Rx Authorization

Feature Summary and Revision History

Summary Data

Table 1. Summary Data

Applicable Product(s) or Functional Area

PCF

Applicable Platform(s)

SMI

Feature Default Setting

Disabled – Configuration required to enable

Related Documentation

Not Applicable

Revision History

Table 2. Revision History

Revision Details

Release

First introduced.

2020.01.0

Feature Description

PCF provides a method for the service providers to regulate the services available to individual subscribers. You can configure the bearer-level regulation through the customization and configuration of Rx Authorization. The configuration handles the Video over LTE (ViLTE) authorization as per the subscriber attributes (IMSI, MSISDN, and Throttling) to control the services available to each subscriber.

Architecture

This section depicts how the network function components interact during an Rx Authorization.

The SMF and PCF have a bilateral communication over the N7 interface. The AF sends an AAR request to PCF. The PCF performs the Rx Authorization of the request by evaluating the message for the missing Media-AVP and consults the value that is assigned to the Bearer-Authorization column in the STG table for the configured status as accept or reject. PCF fetches the STG information from the associated database. PCF communicates the evaluation result to the SMF through a REST request and AF through the outgoing Diameter messages.

The following figure illustrates how the NF interactions happen over the Rx interface.

Figure 1. NF Interactions

Components

This section describes the RxAuthorizationSTGConfiguration component in the Rx Authorization process.

The RxAuthorizationSTGConfiguration service configuration is used to evaluate the Rx Authorization table and obtain the configured output values. The RxAuthorizationSTGConfiguration service supports chained evaluation of Search Table Groups (STGs) which means multiple STGs are configured hierarchically in the service and outputs of one table is used as input keys for another table. The RxAuthorizationSTGConfiguration configuration evaluates all the bearers on receiving a Diameter message and sends the appropriate Diameter requests or responses depending on the bearer's authorization status provided the Rx session exists. The Rx Authorization table from which Bearer Authorization and Error Cause output values are received is configured as the last table in the list of chained STGs configured under RxAuthorizationSTGConfiguration.

How it Works

This section describes how this feature works.

At a high-level, PCF supports the Rx-based authorization of bearers. The Rx authorization requires a Search Table Groups (STG), which enables logical grouping of multiple Customer Reference Data (CRD) tables. Within this STG, a CRD table that is dedicated to Rx Authorization is created in the Policy Builder. The input keys in the CRD signify the conditions based on which PCF determines the throttle limit for a bearer. The table has the following output columns:

  • Bearer Authorization: Indicates whether to allow or reject a bearer.

  • Error Cause: Specifies the Error-Message that is included in the AAA Diameter message, if necessary.

If PCF is configured to reject the Rx dedicated bearer when the associated Media-Type is missing, it rejects the bearer with the Experimental-Result-Code=INVALID_SERVICE_INFORMATION (5061) in AAA.

PCF is configured to reject a non-GBR bearer if the value for both, upload and download of the non-GBR bearer is set to 0. PCF determines if the bearer is non-GBR with 0-bit rate after consulting the NON-GBR QCI and ZERO BIT RATE QoS input columns in the Rx Authorization table. If PCF rejects the bearer, then its Bearer-Authorization value is set to REJECT with Result-Code=DIAMETER_AUTHORIZATION_REJECTED (5003) AVP and the Error-Message="BLOCKED (0)" in AAA.

If PCF receives an AAR message with multiple Media-Component-Descriptions AVPs, and it rejects one of the AVPs after assessing for Rx Authorization. PCF sends a successful AAA message for the accepted AVPs. For the rejected media component, PCF creates a scheduled event for sending a delayed Rx RAR. You can configure the duration between the rejection and the time when scheduling of the delayed message happens. The default value is set to 500 milliseconds.


Note


In case PCF rejects multiple Media-Component-Descriptions AVPs with AAA 5003, the Error-Message resulting from the last evaluated rejected AVP is sent in the AAA message.


For existing bearers in an Rx session, PCF evaluates them for Rx Authorization when an event occurs such as LDAP refresh, N28 NOTIFY, and N7_NOTIFY. In situations where all the Media-Component-Descriptions that are stored in the Rx sessions are rejected, then PCF sends an Rx Abort-Session-Request (ASR) to Application Function (AF).


Note


You may observe a degradation in the performance of the PCF system when the RxAuthorizationSTGConfiguration service is added. The level of degradation corresponds to the number of STGs configured for the chained evaluation in the RxAuthorizationSTGConfiguration service and the number of bearers the service has evaluated.


Call Flows

This section describes the key call flows for this feature.

All Bearers Are Rejected Call Flow

This section describes the All Bearers Are Rejected call flow.

Figure 2. All Bearers Are Rejected Call Flow
Table 3. All Bearers Are Rejected Call Flow Description

Step

Description

1

The SMF sends a N7 Create request to the PCF.

2

The PCF responds to the SMF with the success response.

3

The AF sends an AAR-I (Audio and Video) message to the PCF.

4

The PCF performs the Rx Authorization CRD lookup.

