } [ Currency-Code ]
CC-Money ::= < AVP Header: 413 > { Unit-Value } [ Currency-Code ]
The CC-Total-Octets AVP (AVP Code 421) is of type Unsigned64 and contains the total number of requested, granted, or used octets regardless of the direction (sent or received).
CC Total Octets AVP(AVP代码421)的类型为Unsigned64,包含请求、授予或使用的八位字节总数,而不管方向(发送或接收)。
The CC-Input-Octets AVP (AVP Code 412) is of type Unsigned64 and contains the number of requested, granted, or used octets that can be / have been received from the end user.
CC输入八位字节AVP(AVP代码412)的类型为Unsigned64,包含可以/已经从最终用户接收到的请求、授权或使用的八位字节数。
The CC-Output-Octets AVP (AVP Code 414) is of type Unsigned64 and contains the number of requested, granted, or used octets that can be / have been sent to the end user.
CC输出八位字节AVP(AVP代码414)的类型为Unsigned64,包含可以/已经发送给最终用户的请求、授权或使用的八位字节数。
The CC-Service-Specific-Units AVP (AVP Code 417) is of type Unsigned64 and specifies the number of service-specific units (e.g., number of events, points) given in a selected service. The service-specific units always refer to the service identified in the Service-Identifier AVP (or Rating-Group AVP when the Multiple-Services-Credit-Control AVP is used).
CC服务特定单元AVP(AVP代码417)的类型为Unsigned64,并指定所选服务中给定的服务特定单元数(例如,事件数、点数)。服务特定单元始终指服务标识符AVP(或使用多服务信用控制AVP时的评级组AVP)中标识的服务。
The Tariff-Change-Usage AVP (AVP Code 452) is of type Enumerated and defines whether units are used before or after a tariff change, or whether the units straddled a tariff change during the reporting period. Omission of this AVP means that no tariff change has occurred.
电价变动使用AVP(AVP代码452)属于列举类型,定义了电价变动之前或之后是否使用机组,或者机组是否在报告期内跨越电价变动。省略本AVP意味着未发生任何关税变化。
In addition, when present in Answer messages as part of the Multiple-Services-Credit-Control AVP, this AVP defines whether units are allocated to be used before or after a tariff change event.
此外,当作为多服务信用控制AVP的一部分出现在应答消息中时,该AVP定义了在电价变更事件之前或之后是否分配了要使用的单元。
When the Tariff-Time-Change AVP is present, omission of this AVP in Answer messages means that the single-quota mechanism applies.
当电价时间变化AVP存在时,应答消息中省略该AVP意味着采用单一配额机制。
Tariff-Change-Usage can be set to one of the following values:
电费变更使用可设置为以下值之一:
UNIT_BEFORE_TARIFF_CHANGE 0
电价变动前的单位0
When present in the Multiple-Services-Credit-Control AVP, this value indicates the amount of units allocated for use before a tariff change occurs.
当出现在多服务信用控制AVP中时,该值表示在电价发生变化之前分配使用的单位数量。
When present in the Used-Service-Unit AVP, this value indicates the amount of resource units used before a tariff change had occurred.
当存在于已使用的服务单元AVP中时,该值表示在电价发生变化之前已使用的资源单元数量。
UNIT_AFTER_TARIFF_CHANGE 1
电价变更后的机组1
When present in the Multiple-Services-Credit-Control AVP, this value indicates the amount of units allocated for use after a tariff change occurs.
当出现在多服务信用控制AVP中时,该值表示在电价发生变化后分配使用的单位数量。
When present in the Used-Service-Unit AVP, this value indicates the amount of resource units used after a tariff change had occurred.
当存在于已用服务单元AVP中时,该值表示在发生电价变化后使用的资源单元数量。
UNIT_INDETERMINATE 2
不确定单元2
This value is to be used only in the Used-Service-Unit AVP and indicates the amount of resource units that straddle the tariff change (e.g., the metering process reports to the credit-control client in blocks of n octets, and one block straddled the tariff change).
该值仅在已用服务单元AVP中使用,并指示跨越电价变化的资源单元数量(例如,计量过程以n个八位字节的块向信用控制客户端报告,一个块跨越电价变化)。
The Service-Identifier AVP is of type Unsigned32 (AVP Code 439) and contains the identifier of a service. The specific service the request relates to is uniquely identified by the combination of the Service-Context-Id AVP and the Service-Identifier AVP.
服务标识符AVP的类型为Unsigned32(AVP代码439),并且包含服务的标识符。请求所涉及的特定服务通过服务上下文Id AVP和服务标识符AVP的组合来唯一地标识。
A usage example of this AVP is illustrated in Appendix A.9.
附录A.9中说明了该AVP的使用示例。
The Rating-Group AVP is of type Unsigned32 (AVP Code 432) and contains the identifier of a rating-group. All the services subject to the same rating type are part of the same rating-group. The specific rating-group the request relates to is uniquely identified by the combination of the Service-Context-Id AVP and the Rating-Group AVP.
评级组AVP的类型为Unsigned32(AVP代码432),包含评级组的标识符。属于同一评级类型的所有服务均属于同一评级组。请求所涉及的特定评级组由服务上下文Id AVP和评级组AVP的组合唯一标识。
A usage example of this AVP is illustrated in Appendix A.9.
附录A.9中说明了该AVP的使用示例。
The G-S-U-Pool-Reference AVP (AVP Code 457) is of type Grouped. It is used in the Credit-Control-Answer message and associates the Granted-Service-Unit AVP within which it appears with a credit pool within the session.
G-S-U-Pool-Reference AVP(AVP代码457)为分组型。它在信用控制应答消息中使用,并将出现在其中的授权服务单元AVP与会话中的信用池相关联。
The G-S-U-Pool-Identifier AVP specifies the credit pool from which credit is drawn for this unit type.
G-S-U-Pool-Identifier AVP指定从中为此单位类型提取信用的信用池。
The CC-Unit-Type AVP specifies the type of units for which credit is pooled.
CC Unit Type AVP指定信用汇集的单位类型。
The Unit-Value AVP specifies the multiplier, which converts between service units of type CC-Unit-Type and abstract service units within the credit pool (and thus to service units of any other services or rating-groups associated with the same pool).
单位值AVP指定乘数,该乘数在信用池内CC Unit type服务单位和抽象服务单位之间转换(从而转换为与同一池关联的任何其他服务或评级组的服务单位)。
The G-S-U-Pool-Reference AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
G-S-U-Pool-Reference AVP定义如下(根据[RFC6733]中定义的分组AVP def):
G-S-U-Pool-Reference ::= < AVP Header: 457 > { G-S-U-Pool-Identifier } { CC-Unit-Type } { Unit-Value }
G-S-U-Pool-Reference ::= < AVP Header: 457 > { G-S-U-Pool-Identifier } { CC-Unit-Type } { Unit-Value }
The G-S-U-Pool-Identifier AVP (AVP Code 453) is of type Unsigned32 and identifies a credit pool within the session.
G-S-U-Pool-Identifier AVP(AVP代码453)的类型为Unsigned32,用于标识会话中的信用池。
The CC-Unit-Type AVP (AVP Code 454) is of type Enumerated and specifies the type of units considered to be pooled into a credit pool.
CC单位类型AVP(AVP代码454)属于枚举类型,并指定被视为汇集到信贷池中的单位类型。
The following values are defined for the CC-Unit-Type AVP:
为CC装置类型AVP定义了以下值:
TIME 0 MONEY 1 TOTAL-OCTETS 2 INPUT-OCTETS 3 OUTPUT-OCTETS 4 SERVICE-SPECIFIC-UNITS 5
时间0货币1总计八位字节2输入八位字节3输出八位字节4服务特定单元5
The Validity-Time AVP is of type Unsigned32 (AVP Code 448). It is sent from the credit-control server to the credit-control client. The Validity-Time AVP contains the validity time of the granted service units. The measurement of the Validity-Time is started upon receipt of the Credit-Control-Answer message containing this AVP. If the granted service units have not been consumed within the validity time specified in this AVP, the credit-control client MUST send a Credit-Control-Request message to the server, with CC-Request-Type set to UPDATE_REQUEST. The value field of the Validity-Time AVP is given in seconds.
有效时间AVP的类型为Unsigned32(AVP代码448)。它从信用控制服务器发送到信用控制客户端。有效期AVP包含授予服务单元的有效期。在收到包含此AVP的信用控制应答消息后,开始测量有效时间。如果授予的服务单元未在本AVP中指定的有效期内使用,则信用控制客户端必须向服务器发送信用控制请求消息,并将CC Request Type设置为UPDATE_Request。有效时间AVP的值字段以秒为单位。
The Validity-Time AVP is also used for graceful service termination (see Section 5.6) to indicate to the credit-control client how long the subscriber is allowed to use network resources after the specified action (i.e., REDIRECT or RESTRICT_ACCESS) started. When the Validity-Time elapses, a new intermediate interrogation is sent to the server.
AVP的有效期还用于正常服务终止(见第5.6节),以向信用控制客户端指示在指定操作(即重定向或限制访问)开始后允许订户使用网络资源的时间。有效期过后,将向服务器发送新的中间询问。
The Final-Unit-Indication AVP (AVP Code 430) is of type Grouped and indicates that the Granted-Service-Unit AVP in the Credit-Control-Answer or in the AA-Answer contains the final units for the service. After these units have expired, the Diameter Credit-Control client is responsible for executing the action indicated in the Final-Unit-Action AVP (see Section 5.6).
最终单元指示AVP(AVP代码430)属于分组类型,并指示信用控制应答或AA应答中的授权服务单元AVP包含服务的最终单元。在这些单位到期后,Diameter信贷控制客户负责执行最终单位行动AVP中规定的行动(见第5.6节)。
If more than one unit type is received in the Credit-Control-Answer, the unit type that first expired SHOULD cause the credit-control client to execute the specified action.
如果在信用控制应答中收到多个单位类型,则第一个过期的单位类型应导致信用控制客户端执行指定的操作。
In the first interrogation, the Final-Unit-Indication AVP with Final-Unit-Action set to REDIRECT or RESTRICT_ACCESS can also be present with no Granted-Service-Unit AVP in the Credit-Control-Answer or in the AA-Answer. This indicates to the Diameter Credit-Control client that the client is to execute the specified action immediately. If the home service provider policy is to terminate the service, naturally, the server SHOULD return the appropriate transient failure (see Section 9.1) in order to implement the policy-defined action.
在第一次询问中,最终单元指示AVP(其最终单元操作设置为重定向或限制_访问)也可以在信用控制应答或AA应答中没有授权服务单元AVP的情况下出现。这向Diameter Credit Control客户端指示客户端将立即执行指定的操作。如果家庭服务提供商的策略是终止服务,那么服务器自然应该返回相应的瞬时故障(参见第9.1节),以便执行策略定义的操作。
The Final-Unit-Action AVP defines the behavior of the Service Element when the user's account cannot cover the cost of the service and MUST always be present if the Final-Unit-Indication AVP is included in a command.
最终单元动作AVP定义了当用户的帐户无法支付服务成本时服务元素的行为,并且如果命令中包含最终单元指示AVP,则必须始终存在。
If the Final-Unit-Action AVP is set to TERMINATE, the Final-Unit-Indication group AVP MUST NOT contain any other AVPs.
如果最终机组动作AVP设置为终止,则最终机组指示组AVP不得包含任何其他AVP。
If the Final-Unit-Action AVP is set to REDIRECT, the Redirect-Server AVP or the Redirect-Server-Extension AVP (at least one) MUST be present. The Restriction-Filter-Rule AVP or the Filter-Id AVP MAY be present in the Credit-Control-Answer message if the user is also allowed to access other services that are not accessible through the address given in the Redirect-Server AVP.
如果最终单元操作AVP设置为重定向,则必须存在重定向服务器AVP或重定向服务器扩展AVP(至少一个)。如果还允许用户访问通过重定向服务器AVP中给出的地址无法访问的其他服务,则信用控制应答消息中可能存在限制筛选器规则AVP或筛选器Id AVP。
If the Final-Unit-Action AVP is set to RESTRICT_ACCESS, either the Restriction-Filter-Rule AVP or the Filter-Id AVP SHOULD be present.
如果最终单元动作AVP设置为限制访问,则应存在限制过滤器规则AVP或过滤器Id AVP。
The Filter-Id AVP is defined in [RFC7155]. The Filter-Id AVP can be used to reference an IP filter list installed in the access device by means other than the Diameter Credit-Control application, e.g., locally configured or configured by another entity.
过滤器Id AVP在[RFC7155]中定义。过滤器Id AVP可用于通过Diameter信用控制应用程序以外的方式(例如,本地配置或由另一实体配置)来引用接入设备中安装的IP过滤器列表。
If the Final-Unit-Action AVP is set to REDIRECT and the type of server is not one of the enumerations in the Redirect-Address-Type AVP, then the QoS-Final-Unit-Indication AVP SHOULD be used together with the Redirect-Server-Extension AVP instead of the Final-Unit-Indication AVP.
如果最终单元操作AVP设置为重定向,且服务器类型不是重定向地址类型AVP中的枚举之一,则QoS最终单元指示AVP应与重定向服务器扩展AVP一起使用,而不是最终单元指示AVP。
If the Final-Unit-Action AVP is set to RESTRICT_ACCESS or REDIRECT and the classification of the restricted traffic cannot be expressed using an IPFilterRule, or if actions (e.g., QoS) other than just allowing traffic need to be enforced, then the QoS-Final-Unit-Indication AVP SHOULD be used instead of the Final-Unit-Indication AVP. However, if the credit-control server wants to preserve backward compatibility with credit-control clients that support only [RFC4006], the Final-Unit-Indication AVP SHOULD be used together with the Filter-Id AVP.
如果最终单元动作AVP设置为限制访问或重定向,并且不能使用IPFilterRule表示受限流量的分类,或者如果需要执行除仅允许流量以外的动作(例如,QoS),则应使用QoS最终单元指示AVP,而不是最终单元指示AVP。但是,如果信用控制服务器希望保持与仅支持[RFC4006]的信用控制客户端的向后兼容性,则应将最终单元指示AVP与过滤器Id AVP一起使用。
The Final-Unit-Indication AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
最终装置指示AVP定义如下(根据[RFC6733]中定义的分组AVP def):
Final-Unit-Indication ::= < AVP Header: 430 > { Final-Unit-Action } *[ Restriction-Filter-Rule ] *[ Filter-Id ] [ Redirect-Server ]
Final-Unit-Indication ::= < AVP Header: 430 > { Final-Unit-Action } *[ Restriction-Filter-Rule ] *[ Filter-Id ] [ Redirect-Server ]
The Final-Unit-Action AVP (AVP Code 449) is of type Enumerated and indicates to the credit-control client the action to be taken when the user's account cannot cover the service cost.
最终单位行动AVP(AVP代码449)属于枚举类型,并向信贷控制客户指示当用户的账户无法支付服务成本时要采取的行动。
Final-Unit-Action can be set to one of the following values:
最终装置动作可设置为以下值之一:
TERMINATE 0
终止0
The credit-control client MUST terminate the service session. This is the default handling, applicable whenever the credit-control client receives an unsupported Final-Unit-Action value, and it MUST be supported by all the Diameter Credit-Control client implementations conforming to this specification.
信用控制客户端必须终止服务会话。这是默认处理,每当信贷控制客户端接收到不受支持的最终单位操作值时适用,并且必须得到符合本规范的所有Diameter信贷控制客户端实现的支持。
REDIRECT 1
重定向1
The Service Element MUST redirect the user to the address specified in the Redirect-Server-Address AVP or one of the AVPs included in the Redirect-Server-Extension AVP. The redirect action is defined in Section 5.6.2.
服务元素必须将用户重定向到重定向服务器地址AVP中指定的地址或重定向服务器扩展AVP中包含的一个AVP。重定向操作在第5.6.2节中定义。
RESTRICT_ACCESS 2
限制用户访问2
The access device MUST restrict the user's access according to the filter AVPs contained in the applied Grouped AVP: according to IP packet filters defined in the Restriction-Filter-Rule AVP, according to the packet classifier filters defined in the Filter-Rule AVP, or according to the packet filters identified by the Filter-Id AVP. All of the packets not matching any restriction filters (see Section 5.6.3) MUST be dropped.
接入设备必须根据所应用的分组AVP中包含的过滤器AVP限制用户的接入:根据限制过滤器规则AVP中定义的IP分组过滤器、根据过滤器规则AVP中定义的分组分类器过滤器、或根据过滤器Id AVP识别的分组过滤器。必须丢弃所有与任何限制过滤器(见第5.6.3节)不匹配的数据包。
The Restriction-Filter-Rule AVP (AVP Code 438) is of type IPFilterRule and provides filter rules corresponding to services that are to remain accessible even if there are no more service units granted. The access device has to configure the specified filter rules for the subscriber and MUST drop all the packets not matching these filters. Zero, one, or more such AVPs MAY be present in a Credit-Control-Answer message or in an AA-Answer message.
限制筛选规则AVP(AVP代码438)属于IPFilterRule类型,并提供与服务相对应的筛选规则,即使没有授予更多服务单元,这些服务仍将保持可访问性。访问设备必须为订阅服务器配置指定的筛选规则,并且必须删除所有与这些筛选不匹配的数据包。信用控制应答消息或AA应答消息中可能存在零个、一个或多个这样的AVP。
The Redirect-Server AVP (AVP Code 434) is of type Grouped and contains the address information of the redirect server (e.g., HTTP redirect server, SIP Server) with which the end user is to be connected when the account cannot cover the service cost. It MUST be present when the Final-Unit-Action AVP is set to REDIRECT.
重定向服务器AVP(AVP代码434)属于分组类型,并且包含当账户无法支付服务成本时最终用户将与之连接的重定向服务器(例如HTTP重定向服务器、SIP服务器)的地址信息。当最终装置动作AVP设置为重定向时,它必须存在。
The Redirect-Server AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
重定向服务器AVP的定义如下(根据[RFC6733]中定义的分组AVP def):
Redirect-Server ::= < AVP Header: 434 > { Redirect-Address-Type } { Redirect-Server-Address }
Redirect-Server ::= < AVP Header: 434 > { Redirect-Address-Type } { Redirect-Server-Address }
The Redirect-Address-Type AVP (AVP Code 433) is of type Enumerated and defines the address type of the address given in the Redirect-Server-Address AVP.
重定向地址类型AVP(AVP代码433)是枚举的类型,并且定义在重定向服务器地址AVP中给定的地址的地址类型。
Redirect-Address-Type can be set to one of the following values:
重定向地址类型可以设置为以下值之一:
IPv4 Address 0
IPv4地址0
The address type is in the form of a "dotted-decimal" IPv4 address, as defined in [RFC791].
地址类型为[RFC791]中定义的“点十进制”IPv4地址形式。
IPv6 Address 1
IPv6地址1
The address type is in the form of an IPv6 address, as defined in [RFC4291]. The address MUST conform to the textual representation of the address according to [RFC5952].
地址类型采用IPv6地址的形式,如[RFC4291]中所定义。根据[RFC5952],地址必须符合地址的文本表示形式。
Because [RFC5952] is more restrictive than the "RFC 3513" format required by [RFC4006], some legacy implementations may not be compliant with the new requirements. Accordingly, implementations receiving this AVP MAY be liberal in the textual IPv6 representations that are accepted, without raising an error.
由于[RFC5952]比[RFC4006]所要求的“RFC 3513”格式更具限制性,因此某些旧式实现可能不符合新的要求。因此,接收此AVP的实现在接受的文本IPv6表示中可能是自由的,而不会引起错误。
URL 2
URL 2
The address type is in the form of a Uniform Resource Locator, as defined in [RFC3986].
地址类型采用统一资源定位器的形式,如[RFC3986]中所定义。
SIP URI 3
SIP URI 3
The address type is in the form of a SIP Uniform Resource Identifier, as defined in [RFC3261].
地址类型采用SIP统一资源标识符的形式,如[RFC3261]中所定义。
The Redirect-Server-Address AVP (AVP Code 435) is of type UTF8String and defines the address of the redirect server (e.g., HTTP redirect server, SIP Server) with which the end user is to be connected when the account cannot cover the service cost.
重定向服务器地址AVP(AVP代码435)为UTF8String类型,定义了当账户无法支付服务成本时最终用户要连接的重定向服务器(例如HTTP重定向服务器、SIP服务器)的地址。
The Multiple-Services-Indicator AVP (AVP Code 455) is of type Enumerated and indicates whether the Diameter Credit-Control client is capable of handling multiple services independently within a (sub-)session. The absence of this AVP means that independent credit-control of multiple services is not supported.
多服务指示符AVP(AVP代码455)属于枚举类型,指示Diameter信用控制客户端是否能够在(子)会话中独立处理多个服务。缺少此AVP意味着不支持对多个服务进行独立的信用控制。
A server not implementing the independent credit-control of multiple services MUST treat the Multiple-Services-Indicator AVP as an invalid AVP.
未实现多个服务的独立信用控制的服务器必须将多个服务指示符AVP视为无效的AVP。
The following values are defined for the Multiple-Services-Indicator AVP:
为多服务指标AVP定义了以下值:
MULTIPLE_SERVICES_NOT_SUPPORTED 0
不支持多个\u服务\u\u 0
The client does not support independent credit-control of multiple services within a (sub-)session.
客户端不支持在(子)会话中对多个服务进行独立的信用控制。
MULTIPLE_SERVICES_SUPPORTED 1
支持多个\u服务\u 1
The client supports independent credit-control of multiple services within a (sub-)session.
