Flexible M2M/IoT service with Radiator and Private APN

M2M (Machine to Machine) communications, IoT (Internet of Things), and Industrial Internet are constantly bringing new connected devices, things, to the Internet. Operators and other companies already use Radiator AAA Server Software to create M2M, IoT, and Industrial Internet services to customers. Using Radiator with Private APN (access point name) is an important use case.

Figure 1: Radiator RADIUS server and Private APN service architecture

Most mobile operators provide, in addition to their own APNs, also a Private APN service for companies interested of separating their data traffic from operators’ generic subscriptions. The Private APN service utilises operator’s SIM cards for radio network access, but separates the data traffic in operator’s GGSN (gateway GPRS support node) by the access point name (e.g. internet.company instead of operator’s own access point name). These separate private access points may have their own parameters for authentication, accounting, IP networks, IP address allocation, connection parameters, traffic accounting, priorities, and other functionalities. Depending on the GGSN capabilities, it is possible to move some of these functionalities and information to a separate RADIUS service, which is provided either by the operator or company utilising the Private APN.

With the Private APN and Radiator AAA Server Software as a RADIUS service, our customers have successfully deployed M2M, IoT, and Industrial Internet solutions. Some examples are:

• Fixed IPv4 and IPv6 address allocation for mobile operator M2M/IoT service based on MSISDN (phone number) with the option of returning any GGSN-supported subscription parameters from RADIUS to GGSN
• Ensuring that the Australian state-wide network of water measurement devices are active and sending measurement data, and working as AAA service for VPN connection authentication for devices
• Tracking truck locations, and authenticating, accounting, and authorising GPS tracking devices for fleet tracking service operating across several operators and European countries

Would you like to know more?

This use case is one of the many, where Radiator can be used to provide additional and complementary functionality to mobile network and Internet of Things/Industrial Internet solutions. Contact our team at sales(a.t.)radiatorsoftware.com to set up a meeting, where we can discuss how Radiator could help you in building and deploying mobile network or IoT/Industrial Internet services and solutions.

Radiator SIM Pack, Carrier Pack and Telco Pack releases

We are happy to announce we have now new releases of Radiator SIM Pack and Telco Pack – and also the first release (v. 1.0) of Radiator Carrier Pack, which is designed to address the needs of carriers.

Radiator Carrier Pack is targeted especially for carriers: it provides the interoperability, flexibility, and performance of Radiator, and it also includes Radiator Carrier Module. This module consists of advanced Radiator Diameter server software and Diameter relay software. These provide the platform for other Radiator carrier products: Radiator SIM Pack, Radiator Telco Pack and Radiator GBA/BSF Pack.

Initial release of Radiator Carrier Pack includes following features (and more can be found from revision history):

• The existing and new modules are reorganised. Base components from Radiator Telco Module are now included in Radiator Carrier Module.
• DiameterTelcoConnection now calls DiaPeer's send_reply() instead of calling send() directly. This is preferred to keep the peer state machine up to date.
• OriginHost and OriginRealm in DiaPeerDef support special formatting.
• Diameter initiator connections are now activated after the configuration has been loaded instead of during configuration loading.

Do you want to know more?

If you like to know more about Radiator Carrier Pack and other Radiator carrier products, please do not hesitate to contact our sales team at sales(a.t.)radiatorsoftware.com

Make your Radiator log data searchable

This is the first part of blog series that helps you to use log data that Radiator generates. Jump to second part.

Radiator exports AAA (authentication, authorisation, accounting) data to various formats. You can process the log data further by other log collection systems, such as Splunk and Elasticsearch. In this article, we briefly describe how to export data in JSON format. The common use case is to record the metrics that best describe your environment, for example, authentication, and authorisation messages.

The image below shows you an example of visualised Radiator worker statistics. The graphics were created with Grafana. Click the image for a larger view.

Adding a new field

With Radiator, it is possible to export log data in JSON format (for more information, see JSON.org). Basically, JSON is a set of name-value pairs. The values can also be ordered lists and it is possible to nest lists inside other lists. This makes it possible to express complex data structures in an universal manner with JSON.

Usually, the hardest part in modifying configuration is to figure out how to synchronise modifications everywhere, especially if the logs are centrally collected and parsed. For example, if Client-Identifier or some other RADIUS attribute is added to a log message when authentication fails, you have to ensure the log parser engine understands the new field.

This is an example of AuthLog FILE, which has date, username, and result.

