Cisco Cisco IOS Software Release 12.3(4)T
SSG Prepaid Idle Timeout
Feature Overview
2
Cisco IOS Releases 12.2(15)B and 12.3(4)T
SSG Prepaid
The SSG Prepaid feature allows SSG to check a subscriber’s available credit to determine whether to
connect the subscriber to a service and how long the connection can last. The subscriber’s credit is
administered by the billing server as a series of quotas representing either a duration of use (in seconds)
or an allowable data volume (in bytes). A quota is an allotment of available credit.
connect the subscriber to a service and how long the connection can last. The subscriber’s credit is
administered by the billing server as a series of quotas representing either a duration of use (in seconds)
or an allowable data volume (in bytes). A quota is an allotment of available credit.
To obtain the first quota for a connection, SSG submits an authorization request to the authentication,
authorization, and accounting (AAA) server. The AAA server contacts the prepaid billing server, which
forwards the quota values to SSG. SSG then monitors the connection to track the quota usage. When the
quota runs out, SSG performs reauthorization. During reauthorization, the billing server may provide
SSG with an additional quota if there is available credit. If no further quota is provided, SSG logs the
user off.
authorization, and accounting (AAA) server. The AAA server contacts the prepaid billing server, which
forwards the quota values to SSG. SSG then monitors the connection to track the quota usage. When the
quota runs out, SSG performs reauthorization. During reauthorization, the billing server may provide
SSG with an additional quota if there is available credit. If no further quota is provided, SSG logs the
user off.
SSG Prepaid Idle Timeout
The SSG Prepaid Idle Timeout feature enhances the SSG Prepaid feature by enabling SSG to return
residual quota to the billing server from services that a user is logged into but not actively using. The
quota that is returned to the billing center can be applied to the quota for the services that the user is
actively using.
residual quota to the billing server from services that a user is logged into but not actively using. The
quota that is returned to the billing center can be applied to the quota for the services that the user is
actively using.
When SSG is configured for SSG Prepaid Idle Timeout, a user’s connection to services can be open even
when the billing server returns a zero quota, but the connection’s status is dependent on the combination
of the quota and the idle timeout value returned. Depending on the connection service, SSG requests the
quota for a connection from the billing server once the user starts using a particular service, when the
user runs out of quota, or after the configured idle timeout value has expired.
when the billing server returns a zero quota, but the connection’s status is dependent on the combination
of the quota and the idle timeout value returned. Depending on the connection service, SSG requests the
quota for a connection from the billing server once the user starts using a particular service, when the
user runs out of quota, or after the configured idle timeout value has expired.
The SSG Prepaid Idle Timeout feature enhances handling of a returned zero quota from the billing
server. If a billing server returns a zero quota and a nonzero idle timeout, this indicates that a user has
run out of credit for a service. When a user runs out of credit for a service, the user is redirected to the
billing server to replenish the quota. When the user is redirected to the billing server, the user’s
connection to the original service or services is retained. Although the connection remains up, any traffic
passing through the connection is dropped. This enables a user to replenish quota on the billing server
without losing connections to services or having to perform additional service logons.
server. If a billing server returns a zero quota and a nonzero idle timeout, this indicates that a user has
run out of credit for a service. When a user runs out of credit for a service, the user is redirected to the
billing server to replenish the quota. When the user is redirected to the billing server, the user’s
connection to the original service or services is retained. Although the connection remains up, any traffic
passing through the connection is dropped. This enables a user to replenish quota on the billing server
without losing connections to services or having to perform additional service logons.
Using the SSG Prepaid Idle Timeout feature, you can configure SSG to reauthorize a user before the user
completely consumes the allocated quota. You can also configure SSG to drop traffic during
reauthorization. This prevents revenue leaks in the event that the billing server returns a zero quota for
the user. Without the SSG Prepaid Idle Timeout feature, traffic passed during reauthorization represents
a revenue leak if the billing server returns a zero quota for the user. You can prevent this type of revenue
leak by configuring a threshold value, causing SSG to reauthorize a user’s connection before the user
completely consumes the allocated quota for a service.
completely consumes the allocated quota. You can also configure SSG to drop traffic during
reauthorization. This prevents revenue leaks in the event that the billing server returns a zero quota for
the user. Without the SSG Prepaid Idle Timeout feature, traffic passed during reauthorization represents
a revenue leak if the billing server returns a zero quota for the user. You can prevent this type of revenue
leak by configuring a threshold value, causing SSG to reauthorize a user’s connection before the user
completely consumes the allocated quota for a service.
SSG Prepaid Idle Timeout enhances SSG to inform the billing server upon any connection failure. This
enables the billing server to free quota that was reserved for the connection that failed and to apply this
quota immediately to some other active connection.
enables the billing server to free quota that was reserved for the connection that failed and to apply this
quota immediately to some other active connection.
Service Authorization
SSG sends a service authorization request to the billing server upon initial service authorization. Explicit
service authorization is required whenever a user attempts to connect to a prepaid service to ensure that
the user has sufficient credit to connect to that service. The billing server responds with the available
quota to SSG. If the returned available quota is greater than zero (or not present), SSG allows the user
to connect to the service and begins metering using the allotted quota. For this service authorization, an
Access-Request packet is generated once the service is identified as a prepaid service. The
Access-Request is generated for service authorization regardless of the service type (pass-through,
proxy, tunnel, or virtual private dial-up network [VPDN]).
service authorization is required whenever a user attempts to connect to a prepaid service to ensure that
the user has sufficient credit to connect to that service. The billing server responds with the available
quota to SSG. If the returned available quota is greater than zero (or not present), SSG allows the user
to connect to the service and begins metering using the allotted quota. For this service authorization, an
Access-Request packet is generated once the service is identified as a prepaid service. The
Access-Request is generated for service authorization regardless of the service type (pass-through,
proxy, tunnel, or virtual private dial-up network [VPDN]).
describes this Access-Request.