客户端支持在一个(子)会话中对多个服务进行独立的信用控制。
The Requested-Action AVP (AVP Code 436) is of type Enumerated and contains the requested action being sent in a Credit-Control-Request command where the CC-Request-Type is set to EVENT_REQUEST. The following values are defined for the Requested-Action AVP:
请求的动作AVP(AVP代码436)属于枚举类型,包含在信用控制请求命令中发送的请求动作,其中CC请求类型设置为事件请求。为请求的动作AVP定义了以下值:
DIRECT_DEBITING 0
直接借记0
This indicates a request to decrease the end user's account according to information specified in the Requested-Service-Unit AVP and/or Service-Identifier AVP (additional rating information may be included in service-specific AVPs or in the Service-Parameter-Info AVP). The Granted-Service-Unit AVP in the Credit-Control-Answer command contains the debited units.
这表示根据请求的服务单元AVP和/或服务标识符AVP中指定的信息减少最终用户帐户的请求(附加评级信息可包括在服务特定AVP或服务参数信息AVP中)。信贷控制应答命令中的授权服务单位AVP包含借记单位。
REFUND_ACCOUNT 1
退款账户1
This indicates a request to increase the end user's account according to information specified in the Requested-Service-Unit AVP and/or Service-Identifier AVP (additional rating information may be included in service-specific AVPs or in the Service-Parameter-Info AVP). The Granted-Service-Unit AVP in the Credit-Control-Answer command contains the refunded units.
这表示根据请求的服务单元AVP和/或服务标识符AVP中指定的信息增加最终用户帐户的请求(附加评级信息可包括在服务特定AVP或服务参数信息AVP中)。信用控制应答命令中的授权服务单元AVP包含退款单元。
CHECK_BALANCE 2
核对余额2
This indicates a balance-check request. In this case, the checking of the account balance is done without any credit reservations from the account. The Check-Balance-Result AVP in the Credit-Control-Answer command contains the result of the balance check.
这表示余额检查请求。在这种情况下,账户余额的检查是在没有账户任何信用保留的情况下进行的。信用控制应答命令中的检查余额结果AVP包含余额检查的结果。
PRICE_ENQUIRY 3
价格查询3
This indicates a price-inquiry request. In this case, neither checking of the account balance nor reservation from the account will be done; only the price of the service will be returned in the Cost-Information AVP in the Credit-Control-Answer command.
这表示询价请求。在这种情况下,既不会检查账户余额,也不会从账户中进行预订;信用控制应答命令中的成本信息AVP中只返回服务价格。
The Service-Context-Id AVP is of type UTF8String (AVP Code 461) and contains a unique identifier of the Diameter Credit-Control service-specific document (as defined in Section 4.1.2) that applies to the request. This is an identifier allocated by the service provider, the Service Element manufacturer, or a standardization body, and MUST uniquely identify a given Diameter Credit-Control service-specific document. The format of the Service-Context-Id is:
服务上下文Id AVP为UTF8String类型(AVP代码461),包含适用于请求的Diameter信用控制服务特定文档(如第4.1.2节所定义)的唯一标识符。这是由服务提供商、服务元素制造商或标准化机构分配的标识符,必须唯一标识给定的信贷控制服务特定文档。服务上下文Id的格式为:
"service-context" "@" "domain"
服务上下文“@”域
service-context = Token
service-context = Token
The Token is an arbitrary string of characters and digits.
令牌是由字符和数字组成的任意字符串。
"domain" represents the entity that allocated the Service-Context-Id. It can be ietf.org, 3gpp.org, etc. if the identifier is allocated by a standardization body, or it can be the Fully Qualified Domain Name (FQDN) of the service provider (e.g., provider.example.com) or the vendor (e.g., vendor.example.com) if the identifier is allocated by a private entity.
“域”表示分配服务上下文Id的实体。如果标识符由标准化机构分配,则可以是ietf.org、3gpp.org等,也可以是服务提供商(例如provider.example.com)或供应商(例如vendor.example.com)的完全限定域名(FQDN)如果标识符是由私有实体分配的。
This AVP SHOULD be placed as close to the Diameter header as possible.
该AVP应尽可能靠近直径集管。
Service-specific documents that are for private use only (i.e., for one provider's own use, where no interoperability is deemed useful) may define private identifiers without a need for coordination. However, when interoperability is desired, coordination of the identifiers via, for example, publication of an informational RFC is RECOMMENDED in order to make the Service-Context-Id AVP globally available.
仅供私人使用的特定于服务的文档(即,供一个提供商自己使用,互操作性不可用)可以定义私人标识符,而无需进行协调。然而,当需要互操作性时,建议通过例如发布信息性RFC来协调标识符,以便使服务上下文Id AVP全局可用。
The Service-Parameter-Info AVP (AVP Code 440) is of type Grouped and contains service-specific information used for price calculation or rating. The Service-Parameter-Type AVP defines the service parameter type, and the Service-Parameter-Value AVP contains the parameter value. The actual contents of these AVPs are not within the scope of this document and SHOULD be defined in another Diameter application, in standards written by other standardization bodies, or in service-specific documentation.
服务参数信息AVP(AVP代码440)属于分组类型,包含用于价格计算或评级的服务特定信息。服务参数类型AVP定义服务参数类型,服务参数值AVP包含参数值。这些AVP的实际内容不在本文件的范围内,应在其他Diameter应用程序、其他标准化机构编写的标准或服务特定文件中定义。
In the case of an unknown service request (e.g., unknown Service-Parameter-Type), the corresponding Answer message MUST contain the error code DIAMETER_RATING_FAILED. A Credit-Control-Answer message with this error MUST contain one or more Failed-AVP AVPs containing the Service-Parameter-Info AVPs that caused the failure.
在未知服务请求的情况下(例如,未知服务参数类型),相应的应答消息必须包含错误代码DIAMETER\u RATING\u FAILED。出现此错误的信用控制应答消息必须包含一个或多个失败的AVP AVP,其中包含导致故障的服务参数信息AVP。
The Service-Parameter-Info AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
服务参数Info AVP定义如下(根据[RFC6733]中定义的分组AVP def):
Service-Parameter-Info ::= < AVP Header: 440 > { Service-Parameter-Type } { Service-Parameter-Value }
Service-Parameter-Info ::= < AVP Header: 440 > { Service-Parameter-Type } { Service-Parameter-Value }
The Service-Parameter-Type AVP is of type Unsigned32 (AVP Code 441) and defines the type of the service-event-specific parameter (e.g., it can be the end-user location or service name). The different parameters and their types are service specific, and the meanings of these parameters are not defined in this document. Whoever allocates the Service-Context-Id (i.e., a unique identifier of a service-specific document) is also responsible for assigning Service-Parameter-Type values for the service and ensuring their uniqueness within the given service. The Service-Parameter-Value AVP contains the value associated with the service parameter type.
服务参数类型AVP的类型为Unsigned32(AVP代码441),并定义服务事件特定参数的类型(例如,它可以是最终用户位置或服务名称)。不同的参数及其类型是特定于服务的,本文档中未定义这些参数的含义。分配服务上下文Id(即特定于服务的文档的唯一标识符)的人还负责为服务分配服务参数类型值,并确保其在给定服务中的唯一性。服务参数值AVP包含与服务参数类型关联的值。
The Service-Parameter-Value AVP is of type OctetString (AVP Code 442) and contains the value of the service parameter type.
服务参数值AVP的类型为OctetString(AVP代码442),包含服务参数类型的值。
The Subscription-Id AVP (AVP Code 443) is used to identify the end user's subscription and is of type Grouped. The Subscription-Id AVP includes a Subscription-Id-Data AVP that holds the identifier and a Subscription-Id-Type AVP that defines the identifier type.
订阅Id AVP(AVP代码443)用于标识最终用户的订阅,并且是分组类型。订阅Id AVP包括保存标识符的订阅Id数据AVP和定义标识符类型的订阅Id类型AVP。
The Subscription-Id AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
订阅Id AVP定义如下(根据[RFC6733]中定义的分组AVP def):
Subscription-Id ::= < AVP Header: 443 > { Subscription-Id-Type } { Subscription-Id-Data }
Subscription-Id ::= < AVP Header: 443 > { Subscription-Id-Type } { Subscription-Id-Data }
The Subscription-Id-Type AVP (AVP Code 450) is of type Enumerated, and it is used to determine which type of identifier is carried by the Subscription-Id AVP.
订阅Id类型AVP(AVP代码450)是枚举的类型,用于确定订阅Id AVP携带哪种类型的标识符。
This specification defines the following subscription identifiers. However, new Subscription-Id-Type values can be assigned by IANA as defined in Section 12. A server MUST implement all the Subscription-Id-Type values required to perform credit authorization for the services it supports, including possible future values. Unknown or unsupported Subscription-Id-Type values MUST be treated according to the 'M' flag rule, as defined in [RFC6733].
本规范定义了以下订阅标识符。但是,新的订阅Id类型值可以由IANA分配,如第12节所定义。服务器必须实现为其支持的服务执行信用授权所需的所有订阅Id类型值,包括可能的未来值。必须根据[RFC6733]中定义的“M”标志规则处理未知或不受支持的订阅Id类型值。
END_USER_E164 0
最终用户64 0
The identifier is in international E.164 format (e.g., MSISDN), according to the ITU-T E.164 numbering plan defined in [E164] and [CE164].
根据[E164]和[CE164]中定义的ITU-T E.164编号计划,标识符采用国际E.164格式(如MSISDN)。
END_USER_IMSI 1
最终用户IMSI 1
The identifier is in IMSI format, according to the ITU-T E.212 identification plan as defined in [E212] and [CE212].
根据[E212]和[CE212]中定义的ITU-T E.212识别计划,标识符采用IMSI格式。
END_USER_SIP_URI 2
终端用户SIP URI 2
The identifier is in the form of a SIP URI, as defined in [RFC3261].
标识符采用SIP URI的形式,如[RFC3261]中所定义。
END_USER_NAI 3
最终用户3
The identifier is in the form of a Network Access Identifier, as defined in [RFC7542].
该标识符采用[RFC7542]中定义的网络访问标识符的形式。
END_USER_PRIVATE 4
最终用户私人4
The identifier is a credit-control server private identifier.
该标识符是信用控制服务器专用标识符。
The Subscription-Id-Data AVP (AVP Code 444) is used to identify the end user and is of type UTF8String. The Subscription-Id-Type AVP defines which type of identifier is used.
订阅Id数据AVP(AVP代码444)用于识别最终用户,类型为UTF8String。订阅Id类型AVP定义使用哪种类型的标识符。
The User-Equipment-Info AVP (AVP Code 458) is of type Grouped and allows the credit-control client to indicate the identity and capability of the terminal the subscriber is using for the connection to the network.
用户设备信息AVP(AVP代码458)是分组的类型,并且允许信用控制客户端指示用户用于连接到网络的终端的身份和能力。
The User-Equipment-Info AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
用户设备信息AVP定义如下(根据[RFC6733]中定义的分组AVP def):
User-Equipment-Info ::= < AVP Header: 458 > { User-Equipment-Info-Type } { User-Equipment-Info-Value }
User-Equipment-Info ::= < AVP Header: 458 > { User-Equipment-Info-Type } { User-Equipment-Info-Value }
The User-Equipment-Info-Type AVP is of type Enumerated (AVP Code 459) and defines the type of user equipment information contained in the User-Equipment-Info-Value AVP.
用户设备信息类型AVP是枚举类型(AVP代码459),并且定义包含在用户设备信息值AVP中的用户设备信息的类型。
This specification defines the following user equipment types. However, new User-Equipment-Info-Type values can be assigned by IANA as defined in Section 12.
本规范规定了以下用户设备类型。但是,新的用户设备信息类型值可由IANA分配,如第12节所定义。
IMEISV 0
IMEISV 0
The identifier contains the International Mobile Equipment Identifier and Software Version (IMEISV) in the IMEISV format according to 3GPP TS 23.003 [TGPPIMEI].
该标识符包含根据3GPP TS 23.003[TGPPIMEI]的IMEISV格式的国际移动设备标识符和软件版本(IMEISV)。
MAC 1
MAC 1
The 48-bit Media Access Control (MAC) address is formatted as described in Section 3.21 of [RFC3580].
48位媒体访问控制(MAC)地址的格式如[RFC3580]第3.21节所述。
EUI64 2
EUI64 2
The 64-bit identifier used to identify the hardware instance of the product, as defined in [EUI64].
用于标识产品硬件实例的64位标识符,如[EUI64]中所定义。
MODIFIED_EUI64 3
修改的_EUI64 3
There are a number of types of terminals that have identifiers other than the International Mobile Equipment Identifier (IMEI), IEEE 802 MACs, or EUI-64. These identifiers can be converted to modified EUI-64 format as described in [RFC4291] or by using some other methods referred to in the service-specific documentation.
有许多类型的终端具有除国际移动设备标识符(IMEI)、IEEE 802 MAC或EUI-64之外的标识符。可以将这些标识符转换为[RFC4291]中所述的修改后的EUI-64格式,或者使用特定于服务的文档中提到的一些其他方法。
The User-Equipment-Info-Value AVP (AVP Code 460) is of type OctetString. The User-Equipment-Info-Type AVP defines which type of identifier is used.
用户设备信息值AVP(AVP代码460)是OctetString类型。用户设备信息类型AVP定义使用哪种类型的标识符。
The User-Equipment-Info-Extension AVP (AVP Code 653) is of type Grouped and allows the credit-control client to indicate the identity and capability of the terminal the subscriber is using for the connection to the network. If the type of the equipment is one of the enumerated User-Equipment-Info-Type AVP values, then the credit-control client SHOULD send the information in the User-Equipment-Info AVP, in addition to or instead of the User-Equipment-Info-Extension AVP. This is done in order to preserve backward compatibility with credit-control servers that support only [RFC4006]. Exactly one AVP MUST be included inside the User-Equipment-Info-Extension AVP.
用户设备信息扩展AVP(AVP代码653)是分组的类型,并且允许信用控制客户端指示用户用于连接到网络的终端的身份和能力。如果设备类型是枚举的用户设备信息类型AVP值之一,则信用控制客户端应发送用户设备信息AVP中的信息,附加或代替用户设备信息扩展AVP。这样做是为了保持与仅支持[RFC4006]的信用控制服务器的向后兼容性。用户设备信息扩展AVP中必须包含一个AVP。
The User-Equipment-Info-Extension AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
用户设备信息扩展AVP定义如下(根据[RFC6733]中定义的分组AVP def):
User-Equipment-Info-Extension ::= < AVP Header: 653 > [ User-Equipment-Info-IMEISV ] [ User-Equipment-Info-MAC ] [ User-Equipment-Info-EUI64 ] [ User-Equipment-Info-ModifiedEUI64 ] [ User-Equipment-Info-IMEI ] [ AVP ]
User-Equipment-Info-Extension ::= < AVP Header: 653 > [ User-Equipment-Info-IMEISV ] [ User-Equipment-Info-MAC ] [ User-Equipment-Info-EUI64 ] [ User-Equipment-Info-ModifiedEUI64 ] [ User-Equipment-Info-IMEI ] [ AVP ]
The User-Equipment-Info-IMEISV AVP (AVP Code 654) is of type OctetString. The User-Equipment-Info-IMEISV AVP contains the International Mobile Equipment Identifier and Software Version in the IMEISV format according to 3GPP TS 23.003 [TGPPIMEI].
用户设备信息IMEISV AVP(AVP代码654)为八进制字符串类型。根据3GPP TS 23.003[TGPPIMEI],用户设备信息IMEISV AVP包含IMEISV格式的国际移动设备标识符和软件版本。
The User-Equipment-Info-MAC AVP (AVP Code 655) is of type OctetString. The User-Equipment-Info-MAC AVP contains the 48-bit MAC address; the MAC address is formatted as described in Section 4.1.7.8 of [RFC5777].
用户设备信息MAC AVP(AVP代码655)是OctetString类型。用户设备信息MAC AVP包含48位MAC地址;MAC地址的格式如[RFC5777]第4.1.7.8节所述。
The User-Equipment-Info-EUI64 AVP (AVP Code 656) is of type OctetString. The User-Equipment-Info-EUI64 AVP contains the 64-bit identifier used to identify the hardware instance of the product, as defined in [EUI64].
User-Equipment-Info-EUI64 AVP(AVP代码656)为八位字符串类型。User-Equipment-Info-EUI64 AVP包含用于标识产品硬件实例的64位标识符,如[EUI64]中所定义。
The User-Equipment-Info-ModifiedEUI64 AVP (AVP Code 657) is of type OctetString. There are a number of types of terminals that have identifiers other than IMEI, IEEE 802 MACs, or EUI-64. These identifiers can be converted to modified EUI-64 format as described in [RFC4291] or by using some other methods referred to in the service-specific documentation. The User-Equipment-Info-ModifiedEUI64 AVP contains such identifiers.
User-Equipment-Info-ModifiedUI 64 AVP(AVP代码657)为OctetString类型。有许多类型的终端具有除IMEI、IEEE 802 MAC或EUI-64之外的标识符。可以将这些标识符转换为[RFC4291]中所述的修改后的EUI-64格式,或者使用特定于服务的文档中提到的一些其他方法。User-Equipment-Info-ModifiedUI 64 AVP包含此类标识符。
The User-Equipment-Info-IMEI AVP (AVP Code 658) is of type OctetString. The User-Equipment-Info-IMEI AVP contains the International Mobile Equipment Identifier in the IMEI format according to 3GPP TS 23.003 [TGPPIMEI].
用户设备信息IMEI AVP(AVP代码658)为八进制字符串类型。用户设备信息IMEI AVP包含根据3GPP TS 23.003[TGPPIMEI]的IMEI格式的国际移动设备标识符。
The Subscription-Id-Extension AVP (AVP Code 659) is used to identify the end user's subscription and is of type Grouped. The Subscription-Id-Extension group AVP MUST include an AVP holding the subscription identifier. The type of this included AVP indicates the type of the subscription identifier. For each of the enumerated values of the Subscription-Id-Type AVP, there is a corresponding sub-AVP for use within the Subscription-Id-Extension group AVP. If a new identifier type is required, a corresponding new sub-AVP SHOULD be defined for use within the Subscription-Id-Extension group AVP.
订阅Id扩展AVP(AVP代码659)用于标识最终用户的订阅,并且是分组类型。订阅Id扩展组AVP必须包括持有订阅标识符的AVP。此包含的AVP的类型指示订阅标识符的类型。对于订阅Id类型AVP的每个枚举值,在订阅Id扩展组AVP内使用对应的子AVP。如果需要新的标识符类型,则应定义相应的新子AVP,以便在订阅Id扩展组AVP内使用。
If full backward compatibility with [RFC4006] is required, then the Subscription-Id AVP MUST be used to indicate identifier types enumerated in the Subscription-Id-Type AVP, whereas the Subscription-Id-Extension AVP MUST be used only for newly defined identifier types. If full backward compatibility with [RFC4006] is not required, then the Subscription-Id-Extension AVP MAY be used to carry the existing identifier types. In this case, the Subscription-Id-Extension AVP MAY be sent together with the Subscription-Id AVP.
如果需要与[RFC4006]完全向后兼容,则必须使用订阅Id AVP来指示订阅Id类型AVP中枚举的标识符类型,而订阅Id扩展AVP只能用于新定义的标识符类型。如果不需要与[RFC4006]完全向后兼容,则可以使用订阅Id扩展AVP来携带现有的标识符类型。在这种情况下,订阅Id扩展AVP可以与订阅Id AVP一起发送。
Exactly one sub-AVP MUST be included inside the Subscription-Id-Extension AVP.
订阅Id扩展AVP中必须包含一个子AVP。
The Subscription-Id-Extension AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
订阅Id扩展AVP的定义如下(根据[RFC6733]中定义的分组AVP def):
Subscription-Id-Extension ::= < AVP Header: 659 > [ Subscription-Id-E164 ] [ Subscription-Id-IMSI ] [ Subscription-Id-SIP-URI ] [ Subscription-Id-NAI ] [ Subscription-Id-Private ] [ AVP ]
Subscription-Id-Extension ::= < AVP Header: 659 > [ Subscription-Id-E164 ] [ Subscription-Id-IMSI ] [ Subscription-Id-SIP-URI ] [ Subscription-Id-NAI ] [ Subscription-Id-Private ] [ AVP ]
The Subscription-Id-E164 AVP (AVP Code 660) is of type UTF8String. The Subscription-Id-E164 AVP contains the international E.164 format (e.g., MSISDN), according to the ITU-T E.164 numbering plan defined in [E164] and [CE164].
Subscription-Id-E164 AVP(AVP代码660)的类型为UTF8String。根据[E164]和[CE164]中定义的ITU-T E.164编号计划,Subscription-Id-E164 AVP包含国际E.164格式(如MSISDN)。
The Subscription-Id-IMSI AVP (AVP Code 661) is of type UTF8String. The Subscription-Id-IMSI AVP contains the IMSI format, according to the ITU-T E.212 identification plan as defined in [E212] and [CE212].
订阅Id IMSI AVP(AVP代码661)的类型为UTF8String。根据[E212]和[CE212]中定义的ITU-T E.212标识计划,订阅Id IMSI AVP包含IMSI格式。
The Subscription-Id-SIP-URI AVP (AVP Code 662) is of type UTF8String. The Subscription-Id-SIP-URI AVP contains the identifier in the form of a SIP URI, as defined in [RFC3261].
订阅Id SIP URI AVP(AVP代码662)的类型为UTF8String。订阅Id SIP URI AVP包含SIP URI形式的标识符,如[RFC3261]中所定义。
The Subscription-Id-NAI AVP (AVP Code 663) is of type UTF8String. The Subscription-Id-NAI AVP contains the identifier in the form of a Network Access Identifier, as defined in [RFC7542].
订阅Id NAI AVP(AVP代码663)的类型为UTF8String。订阅Id NAI AVP包含[RFC7542]中定义的网络访问标识符形式的标识符。
The Subscription-Id-Private AVP (AVP Code 664) is of type UTF8String. The Subscription-Id-Private AVP contains a credit-control server private identifier.