5

The Rx Authorization CRD evaluates both, audio and video bearer. If there is a missing Media-Type AVP, PCF rejects the bearer. PCF validates all the bearers for Bearer-Authorization=REJECT. The bearers are classified as unauthorized and are not installed on the SMF.

If all bearers received in the AAR are rejected, PCF sends a AAA (5003) Result-Code=DIAMETER_AUTHORIZATION_REJECTED Error-Message=Throttled to the AF.

Few Bearers Are Rejected Call Flow

This section describes the Few Bearers are Rejected call flow.

Figure 3. Few Bearers Are Rejected Call Flow
Table 4. Few Bearers Are Rejected Call Flow Description

Step

Description

1

The SMF sends a N7 Create request to the PCF.

2

The PCF responds to SMF with success response.

3

The AF sends an AAR-I (Audio and Video) message to the PCF.

4

The PCF performs the Rx Authorization CRD lookup.

5

The Rx Authorization CRD evaluates both the audio and video bearers. The audio bearers that contain the required Media-Type AVP are tagged as accepted. Video bearers with the missing Media-Type AVP are rejected. Bearers evaluated to Bearer-Authorization=ACCEPT are authorized and installed on the SMF.

PCF responds to the accepted audio bearers with AAA (Audio) Result-Code=DIAMETER_SUCCESS (2001).

6

The PCF sends N7 Notify (Audio) to the SMF.

7

The SMF responds to the PCF with a N7 Notify-Resp (Success).

8

Bearers evaluated to Bearer-Authorization=REJECT are marked as unauthorized and are not installed at the SMF.

The PCF sends RAR (Video) Specific-Action=INDICATION_OF_FAILED_RESOURCES_ALLOCATION message to AF.

9

The AF sends RAA (Success) message to PCF.

Existing Bearers Are Rejected Call Flow

This section describes the Existing Bearers Are Rejected call flow.

Figure 4. Existing Bearers Are Rejected Call Flow
Table 5. All Bearers Are Rejected Call Flow Description

Step

Description

1

The SMF sends a N7 Create request to the PCF.

2

The PCF responds to the SMF with a N7 Create Success response.

3

The AF sends an AAR-I (Audio and Video) message to the PCF.

4

The PCF performs the Rx Authorization CRD lookup.

5

The Rx Authorization CRD evaluates both, the audio and video bearers.

If successful authorization, PCF sends AAA (Success) Result-Code=DIAMETER_SUCCESS(2001) to AF.

6

The PCF sends N7 Notify (Audio and Video) message.

7

The SMF responds with N7-Notify-Resp (Success) to the PCF.

8

The SMF sends N7 Update (RAT-Type Change).

9

The PCF performs the Rx Authorization CRD lookup.

10

When PCF reevaluates the existing bearer and the Rx Authorization CRD detects a VIDEO bearer with the missing AVP, PCF rejects the bearer with Error-Message=Throttled.

The PCF sends N7-UPDATE (Success) Charging Rule Remove for VIDEO to the SMF.

11

The PCF sends RAR (VIDEO) Specific-Action=INDICATION_OF_FAILED_RESOURCES_ALLOCATION to the AF.

12

The AF responds with RAA (Success) to the PCF.

Considerations

The following considerations apply when you configure the Rx Authorization:

  • The STG names that are configured in the RxAuthorizationSTGConfiguration should be unique.

  • The AVP names for the output columns that are configured in the RxAuthorizationSTGConfiguration service should be unique.

  • The chained evaluation keys should have the same AVP name for the output column in the source table, and the input column in the destination table.

  • The result of the RxAuthorizationSTGConfiguration service is available in the last table that is defined in the list. The table includes the output columns with the following mandatory AVP names: Bearer-Authorization and Error-Message.

  • The Bearer-Authorization column can be configured to accept the fixed values that are Accept and Reject.

  • Perform the configurations that are required for defining and mapping the CRD tables as per the requirement.

  • The Policy Server evaluates the mapped source output AVPs (result column of the STG) through the CRD which it has created. If PCF has not created the CRD, then it cannot query the corresponding chained input key which further limits it from verifying the Rx Authorization.

  • 1:1 mapping must exist between a chained pair of output AVP and the input key.

Limitations

This feature has the following limitations in this release:

  • When an Rx Authorization fails, PCF sends an Rx_RAR request only if the Specific-Action= INDICATION_OF_FAILED_RESOURCES_ALLOCATION is armed in the AAR message.

  • The Rx authorization is performed only at the Media-Component-Description AVP level. This indicates that the AVPs from the AAR message that are used as input for the CRD table evaluation should be from Media-Component-Description AVP only. PCF does not evaluate of the Media-Sub-Component AVP.

  • If using the PolicyState or Session data retrievers that are bound to the input keys, then PCF retrieves the data for the input keys if it is inserted into the session data.

Configuration Support for Rx Authorization

This section describes how to configure Rx Authorization.

The configuration of the Rx Authorization capability in PCF involves the following steps:

  1. Creating the STG Tables

  2. Adding the RxAuthorizationSTGConfiguration Service

  3. Configuring the Service Chaining

  4. Rejecting the AAR with the Missing Media-Type AVP

  5. Setting Up the Delayed Message Schedule

Creating the STG Tables

This section describes how to create the STG column in Policy Builder.