Wed May 18 15:48:44 2016:mikem:FAIL

If you add a new field, the log entry looks like this:

Wed May 18 15:48:44 2016:mikem:client-1:FAIL

Here is the same information as a default JSON message without the new field:

{"timestamp":"2016-05-18T15:48:44Z","result":"reject","source_host":"osc-dev-3","username":"mikem","type":"authentication"}

Here is the JSON message with the new field: {"timestamp":"2016-05-18T15:48:44Z","result":"reject","source_host":"osc-dev-3","username":"mikem","type":"authentication", “client”:”client-1”}

With JSON, it is easy to add the new field to Radiator log message. Usually, there is no need to modify the parser configuration since the fields are just a group of name-value pairs and not fixed together in any way.

Configuring Radiator

The configuration process is straightforward: add Log <FILE, SYSLOG, ...> clause and use it in the same way as existing ones to your Radiator config and you are done. With Radiator, you can customise your own LogFormatHook and add, remove, or modify the fields. This is how Radiator extends the log usage possibilities even further.

Note: The following configuration example needs Radiator 4.16 with latest patches. You must have JSON module installed. JSON::XS module is recommended (see https://metacpan.org/pod/JSON and https://metacpan.org/pod/JSON::XS).

Configuration example: JSON output to radius.cfg (source goodies/logformat.cfg):

---

# This logger logs events in JSON format. It requires the Perl JSON

# module. Note the specific requirement for loading the logger module.

<Log FILE>

       Identifier mylogger-json

       Trace 4

       Filename %L/logfile.json

       LogFormatHook sub { Radius::LogFormat::format_log_json(@_); }

</Log>

# This auth logger logs both successes and failures to a JSON file.

<AuthLog FILE>

       Identifier myauthlogger-json

       Filename %L/authlog.json

       LogFormatHook sub { Radius::LogFormat::format_authlog_json(@_); }

       LogSuccess 1

       LogFailure 1

</AuthLog>

# This is the Handler-clause.

<Handler>

   <AuthBy FILE>

       Filename %D/users

   </AuthBy>

   AuthLog myauthlogger-json

   # Log accounting messages in JSON format.

   AcctLogFileName %L/acctlog.json

   AcctLogFileFormatHook sub { Radius::LogFormat::format_acctlog_json(@_); }

</Handler>

---

In this example configuration, all log data is saved into a single file. This may cause problems in the real configuration because of increasing log data file size. You can avoid this by using log rotation tools, for example, logrotate in Unix-based systems. Rotating log files can safely be done without restarting Radiator. Radiator also supports the special characters in the file names.

Do you want to know more?

Your JSON files are now ready, the next step is to use them efficiently. In the next part of the series, we will introduce the more detailed use cases, which will help you get the most out of Radiator logging.

OSC Radiator team available for meetings in 5G World, London 29 June - 1st July

We are happy to invite all our blog followers at our stand #43 at the 5G World in London Olympia, 29 – 30 June to discuss how we can help you with Radiator AAA solutions.

To have discussions on our solutions from one end to another, we have joined forces with representatives from Kapsch CarrierCom, one of our partner companies in a role of a systems integrator.

Let’s discuss together about your needs and challenges so we can offer better support you. Would you like to be among the first ones to hear the news on the Radiator roadmap? Top teasers include:

• Radiator NFV product line
• Our latest products such as Radiator GBA/BSF Support module
• VoLTE, VoWiFi, 3GPP AAA Server use cases
• New features on Radiator development roadmap 

Visit us at our stand during the event, or schedule a meeting in advance at sales(a.t.)radiatorsoftware.comAlso, separate meetings can be arranged on 1st of July in London. Just get in touch with the Radiator team at sales(a.t.)radiatorsoftware.com.

For more information about the event program, please visit the event website.

More interoperability with Radiator GBA/BSF Support Module v. 1.3

We are happy to announce Radiator GBA/BSF Support Module v. 1.3.

With Generic Bootstrapping Architecture (GBA), it is possible to provide seamless authentication for VoLTE Supplementary Services. This enables the end user to manage services, such as call forwarding, knocking and video call forwarding without switching networks or extra usernames and passwords.

Radiator GBA/BSF Support Module works as an authentication proxy between the end-user user device and the HSS. It authenticates the user requests, and also separates the authentication procedure and the Application Specific server (AS) functionality into different logical entities, for example, RCS (rich communication suite) services mentioned above.

What is new?

We have added interoperability fixes, and successful testing has now been done with user equipment from following vendors:

• Samsung
• Microsoft
• Apple

New features also include fixed username checks and fixed access handlers to work even when client does not send the HTTP user agent header. You can see all the updates from Radiator GBA/BSF Support module revision history.

Do you want to know more?

We are happy to provide more information, use cases and benefits about Radiator GBA/BSF Support Module. Just contact our team at info@open.com.au and we will tell you more.