订阅Id Private AVP(AVP代码664)的类型为UTF8String。订阅Id Private AVP包含信用控制服务器专用标识符。
The Redirect-Server-Extension AVP (AVP Code 665) is of type Grouped and contains the address information of the redirect server (e.g., HTTP redirect server, SIP Server) with which the end user is to be connected when the account cannot cover the service cost. It MUST be present inside the QoS-Final-Unit-Indication AVP when the Final-Unit-Action AVP is set to REDIRECT. If the type of the redirect server is one of the enumerated values of the Redirect-Address-Type AVP, then the credit-control server SHOULD send the information in the Redirect-Server AVP, in addition to or instead of the Redirect-Server-Extension AVP. This is done in order to preserve backward compatibility with credit-control clients that support only [RFC4006]. Exactly one AVP MUST be included inside the Redirect-Server-Extension AVP.
重定向服务器扩展AVP(AVP代码665)属于分组类型,包含重定向服务器(例如HTTP重定向服务器、SIP服务器)的地址信息,当账户无法支付服务成本时,最终用户将与之连接。当最终单元动作AVP设置为重定向时,它必须出现在QoS最终单元指示AVP内。如果重定向服务器的类型是重定向地址类型AVP的枚举值之一,则信用控制服务器应在重定向服务器AVP中发送信息,附加或代替重定向服务器扩展AVP。这样做是为了保持与仅支持[RFC4006]的信用控制客户端的向后兼容性。重定向服务器扩展AVP中必须只包含一个AVP。
The Redirect-Server-Extension AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
重定向服务器扩展AVP的定义如下(根据[RFC6733]中定义的分组AVP def):
Redirect-Server-Extension ::= < AVP Header: 665 > [ Redirect-Address-IPAddress ] [ Redirect-Address-URL ] [ Redirect-Address-SIP-URI ] [ AVP ]
Redirect-Server-Extension ::= < AVP Header: 665 > [ Redirect-Address-IPAddress ] [ Redirect-Address-URL ] [ Redirect-Address-SIP-URI ] [ AVP ]
The Redirect-Address-IPAddress AVP (AVP Code 666) is of type Address and defines the IPv4 or IPv6 address of the redirect server with which the end user is to be connected when the account cannot cover the service cost.
重定向地址IPAddress AVP(AVP代码666)属于Address类型,定义了当帐户无法支付服务成本时,最终用户将与之连接的重定向服务器的IPv4或IPv6地址。
When encoded as an IPv6 address in 16 bytes, the IPv4-mapped IPv6 format [RFC4291] MAY be used to indicate an IPv4 address.
当以16字节编码为IPv6地址时,IPv4映射IPv6格式[RFC4291]可用于指示IPv4地址。
The interpretation of Redirect-Address-IPAddress by the Diameter Credit-Control client is a matter of local policy.
Diameter Credit Control客户端对重定向地址IPAddress的解释取决于本地政策。
The Redirect-Address-URL AVP (AVP Code 667) is of type UTF8String and defines the address of the redirect server with which the end user is to be connected when the account cannot cover the service cost. The address type is in the form of a Uniform Resource Locator, as defined in [RFC3986]. Note that individual URL schemes may restrict the contents of the UTF8String.
重定向地址URL AVP(AVP代码667)为UTF8String类型,定义了当账户无法支付服务成本时,最终用户将与之连接的重定向服务器的地址。地址类型采用统一资源定位器的形式,如[RFC3986]中所定义。请注意,单个URL方案可能会限制UTF8String的内容。
The Redirect-Address-SIP-URI AVP (AVP Code 668) is of type UTF8String and defines the address of the redirect server with which the end user is to be connected when the account cannot cover the service cost. The address type is in the form of a SIP Uniform Resource Identifier, as defined in [RFC3261].
重定向地址SIP URI AVP(AVP代码668)为UTF8String类型,定义了当帐户无法支付服务成本时,最终用户将与之连接的重定向服务器的地址。地址类型采用SIP统一资源标识符的形式,如[RFC3261]中所定义。
The QoS-Final-Unit-Indication AVP (AVP Code 669) is of type Grouped and indicates that the Granted-Service-Unit AVP in the Credit-Control-Answer or in the AA-Answer contains the final units for the service. After these units have expired, the Diameter Credit-Control client is responsible for executing the action indicated in the Final-Unit-Action AVP (see Section 5.6).
QoS最终单元指示AVP(AVP代码669)属于分组类型,并指示信用控制应答或AA应答中的授权服务单元AVP包含服务的最终单元。在这些单位到期后,Diameter信贷控制客户负责执行最终单位行动AVP中规定的行动(见第5.6节)。
If more than one unit type is received in the Credit-Control-Answer, the unit type that first expired SHOULD cause the credit-control client to execute the specified action.
如果在信用控制应答中收到多个单位类型,则第一个过期的单位类型应导致信用控制客户端执行指定的操作。
In the first interrogation, the QoS-Final-Unit-Indication AVP with Final-Unit-Action set to REDIRECT or RESTRICT_ACCESS can also be present with no Granted-Service-Unit AVP in the Credit-Control-Answer or in the AA-Answer. This indicates to the Diameter Credit-Control client that the client is to execute the specified action
在第一次询问中,QoS最终单元指示AVP(其最终单元操作设置为重定向或限制_访问)也可以在信用控制应答或AA应答中没有授权服务单元AVP的情况下出现。这向Diameter Credit Control客户端指示客户端将执行指定的操作
immediately. If the home service provider policy is to terminate the service, naturally, the server SHOULD return the appropriate transient failure (see Section 9.1) in order to implement the policy-defined action.
立即如果家庭服务提供商的策略是终止服务,那么服务器自然应该返回相应的瞬时故障(参见第9.1节),以便执行策略定义的操作。
The Final-Unit-Action AVP defines the behavior of the Service Element when the user's account cannot cover the cost of the service and MUST always be present if the QoS-Final-Unit-Indication AVP is included in a command.
最终单元动作AVP定义了当用户帐户无法支付服务成本时服务元素的行为,并且如果QoS最终单元指示AVP包含在命令中,则必须始终存在。
If the Final-Unit-Action AVP is set to TERMINATE, the QoS-Final-Unit-Indication group AVP MUST NOT contain any other AVPs.
如果最终单元动作AVP设置为终止,则QoS最终单元指示组AVP不得包含任何其他AVP。
If the Final-Unit-Action AVP is set to REDIRECT, then the Redirect-Server-Extension AVP MUST be present. The Filter-Rule AVP or the Filter-Id AVP MAY be present in the Credit-Control-Answer message if the user is also allowed to access other services that are not accessible through the address given in the Redirect-Server-Extension AVP or if access to these services needs to be limited in some way (e.g., QoS).
如果最终单元操作AVP设置为重定向,则必须存在重定向服务器扩展AVP。如果还允许用户访问通过重定向服务器扩展AVP中给定的地址无法访问的其他服务,或者如果需要以某种方式(例如,QoS)限制对这些服务的访问,则过滤规则AVP或过滤Id AVP可以出现在信用控制应答消息中。
If the Final-Unit-Action AVP is set to RESTRICT_ACCESS, either the Filter-Rule AVP or the Filter-Id AVP SHOULD be present.
如果最终单元动作AVP设置为限制访问,则应显示过滤规则AVP或过滤Id AVP。
The Filter-Rule AVP is defined in [RFC5777]. The Filter-Rule AVP can be used to define a specific combination of a condition and an action. If used only with traffic conditions, it should define which traffic should be allowed when no more service units are granted. However, if QoS or treatment information exists in the AVP, these actions should be executed, e.g., limiting the allowed traffic with certain QoS information. When multiple Filter-Rule AVPs exist, precedence should be determined as defined in [RFC5777].
过滤规则AVP在[RFC5777]中定义。过滤规则AVP可用于定义条件和操作的特定组合。如果仅用于交通条件,则应定义在不授予更多服务单元时应允许的交通。但是,如果AVP中存在QoS或治疗信息,则应执行这些操作,例如,使用某些QoS信息限制允许的流量。当存在多个过滤规则AVP时,应按照[RFC5777]中的定义确定优先级。
The Filter-Id AVP is defined in [RFC7155]. The Filter-Id AVP can be used to reference an IP filter list installed in the access device by means other than the Diameter Credit-Control application, e.g., locally configured or configured by another entity.
过滤器Id AVP在[RFC7155]中定义。过滤器Id AVP可用于通过Diameter信用控制应用程序以外的方式(例如,本地配置或由另一实体配置)来引用接入设备中安装的IP过滤器列表。
If the Final-Unit-Action AVP is (1) set to TERMINATE, (2) set to RESTRICT_ACCESS and the action required is to allow only traffic that could be classified using an IPFilterRule, or (3) set to REDIRECT using a type that is one of the types in the Redirect-Address-Type AVP, then the credit-control server SHOULD send the information in the Final-Unit-Indication AVP, in addition to or instead of the QoS-Final-Unit-Indication AVP. This is done in order to preserve backward compatibility with credit-control clients that support only [RFC4006].
如果最终单元操作AVP(1)设置为终止,(2)设置为限制_访问,且所需操作仅允许可使用IPFilterRule分类的流量,或(3)设置为使用重定向地址类型AVP中的类型之一进行重定向,然后,信用控制服务器应在QoS最终单元指示AVP之外或代替QoS最终单元指示AVP发送最终单元指示AVP中的信息。这样做是为了保持与仅支持[RFC4006]的信用控制客户端的向后兼容性。
The QoS-Final-Unit-Indication AVP is defined as follows (per grouped-avp-def as defined in [RFC6733]):
QoS最终单元指示AVP定义如下(根据[RFC6733]中定义的分组AVP定义):
QoS-Final-Unit-Indication ::= < AVP Header: 669 > { Final-Unit-Action } *[ Filter-Rule ] *[ Filter-Id ] [ Redirect-Server-Extension ] *[ AVP ]
QoS-Final-Unit-Indication ::= < AVP Header: 669 > { Final-Unit-Action } *[ Filter-Rule ] *[ Filter-Id ] [ Redirect-Server-Extension ] *[ AVP ]
This section defines new Result-Code AVP [RFC6733] values that must be supported by all Diameter implementations that conform to this specification.
本节定义了新的结果代码AVP[RFC6733]值,符合本规范的所有Diameter实现必须支持这些值。
The Credit-Control-Answer message includes the Result-Code AVP, which may indicate that an error was present in the Credit-Control-Request message. A rejected Credit-Control-Request message SHOULD cause the user's session to be terminated.
信用控制应答消息包括结果代码AVP,这可能表明信用控制请求消息中存在错误。被拒绝的信用控制请求消息应导致用户会话终止。
Errors that fall within the category of transient failures are used to inform the peer that the request could not be satisfied at the time it was received but that the request MAY be able to be satisfied in the future.
属于瞬时故障类别的错误用于通知对等方在收到请求时无法满足请求,但将来可能能够满足请求。
DIAMETER_END_USER_SERVICE_DENIED 4010
直径\终端\用户\服务\拒绝4010
The credit-control server denies the service request due to service restrictions. If the CCR contained used service units, they are deducted, if possible.
由于服务限制,信用控制服务器拒绝服务请求。如果CCR包含使用过的服务单元,则在可能的情况下扣除。
DIAMETER_CREDIT_CONTROL_NOT_APPLICABLE 4011
直径\信用\控制\不适用4011
The credit-control server determines that the service can be granted to the end user but that no further credit-control is needed for the service (e.g., the service is free of charge).
信用控制服务器确定该服务可以授予最终用户,但该服务不需要进一步的信用控制(例如,该服务是免费的)。
DIAMETER_CREDIT_LIMIT_REACHED 4012
直径\信用\限额\达到4012
The credit-control server denies the service request because the end user's account could not cover the requested service. If the CCR contained used service units, they are deducted, if possible.
信用控制服务器拒绝服务请求,因为最终用户的帐户无法覆盖请求的服务。如果CCR包含使用过的服务单元,则在可能的情况下扣除。
Errors that fall within the category of permanent failures are used to inform the peer that the request failed and should not be attempted again.
属于永久性失败类别的错误用于通知对等方请求失败,不应再次尝试。
DIAMETER_USER_UNKNOWN 5030
直径\用户\未知5030
The specified end user is unknown in the credit-control server.
信用控制服务器中指定的最终用户未知。
DIAMETER_RATING_FAILED 5031
直径\u额定值\u失败5031
This error code is used to inform the credit-control client that the credit-control server cannot rate the service request due to insufficient rating input, an incorrect AVP combination, or an AVP or AVP value that is not recognized or supported in the rating. The Failed-AVP AVP MUST be included and contain (1) a copy of the entire AVP or AVPs that could not be processed successfully or (2) an example of the missing AVP, complete with the Vendor-Id if applicable. The value field of the missing AVP should be of correct minimum length and contain zeros.
此错误代码用于通知信用控制客户端,由于评级输入不足、AVP组合不正确或评级中未识别或支持的AVP或AVP值,信用控制服务器无法对服务请求进行评级。必须包括失败的AVP AVP,并包含(1)无法成功处理的整个AVP或AVP的副本,或(2)缺失AVP的示例,如果适用,请填写供应商Id。缺失AVP的值字段应具有正确的最小长度并包含零。
The table in Section 10.1 presents the AVPs defined in this document and specifies in which Diameter messages they MAY or MUST NOT be present. Note that AVPs that can only be present within a Grouped AVP are not represented in the table.
第10.1节中的表格给出了本文件中定义的AVP,并规定了它们可能存在或不存在的Diameter消息。请注意,表中未显示只能出现在分组AVP中的AVP。
The table uses the following symbols:
该表使用以下符号:
0 The AVP MUST NOT be present in the message. 0+ Zero or more instances of the AVP MAY be present in the message. 0-1 Zero or one instance of the AVP MAY be present in the message. It is considered an error if there is more than one instance of the AVP. 1 One instance of the AVP MUST be present in the message.
0消息中不得出现AVP。消息中可能存在0+零个或多个AVP实例。0-1消息中可能存在零个或一个AVP实例。如果AVP有多个实例,则视为错误。1消息中必须有一个AVP实例。
The table in this section is used to represent which credit-control application-specific AVPs defined in this document are to be present in the credit-control messages.
本节中的表格用于表示本文档中定义的信贷控制应用程序特定AVP将出现在信贷控制消息中。
+-----------+ | Command | | Code | |-----+-----+ Attribute Name | CCR | CCA | ----------------------------------|-----+-----+ Acct-Multi-Session-Id | 0-1 | 0-1 | Auth-Application-Id | 1 | 1 | CC-Correlation-Id | 0-1 | 0 | CC-Session-Failover | 0 | 0-1 | CC-Request-Number | 1 | 1 | CC-Request-Type | 1 | 1 | CC-Sub-Session-Id | 0-1 | 0-1 | Check-Balance-Result | 0 | 0-1 | Cost-Information | 0 | 0-1 | Credit-Control-Failure-Handling | 0 | 0-1 | Destination-Host | 0-1 | 0 | Destination-Realm | 1 | 0 | Direct-Debiting-Failure-Handling | 0 | 0-1 | Event-Timestamp | 0-1 | 0-1 | Failed-AVP | 0 | 0+ | Final-Unit-Indication | 0 | 0-1 | QoS-Final-Unit-Indication | 0 | 0-1 | Granted-Service-Unit | 0 | 0-1 | Multiple-Services-Credit-Control | 0+ | 0+ | Multiple-Services-Indicator | 0-1 | 0 | Origin-Host | 1 | 1 | Origin-Realm | 1 | 1 | Origin-State-Id | 0-1 | 0-1 | Proxy-Info | 0+ | 0+ | Redirect-Host | 0 | 0+ | Redirect-Host-Usage | 0 | 0-1 | Redirect-Max-Cache-Time | 0 | 0-1 | Requested-Action | 0-1 | 0 | Requested-Service-Unit | 0-1 | 0 | Route-Record | 0+ | 0+ | Result-Code | 0 | 1 | Service-Context-Id | 1 | 0 | Service-Identifier | 0-1 | 0 | Service-Parameter-Info | 0+ | 0 | Session-Id | 1 | 1 | Subscription-Id | 0+ | 0 |
+-----------+ | Command | | Code | |-----+-----+ Attribute Name | CCR | CCA | ----------------------------------|-----+-----+ Acct-Multi-Session-Id | 0-1 | 0-1 | Auth-Application-Id | 1 | 1 | CC-Correlation-Id | 0-1 | 0 | CC-Session-Failover | 0 | 0-1 | CC-Request-Number | 1 | 1 | CC-Request-Type | 1 | 1 | CC-Sub-Session-Id | 0-1 | 0-1 | Check-Balance-Result | 0 | 0-1 | Cost-Information | 0 | 0-1 | Credit-Control-Failure-Handling | 0 | 0-1 | Destination-Host | 0-1 | 0 | Destination-Realm | 1 | 0 | Direct-Debiting-Failure-Handling | 0 | 0-1 | Event-Timestamp | 0-1 | 0-1 | Failed-AVP | 0 | 0+ | Final-Unit-Indication | 0 | 0-1 | QoS-Final-Unit-Indication | 0 | 0-1 | Granted-Service-Unit | 0 | 0-1 | Multiple-Services-Credit-Control | 0+ | 0+ | Multiple-Services-Indicator | 0-1 | 0 | Origin-Host | 1 | 1 | Origin-Realm | 1 | 1 | Origin-State-Id | 0-1 | 0-1 | Proxy-Info | 0+ | 0+ | Redirect-Host | 0 | 0+ | Redirect-Host-Usage | 0 | 0-1 | Redirect-Max-Cache-Time | 0 | 0-1 | Requested-Action | 0-1 | 0 | Requested-Service-Unit | 0-1 | 0 | Route-Record | 0+ | 0+ | Result-Code | 0 | 1 | Service-Context-Id | 1 | 0 | Service-Identifier | 0-1 | 0 | Service-Parameter-Info | 0+ | 0 | Session-Id | 1 | 1 | Subscription-Id | 0+ | 0 |
Subscription-Id-Extension | 0+ | 0 | Termination-Cause | 0-1 | 0 | User-Equipment-Info | 0-1 | 0 | User-Equipment-Info-Extension | 0-1 | 0 | Used-Service-Unit | 0+ | 0 | User-Name | 0-1 | 0-1 | Validity-Time | 0 | 0-1 | ----------------------------------|-----+-----+
Subscription-Id-Extension | 0+ | 0 | Termination-Cause | 0-1 | 0 | User-Equipment-Info | 0-1 | 0 | User-Equipment-Info-Extension | 0-1 | 0 | Used-Service-Unit | 0+ | 0 | User-Name | 0-1 | 0-1 | Validity-Time | 0 | 0-1 | ----------------------------------|-----+-----+
This section defines AVPs that are specific to the Diameter Credit-Control application and that MAY be included in the Diameter Re-Auth-Request/Re-Auth-Answer (RAR/RAA) message [RFC6733].
本节定义了特定于Diameter信用控制应用程序的AVP,这些AVP可能包含在Diameter重新验证请求/重新验证应答(RAR/RAA)消息[RFC6733]中。
The RAR/RAA command MAY include the following additional AVPs:
RAR/RAA命令可能包括以下附加AVP:
+---------------+ | Command Code | |-------+-------+ Attribute Name | RAR | RAA | ------------------------------+-------+-------+ CC-Sub-Session-Id | 0-1 | 0-1 | G-S-U-Pool-Identifier | 0-1 | 0-1 | Service-Identifier | 0-1 | 0-1 | Rating-Group | 0-1 | 0-1 | ------------------------------+-------+-------+
+---------------+ | Command Code | |-------+-------+ Attribute Name | RAR | RAA | ------------------------------+-------+-------+ CC-Sub-Session-Id | 0-1 | 0-1 | G-S-U-Pool-Identifier | 0-1 | 0-1 | Service-Identifier | 0-1 | 0-1 | Rating-Group | 0-1 | 0-1 | ------------------------------+-------+-------+
This section defines the basic principles for the Diameter Credit-Control / RADIUS prepaid interworking model -- that is, a message translation between a RADIUS-based prepaid solution and a Diameter Credit-Control application. A complete description of the protocol translations between RADIUS and the Diameter Credit-Control application is beyond the scope of this specification and SHOULD be addressed in another appropriate document.
本节定义了Diameter信用控制/RADIUS预付费互通模型的基本原则,即基于RADIUS的预付费解决方案与Diameter信用控制应用程序之间的消息转换。RADIUS和Diameter信用控制应用程序之间协议转换的完整描述超出了本规范的范围,应在另一份适当的文件中予以说明。
The Diameter Credit-Control architecture may have a Translation Agent capable of translation between RADIUS prepaid and Diameter Credit-Control protocols. A AAA server (usually the home AAA server) may act as a Translation Agent and as a Diameter Credit-Control client for Service Elements that use credit-control mechanisms other than Diameter Credit-Control -- for instance, RADIUS prepaid. In this case, the home AAA server contacts the Diameter Credit-Control server as part of the authorization process. The interworking architecture is illustrated in Figure 9, and an interworking flow is illustrated in Figure 10. In a roaming situation, the Service
Diameter信用控制体系结构可以具有能够在RADIUS预付费协议和Diameter信用控制协议之间进行转换的转换代理。AAA服务器(通常是家庭AAA服务器)可以充当翻译代理和Diameter信用控制客户端,用于使用除Diameter信用控制之外的信用控制机制的服务元素,例如RADIUS预付费。在这种情况下,家庭AAA服务器作为授权过程的一部分与Diameter信用控制服务器联系。图9说明了互通体系结构,图10说明了互通流程。在漫游情况下,服务
Element (e.g., the NAS) may be located in the visited network, and a visited AAA server is usually contacted. The visited AAA server then connects to the home AAA server.