To configure the STG column, use the following configuration:

  1. Log in to Policy Builder.

  2. Click the Reference Data tab, and from the left pane click Custom Reference Data Tables to view the options.

  3. On the left pane, click the Search Table Groups folder.

  4. In the Search Table Group Summary pane, click Search Table Group. A default STG gets created under the Search Table Groups folder.

  5. Click the new STG and in the Search Table Groups pane rename the STG with a unique name.

  6. Click Customer Reference Data Table. A new table gets created on the left pane.

  7. Click the new table to open the Customer Reference Data Table pane. Rename the table with a unique name.

  8. Navigate to the Columns section and click Add. A default column gets added to the Columns section.

  9. Click the newly created column heading and rename it. Select the options in the corresponding row as applicable to your environment.


    Note


    If the Key option is selected for a specific column, then it indicates as the input column.
  10. Save the changes.

Adding the RxAuthorizationSTGConfiguration Service

This section describes how to add the RxAuthorizationSTGConfiguration service.

To configure the RxAuthorizationSTGConfiguration service, use the following configuration:

  1. Log in to Policy Builder.

  2. Choose the Services tab, and from the left pane click Use Case Templates to create a new service.

  3. On the left pane, click Summary to open the Summary pane.

  4. Under Actions, click Use Case Template.

  5. In the Use Case Template pane, specify the name for the template.

  6. Click the Actions tab and select Add.

  7. In the Select Service Configuration dialog box, select the RxAuthorizationSTGConfiguration and click OK. The Use Case template with the specified name is created.

  8. In the left pane, click Services > Service Options to view the options. The newly created service appears in the Service Options.

  9. Select the service that you have created.

  10. Under Service Configurations, click Add to open the Select Service Configuration dialog box.

  11. Under Service Configurations, select RxAuthorizationSTGConfiguration, then click OK.

Configuring the Service Chaining

This section describes how to configure the service chaining for Rx Authorization.

Before configuring the service chaining, ensure that you have created the use case templates and added the RxAuthorizationSTGConfiguration service. Use case templates are the building blocks of the PCF architecture. The use case templates allow you to define the Service Configuration objects to be set by a Service Option.

To configure service chaining, use the following configuration:

  1. Log in to Policy Builder.

  2. Click the Services tab, and from the left pane click Service Options to view the options.

  3. Expand the new service that you have created, and select the child.

  4. In the Service Option pane, select Rx_AuthorizationSTGConfiguration service under Service Configurations and specify the Rx_AuthorizationSTGConfiguration parameters.

  5. Expand the List Of Input Column Avp Pairs (List) > ColumnAndAvpPair, and enter the appropriate information.

  6. Expand the List Of Output Column Avp Pairs (List) > ColumnAndAvpPair, and enter the Avp Name as Bearer-Authorization. Similarly, in another ColumnAndAvpPair > Avp Name field specify Error-Message.

  7. Save the changes.

Rejecting the AAR with the Missing Media-Type AVP

This section describes how to enable PCF to reject the AAR messages with missing Media-Type AVPs.

To configure PCF to reject the AAR messages, use the following configuration:

  1. Log in to Policy Builder.

  2. Click the Reference Data tab.

  3. In the left pane, click Diameter Clients > Rx Clients.

  4. Click Rx-Client.

  5. In the Rx Client pane, select the Reject AAR with Invalid Service Info for missing Media-Type check box.

  6. Save the changes.

Setting Up the Delayed Message Schedule

This section describes how to set up the duration after which PCF sends the delayed message to the AF.

To configure the delayed message schedule through the Policy Builder, use the following configuration:

  1. Log in to Policy Builder.

  2. Click the Reference Data tab.

  3. In the left pane, click Diameter Clients > Rx Clients.

  4. Click Rx-Client.

  5. In the Rx Client pane, specify the duration in the Sending Delayed Message Wait Time (In millisec) field. If you do not specify the period, then PCF considers the default period of 500 milliseconds.

Rx Client

This section describes the parameters, which you can configure for the Rx client.

Use the Rx Client, which is a Diameter client object along with the Rx interface. You can add the Rx-specific features to the generic Diameter client.

Before setting the service parameters, ensure that you create a use case template and add a service for this configuration. For details, see Configuring the Use Case Template and Adding a Service.

The following table describes the Rx Client service parameters:

Table 6. Rx Client Parameters

Parameter

Description

Reject AAR with Invalid Service Info for missing Media-Type

Enables PCF to reject the Rx_AAR message when Media-Component-Descriptions AVPs have the Media-Type AVP missing. PCF rejects the message with Experimental-Result-Code= INVALID_SERVICE_INFORMATION (5061).

To enable the parameter, select the check box available in the Diameter Clients > Rx Client.

Delayed Message Wait Time

Allows you to specify the duration after which PCF sends a delayed message. The default value is 500 milliseconds.

To define the duration, specify the period in the text field available in Diameter Clients > Rx Client.