元件(例如,NAS)可能位于访问的网络中,并且通常会联系访问的AAA服务器。然后,访问的AAA服务器连接到家庭AAA服务器。
RADIUS Prepaid +--------+ +---------+ Protocol +------------+ +--------+ | End |<----->| Service |<---------->| Home AAA | |Business| | User | | Element | | Server | |Support | +--------+ +-->| | |+----------+|->|System | | +---------+ ||CC Client || | | | |+----------+| | | +--------+ | +------^-----+ +----^---+ | End |<--+ Credit-Control | | | User | Protocol | | +--------+ +-------V--------+ | |Credit-Control |----+ | Server | +----------------+
RADIUS Prepaid +--------+ +---------+ Protocol +------------+ +--------+ | End |<----->| Service |<---------->| Home AAA | |Business| | User | | Element | | Server | |Support | +--------+ +-->| | |+----------+|->|System | | +---------+ ||CC Client || | | | |+----------+| | | +--------+ | +------^-----+ +----^---+ | End |<--+ Credit-Control | | | User | Protocol | | +--------+ +-------V--------+ | |Credit-Control |----+ | Server | +----------------+
Figure 9: Credit-Control Architecture with Service Element Containing Translation Agent, Translating RADIUS Prepaid to Diameter Credit-Control Protocol
图9:包含翻译代理的服务元素的信用控制体系结构,将RADIUS预付费翻译为Diameter信用控制协议
When the AAA server acting as a Translation Agent receives an initial RADIUS Access-Request message from a Service Element (e.g., NAS access), it performs regular authentication and authorization. If the RADIUS Access-Request message indicates that the Service Element is capable of credit-control and if the home AAA server finds that the subscriber is a prepaid subscriber, then a Diameter Credit-Control-Request SHOULD be sent toward the credit-control server to perform credit authorization and to establish a credit-control session. After the Diameter Credit-Control server checks the end user's account balance, rates the service, and reserves credit from the end user's account, the reserved quota is returned to the home AAA server in the Diameter Credit-Control-Answer. The home AAA server then sends the reserved quota to the Service Element in the RADIUS Access-Accept.
当充当翻译代理的AAA服务器从服务元素(例如NAS访问)接收到初始RADIUS访问请求消息时,它将执行常规身份验证和授权。如果RADIUS访问请求消息指示服务元素能够进行信用控制,并且如果家庭AAA服务器发现订户是预付费订户,则应向信用控制服务器发送Diameter信用控制请求,以执行信用授权并建立信用控制会话。Diameter信用控制服务器检查最终用户的帐户余额、对服务进行评级并保留最终用户帐户的信用后,保留的配额将在Diameter信用控制应答中返回给家庭AAA服务器。然后,家庭AAA服务器将保留配额发送到RADIUS Access Accept中的服务元素。
At the expiry of the allocated quota, the Service Element sends a new RADIUS Access-Request containing the units used thus far to the home AAA server. The home AAA server shall map a RADIUS Access-Request containing the reported units to the Diameter Credit-Control server in a Diameter Credit-Control-Request (UPDATE_REQUEST). The Diameter Credit-Control server debits the used units from the end user's account and allocates a new quota that is returned to the home AAA server in the Diameter Credit-Control-Answer. The quota is transferred to the Service Element in the RADIUS Access-Accept. When the end user terminates the service or when the entire quota has been
在分配的配额到期时,服务元素向家庭AAA服务器发送一个新的RADIUS访问请求,其中包含迄今为止使用的单元。家庭AAA服务器应在Diameter信用控制请求(更新请求)中将包含报告单位的RADIUS访问请求映射到Diameter信用控制服务器。Diameter信用控制服务器从最终用户的帐户中借记使用的单位,并分配一个新配额,该配额在Diameter信用控制应答中返回给家庭AAA服务器。配额被传输到RADIUS Access Accept中的服务元素。当最终用户终止服务时,或当整个配额已被取消时
used, the Service Element sends a RADIUS Access-Request. To debit the used units from the end user's account and to stop the credit-control session, the home AAA server sends a Diameter Credit-Control-Request (TERMINATION_REQUEST) to the credit-control server. The Diameter Credit-Control server acknowledges the session termination by sending a Diameter Credit-Control-Answer to the home AAA server. The RADIUS Access-Accept is sent to the NAS.
使用时,服务元素发送RADIUS访问请求。为了从最终用户的帐户中借记已用单位并停止信用控制会话,家庭AAA服务器向信用控制服务器发送Diameter信用控制请求(终止请求)。Diameter信用控制服务器通过向家庭AAA服务器发送Diameter信用控制应答来确认会话终止。RADIUS访问接受被发送到NAS。
Figure 10 illustrates a Diameter Credit-Control / RADIUS prepaid interworking sequence.
图10说明了Diameter信用控制/RADIUS预付费互通序列。
Service Element Translation Agent (e.g., NAS) (CC Client) CC Server | Access-Request | | |----------------------->| | | | CCR (Initial) | | |----------------------->| | | CCA (Granted-Units) | | |<-----------------------| | Access-Accept | | | (Granted-Units) | | |<-----------------------| | : : : | Access-Request | | | (Used-Units) | | |----------------------->| | | | CCR (Update, | | | Used-Units) | | |----------------------->| | | CCA (Granted-Units) | | |<-----------------------| | Access-Accept | | | (Granted-Units) | | |<-----------------------| | : : : | Access-Request | | |----------------------->| | | | CCR (Terminate, | | | Used-Units) | | |----------------------->| | | CCA | | |<-----------------------| | Access-Accept | | |<-----------------------| | | | |
Service Element Translation Agent (e.g., NAS) (CC Client) CC Server | Access-Request | | |----------------------->| | | | CCR (Initial) | | |----------------------->| | | CCA (Granted-Units) | | |<-----------------------| | Access-Accept | | | (Granted-Units) | | |<-----------------------| | : : : | Access-Request | | | (Used-Units) | | |----------------------->| | | | CCR (Update, | | | Used-Units) | | |----------------------->| | | CCA (Granted-Units) | | |<-----------------------| | Access-Accept | | | (Granted-Units) | | |<-----------------------| | : : : | Access-Request | | |----------------------->| | | | CCR (Terminate, | | | Used-Units) | | |----------------------->| | | CCA | | |<-----------------------| | Access-Accept | | |<-----------------------| | | | |
Figure 10: Message Flow Example with Diameter Credit-Control / RADIUS Prepaid Interworking
图10:Diameter信用控制/RADIUS预付费互通的消息流示例
This document uses several registries that were originally created in [RFC4006] or the values assigned to existing namespaces managed by IANA. IANA has updated these registries to reference this document. The registries and their allocation policies are specified below.
本文档使用了几个最初在[RFC4006]中创建的注册表或分配给IANA管理的现有名称空间的值。IANA已更新这些登记册以引用本文件。下面指定了注册表及其分配策略。
This specification assigns the value 4, "Diameter Credit Control", to the "Application IDs" namespace defined in [RFC6733]. See Section 1.3 for more information.
本规范将值4“直径信用控制”分配给[RFC6733]中定义的“应用程序ID”命名空间。详见第1.3节。
This specification uses the value 272 from the "Command Codes" namespace defined in [RFC6733] for the Credit-Control-Request (CCR) and Credit-Control-Answer (CCA) commands.
本规范将[RFC6733]中定义的“命令代码”命名空间中的值272用于信用控制请求(CCR)和信用控制应答(CCA)命令。
See Section 8 for the assignments in this specification.
有关本规范中的作业,请参见第8节。
This document describes new AVP codes beyond those described in [RFC4006]. IANA has allocated codes for the AVPs listed in Table 7.
本文件描述了[RFC4006]中所述之外的新AVP代码。IANA已为表7中列出的AVP分配了代码。
+-----------------------------------+------+--------------+ | Attribute Name | Code | Defined in | +-----------------------------------+------+--------------+ | User-Equipment-Info-Extension | 653 | Section 8.52 | | User-Equipment-Info-IMEISV | 654 | Section 8.53 | | User-Equipment-Info-MAC | 655 | Section 8.54 | | User-Equipment-Info-EUI64 | 656 | Section 8.55 | | User-Equipment-Info-ModifiedEUI64 | 657 | Section 8.56 | | User-Equipment-Info-IMEI | 658 | Section 8.57 | | Subscription-Id-Extension | 659 | Section 8.58 | | Subscription-Id-E164 | 660 | Section 8.59 | | Subscription-Id-IMSI | 661 | Section 8.60 | | Subscription-Id-SIP-URI | 662 | Section 8.61 | | Subscription-Id-NAI | 663 | Section 8.62 | | Subscription-Id-Private | 664 | Section 8.63 | | Redirect-Server-Extension | 665 | Section 8.64 | | Redirect-Address-IPAddress | 666 | Section 8.65 | | Redirect-Address-URL | 667 | Section 8.66 | | Redirect-Address-SIP-URI | 668 | Section 8.67 | | QoS-Final-Unit-Indication | 669 | Section 8.68 | +-----------------------------------+------+--------------+
+-----------------------------------+------+--------------+ | Attribute Name | Code | Defined in | +-----------------------------------+------+--------------+ | User-Equipment-Info-Extension | 653 | Section 8.52 | | User-Equipment-Info-IMEISV | 654 | Section 8.53 | | User-Equipment-Info-MAC | 655 | Section 8.54 | | User-Equipment-Info-EUI64 | 656 | Section 8.55 | | User-Equipment-Info-ModifiedEUI64 | 657 | Section 8.56 | | User-Equipment-Info-IMEI | 658 | Section 8.57 | | Subscription-Id-Extension | 659 | Section 8.58 | | Subscription-Id-E164 | 660 | Section 8.59 | | Subscription-Id-IMSI | 661 | Section 8.60 | | Subscription-Id-SIP-URI | 662 | Section 8.61 | | Subscription-Id-NAI | 663 | Section 8.62 | | Subscription-Id-Private | 664 | Section 8.63 | | Redirect-Server-Extension | 665 | Section 8.64 | | Redirect-Address-IPAddress | 666 | Section 8.65 | | Redirect-Address-URL | 667 | Section 8.66 | | Redirect-Address-SIP-URI | 668 | Section 8.67 | | QoS-Final-Unit-Indication | 669 | Section 8.68 | +-----------------------------------+------+--------------+
Table 7: Requested AVP Assignments
表7:请求的AVP分配
This specification assigns the values 4010, 4011, and 4012 in the "Result-Code AVP Values (code 268) - Transient Failures" namespace and values 5030 and 5031 in the "Result-Code AVP Values (code 268) - Permanent Failure" namespace, both of which were defined by [RFC6733]. See Section 9 for the assignments in this specification.
本规范指定了“结果代码AVP值(代码268)-瞬时故障”命名空间中的值4010、4011和4012,以及“结果代码AVP值(代码268)-永久故障”命名空间中的值5030和5031,两者均由[RFC6733]定义。有关本规范中的分配,请参见第9节。
As defined in Section 8.3, the CC-Request-Type AVP includes Enumerated type values 1-4. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.3节所定义,CC请求类型AVP包括枚举类型值1-4。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.4, the CC-Session-Failover AVP includes Enumerated type values 0-1. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.4节所定义,CC会话故障转移AVP包括枚举类型值0-1。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.32, the CC-Unit-Type AVP includes Enumerated type values 0-5. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.32节所定义,CC装置类型AVP包括枚举类型值0-5。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.6, the Check-Balance-Result AVP includes Enumerated type values 0-1. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.6节所定义,校验平衡结果AVP包括枚举类型值0-1。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.13, the Credit-Control AVP includes Enumerated type values 0-1. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.13节所定义,信贷控制AVP包括枚举类型值0-1。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.14, the Credit-Control-Failure-Handling AVP includes Enumerated type values 0-2. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.14节所定义,信用控制故障处理AVP包括枚举类型值0-2。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.15, the Direct-Debiting-Failure-Handling AVP includes Enumerated type values 0-1. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.15节所定义,直接借记故障处理AVP包括枚举类型值0-1。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.35, the Final-Unit-Action AVP includes Enumerated type values 0-2. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.35节所定义,最终单元动作AVP包括枚举类型值0-2。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.40, the Multiple-Services-Indicator AVP includes Enumerated type values 0-1. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.40节所定义,多服务指标AVP包括枚举类型值0-1。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.38, the Redirect-Address-Type AVP includes Enumerated type values 0-3. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.38节所定义,重定向地址类型AVP包括枚举类型值0-3。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.41, the Requested-Action AVP includes Enumerated type values 0-3. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.41节所述,请求的动作AVP包括枚举类型值0-3。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.47, the Subscription-Id-Type AVP includes Enumerated type values 0-4. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.47节所定义,订阅Id类型AVP包括枚举类型值0-4。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.27, the Tariff-Change-Usage AVP includes Enumerated type values 0-2. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.27节所定义,电价变化使用AVP包括枚举类型值0-2。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
As defined in Section 8.50, the User-Equipment-Info-Type AVP includes Enumerated type values 0-3. IANA has created and is maintaining a namespace for this AVP. The definition of new values is subject to the Specification Required policy [RFC8126] and conditions for enumerated values described in [RFC7423], Section 5.6.
如第8.50节所定义,用户设备信息类型AVP包括枚举类型值0-3。IANA已创建并正在维护此AVP的命名空间。新值的定义应符合规范要求的政策[RFC8126]和[RFC7423]第5.6节中所述的枚举值条件。
Tx timer
发送计时器
When real-time credit-control is required, the credit-control client contacts the credit-control server before and while the service is provided to an end user. Due to the real-time nature of the application, communication delays SHOULD be minimized, e.g., to avoid an overly long service setup time experienced by the end user. The Tx timer is introduced to control the waiting time in the client in the Pending state. When the Tx timer elapses, the credit-control client takes action for the end user according to the value of the CCFH or the DDFH. The recommended value is 10 seconds.
当需要实时信用控制时,信用控制客户端在向最终用户提供服务之前和期间联系信用控制服务器。由于应用程序的实时性,应尽量减少通信延迟,例如,避免最终用户经历过长的服务设置时间。Tx定时器用于控制处于挂起状态的客户端中的等待时间。当Tx计时器过期时,信用控制客户端根据CCFH或DDFH的值为最终用户采取操作。建议值为10秒。
Tcc timer
变矩器离合器定时器
The Tcc timer supervises an ongoing credit-control session in the credit-control server. It is RECOMMENDED to use the Validity-Time as input to set the Tcc timer value. In the case of transient failures in the network, the Diameter Credit-Control server might change to Idle state. To avoid this, the Tcc timer MAY be set so that Tcc is equal to 2 x Validity-Time.
Tcc计时器监控信用控制服务器中正在进行的信用控制会话。建议使用有效时间作为输入来设置Tcc定时器值。在网络出现暂时故障的情况下,Diameter Credit Control服务器可能会变为空闲状态。为避免这种情况,可设置变矩器离合器定时器,使变矩器离合器等于2倍有效时间。
Credit-Control-Failure-Handling and Direct-Debiting-Failure-Handling
信用控制失败处理和直接借记失败处理
Client implementations may offer the possibility of locally configuring these AVPs. In such a case, their values and behavior are defined in Sections 5.7 and 6.5, respectively.
客户端实现可能提供本地配置这些AVP的可能性。在这种情况下,其值和行为分别在第5.7节和第6.5节中定义。
Security considerations regarding the Diameter protocol itself are discussed in [RFC6733]. The use of this application of Diameter MUST take into consideration the security issues and requirements of the base protocol.
[RFC6733]中讨论了有关Diameter协议本身的安全注意事项。Diameter应用程序的使用必须考虑基本协议的安全问题和要求。
This application includes a mechanism for application-layer replay protection by means of (1) the Session-Id AVP as specified in [RFC6733] and (2) the CC-Request-Number AVP, which is specified in this document. The Diameter Credit-Control application is often used within one domain, and there may be a single hop between the peers. In these environments, the use of TLS/TCP, DTLS/SCTP (Datagram Transport Layer Security / Stream Control Transmission Protocol), or IPsec is sufficient. The details of security considerations related to TLS/TCP, DTLS/SCTP, and IPsec are discussed in [RFC6733].
该应用程序包括一种应用层重播保护机制,通过(1)RFC6733中规定的会话Id AVP和(2)本文件中规定的CC请求号AVP实现。Diameter信用控制应用程序通常在一个域内使用,对等点之间可能存在单跳。在这些环境中,使用TLS/TCP、DTLS/SCTP(数据报传输层安全/流控制传输协议)或IPsec就足够了。[RFC6733]中讨论了与TLS/TCP、DTLS/SCTP和IPsec相关的安全注意事项的详细信息。
Because this application handles monetary transactions (directly or indirectly), it increases interest in various security attacks. Therefore, all parties communicating with each other MUST be authenticated, including, for instance, TLS client-side authentication. In addition, authorization of the client SHOULD be emphasized, i.e., that the client is allowed to perform credit-control for a certain user. The specific means of authorization are outside the scope of this specification but can be, for instance, manual configuration.
由于此应用程序(直接或间接)处理货币交易,因此增加了对各种安全攻击的兴趣。因此,必须对相互通信的所有各方进行身份验证,例如,包括TLS客户端身份验证。此外,应强调客户的授权,即允许客户对某个用户进行信用控制。具体的授权方式不在本规范的范围内,但可以是手动配置。
Another kind of threat is malicious modification, injection, or deletion of AVPs or complete credit-control messages. The credit-control messages contain sensitive billing-related information (such as subscription identifiers, granted units, used units, or cost information) whose malicious modification can have financial consequences. Sometimes simply delaying the credit-control messages can cause disturbances in the credit-control client or server.
另一种威胁是恶意修改、注入或删除AVP或完整的信用控制消息。信用控制消息包含与计费相关的敏感信息(如订阅标识符、授予的单位、使用的单位或成本信息),其恶意修改可能会产生财务后果。有时,简单地延迟信用控制消息可能会在信用控制客户端或服务器中造成干扰。
Even without any modifications to the messages, an adversary that can eavesdrop on transactions can obtain privacy-sensitive information. Also, by monitoring the credit-control messages, one can collect information about the credit-control server's billing models and business relationships.
即使不修改消息,可以窃听交易的对手也可以获得隐私敏感信息。此外,通过监视信用控制消息,可以收集有关信用控制服务器的计费模型和业务关系的信息。
When third-party relays or proxies are involved, hop-by-hop security does not necessarily provide sufficient protection for Diameter user sessions. In some cases, it may be inappropriate to send Diameter messages, such as CCR messages and CCA messages, containing sensitive AVPs via untrusted Diameter proxy agents, as there are no assurances that third-party proxies will not modify the credit-control commands or AVP values.
当涉及第三方中继或代理时,逐跳安全性不一定为Diameter用户会话提供足够的保护。在某些情况下,可能不适合通过不受信任的Diameter代理发送包含敏感AVP的Diameter消息,如CCR消息和CCA消息,因为无法保证第三方代理不会修改信用控制命令或AVP值。
A Diameter Credit-Control agent cannot always know whether agents between it and the end user's Diameter Credit-Control server are reliable. In this case, the Diameter Credit-Control agent doesn't have a routing entry in its Diameter routing table (defined in [RFC6733], Section 2.7) for the realm of the credit-control server in the end user's home realm. The Diameter Credit-Control agent can have a default route configured to a local redirect agent, and it redirects the CCR message to the redirect agent. The local redirect agent then returns a redirect notification (Result-Code 3006, DIAMETER_REDIRECT_INDICATION) to the credit-control agent, as well as information about the Diameter Credit-Control server(s) (Redirect-Host AVP) and information about how the routing entry resulting from the Redirect-Host is to be used (Redirect-Host-Usage AVP). The Diameter Credit-Control agent then forwards the CCR message directly
Diameter信用控制代理无法始终知道它与最终用户的Diameter信用控制服务器之间的代理是否可靠。在这种情况下,Diameter信用控制代理在其Diameter路由表(在[RFC6733]第2.7节中定义)中没有最终用户主域中信用控制服务器域的路由条目。Diameter信用控制代理可以将默认路由配置为本地重定向代理,并将CCR消息重定向到重定向代理。本地重定向代理然后向信用控制代理返回重定向通知(结果代码3006,DIAMETER\u redirect\u指示),以及关于DIAMETER信用控制服务器的信息(重定向主机AVP)和关于如何使用重定向主机产生的路由条目的信息(重定向主机使用AVP)。然后,Diameter信用控制代理直接转发CCR消息
to one of the hosts identified by the CCA message from the redirect agent. If the value of the Redirect-Host-Usage AVP does not equal zero, all subsequent messages are sent to the host specified in the Redirect-Host AVP until the time specified by the Redirect-Max-Cache-Time AVP has expired.
到由来自重定向代理的CCA消息标识的主机之一。如果重定向主机使用AVP的值不等于零,则所有后续消息将发送到重定向主机AVP中指定的主机,直到重定向最大缓存时间AVP指定的时间过期。
Even with redirects, there are some authorization issues. There may be attacks toward nodes that have been properly authorized but that abuse their authorization or have been compromised. These issues are discussed more widely in [RFC4072], Section 8.
即使使用重定向,也存在一些授权问题。可能存在针对已正确授权但滥用授权或已被破坏的节点的攻击。[RFC4072]第8节更广泛地讨论了这些问题。
This document includes a redirection feature (Section 5.6.2) whereby the service provider can redirect (in an application-specific way) the end user to an alternate location when their credits have expired. This technique is useful in that it allows the user to return to normal service quickly, but it also exposes additional risks and attack surface. In particular, this redirection can potentially occur at an arbitrary point in a user's session, potentially without any additional contextual confirmation available to the user that the redirection is driven by the network. This lack of confirmation matters because, in many application protocols, the communication peer is also capable of inducing redirection. When the peer is an attacker, the redirection can be to an attacker-controlled site. In particular, such sites may be "phishing" sites designed to appear similar to legitimate payment sites in an attempt to obtain users' payment information for fraudulent purposes. When users become accustomed to such redirections, they may have difficulty distinguishing such attacks from legitimate redirections.
本文件包括重定向功能(第5.6.2节),服务提供商可以在最终用户的信用到期时(以特定于应用程序的方式)将其重定向到备用位置。这种技术非常有用,因为它允许用户快速返回正常服务,但也会暴露额外的风险和攻击面。特别地,这种重定向可能发生在用户会话中的任意点上,可能不需要用户可用的任何附加上下文确认,即重定向是由网络驱动的。这种缺乏确认的情况很重要,因为在许多应用程序协议中,通信对等方也能够诱导重定向。当对等方是攻击者时,可以将重定向到攻击者控制的站点。特别是,此类网站可能是“钓鱼”网站,其设计与合法支付网站相似,目的是为了欺诈目的获取用户的支付信息。当用户习惯于此类重定向时,他们可能难以区分此类攻击和合法重定向。
Because of the potentially harmful consequences of arbitrary redirection by an attacker (such as to phishing sites), it is important for service providers to be aware of that risk and ensure that their users are aware of it as well. Service providers should follow industry best practices for the specific application-layer protocol to reduce the chances that such attacks could be mistaken for legitimate redirections. The details of such a practice are out of scope for this document.
由于攻击者任意重定向(如钓鱼网站)可能造成有害后果,因此服务提供商必须意识到这一风险,并确保其用户也意识到这一风险。服务提供商应遵循特定应用层协议的行业最佳实践,以减少此类攻击被误认为合法重定向的可能性。这种做法的细节超出了本文件的范围。
As the Diameter protocol, and especially the credit-control application, deal with subscribers and their actions, extra care should be taken regarding the privacy of the subscribers. Per terminology used in [RFC6973], both the credit-control client and the credit-control server are intermediary entities, wherein the subscribers' privacy may be compromised even if no security issues exist, and only authorized entities have access to the privacy-sensitive information.
由于Diameter协议,尤其是信用控制应用程序,处理订阅者及其行为,因此应特别注意订阅者的隐私。根据[RFC6973]中使用的术语,信用控制客户端和信用控制服务器都是中间实体,其中即使不存在安全问题,订阅者的隐私也可能受到损害,并且只有授权实体可以访问隐私敏感信息。
The privacy-sensitive AVPs listed in this section MUST NOT be sent across non-trusted networks or Diameter agents without end-to-end authentication and confidentiality protection, as described in [RFC6733], Section 13.3.
如[RFC6733]第13.3节所述,在没有端到端身份验证和保密保护的情况下,不得通过不受信任的网络或Diameter代理发送本节中列出的隐私敏感AVP。
The following AVPs contain privacy-sensitive information at different levels:
以下AVP包含不同级别的隐私敏感信息:
1. CC-Correlation-Id AVP: may contain privacy-sensitive information, as the service provider may encode personal information that helps it correlate different subscriptions and access technologies.
1. CC Correlation Id AVP:可能包含隐私敏感信息,因为服务提供商可能对个人信息进行编码,以帮助其关联不同的订阅和访问技术。
2. Check-Balance-Result AVP: contains information on the balance status of the subscriber.
2. 检查余额结果AVP:包含有关订户余额状态的信息。
3. Currency-Code AVP: contains information on the subscriber's locale.
3. 货币代码AVP:包含有关订阅者区域设置的信息。
4. Cost-Unit AVP: contains privacy-sensitive information for the Cost-Information AVP, in human-readable format.
4. 成本单位AVP:包含成本信息AVP的隐私敏感信息,格式为可读格式。
5. Service-Identifier AVP: may contain privacy-sensitive information about the subscriber's Internet activity.
5. 服务标识符AVP:可能包含有关订户互联网活动的隐私敏感信息。
6. Rating-Group AVP: may contain privacy-sensitive information about the subscriber's Internet activity.
6. 评级组AVP:可能包含有关订阅者互联网活动的隐私敏感信息。
7. Restriction-Filter-Rule AVP: the information inside IPFilterRule may be used to infer services used by the subscriber.
7. 限制筛选器规则AVP:IPFilterRule中的信息可用于推断订阅者使用的服务。
8. Redirect-Server-Address AVP: the service provider might embed personal information on the subscriber in the URL/URI (e.g., to create a personalized message). However, the service provider may instead anonymize the subscriber's identity in the URL/URI and let the redirect server query the information directly. Such anonymized information must not allow personal information or the subscriber's identity to be easily guessed. Furthermore, the service provider should treat the URL/URI schema itself as confidential and make sure it cannot be inferred (1) from observation of the traffic or (2) due to its trivial structure. A trivial structure could allow an adversary to query/modify personal information even without knowing the subscriber's identity. Similar AVPs are Redirect-Address-URL and Redirect-Address-SIP-URI.
8. 重定向服务器地址AVP:服务提供商可能在URL/URI中嵌入订户的个人信息(例如,创建个性化消息)。然而,服务提供者可以在URL/URI中匿名化订阅者的身份,并让重定向服务器直接查询信息。此类匿名信息不得使个人信息或订阅者的身份容易被猜测。此外,服务提供商应该将URL/URI模式本身视为机密,并确保它不能(1)从流量观察中推断出来,或(2)由于其结构不重要而推断出来。一个简单的结构可以允许对手在不知道订户身份的情况下查询/修改个人信息。类似的AVP是重定向地址URL和重定向地址SIP URI。
9. Service-Context-Id AVP: depending on how the service provider uses it, it may contain privacy-sensitive information about the service (e.g., in a 3GPP network Service-Context-Id AVP, it has a different value for packet switching, SMS, Multimedia Messages (MMSs), etc.).
9. 服务上下文Id AVP:根据服务提供商使用它的方式,它可能包含关于服务的隐私敏感信息(例如,在3GPP网络服务上下文Id AVP中,它对于分组交换、SMS、彩信(mms)等具有不同的值)。
10. Service-Parameter-Info AVP: depending on how the service provider uses it, it may contain privacy-sensitive information about the subscriber (e.g., location).
10. 服务参数信息AVP:根据服务提供商的使用方式,它可能包含有关订户的隐私敏感信息(例如,位置)。
11. Subscription-Id-Data AVP: contains the identity of the subscriber. Similar AVPs are Subscription-Id-E164, Subscription-Id-IMSI, Subscription-Id-SIP-URI, Subscription-Id-NAI, and Subscription-Id-Private.
11. 订阅Id数据AVP:包含订阅方的标识。类似的AVP有Subscription-Id-E164、Subscription-Id-IMSI、Subscription-Id-SIP-URI、Subscription-Id-NAI和Subscription-Id-Private。
12. User-Equipment-Info-Value AVP: contains the identity of the device of the subscriber. Similar AVPs are User-Equipment-Info-IMEISV, User-Equipment-Info-MAC, User-Equipment-Info-EUI64, User-Equipment-Info-ModifiedEUI64, and User-Equipment-Info-IMEI.
12. 用户设备信息值AVP:包含用户设备的标识。类似的AVP有用户设备信息IMEISV、用户设备信息MAC、用户设备信息EUI64、用户设备信息IMEI64和用户设备信息IMEI。
13. QoS-Final-Unit-Indication AVP: Grouped AVP that may contain privacy-sensitive information in its sub-AVPs (e.g., IPFilterRule, redirect address).
13. QoS最终单元指示AVP:分组AVP,其子AVP中可能包含隐私敏感信息(例如IPFilterRule、重定向地址)。
Note that some AVPs that are used in this document are defined in [RFC6733] and may contain privacy-sensitive information. These AVPs are not listed above.
请注意,本文档中使用的一些AVP在[RFC6733]中有定义,可能包含隐私敏感信息。以上未列出这些AVP。
Due to the nature of the credit-control application, some personal data and identity information must be stored in both the credit-control client and the credit-control server. However, this could be minimized by following these guidelines:
由于信贷控制应用程序的性质,某些个人数据和身份信息必须同时存储在信贷控制客户端和信贷控制服务器中。但是,可以通过遵循以下指南将其最小化:
1. Data stored in the credit-control client does not need to persist across sessions. All data could be deleted once the session ends and could be reconstructed once a new session is initialized. Note that while the credit-control server is usually owned by the service provider with which the subscriber already has some direct legal or business relationship (where the privacy level could be agreed upon), this is not always true for a credit-control client that may be owned by a third party.
1. 存储在信贷控制客户端中的数据不需要跨会话持久化。一旦会话结束,所有数据都可以删除,一旦新会话初始化,所有数据都可以重建。请注意,虽然信用控制服务器通常由服务提供商所有,而订阅者与服务提供商已经有一些直接的法律或业务关系(在隐私级别可以达成一致的情况下),但对于可能由第三方所有的信用控制客户端来说,这并不总是正确的。
2. Some information about the subscriber has to be stored in persistent storage in the credit-control server (e.g., identity, balance); however, per-transaction information does not have to be stored in persistent storage, and per-session information may be deleted from persistent storage once the session ends.
2. 关于订户的一些信息必须存储在信用控制服务器的持久存储器中(例如,身份、余额);但是,每个事务信息不必存储在持久性存储中,并且一旦会话结束,每个会话信息可以从持久性存储中删除。
3. In some cases, per-transaction information has to be stored on the credit-control server, client, or both, for regulatory, auditability, or debugging reasons. However, this could be minimized by following these guidelines:
3. 在某些情况下,出于监管、审核或调试原因,必须将每笔交易的信息存储在信贷控制服务器、客户端或两者上。但是,可以通过遵循以下指南将其最小化:
A. Data retention does not need to exceed the required duration.
A.数据保留不需要超过要求的持续时间。
B. Transaction information could be aggregated in some cases (e.g., prefer information per session over information per rating-group; prefer hourly byte summary over per-transaction byte counts).
B.在某些情况下,可以聚合事务信息(例如,与每个评级组的信息相比,更喜欢每个会话的信息;与每个事务字节计数相比,更喜欢每小时的字节摘要)。
C. If not strictly needed, information that is more sensitive (e.g., location, equipment type) could be filtered out of such logs. This information is often used to make rating decisions, and in this case, the rating decisions should be logged instead of the data used to make them.
C.如果不严格需要,可以从此类日志中过滤出更敏感的信息(例如,位置、设备类型)。此信息通常用于做出评级决策,在这种情况下,应记录评级决策,而不是用于做出评级决策的数据。
D. Due to the reasons explained in the first guideline, the credit-control server, rather than the credit-control client, would be the preferred location for storing such transaction information.
D.由于第一条指南中解释的原因,信用控制服务器(而非信用控制客户端)将是存储此类交易信息的首选位置。
Diameter agents, as described in [RFC6733], may be owned by third parties. If end-to-end security is supported between the credit-control client and the credit-control server, the operator can use it to encrypt privacy-sensitive AVPs (as listed in Section 15.1) and prevent such information from leaking into the agent.
[RFC6733]中所述的直径代理可能由第三方所有。如果信贷控制客户端和信贷控制服务器之间支持端到端安全,运营商可以使用它加密隐私敏感的AVP(如第15.1节所列),并防止此类信息泄漏到代理中。
In some cases, the Diameter agent needs access to privacy-sensitive AVPs, in order to make correct routing decisions or even to modify the content of these AVPs. For example, a proxy agent may need to look at the Subscription-Id-IMSI AVP, in order to extract the mobile country and network codes of the user and use them to look up the destination to which the request should be routed (see Section 2.8.2 in [RFC6733]). In such a case, the credit-control client and credit-control server may use a mechanism that anonymizes the identity of the subscriber, as well as a mechanism to encrypt other AVPs not used by the agent.
在某些情况下,Diameter代理需要访问对隐私敏感的AVP,以便做出正确的路由决策,甚至修改这些AVP的内容。例如,代理可能需要查看订阅Id IMSI AVP,以便提取用户的移动国家和网络代码,并使用它们查找请求应路由到的目的地(请参阅[RFC6733]中的第2.8.2节)。在这种情况下,信用控制客户端和信用控制服务器可以使用匿名化订户身份的机制,以及加密代理未使用的其他avp的机制。
[CE164] International Telecommunication Union, "COMPLEMENT TO ITU-T RECOMMENDATION E.164 (11/2010): LIST OF ITU-T RECOMMENDATION E.164 ASSIGNED COUNTRY CODES", November 2011, <https://www.itu.int/dms_pub/itu-t/opb/sp/ T-SP-E.164D-11-2011-PDF-E.pdf>.
[CE164]国际电信联盟,“对ITU-T建议E.164的补充(2010年11月):ITU-T建议E.164指定国家代码清单”,2011年11月<https://www.itu.int/dms_pub/itu-t/opb/sp/ T-SP-E.164D-11-2011-PDF-E.PDF>。
[CE212] International Telecommunication Union, "COMPLEMENT TO RECOMMENDATION ITU-T E.212 (09/2016): LIST OF MOBILE COUNTRY OR GEOGRAPHICAL AREA CODES", February 2017, <https://www.itu.int/dms_pub/itu-t/opb/sp/ T-SP-E.212A-2017-PDF-E.pdf>.
[CE212]国际电信联盟,“对建议ITU-T E.212(2016年9月)的补充:移动国家或地理区域代码清单”,2017年2月<https://www.itu.int/dms_pub/itu-t/opb/sp/ T-SP-E.212A-2017-PDF-E.PDF>。
[E164] International Telecommunication Union, "The international public telecommunication numbering plan", ITU-T Recommendation E.164, November 2010, <https://www.itu.int/rec/T-REC-E.164/>.
[E164]国际电信联盟,“国际公共电信编号计划”,ITU-T建议E.164,2010年11月<https://www.itu.int/rec/T-REC-E.164/>.
[E212] International Telecommunication Union, "The international identification plan for public networks and subscriptions", ITU-T Recommendation E.212, September 2016, <https://www.itu.int/rec/T-REC-E.212/en>.
[E212]国际电信联盟,“公共网络和订阅的国际识别计划”,ITU-T建议E.212,2016年9月<https://www.itu.int/rec/T-REC-E.212/en>.
[EUI64] IEEE, "Guidelines for Use of Extended Unique Identifier (EUI), Organizationally Unique Identifier (OUI), and Company ID (CID)", August 2017, <https://standards.ieee.org/content/dam/ ieee-standards/standards/web/documents/tutorials/eui.pdf>.
[EUI64]IEEE,“扩展唯一标识符(EUI)、组织唯一标识符(OUI)和公司ID(CID)的使用指南”,2017年8月<https://standards.ieee.org/content/dam/ ieee标准/标准/web/documents/tutorials/eui.pdf>。
[ISO4217] ISO, "Codes for the representation of currencies", ISO 4217:2015, 2015, <https://www.iso.org/ iso-4217-currency-codes.html>.
[ISO4217]ISO,“货币表示代码”,ISO 4217:2015<https://www.iso.org/ iso-4217-currency-codes.html>。
[RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, <https://www.rfc-editor.org/info/rfc791>.
[RFC791]Postel,J.,“互联网协议”,STD 5,RFC 791,DOI 10.17487/RFC07911981年9月<https://www.rfc-editor.org/info/rfc791>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, DOI 10.17487/RFC3261, June 2002, <https://www.rfc-editor.org/info/rfc3261>.
[RFC3261]Rosenberg,J.,Schulzrinne,H.,Camarillo,G.,Johnston,A.,Peterson,J.,Sparks,R.,Handley,M.,和E.Schooler,“SIP:会话启动协议”,RFC 3261,DOI 10.17487/RFC3261,2002年6月<https://www.rfc-editor.org/info/rfc3261>.
[RFC3539] Aboba, B. and J. Wood, "Authentication, Authorization and Accounting (AAA) Transport Profile", RFC 3539, DOI 10.17487/RFC3539, June 2003, <https://www.rfc-editor.org/info/rfc3539>.
[RFC3539]Aboba,B.和J.Wood,“认证、授权和会计(AAA)运输概况”,RFC 3539,DOI 10.17487/RFC3539,2003年6月<https://www.rfc-editor.org/info/rfc3539>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <https://www.rfc-editor.org/info/rfc3986>.
[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,DOI 10.17487/RFC3986,2005年1月<https://www.rfc-editor.org/info/rfc3986>.
[RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J. Loughney, "Diameter Credit-Control Application", RFC 4006, DOI 10.17487/RFC4006, August 2005, <https://www.rfc-editor.org/info/rfc4006>.
[RFC4006]Hakala,H.,Mattila,L.,Koskinen,J-P.,Stura,M.,和J.Loughney,“直径信用控制应用”,RFC 4006,DOI 10.17487/RFC4006,2005年8月<https://www.rfc-editor.org/info/rfc4006>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC4291]Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 4291,DOI 10.17487/RFC42912006年2月<https://www.rfc-editor.org/info/rfc4291>.
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., Ed., and A. Lior, "Traffic Classification and Quality of Service (QoS) Attributes for Diameter", RFC 5777, DOI 10.17487/RFC5777, February 2010, <https://www.rfc-editor.org/info/rfc5777>.
[RFC5777]Korhonen,J.,Tschofenig,H.,Arumaithurai,M.,Jones,M.,Ed.,和A.Lior,“直径的流量分类和服务质量(QoS)属性”,RFC 5777,DOI 10.17487/RFC5777,2010年2月<https://www.rfc-editor.org/info/rfc5777>.
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 Address Text Representation", RFC 5952, DOI 10.17487/RFC5952, August 2010, <https://www.rfc-editor.org/info/rfc5952>.
[RFC5952]Kawamura,S.和M.Kawashima,“IPv6地址文本表示的建议”,RFC 5952,DOI 10.17487/RFC5952,2010年8月<https://www.rfc-editor.org/info/rfc5952>.
[RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, Ed., "Diameter Base Protocol", RFC 6733, DOI 10.17487/RFC6733, October 2012, <https://www.rfc-editor.org/info/rfc6733>.
[RFC6733]Fajardo,V.,Ed.,Arkko,J.,Loughney,J.,和G.Zorn,Ed.,“直径基准协议”,RFC 6733,DOI 10.17487/RFC6733,2012年10月<https://www.rfc-editor.org/info/rfc6733>.
[RFC7155] Zorn, G., Ed., "Diameter Network Access Server Application", RFC 7155, DOI 10.17487/RFC7155, April 2014, <https://www.rfc-editor.org/info/rfc7155>.
[RFC7155]Zorn,G.,编辑,“Diameter网络访问服务器应用”,RFC 7155,DOI 10.17487/RFC7155,2014年4月<https://www.rfc-editor.org/info/rfc7155>.
[RFC7423] Morand, L., Ed., Fajardo, V., and H. Tschofenig, "Diameter Applications Design Guidelines", BCP 193, RFC 7423, DOI 10.17487/RFC7423, November 2014, <https://www.rfc-editor.org/info/rfc7423>.
[RFC7423]Morand,L.,Ed.,Fajardo,V.,和H.Tschofenig,“直径应用设计指南”,BCP 193,RFC 7423,DOI 10.17487/RFC74232014年11月<https://www.rfc-editor.org/info/rfc7423>.
[RFC7542] DeKok, A., "The Network Access Identifier", RFC 7542, DOI 10.17487/RFC7542, May 2015, <https://www.rfc-editor.org/info/rfc7542>.
[RFC7542]DeKok,A.,“网络访问标识符”,RFC 7542,DOI 10.17487/RFC7542,2015年5月<https://www.rfc-editor.org/info/rfc7542>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>.
[RFC8126]Cotton,M.,Leiba,B.,和T.Narten,“在RFC中编写IANA考虑事项部分的指南”,BCP 26,RFC 8126,DOI 10.17487/RFC8126,2017年6月<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.
[TGPPIMEI] 3rd Generation Partnership Project, Technical Specification Group Core Network, "Numbering, addressing and identification (release 15)", 3GPP TS 23.003 version 15.6.0, December 2018.
[TGPPIMEI]第三代合作伙伴项目,技术规范组核心网络,“编号、寻址和识别(第15版)”,3GPP TS 23.003版本15.6.0,2018年12月。
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, DOI 10.17487/RFC2866, June 2000, <https://www.rfc-editor.org/info/rfc2866>.
[RFC2866]Rigney,C.,“半径会计”,RFC 2866,DOI 10.17487/RFC2866,2000年6月<https://www.rfc-editor.org/info/rfc2866>.
[RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines", RFC 3580, DOI 10.17487/RFC3580, September 2003, <https://www.rfc-editor.org/info/rfc3580>.
[RFC3580]Congdon,P.,Aboba,B.,Smith,A.,Zorn,G.,和J.Roese,“IEEE 802.1X远程认证拨入用户服务(RADIUS)使用指南”,RFC 3580,DOI 10.17487/RFC3580,2003年9月<https://www.rfc-editor.org/info/rfc3580>.
[RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. Camarillo, "Best Current Practices for Third Party Call Control (3pcc) in the Session Initiation Protocol (SIP)", BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004, <https://www.rfc-editor.org/info/rfc3725>.
[RFC3725]Rosenberg,J.,Peterson,J.,Schulzrinne,H.,和G.Camarillo,“会话启动协议(SIP)中第三方呼叫控制(3pcc)的最佳当前实践”,BCP 85,RFC 3725,DOI 10.17487/RFC3725,2004年4月<https://www.rfc-editor.org/info/rfc3725>.
[RFC4004] Calhoun, P., Johansson, T., Perkins, C., Hiller, T., Ed., and P. McCann, "Diameter Mobile IPv4 Application", RFC 4004, DOI 10.17487/RFC4004, August 2005, <https://www.rfc-editor.org/info/rfc4004>.
[RFC4004]Calhoun,P.,Johansson,T.,Perkins,C.,Hiller,T.,Ed.,和P.McCann,“Diameter移动IPv4应用”,RFC 4004,DOI 10.17487/RFC4004,2005年8月<https://www.rfc-editor.org/info/rfc4004>.
[RFC4072] Eronen, P., Ed., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, DOI 10.17487/RFC4072, August 2005, <https://www.rfc-editor.org/info/rfc4072>.
[RFC4072]Eronen,P.,Ed.,Hiller,T.,和G.Zorn,“直径可扩展认证协议(EAP)应用”,RFC 4072,DOI 10.17487/RFC4072,2005年8月<https://www.rfc-editor.org/info/rfc4072>.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, <https://www.rfc-editor.org/info/rfc6973>.
[RFC6973]Cooper,A.,Tschofenig,H.,Aboba,B.,Peterson,J.,Morris,J.,Hansen,M.,和R.Smith,“互联网协议的隐私考虑”,RFC 6973,DOI 10.17487/RFC6973,2013年7月<https://www.rfc-editor.org/info/rfc6973>.
[TGPPCHARG] 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, "Service aspects; Charging and Billing", 3GPP TS 22.115 version 15.5.0, September 2018.
[TGPPCHARG]第三代合作伙伴项目,技术规范组服务和系统方面,“服务方面;收费和计费”,3GPP TS 22.115版本15.5.0,2018年9月。
A credit-control flow for Network Access Services prepaid is shown in Figure 11. The Diameter protocol application is implemented in the Network Access Server (NAS) per [RFC7155]. The focus of this flow is on credit authorization.
预付费网络接入服务的信用控制流程如图11所示。Diameter协议应用程序根据[RFC7155]在网络访问服务器(NAS)中实现。该流程的重点是信用授权。
NAS End User (CC Client) AAA Server CC Server |(1)User Logon |(2)AA-Request (CC AVPs) | |------------------>|-------------------->| | | | |(3)CCR(Initial, CC AVPs) | | |-------------------->| | | |(4)CCA(Granted-Units)| | | |<--------------------| | |(5)AA-Answer(Granted-Units) | |(6)Access granted |<--------------------| | |<----------------->| | | | | | | : : : : | |(7)CCR(Update, Used-Units) | | |-------------------->|(8)CCR | | | | (Update, Used-Units) | | |-------------------->| | | |(9)CCA(Granted-Units)| | |(10)CCA(Granted-Units)<--------------------| | |<--------------------| | : : : : | (Auth. lifetime expires) | | | |(11)AAR (CC AVP) | | | |-------------------->| | | | (12)AAA | | | |<--------------------| | : : : : : : : :
NAS End User (CC Client) AAA Server CC Server |(1)User Logon |(2)AA-Request (CC AVPs) | |------------------>|-------------------->| | | | |(3)CCR(Initial, CC AVPs) | | |-------------------->| | | |(4)CCA(Granted-Units)| | | |<--------------------| | |(5)AA-Answer(Granted-Units) | |(6)Access granted |<--------------------| | |<----------------->| | | | | | | : : : : | |(7)CCR(Update, Used-Units) | | |-------------------->|(8)CCR | | | | (Update, Used-Units) | | |-------------------->| | | |(9)CCA(Granted-Units)| | |(10)CCA(Granted-Units)<--------------------| | |<--------------------| | : : : : | (Auth. lifetime expires) | | | |(11)AAR (CC AVP) | | | |-------------------->| | | | (12)AAA | | | |<--------------------| | : : : : : : : :
|(13)User logoff | | | |------------------>|(14)CCR(Term., Used-Units) | | |-------------------->|(15)CCR | | | | (Term., Used-Units) | | |-------------------->| | | | (16)CCA | | | (17)CCA |<--------------------| | |<--------------------| | | |(18)STR | | | |-------------------->| | | | (19)STA | | | |<--------------------| |
|(13)User logoff | | | |------------------>|(14)CCR(Term., Used-Units) | | |-------------------->|(15)CCR | | | | (Term., Used-Units) | | |-------------------->| | | | (16)CCA | | | (17)CCA |<--------------------| | |<--------------------| | | |(18)STR | | | |-------------------->| | | | (19)STA | | | |<--------------------| |
Figure 11: Flow I
图11:流程I
The user logs on to the network (1). The Diameter NAS sends a Diameter AA-Request (AAR) to the home Diameter AAA server (2). The credit-control client populates the AAR with the Credit-Control AVP set to CREDIT_AUTHORIZATION, and service-specific AVPs are included, as usual [RFC7155]. The home Diameter AAA server performs service-specific authentication and authorization, as usual. The home Diameter AAA server determines that the user is a prepaid user and notices from the Credit-Control AVP that the NAS has credit-control capabilities. It sends a Diameter Credit-Control-Request with CC-Request-Type set to INITIAL_REQUEST to the Diameter Credit-Control server to perform credit authorization (3) and to establish a credit-control session. (The home Diameter AAA server may forward service-specific AVPs received from the NAS as input for the rating process.) The Diameter Credit-Control server checks the end user's account balance, rates the service, and reserves credit from the end user's account. The reserved quota is returned to the home Diameter AAA server in the Diameter Credit-Control-Answer (4). The home Diameter AAA server sends the reserved quota to the NAS in the Diameter AA-Answer (AAA). Upon receiving the AA-Answer, the NAS starts the credit-control session and starts monitoring the granted units (5). The NAS grants access to the end user (6). At the expiry of the allocated quota, the NAS sends a Diameter Credit-Control-Request with CC-Request-Type set to UPDATE_REQUEST to the home Diameter AAA server (7). This message contains the units used thus far. The home Diameter AAA server forwards the CCR to the Diameter Credit-Control server (8). The Diameter Credit-Control server debits the used units from the end user's account and allocates a new quota that is returned to the home Diameter AAA server in the Diameter Credit-Control-Answer (9). The message is forwarded to the NAS (10). During the ongoing credit-control session, the authorization lifetime expires, and the authorization/authentication client in the NAS performs service-specific re-authorization to the home Diameter AAA server, as usual. The credit-control client populates the AAR with
用户登录到网络(1)。Diameter NAS向主Diameter AAA服务器(2)发送Diameter AA请求(AAR)。信贷控制客户端使用设置为信贷授权的信贷控制AVP填充AAR,并像往常一样包括特定于服务的AVP[RFC7155]。home Diameter AAA服务器通常执行特定于服务的身份验证和授权。home Diameter AAA服务器确定用户是预付费用户,并从信用控制AVP通知NAS具有信用控制功能。它向Diameter信用控制服务器发送CC Request Type设置为INITIAL_Request的Diameter信用控制请求,以执行信用授权(3)并建立信用控制会话。(home Diameter AAA服务器可以转发从NAS接收的特定于服务的AVP,作为评级过程的输入。)Diameter信用控制服务器检查最终用户的帐户余额,对服务进行评级,并保留来自最终用户帐户的信用。保留配额将在Diameter信用控制应答(4)中返回到主Diameter AAA服务器。home Diameter AAA服务器在Diameter AA应答(AAA)中向NAS发送保留配额。收到AA应答后,NAS启动信用控制会话,并开始监控授予的单位(5)。NAS将访问权限授予最终用户(6)。在分配的配额到期时,NAS向主Diameter AAA服务器(7)发送CC请求类型设置为更新_请求的Diameter信用控制请求。此消息包含迄今为止使用的单位。home Diameter AAA服务器将CCR转发给Diameter信用控制服务器(8)。Diameter信用控制服务器从最终用户的帐户中借记已使用的单位,并分配一个新配额,该配额在Diameter信用控制应答(9)中返回给家庭Diameter AAA服务器。消息被转发到NAS(10)。在正在进行的信用控制会话期间,授权生存期到期,NAS中的授权/身份验证客户端将一如既往地对home Diameter AAA服务器执行特定于服务的重新授权。信用控制客户端向AAR填充
the Credit-Control AVP set to RE_AUTHORIZATION, indicating that the credit-control server shall not be contacted, as the credit authorization is controlled by the burning rate of the granted units (11). The home Diameter AAA server performs service-specific re-authorization as usual and returns the AA-Answer to the NAS (12). The end user logs off from the network (13). To debit the used units from the end user's account and to stop the credit-control session, the NAS sends a Diameter Credit-Control-Request with CC-Request-Type set to TERMINATION_REQUEST to the home Diameter AAA server (14). The home Diameter AAA server forwards the CCR to the credit-control server (15). The Diameter Credit-Control server acknowledges the session termination by sending a Diameter Credit-Control-Answer to the home Diameter AAA server (16). The home Diameter AAA server forwards the answer to the NAS (17). The STR/STA takes place between the NAS and home Diameter AAA server, as usual (18), (19).
信用控制AVP设置为RE_AUTHORIZATION(重新授权),表示不应联系信用控制服务器,因为信用授权由授权单元(11)的燃烧率控制。home Diameter AAA服务器像往常一样执行特定于服务的重新授权,并将AA应答返回给NAS(12)。最终用户从网络注销(13)。要从最终用户的帐户中借记已用单位并停止信用控制会话,NAS将CC请求类型设置为TERMINATION_Request的Diameter信用控制请求发送到home Diameter AAA服务器(14)。home Diameter AAA服务器将CCR转发到信用控制服务器(15)。Diameter信用控制服务器通过向家庭Diameter AAA服务器(16)发送Diameter信用控制应答来确认会话终止。home Diameter AAA服务器将应答转发给NAS(17)。STR/STA通常发生在NAS和home Diameter AAA服务器之间(18)、(19)。
Figure 12 provides an example of Diameter Credit-Control for SIP sessions. Although the flow focuses on illustrating the usage of credit-control messages, the SIP signaling is inaccurate, and the diagram is not by any means an attempt to define a service provider's SIP network. However, for the sake of this example, some assumptions are made below.
图12提供了SIP会话的Diameter信用控制示例。尽管该流程侧重于说明信用控制消息的使用,但是SIP信令是不准确的,并且该图决不是试图定义服务提供商的SIP网络。然而,出于本示例的考虑,下面进行了一些假设。
SIP Proxy/Registrar AAA A (CC Client) Server B CC Server | (i) REGISTER | | | | |------------->|(ii) | | | | |------------->| | | | |authentication & | | | |authorization | | | | |<-------------| | | |(iii) 200 OK | | | |<-------------| | | : : : : |(1) INVITE | : |------------->| | |(2) CCR (Initial, SIP-specific AVP) | | |------------------------------------------->| | |(3) CCA (Granted-Units) | | |<-------------------------------------------| | |(4) INVITE | | | |---------------------------->| | : : : : | |(5) CCR (Update, Used-Units) | | |------------------------------------------->| | |(6) CCA (Granted-Units) | | |<-------------------------------------------| : : : : |(7) BYE | | | |------------->| | | | |(8) BYE | | | |---------------------------->| | | |(9) CCR (Termination, Used-Units) | | |------------------------------------------->| | |(10) CCA () | | |<-------------------------------------------| | | | |
SIP Proxy/Registrar AAA A (CC Client) Server B CC Server | (i) REGISTER | | | | |------------->|(ii) | | | | |------------->| | | | |authentication & | | | |authorization | | | | |<-------------| | | |(iii) 200 OK | | | |<-------------| | | : : : : |(1) INVITE | : |------------->| | |(2) CCR (Initial, SIP-specific AVP) | | |------------------------------------------->| | |(3) CCA (Granted-Units) | | |<-------------------------------------------| | |(4) INVITE | | | |---------------------------->| | : : : : | |(5) CCR (Update, Used-Units) | | |------------------------------------------->| | |(6) CCA (Granted-Units) | | |<-------------------------------------------| : : : : |(7) BYE | | | |------------->| | | | |(8) BYE | | | |---------------------------->| | | |(9) CCR (Termination, Used-Units) | | |------------------------------------------->| | |(10) CCA () | | |<-------------------------------------------| | | | |
Figure 12: Flow II
图12:流程II
Typically, prepaid services based, for example, on time usage for SIP sessions require an entity in the service provider network to intercept all the requests within the SIP dialog in order to detect events, such as session establishment and session release, that are essential for performing credit-control operations with the credit-control server. Therefore, in this example, it is assumed that the SIP Proxy adds a Record-Route header in the initial SIP INVITE to make sure that all the future requests in the created dialog traverse through it (for the definitions of "Record-Route" and "dialog", please refer to [RFC3261]). Finally, the degree of
通常,基于例如SIP会话的实时使用的预付费服务要求服务提供商网络中的实体拦截SIP对话中的所有请求,以便检测事件,例如会话建立和会话释放,这对于使用信用控制服务器执行信用控制操作至关重要。因此,在本例中,假设SIP代理在初始SIP INVITE中添加一个记录路由头,以确保创建的对话框中的所有未来请求都通过它(有关“记录路由”和“对话框”的定义,请参阅[RFC3261])。最后,是
credit-control measuring of the media by the proxy depends on the business model design used in setting up the end system and proxies in the SIP network.
代理对媒体的信用控制度量取决于在SIP网络中设置终端系统和代理时使用的业务模型设计。
The end user (SIP User Agent A) sends a REGISTER with credentials (i). The SIP Proxy sends a request to the home AAA server to perform multimedia authentication and authorization by using, for instance, a Diameter multimedia application (ii). The home AAA server checks that the credentials are correct and checks the user profile. Eventually, a 200 OK response (iii) is sent to the User Agent. Note that the authentication and authorization are valid for the registration validity period duration (i.e., until re-registration is performed). Several SIP sessions may be established without re-authorization.
最终用户(SIP用户代理A)发送带有凭据(i)的寄存器。SIP代理向家庭AAA服务器发送请求,以通过使用例如Diameter多媒体应用程序(ii)来执行多媒体认证和授权。家庭AAA服务器检查凭据是否正确,并检查用户配置文件。最后,向用户代理发送200ok响应(iii)。请注意,认证和授权在注册有效期内有效(即,直到执行重新注册)。可以在无需重新授权的情况下建立多个SIP会话。
User Agent A sends an INVITE (1). The SIP Proxy sends a Diameter Credit-Control-Request (INITIAL_REQUEST) to the Diameter Credit-Control server (2). The Credit-Control-Request contains information obtained from the SIP signaling describing the requested service (e.g., calling party, called party, Session Description Protocol (SDP) attributes). The Diameter Credit-Control server checks the end user's account balance, rates the service, and reserves credit from the end user's account. The reserved quota is returned to the SIP Proxy in the Diameter Credit-Control-Answer (3). The SIP Proxy forwards the SIP INVITE to User Agent B (4). B's phone rings, and B answers. The media flows between them, and the SIP Proxy starts measuring the quota. At the expiry of the allocated quota, the SIP Proxy sends a Diameter Credit-Control-Request (UPDATE_REQUEST) to the Diameter Credit-Control server (5). This message contains the units used thus far. The Diameter Credit-Control server debits the used units from the end user's account and allocates new credit that is returned to the SIP Proxy in the Diameter Credit-Control-Answer (6). The end user terminates the service by sending a BYE message (7). The SIP Proxy forwards the BYE message to User Agent B (8) and sends a Diameter Credit-Control-Request (TERMINATION_REQUEST) to the credit-control server (9). The Diameter Credit-Control server acknowledges the session termination by sending a Diameter Credit-Control-Answer to the SIP Proxy (10).
用户代理A发送一个邀请(1)。SIP代理向Diameter信用控制服务器(2)发送Diameter信用控制请求(初始_请求)。信用控制请求包含从描述所请求服务的SIP信令获得的信息(例如,呼叫方、被叫方、会话描述协议(SDP)属性)。Diameter信用控制服务器检查最终用户的帐户余额,对服务进行评级,并保留最终用户帐户的信用。保留配额在Diameter信用控制应答(3)中返回给SIP代理。SIP代理将SIP INVITE转发给用户代理B(4)。B的电话响了,B接了电话。媒体在它们之间流动,SIP代理开始测量配额。在分配的配额到期时,SIP代理向Diameter信用控制服务器(5)发送Diameter信用控制请求(UPDATE_请求)。此消息包含迄今为止使用的单位。Diameter信用控制服务器从最终用户的帐户中借记已使用的单位,并分配在Diameter信用控制应答(6)中返回给SIP代理的新信用。最终用户通过发送BYE消息(7)终止服务。SIP代理将BYE消息转发给用户代理B(8),并向信用控制服务器(9)发送Diameter信用控制请求(终止请求)。Diameter信用控制服务器通过向SIP代理发送Diameter信用控制应答来确认会话终止(10)。
A credit-control flow for Multimedia Messaging Service is shown in Figure 13. The sender is charged as soon as the messaging server successfully stores the message.
多媒体消息服务的信用控制流如图13所示。消息服务器成功存储消息后,发件人将立即收取费用。
MMS Server A (CC Client) B CC Server |(1) Send MMS | | | |--------------->| | | | |(2) CCR (Event, DIRECT_DEBITING, | | | MMS-specific AVP) | | |-------------------------------->| | |(3) CCA (Granted-Units) | | |<--------------------------------| |(4) Send MMS Ack| | | |<---------------| | | | |(5) Notify MMS | | | |--------------->| | : : : : | |(6) Retrieve MMS| | | |<---------------| | | |(7) Retrieve MMS| | | | Ack | | | |--------------->| | | | | |
MMS Server A (CC Client) B CC Server |(1) Send MMS | | | |--------------->| | | | |(2) CCR (Event, DIRECT_DEBITING, | | | MMS-specific AVP) | | |-------------------------------->| | |(3) CCA (Granted-Units) | | |<--------------------------------| |(4) Send MMS Ack| | | |<---------------| | | | |(5) Notify MMS | | | |--------------->| | : : : : | |(6) Retrieve MMS| | | |<---------------| | | |(7) Retrieve MMS| | | | Ack | | | |--------------->| | | | | |
Figure 13: Flow III
图13:流程III
This is an example of Diameter Credit-Control for direct debiting using the Multimedia Messaging Service environment. Although the flow focuses on illustrating the usage of credit-control messages, the MMS signaling is inaccurate, and the diagram is not by any means an attempt to define a service provider's MMS configuration or billing model.
这是使用彩信服务环境进行直接借记的Diameter信用控制示例。尽管该流程侧重于说明信用控制消息的使用,但MMS信令是不准确的,并且该图决不是试图定义服务提供商的MMS配置或计费模型。
End user A sends an MMS to the MMS server (1). The MMS server stores the message and sends a Diameter Credit-Control-Request (EVENT_REQUEST with Requested-Action set to DIRECT_DEBITING) to the Diameter Credit-Control server (2). The Credit-Control-Request contains information about the MMS message (e.g., size, recipient address, image coding type). The Diameter Credit-Control server checks the end user's account balance, rates the service, and debits the service from the end user's account. The granted quota is returned to the MMS server in the Diameter Credit-Control-Answer (3).
最终用户A向彩信服务器(1)发送彩信。MMS服务器存储消息并向Diameter信用控制服务器(2)发送Diameter信用控制请求(事件请求,请求的操作设置为直接借记)。信用控制请求包含有关彩信的信息(例如大小、收件人地址、图像编码类型)。Diameter信用控制服务器检查最终用户的帐户余额,对服务进行评级,并从最终用户的帐户中借记服务。已授予的配额将在Diameter信用控制应答(3)中返回给MMS服务器。
The MMS server acknowledges the successful reception of the MMS message (4). The MMS server notifies the recipient about the new MMS (5), and end user B retrieves the message from the MMS message store (6), (7).
彩信服务器确认已成功接收彩信(4)。彩信服务器通知收件人新的彩信(5),最终用户B从彩信存储(6)、(7)检索彩信。
Note that the transfer of the MMS message can take an extended period of time and can fail, in which case a recovery action is needed. The MMS server should return the already-debited units to the user's account by using the REFUND action described in Section 6.4.
请注意,彩信的传输可能需要较长的时间,并且可能会失败,在这种情况下,需要执行恢复操作。彩信服务器应使用第6.4节所述的退款操作,将已借记的单位退还给用户帐户。
Another credit-control flow for Multimedia Messaging Service is shown in Figure 14. The recipient is charged at the time of message delivery.
Another credit-control flow for Multimedia Messaging Service is shown in Figure 14. The recipient is charged at the time of message delivery.translate error, please retry
MMS Server Content Server (CC Client) B CC Server |(1) Send MMS | | | |--------------->| | | | |(2) CCR (Event, CHECK_BALANCE, | | | MMS-specific AVP) | | |-------------------------------->| | |(3) CCA (ENOUGH_CREDIT) | | |<--------------------------------| |(4) Send MMS Ack| | | |<---------------| | | | |(5) Notify MMS | | | |--------------->| | : : : : | |(6) Retrieve MMS| | | |<---------------| | | |(7) CCR (Event, DIRECT_DEBITING, | | | MMS-specific AVP) | | |-------------------------------->| | |(8) CCA (Granted-Units) | | |<--------------------------------| | |(9) Retrieve MMS| | | | Ack | | | |--------------->| | | | | |
MMS Server Content Server (CC Client) B CC Server |(1) Send MMS | | | |--------------->| | | | |(2) CCR (Event, CHECK_BALANCE, | | | MMS-specific AVP) | | |-------------------------------->| | |(3) CCA (ENOUGH_CREDIT) | | |<--------------------------------| |(4) Send MMS Ack| | | |<---------------| | | | |(5) Notify MMS | | | |--------------->| | : : : : | |(6) Retrieve MMS| | | |<---------------| | | |(7) CCR (Event, DIRECT_DEBITING, | | | MMS-specific AVP) | | |-------------------------------->| | |(8) CCA (Granted-Units) | | |<--------------------------------| | |(9) Retrieve MMS| | | | Ack | | | |--------------->| | | | | |
Figure 14: Flow IV
图14:流程IV
This is an example of Diameter Credit-Control for direct debiting using the Multimedia Messaging Service environment. Although the flow focuses on illustrating the usage of credit-control messages, the MMS signaling is inaccurate, and the diagram is not by any means an attempt to define a service provider's MMS configuration or billing model.
这是使用彩信服务环境进行直接借记的Diameter信用控制示例。尽管该流程侧重于说明信用控制消息的使用,但MMS信令是不准确的,并且该图决不是试图定义服务提供商的MMS配置或计费模型。
A content server sends an MMS to the MMS server (1), which stores the message. The message recipient will be charged for the MMS message in this case. As there can be a substantially long time between the receipt of the message at the MMS server and the actual retrieval of the message, the MMS server does not establish any credit-control sessions to the Diameter Credit-Control server; rather, it first performs only a balance check (without any credit reservations) by sending a Diameter Credit-Control-Request (EVENT_REQUEST with Requested-Action set to CHECK_BALANCE) to verify that end user B can cover the cost for the MMS (2). The Diameter Credit-Control server checks the end user's account balance and returns the answer to the MMS server in the Diameter Credit-Control-Answer (3). The MMS server acknowledges the successful reception of the MMS message (4). The MMS server notifies the recipient of the new MMS (5), and after some time end user B retrieves the message from the MMS message store (6). The MMS server sends a Diameter Credit-Control-Request (EVENT_REQUEST with Requested-Action set to DIRECT_DEBITING) to the Diameter Credit-Control server (7). The Credit-Control-Request contains information about the MMS message (e.g., size, recipient address, coding type). The Diameter Credit-Control server checks the end user's account balance, rates the service, and debits the service from the end user's account. The granted quota is returned to the MMS server in the Diameter Credit-Control-Answer (8). The MMS is transferred to end user B (9).
内容服务器向存储消息的彩信服务器(1)发送彩信。在这种情况下,将向彩信收件人收取费用。由于在MMS服务器处接收消息与实际检索消息之间可能存在相当长的时间,因此MMS服务器不建立到Diameter信用控制服务器的任何信用控制会话;相反,它首先通过发送Diameter信用控制请求(请求操作设置为check_balance的EVENT_Request)来验证最终用户B是否可以支付MMS的费用,从而仅执行余额检查(无任何信用保留)(2)。Diameter信用控制服务器检查最终用户的帐户余额,并在Diameter信用控制应答(3)中将应答返回给MMS服务器。彩信服务器确认已成功接收彩信(4)。彩信服务器通知收件人新的彩信(5),一段时间后,最终用户B从彩信存储(6)中检索彩信。MMS服务器向Diameter信用控制服务器(7)发送Diameter信用控制请求(事件请求,请求的操作设置为直接借记)。信用控制请求包含有关彩信的信息(例如大小、收件人地址、编码类型)。Diameter信用控制服务器检查最终用户的帐户余额,对服务进行评级,并从最终用户的帐户中借记服务。已授予的配额将在Diameter信用控制应答(8)中返回给MMS服务器。彩信被传输到最终用户B(9)。
Note that the transfer of the MMS message can take an extended period of time and can fail, in which case a recovery action is needed. The MMS server should return the already-debited units to the user's account by using the REFUND action described in Section 6.4.
请注意,彩信的传输可能需要较长的时间,并且可能会失败,在这种情况下,需要执行恢复操作。彩信服务器应使用第6.4节所述的退款操作,将已借记的单位退还给用户帐户。
Figure 15 provides an example of an Advice of Charge (AoC) service for a SIP call.
图15提供了一个SIP呼叫的收费通知(AoC)服务示例。
SIP Controller User Agent A (CC Client) User Agent B CC Server |(1)INVITE | | | | User Agent B(SDP)| | | |------------------>| | | | |(2)CCR (Event, PRICE_ENQUIRY, | | | SIP-specific AVPs) | | |------------------------------->| | |(3)CCA (Cost-Information) | | |<-------------------------------| |(4)MESSAGE(URL) | | | |<------------------| | | |(5)HTTP GET | | | |------------------>| | | |(6)HTTP POST | | | |------------------>|(7)INVITE(SDP) | | | |--------------->| | | | (8)200 OK | | | (9)200 OK |<---------------| | |<------------------| | |
SIP Controller User Agent A (CC Client) User Agent B CC Server |(1)INVITE | | | | User Agent B(SDP)| | | |------------------>| | | | |(2)CCR (Event, PRICE_ENQUIRY, | | | SIP-specific AVPs) | | |------------------------------->| | |(3)CCA (Cost-Information) | | |<-------------------------------| |(4)MESSAGE(URL) | | | |<------------------| | | |(5)HTTP GET | | | |------------------>| | | |(6)HTTP POST | | | |------------------>|(7)INVITE(SDP) | | | |--------------->| | | | (8)200 OK | | | (9)200 OK |<---------------| | |<------------------| | |
Figure 15: Flow V
图15:流程V
This is an example of Diameter Credit-Control for SIP sessions. Although the flow focuses on illustrating the usage of credit-control messages, the SIP signaling is inaccurate, and the diagram is not by any means an attempt to define a service provider's SIP network.
这是SIP会话的Diameter信用控制示例。尽管该流程侧重于说明信用控制消息的使用,但是SIP信令是不准确的,并且该图决不是试图定义服务提供商的SIP网络。
User Agent A can be either a postpaid or prepaid subscriber using the AoC service. It is assumed that the SIP controller also has HTTP capabilities and delivers an interactive AoC web page with, for instance, the cost information, the details of the call derived from the SDP, and a button to accept/not accept the charges. (There may be many other ways to deliver AoC information; however, this flow focuses on the use of the credit-control messages.) The user has been authenticated and authorized prior to initiating the call and has been subscribed to the AoC service.
用户代理A可以是使用AoC服务的后付费或预付费订户。假设SIP控制器还具有HTTP功能,并提供一个交互式AoC网页,其中包含例如成本信息、从SDP导出的呼叫的详细信息以及接受/不接受费用的按钮。(可能有许多其他方式来传递AoC信息;但是,此流程侧重于信用控制消息的使用。)用户在发起呼叫之前已通过身份验证和授权,并已订阅AoC服务。
User Agent A sends an INVITE with the SDP to User Agent B via the SIP controller (1). The SIP controller determines that the user is subscribed to an AoC service and sends a Diameter Credit-Control-Request (EVENT_REQUEST with Requested-Action set to PRICE_ENQUIRY) to the Diameter Credit-Control server (2). The Credit-Control-Request
用户代理A通过SIP控制器(1)向用户代理B发送带有SDP的INVITE。SIP控制器确定用户已订阅AoC服务,并向Diameter信用控制服务器(2)发送Diameter信用控制请求(请求操作设置为PRICE_Inquiry的事件_请求)。信用控制请求
contains SIP-specific AVPs derived from the SIP signaling, describing the requested service (e.g., calling party, called party, SDP attributes). The Diameter Credit-Control server determines the cost of the service and returns the Credit-Control-Answer, including the Cost-Information AVP (3). The SIP controller manufactures the AoC web page with information received in SIP signaling and with the cost information received from the credit-control server. It then sends a SIP MESSAGE that contains a URL pointing to the AoC information web page (4). Upon receipt of the SIP MESSAGE, User Agent A automatically invokes the web browser that retrieves the AoC information (5). The user clicks on the appropriate button to accept the charges (6). The SIP controller continues the session and sends the INVITE to User Agent B, which accepts the call (7), (8), (9).
包含从SIP信令派生的SIP特定AVP,描述请求的服务(例如,主叫方、被叫方、SDP属性)。Diameter信用控制服务器确定服务成本并返回信用控制答案,包括成本信息AVP(3)。SIP控制器使用SIP信令中接收到的信息和从信用控制服务器接收到的成本信息来制作AoC网页。然后,它发送一条包含指向AoC信息网页的URL的SIP消息(4)。在收到SIP消息后,用户代理A自动调用检索AoC信息的web浏览器(5)。用户单击相应的按钮以接受费用(6)。SIP控制器继续会话并向用户代理B发送邀请,用户代理B接受呼叫(7)、(8)、(9)。
Figure 16 illustrates a credit-control flow for the REFUND case. It is assumed that there is a trusted relationship and secure connection between the gaming server and the Diameter Credit-Control server. The end user may be a prepaid subscriber or a postpaid subscriber.
图16展示了退款案例的信用控制流程。假设游戏服务器和Diameter信用控制服务器之间存在信任关系和安全连接。最终用户可以是预付费订户或后付费订户。
Gaming Server End User (CC Client) CC Server | (1)Service Delivery | | |<---------------------->| | : : : : : : | |(2)CCR(Event, REFUND,Requested- | |Service-Unit, Service-Parameter-Info) | |----------------------->| | | (3)CCA(Cost-Information) | |<-----------------------| | (4)Notification | | |<-----------------------| |
Gaming Server End User (CC Client) CC Server | (1)Service Delivery | | |<---------------------->| | : : : : : : | |(2)CCR(Event, REFUND,Requested- | |Service-Unit, Service-Parameter-Info) | |----------------------->| | | (3)CCA(Cost-Information) | |<-----------------------| | (4)Notification | | |<-----------------------| |
Figure 16: Flow VI
图16:流程VI
While the end user is playing the game (1), they enter a new level that entitles them to a bonus. The gaming server sends a Diameter Credit-Control-Request (EVENT_REQUEST with Requested-Action set to REFUND_ACCOUNT) to the Diameter Credit-Control server (2). The Credit-Control-Request contains the Requested-Service-Unit AVP with the CC-Service-Specific-Units containing the number of points the user just won. The Service-Parameter-Info AVP is also included in the request and specifies the service event to be rated (e.g., Tetris Bonus). From information received, the Diameter Credit-Control server determines the amount to be credited, refunds the user's account, and returns the Credit-Control-Answer, including the
当最终用户在玩游戏(1)时,他们进入一个新的关卡,可以获得奖金。游戏服务器向Diameter信用控制服务器(2)发送Diameter信用控制请求(事件请求,请求的操作设置为退款账户)。信用控制请求包含请求的服务单元AVP,CC服务特定单元包含用户刚刚赢得的点数。服务参数Info AVP也包含在请求中,并指定要评级的服务事件(例如,俄罗斯方块奖金)。Diameter信用控制服务器根据收到的信息确定要贷记的金额,退还用户帐户,并返回信用控制答案,包括
Cost-Information AVP (3). The Cost-Information AVP indicates the credited amount. At the first opportunity, the gaming server notifies the end user of the credited amount (4).
成本信息平均值(3)。成本信息AVP表示贷记金额。在第一次机会时,游戏服务器通知最终用户贷记金额(4)。
Figure 17 provides an example of graceful service termination for a SIP call. It is assumed that the call is set up so that the controller is in the call as a B2BUA (Back-to-Back User Agent) performing third-party call control (3PCC). Note that the SIP signaling is inaccurate, as the focus of this flow is on graceful service termination and credit-control authorization. Best practices for 3PCC are defined in [RFC3725].
图17提供了SIP呼叫的优雅服务终止示例。假设呼叫设置为控制器作为B2BUA(背对背用户代理)执行第三方呼叫控制(3PCC)在呼叫中。请注意,SIP信令是不准确的,因为此流程的重点是服务终止和信用控制授权。[RFC3725]中定义了3PCC的最佳实践。
SIP Controller Top-Up User Agent A (CC Client) Server User Agent B CC Server | | | | | | | (1)CCR(Update, Used-Units) | | | |------------------------------------------>| | | (2)CCA(Final-Unit, Redirect)| | |<------------------------------------------| : : : : : : : : : : | | (3)CCR(Update, Used-Units)| | | |------------------------------------------>| | | (3a)INVITE("hold") | | | |--------------------------->| | | | | (4)CCA(Validity-Time)| | |<------------------------------------------| | (5)INVITE | (6)INVITE | | | |<---------------|------------->| | | | (7)RTP | | | |...............................| | | | | (8)BYE | | | | |<-------------| | | | | (9)CCR(Update) | | | |------------------------------------------>| | | (10)CCA(Granted-Units)| | |<------------------------------------------| | (12)INVITE | (11)INVITE | | |<---------------|--------------------------->| |
SIP Controller Top-Up User Agent A (CC Client) Server User Agent B CC Server | | | | | | | (1)CCR(Update, Used-Units) | | | |------------------------------------------>| | | (2)CCA(Final-Unit, Redirect)| | |<------------------------------------------| : : : : : : : : : : | | (3)CCR(Update, Used-Units)| | | |------------------------------------------>| | | (3a)INVITE("hold") | | | |--------------------------->| | | | | (4)CCA(Validity-Time)| | |<------------------------------------------| | (5)INVITE | (6)INVITE | | | |<---------------|------------->| | | | (7)RTP | | | |...............................| | | | | (8)BYE | | | | |<-------------| | | | | (9)CCR(Update) | | | |------------------------------------------>| | | (10)CCA(Granted-Units)| | |<------------------------------------------| | (12)INVITE | (11)INVITE | | |<---------------|--------------------------->| |
Figure 17: Flow VII
图17:流程VII
The call is ongoing between User Agents A and B; User Agent A has a prepaid subscription. At the expiry of the allocated quota, the SIP controller sends a Diameter Credit-Control-Request (UPDATE_REQUEST) to the Diameter Credit-Control server (1). This message contains the units used thus far. The Diameter Credit-Control server debits the used units from the end user's account and allocates the final quota returned to the SIP controller in the Diameter Credit-Control-Answer (2). This message contains the Final-Unit-Indication AVP with Final-Unit-Action set to REDIRECT, the Redirect-Address-Type set to SIP URI, and the Redirect-Server-Address set to the top-up server name (e.g., sip:sip-topup-server@domain.com). At the expiry of the final allocated quota, the SIP controller sends a Diameter Credit-Control-Request (UPDATE_REQUEST) to the Diameter Credit-Control server (3) and places the called party on "hold" by sending an INVITE with the appropriate connection address in the SDP (3a). The Credit-Control-Request message contains the units used thus far. The Diameter Credit-Control server debits the used units from the end user's account but does not make any credit reservations. The Credit-Control-Answer message, which contains the Validity-Time to supervise the graceful service termination process, is returned to the SIP controller (4). The SIP controller establishes a SIP session between the prepaid user and the top-up server (5), (6). The top-up server plays an announcement and prompts the user to enter a credit card number and the amount of money to be used to replenish the account (7). The top-up server validates the credit card number, replenishes the user's account (using some means outside the scope of this specification), and releases the SIP session (8). The SIP controller can now assume that communication between the prepaid user and the top-up server took place. It sends a spontaneous Credit-Control-Request (UPDATE_REQUEST) to the Diameter Credit-Control server to check whether the account has been replenished (9). The Diameter Credit-Control server reserves credit from the end user's account and returns the reserved quota to the SIP controller in the Credit-Control-Answer (10). At this point, the SIP controller reconnects the caller and the called party (11), (12).
用户代理A和B之间正在进行呼叫;用户代理A具有预付费订阅。在分配的配额到期时,SIP控制器向Diameter信用控制服务器(1)发送Diameter信用控制请求(更新_请求)。此消息包含迄今为止使用的单位。Diameter Credit Control server从最终用户的帐户中借记使用的单位,并在Diameter Credit Control应答(2)中分配返回给SIP控制器的最终配额。此消息包含最终单元指示AVP,最终单元操作设置为重定向,重定向地址类型设置为SIP URI,重定向服务器地址设置为充值服务器名称(例如,SIP:SIP topup-server@domain.com). 在最终分配的配额到期时,SIP控制器向Diameter信用控制服务器(3)发送Diameter信用控制请求(UPDATE_请求),并通过在SDP(3a)中发送具有适当连接地址的INVITE将被叫方置于“保持”状态。信贷控制请求消息包含迄今为止使用的单位。Diameter Credit Control server从最终用户的帐户中借记所用单位,但不进行任何信用预订。包含监督正常服务终止过程的有效时间的信用控制应答消息返回给SIP控制器(4)。SIP控制器在预付费用户和充值服务器(5)、(6)之间建立SIP会话。充值服务器播放公告并提示用户输入信用卡号和用于补充帐户的金额(7)。充值服务器验证信用卡号,补充用户帐户(使用本规范范围外的某些方法),并释放SIP会话(8)。SIP控制器现在可以假设预付费用户和充值服务器之间发生了通信。它向Diameter信用控制服务器发送一个自发的信用控制请求(UPDATE_请求),以检查帐户是否已补充(9)。Diameter信用控制服务器保留来自最终用户帐户的信用,并在信用控制应答(10)中将保留的配额返回给SIP控制器。此时,SIP控制器重新连接呼叫者和被叫方(11)、(12)。
Figure 18 provides an example of graceful service termination initiated when the first interrogation takes place because the user's account is empty. In this example, the credit-control server supports the server-initiated credit re-authorization. The Diameter protocol application is implemented in the NAS per [RFC7155].
图18提供了当第一次询问发生时,由于用户的帐户为空而启动的服务终止示例。在本例中,信用控制服务器支持服务器发起的信用重新授权。Diameter协议应用程序根据[RFC7155]在NAS中实现。
NAS Top-Up CC End User (CC Client) AAA Server Server Server |(1)User Logon |(2)AA-Request (CC AVPs) | | |------------------>|------------------->| | | | | |(3)CCR(Initial, CC AVPs) | | |------------------->| | | |(4)CCA(Final-Unit, | | | | Validity-Time)| | | |<-------------------| | |(5)AA-Answer(Final-Unit, Validity-Time) | |(6)Limited access |<-------------------| | | | granted | | | | |<----------------->| | | | | | | | | | (7)TCP/HTTP | (8)TCP/HTTP | | |<----------------->|<----------------------------->| | | (9)Replenish account | | |<------------------------------------------------->| | | | | (10)RAR | | |<-------------------|<-------------------| | |(11)RAA | | | |------------------->|------------------->| | |(12)CCR(Update) | | | |------------------->|(13)CCR(Update) | | | |------------------->| | | |(14)CCA(Granted-Units) | |(15)CCA(Granted-Units)<------------------| | |<-------------------| |
NAS Top-Up CC End User (CC Client) AAA Server Server Server |(1)User Logon |(2)AA-Request (CC AVPs) | | |------------------>|------------------->| | | | | |(3)CCR(Initial, CC AVPs) | | |------------------->| | | |(4)CCA(Final-Unit, | | | | Validity-Time)| | | |<-------------------| | |(5)AA-Answer(Final-Unit, Validity-Time) | |(6)Limited access |<-------------------| | | | granted | | | | |<----------------->| | | | | | | | | | (7)TCP/HTTP | (8)TCP/HTTP | | |<----------------->|<----------------------------->| | | (9)Replenish account | | |<------------------------------------------------->| | | | | (10)RAR | | |<-------------------|<-------------------| | |(11)RAA | | | |------------------->|------------------->| | |(12)CCR(Update) | | | |------------------->|(13)CCR(Update) | | | |------------------->| | | |(14)CCA(Granted-Units) | |(15)CCA(Granted-Units)<------------------| | |<-------------------| |
Figure 18: Flow VIII
图18:流程VIII
The user logs on to the network (1). The Diameter NAS sends a Diameter AA-Request (AAR) to the home Diameter AAA server (2). The credit-control client populates the AAR with the Credit-Control AVP set to CREDIT_AUTHORIZATION, and service-specific AVPs are included, as usual [RFC7155]. The home Diameter AAA server performs service-specific authentication and authorization, as usual. The home Diameter AAA server determines that the user has a prepaid subscription and notices from the Credit-Control AVP that the NAS has credit-control capabilities. It sends a Diameter Credit-Control-
用户登录到网络(1)。Diameter NAS向主Diameter AAA服务器(2)发送Diameter AA请求(AAR)。信贷控制客户端使用设置为信贷授权的信贷控制AVP填充AAR,并像往常一样包括特定于服务的AVP[RFC7155]。home Diameter AAA服务器通常执行特定于服务的身份验证和授权。home Diameter AAA服务器确定用户具有预付费订阅,并从信用控制AVP通知NAS具有信用控制功能。它发送一个直径信用控制-
Request with CC-Request-Type set to INITIAL_REQUEST to the Diameter Credit-Control server to perform credit authorization (3) and to establish a credit-control session. (The home Diameter AAA server may forward service-specific AVPs received from the NAS as input for the rating process.) The Diameter Credit-Control server checks the end user's account balance, determines that the account cannot cover the cost of the service, and initiates graceful service termination. The Credit-Control-Answer is returned to the home Diameter AAA server (4). This message contains the Final-Unit-Indication AVP and the Validity-Time AVP set to a reasonable amount of time, to give the user a chance to replenish their account (e.g., 10 minutes). The Final-Unit-Indication AVP includes the Final-Unit-Action set to REDIRECT, the Redirect-Address-Type set to URL, and the Redirect-Server-Address set to the HTTP top-up server name. The home Diameter AAA server sends the received Credit-Control AVPs to the NAS in the Diameter AA-Answer (5). Upon successful AAA, the NAS starts the credit-control session and immediately starts graceful service termination, as instructed by the server. The NAS grants limited access to the user (6). The HTTP client software running in the user's device opens the transport connection redirected by the NAS to the top-up server (7), (8). An appropriate web page is provided for the user where the user can enter the credit card number and the amount of money to be used to replenish the account, along with a notification message that they are granted unlimited access if the replenishment operation will be successfully executed within, for example, the next 10 minutes. The top-up server validates the credit card number and replenishes the user's account (using some means outside the scope of this specification) (9). After successful account top-up, the credit-control server sends a Re-Auth-Request message to the NAS (10). The NAS acknowledges the request by returning the Re-Auth-Answer message (11) and initiates the credit re-authorization by sending a Credit-Control-Request (UPDATE_REQUEST) to the Diameter Credit-Control server (12), (13).
CC请求类型设置为向Diameter信用控制服务器发出初始_请求的请求,以执行信用授权(3)并建立信用控制会话。(home Diameter AAA服务器可以转发从NAS接收的特定于服务的AVP,作为评级过程的输入。)Diameter信用控制服务器检查最终用户的帐户余额,确定该帐户无法支付服务成本,并启动服务终止。信用控制应答被返回到home Diameter AAA服务器(4)。此消息包含最终单位指示AVP和有效时间AVP设置为合理的时间量,以便用户有机会补充其帐户(例如10分钟)。最终单元指示AVP包括设置为重定向的最终单元操作、设置为URL的重定向地址类型以及设置为HTTP追加服务器名称的重定向服务器地址。home Diameter AAA服务器将收到的信用控制AVP发送到Diameter AA应答(5)中的NAS。成功AAA后,NAS将启动信用控制会话,并根据服务器的指示立即启动服务终止。NAS授予用户有限的访问权限(6)。用户设备中运行的HTTP客户端软件打开由NAS重定向到充值服务器(7)、(8)的传输连接。为用户提供了一个适当的网页,用户可以在该网页上输入信用卡号和用于补充账户的金额,以及一条通知消息,如果补充操作将在(例如)接下来的10分钟内成功执行,他们将被授予无限制访问权。充值服务器验证信用卡号并补充用户帐户(使用本规范范围外的某些方法)(9)。成功添加帐户后,信用控制服务器向NAS发送重新验证请求消息(10)。NAS通过返回重新验证应答消息(11)来确认请求,并通过向Diameter信用控制服务器(12)、(13)发送信用控制请求(更新请求)来启动信用重新授权。
The Diameter Credit-Control server reserves credit from the end user's account and returns the reserved quota to the NAS via the home Diameter AAA server in the Credit-Control-Answer (14), (15). The NAS removes the restriction applied by graceful service termination and starts monitoring the granted units.
Diameter信用控制服务器保留来自最终用户帐户的信用,并通过信用控制应答(14)、(15)中的home Diameter AAA服务器将保留配额返回NAS。NAS取消了服务终止所施加的限制,并开始监控已授予的单元。
The Diameter Credit-Control application defines the Multiple-Services-Credit-Control AVP, which can be used to support independent credit-control of multiple services in a single credit-control (sub-)session for Service Elements that have such capabilities. It is possible to request and allocate resources as a credit pool that is shared between services or rating-groups.
Diameter Credit Control应用程序定义了多服务信用控制AVP,该AVP可用于为具有此类功能的服务元素在单个信用控制(子)会话中支持多个服务的独立信用控制。可以请求和分配资源作为服务或评级组之间共享的信用池。
Figure 19 illustrates a usage scenario where the credit-control client and server support independent credit-control of multiple services, as defined in Section 5.1.2. It is assumed that service-identifiers, rating-groups, and their associated parameters (e.g., IP 5-tuples) are locally configured in the Service Element or provisioned by an entity other than the credit-control server.
图19说明了信用控制客户端和服务器支持多个服务的独立信用控制的使用场景,如第5.1.2节所定义。假定服务标识符、评级组及其相关参数(例如,IP 5元组)在服务元素中本地配置或由信用控制服务器以外的实体提供。
End User Service Element CC Server (CC Client) |(1)User logon | | |------------------>|(2)CCR(Initial, Service-Id access, | | | Access-specific AVPs, | | | Multiple-Services-Indicator) | | |------------------------------------------->| | |(3)CCA(Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id access, | | | Validity-Time, | | | G-S-U-Pool-Reference(Pool-Id 1, | | | Multiplier 10))) | | |<-------------------------------------------| : : : |(4)Service-Request (Service 1) | |------------------>|(5)CCR(Update, Multiple-Services-CC ( | | | Requested-Units(), Service-Id 1, | | | Rating-Group 1)) | | |------------------------------------------->| | |(6)CCA(Multiple-Services-CC ( | | | Granted-Units(Time), | | | Rating-Group 1, | | | G-S-U-Pool-Reference(Pool-Id 1, | | | Multiplier 1))) | | |<-------------------------------------------| : : : |(7)Service-Request (Service 2) | |------------------>| | : : : : : : |(8)Service-Request (Services 3 & 4) | |------------------>|(9)CCR(Update, Multiple-Services-CC ( | | | Requested-Units(), Service-Id 3, | | | Rating-Group 2), | | | Multiple-Services-CC ( | | | Requested-Units(), Service-Id 4, | | | Rating-Group 3)) | | |------------------------------------------->|
End User Service Element CC Server (CC Client) |(1)User logon | | |------------------>|(2)CCR(Initial, Service-Id access, | | | Access-specific AVPs, | | | Multiple-Services-Indicator) | | |------------------------------------------->| | |(3)CCA(Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id access, | | | Validity-Time, | | | G-S-U-Pool-Reference(Pool-Id 1, | | | Multiplier 10))) | | |<-------------------------------------------| : : : |(4)Service-Request (Service 1) | |------------------>|(5)CCR(Update, Multiple-Services-CC ( | | | Requested-Units(), Service-Id 1, | | | Rating-Group 1)) | | |------------------------------------------->| | |(6)CCA(Multiple-Services-CC ( | | | Granted-Units(Time), | | | Rating-Group 1, | | | G-S-U-Pool-Reference(Pool-Id 1, | | | Multiplier 1))) | | |<-------------------------------------------| : : : |(7)Service-Request (Service 2) | |------------------>| | : : : : : : |(8)Service-Request (Services 3 & 4) | |------------------>|(9)CCR(Update, Multiple-Services-CC ( | | | Requested-Units(), Service-Id 3, | | | Rating-Group 2), | | | Multiple-Services-CC ( | | | Requested-Units(), Service-Id 4, | | | Rating-Group 3)) | | |------------------------------------------->|
| |(10)CCA(Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id 3, Rating-Group 2, | | | Validity-Time, | | | G-S-U-Pool-Reference(Pool-Id 2, | | | Multiplier 2)), | | | Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id 4, Rating-Group 3 | | | Validity-Time, | | | Final-Unit-Ind.(Terminate), | | | G-S-U-Pool-Reference(Pool-Id 2, | | | Multiplier 5))) | | |<-------------------------------------------| : : : : : : | +--------------+ | | | |Validity time | |(11)CCR(Update, | | |expires for | | Multiple-Services-CC ( | | |Service-Id | | Requested-Unit(), | | | access | | Used-Units(In-Octets, Out-Octets), | | +--------------+ | Service-Id access)) | | |------------------------------------------->| | |(12)CCA(Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id access, | | | Validity-Time, | | | G-S-U-Pool-Reference(Pool-Id 1, | | | Multiplier 10))) | | |<-------------------------------------------| : : : : : : | +--------------+ | | | |Total quota | |(13)CCR(Update, | | |elapses for | | Multiple-Services-CC ( | | |Pool 2: | | Requested-Unit(), | | |Service 4 not | | Used-Units(In-Octets, Out-Octets),| | |allowed, | | Service-Id 3, Rating-Group 2), | | |Service 3 | | Multiple-Services-CC ( | | |continues | | Used-Units(In-Octets, Out-Octets),| | +--------------+ | Service-Id 4, Rating-Group 3)) | | |------------------------------------------->| | |(14)CCA(Multiple-Services-CC ( | | | Result-Code 4011, | | | Service-Id 3)) | | |<-------------------------------------------| : : : : : :
| |(10)CCA(Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id 3, Rating-Group 2, | | | Validity-Time, | | | G-S-U-Pool-Reference(Pool-Id 2, | | | Multiplier 2)), | | | Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id 4, Rating-Group 3 | | | Validity-Time, | | | Final-Unit-Ind.(Terminate), | | | G-S-U-Pool-Reference(Pool-Id 2, | | | Multiplier 5))) | | |<-------------------------------------------| : : : : : : | +--------------+ | | | |Validity time | |(11)CCR(Update, | | |expires for | | Multiple-Services-CC ( | | |Service-Id | | Requested-Unit(), | | | access | | Used-Units(In-Octets, Out-Octets), | | +--------------+ | Service-Id access)) | | |------------------------------------------->| | |(12)CCA(Multiple-Services-CC ( | | | Granted-Units(Total-Octets), | | | Service-Id access, | | | Validity-Time, | | | G-S-U-Pool-Reference(Pool-Id 1, | | | Multiplier 10))) | | |<-------------------------------------------| : : : : : : | +--------------+ | | | |Total quota | |(13)CCR(Update, | | |elapses for | | Multiple-Services-CC ( | | |Pool 2: | | Requested-Unit(), | | |Service 4 not | | Used-Units(In-Octets, Out-Octets),| | |allowed, | | Service-Id 3, Rating-Group 2), | | |Service 3 | | Multiple-Services-CC ( | | |continues | | Used-Units(In-Octets, Out-Octets),| | +--------------+ | Service-Id 4, Rating-Group 3)) | | |------------------------------------------->| | |(14)CCA(Multiple-Services-CC ( | | | Result-Code 4011, | | | Service-Id 3)) | | |<-------------------------------------------| : : : : : :
|(15)User logoff | | |------------------>|(16)CCR(Term., | | | Multiple-Services-CC ( | | | Used-Units(In-Octets, Out-Octets),| | | Service-Id access), | | | Multiple-Services-CC ( | | | Used-Units(Time), | | | Service-Id 1, Rating-Group 1), | | | Multiple-Services-CC ( | | | Used-Units(Time), | | | Service-Id 2, Rating-Group 1)) | | |------------------------------------------->| | |(17)CCA(Term.) | | |<-------------------------------------------|
|(15)User logoff | | |------------------>|(16)CCR(Term., | | | Multiple-Services-CC ( | | | Used-Units(In-Octets, Out-Octets),| | | Service-Id access), | | | Multiple-Services-CC ( | | | Used-Units(Time), | | | Service-Id 1, Rating-Group 1), | | | Multiple-Services-CC ( | | | Used-Units(Time), | | | Service-Id 2, Rating-Group 1)) | | |------------------------------------------->| | |(17)CCA(Term.) | | |<-------------------------------------------|
Figure 19: Flow IX: Example of Independent Credit-Control of Multiple Services in a Credit-Control (Sub-)Session
图19:流程IX:信用控制(子)会话中多个服务的独立信用控制示例
The user logs on to the network (1). The Service Element sends a Diameter Credit-Control-Request with CC-Request-Type set to INITIAL_REQUEST to the Diameter Credit-Control server to perform credit authorization for the bearer service (e.g., Internet access service) and to establish a credit-control session (2). In this message, the credit-control client indicates support for independent credit-control of multiple services within the session by including the Multiple-Services-Indicator AVP. The Diameter Credit-Control server checks the end user's account balance, with rating information received from the client (i.e., Service-Id and access-specific AVPs); rates the request; and reserves credit from the end user's account. Suppose that the server reserves $5 and determines that the cost is $1/MB. It then returns to the Service Element a Credit-Control-Answer message that includes the Multiple-Services-Credit-Control AVP with a quota of 5 MB associated to the Service-Id (access), to a multiplier value of 10, and to Pool-Id 1 (3).
用户登录到网络(1)。服务元件向Diameter信用控制服务器发送CC请求类型设置为初始_请求的Diameter信用控制请求,以执行承载服务(例如,互联网接入服务)的信用授权并建立信用控制会话(2)。在该消息中,信用控制客户端通过包括多个服务指示符AVP来指示对会话内多个服务的独立信用控制的支持。Diameter信用控制服务器使用从客户端接收的评级信息(即服务Id和访问特定AVP)检查最终用户的帐户余额;评价请求;并从最终用户的帐户中保留信用。假设服务器预留5美元,并确定成本为1美元/MB。然后,它将信用控制应答消息返回给服务元素,该消息包括多个服务信用控制AVP,其配额为5mb,与服务Id(访问)、乘数值10和池Id 1(3)关联。
The user uses service 1 (4). The Service Element sends a Diameter Credit-Control-Request with CC-Request-Type set to UPDATE_REQUEST to the credit-control server to perform credit authorization for service 1 (5). This message includes the Multiple-Services-Credit-Control AVP to request service units for service 1 that belong to Rating-Group 1. The Diameter Credit-Control server determines that service 1 draws credit resources from the same account as the access service (i.e., pool 1). It rates the request according to Service-Id/rating-group and updates the existing reservation by requesting more credit. Suppose that the server reserves $5 more (now the reservation is $10) and determines that the cost is $0.1/minute. The server authorizes the whole rating-group. It then returns to the Service Element a Credit-Control-Answer message that
用户使用服务1(4)。服务元素向信用控制服务器发送一个Diameter信用控制请求,将CC请求类型设置为更新_请求,以执行服务1(5)的信用授权。此消息包括多服务信用控制AVP,以请求属于评级组1的服务1的服务单元。Diameter信用控制服务器确定服务1从与访问服务(即池1)相同的帐户提取信用资源。它根据服务Id/评级组对请求进行评级,并通过请求更多信用来更新现有预订。假设服务器多预留5美元(现在预留为10美元),并确定成本为每分钟0.1美元。服务器授权整个分级组。然后,它向服务元素返回一条信用控制应答消息
includes the Multiple-Services-Credit-Control AVP with a quota of 50 minutes associated to Rating-Group 1, to a multiplier value of 1, and to Pool-Id 1 (6). The client adjusts the total amount of resources for pool 1 according to the received quota, which gives S for pool 1 = 100.
包括多服务信用控制AVP,其配额为50分钟,与评级组1、乘数值1和池Id 1(6)关联。客户机根据接收到的配额调整池1的资源总量,即池1的S=100。
The user uses service 2, which belongs to the authorized rating-group (Rating-Group 1) (7). Resources are then consumed from pool 1.
用户使用属于授权评级组(评级组1)(7)的服务2。然后从池1消耗资源。
The user now requests services 3 and 4 as well, which are not authorized (8). The Service Element sends a Diameter Credit-Control-Request with CC-Request-Type set to UPDATE_REQUEST to the credit-control server in order to perform credit authorization for services 3 and 4 (9). This message includes two instances of the Multiple-Services-Credit-Control AVP to request service units for service 3 that belong to Rating-Group 2 and service units for service 4 that belong to Rating-Group 3. The Diameter Credit-Control server determines that services 3 and 4 draw credit resources from another account (i.e., pool 2). It checks the end user's account balance and, according to Service-Id/rating-group information, rates the request. It then reserves credit from pool 2.
用户现在还请求未经授权的服务3和服务4(8)。服务元素向信用控制服务器发送一个Diameter信用控制请求,其CC Request Type设置为UPDATE_Request,以便对服务3和4执行信用授权(9)。此消息包括多服务信用控制AVP的两个实例,用于请求属于评级组2的服务3的服务单元和属于评级组3的服务4的服务单元。Diameter信用控制服务器确定服务3和4从另一个帐户(即池2)提取信用资源。它检查最终用户的帐户余额,并根据服务Id/评级组信息对请求进行评级。然后,它从池2中保留信贷。
For example, the server reserves $5 and determines that service 3 costs $0.2/MB and service 4 costs $0.5/MB. The server authorizes only services 3 and 4. It returns to the Service Element a Credit-Control-Answer message that includes two instances of the Multiple-Services-Credit-Control AVP (10). One instance grants a quota of 12.5 MB associated to Service-Id 3 to a multiplier value of 2 and to Pool-Id 2. The other instance grants a quota of 5 MB associated to Service-Id 4 to a multiplier value of 5 and to Pool-Id 2.
例如,服务器保留$5并确定服务3的成本为$0.2/MB,服务4的成本为$0.5/MB。服务器仅授权服务3和4。它向服务元素返回信用控制应答消息,该消息包括多服务信用控制AVP(10)的两个实例。一个实例将与服务Id 3关联的12.5 MB配额授予乘数值2和池Id 2。另一个实例将与服务Id 4关联的5 MB配额授予乘数值5和池Id 2。
The server also determines that pool 2 is exhausted and service 4 is not allowed to continue after these units will be consumed. Therefore, the Final-Unit-Indication AVP with action TERMINATE is associated to Service-Id 4. The client calculates the total amount of resources that can be used for pool 2 according to the received quotas and multipliers, which gives S for pool 2 = 50.
服务器还确定池2已耗尽,并且在消耗这些单元后,不允许服务4继续。因此,带有动作终止的最终装置指示AVP与服务Id 4相关联。客户机根据收到的配额和乘数计算可用于池2的资源总量,即池2的S=50。
The Validity-Time for the access service expires. The Service Element sends a Credit-Control-Request message to the server in order to perform credit re-authorization for the Service-Id (access) (11). This message carries one instance of the Multiple-Services-Credit-Control AVP that includes the units used by this service. Suppose that the total amount of used units is 4 MB. The client adjusts the total amount of resources for pool 1 accordingly, which gives S for pool 1 = 60.
访问服务的有效期过期。服务元素向服务器发送信用控制请求消息,以便对服务Id(访问)执行信用重新授权(11)。此消息包含多服务信用控制AVP的一个实例,其中包括此服务使用的单元。假设使用的单位总数为4MB。客户机相应地调整池1的资源总量,从而使池1的S=60。
The server deducts $4 from the user's account and updates the reservation by requesting more credit. Suppose that the server reserves $5 more (now the reservation is $11) and already knows the cost of the Service-Id (access), which is $1/MB. It then returns to the Service Element a Credit-Control-Answer message that includes the Multiple-Services-Credit-Control AVP with a quota of 5 MB associated to the Service-Id (access), to a multiplier value of 10, and to Pool-Id 1 (12). The client adjusts the total amount of resources for pool 1 according to the received quota, which gives S for pool 1 = 110.
服务器从用户帐户中扣除$4,并通过请求更多积分更新预订。假设服务器再预留5美元(现在预留是11美元),并且已经知道服务Id(访问)的成本,即1美元/MB。然后,它将信用控制应答消息返回给服务元素,该消息包括多个服务信用控制AVP,其配额为5mb,与服务Id(访问)、乘数值10和池Id 1(12)关联。客户机根据接收到的配额调整池1的资源总量,即池1的S=110。
Services 3 and 4 consume the total amount of pool 2's credit resources (i.e., C1*2 + C2*5 >= S). The Service Element immediately starts the TERMINATE action for service 4 and sends a Credit-Control-Request message with CC-Request-Type set to UPDATE_REQUEST to the credit-control server in order to perform credit re-authorization for service 3 (13). This message contains two instances of the Multiple-Services-Credit-Control AVP to report the units used by services 3 and 4. The server deducts the last $5 from the user's account (pool 2) and returns the answer with Result-Code 4011 in the Multiple-Services-Credit-Control AVP to indicate that service 3 can continue without credit-control (14).
服务3和4消耗池2的信贷资源总量(即C1*2+C2*5>=s)。服务元素立即启动服务4的终止操作,并将CC请求类型设置为更新_请求的信用控制请求消息发送到信用控制服务器,以便对服务3(13)执行信用重新授权。此消息包含多服务信用控制AVP的两个实例,用于报告服务3和4使用的单位。服务器从用户帐户(池2)中扣除最后的$5,并在多服务信用控制AVP中返回结果代码为4011的答案,以指示服务3可以在没有信用控制的情况下继续(14)。
The end user logs off from the network (15). To debit the used units from the end user's account and to stop the credit-control session, the Service Element sends a Diameter Credit-Control-Request with CC-Request-Type set to TERMINATION_REQUEST to the credit-control server (16). This message contains the units used by each service in multiple instances of the Multiple-Services-Credit-Control AVP. The used units are associated with the relevant Service-Identifier and rating-group. The Diameter Credit-Control server debits the used units to the user's account (pool 1) and acknowledges the session termination by sending a Diameter Credit-Control-Answer to the Service Element (17).
最终用户从网络注销(15)。为了从最终用户的帐户中借记已用单位并停止信用控制会话,服务元素向信用控制服务器(16)发送一个Diameter信用控制请求,其中CC请求类型设置为TERMINATION_Request。此消息包含多个服务信用控制AVP的多个实例中每个服务使用的单位。所使用的单元与相关的服务标识符和评级组相关联。Diameter Credit Control server将使用的单元记入用户帐户(池1)的借方,并通过向服务元素(17)发送Diameter Credit Control应答来确认会话终止。
Acknowledgements
致谢
The original authors of RFC 4006 are Harri Hakala, Leena Mattila, Juha-Pekka Koskinen, Marco Stura, and John Loughney.
RFC 4006的原始作者是哈里·哈卡拉、莉娜·马蒂拉、朱哈·佩卡·科斯基宁、马可·斯图拉和约翰·洛尼。
The authors would like to thank Bernard Aboba, Jari Arkko, Robert Ekblad, Pasi Eronen, Benny Gustafsson, Robert Karlsson, Avi Lior, Jussi Maki, Paco Marin, Jeff Meyer, Anne Narhi, John Prudhoe, Christopher Richards, Juha Vallinen, and Mark Watson for their comments and suggestions.
作者要感谢Bernard Aboba、Jari Arkko、Robert Ekblad、Pasi Eronen、Benny Gustafsson、Robert Karlsson、Avi Lior、Jussi Maki、Paco Marin、Jeff Meyer、Anne Narhi、John Prudhoe、Christopher Richards、Juha Vallinen和Mark Watson的评论和建议。
Authors' Addresses
作者地址
Lyle Bertz (editor) Sprint 6220 Sprint Parkway Overland Park, KS 66251 United States of America
Lyle Bertz(编辑)美国堪萨斯州斯普林特大道陆上公园斯普林特6220号,邮编66251
Email: lyleb551144@gmail.com
Email: lyleb551144@gmail.com
David Dolson (editor) Sandvine 408 Albert Street Waterloo, ON N2L 3V3 Canada
David Dolson(编辑)加拿大N2L 3V3滑铁卢阿尔伯特街408号Sandvine
Email: ddolson@acm.org
Email: ddolson@acm.org
Yuval Lifshitz (editor) Sandvine 408 Albert Street Waterloo, ON N2L 3V3 Canada
Yuval Lifshitz(编辑)Sandvine 408阿尔伯特街滑铁卢,位于加拿大N2L 3V3
Email: yuvalif@yahoo.com
Email: yuvalif@yahoo.com