of projects: â IST MobyDick on AAAC architecture for IPv6 QoS- enabled access services to mobile users. â CATI on accounting and charging for QoS-enabled.
Design and Implementation of a Charging and Accounting Architecture for QoS-differentiated VPN Services to Mobile Users Thanasis Papaioannou and George D. Stamoulis Athens University of Economics & Business (AUEB) {pathan, gstamoul}@aueb.gr
ICQT ‘02, Zurich, Switzerland, October 2002 Work supported by E.U. through IST-1999-20017 project INTERNODE under a subcontract with INTRACOM S.A.
Overview n Motivation
and Contribution n Background on Charging n Charging and the Business Roles in M-VPN Provision n The Details of the Charging Scheme n The Accounting and Charging Architecture n Concluding Remarks Charging Mobile VPNs - 2
Motivation and Contribution
Charging Mobile VPNs - 3
Mobile VPNs n In
mobile Internet the provision of VPN services will be important l
Key issue for commercial viability: VPN services should match user preferences on security and QoS
n IST
project INTERNODE designed, specified and implemented a platform for multi-domain QoS-differentiated VPN services to mobile users èM-VPN
services Charging Mobile VPNs - 4
Why Charge ? n M-VPN
service providers should account and charge for their services, in order to: Recover their provision costs l Increase their profits l Provide the right incentives to users regarding resource usage, while charging them fairly l
§ Closely related to the form of the charging scheme § e.g. usage-based vs. flat-rate charging
Charging Mobile VPNs - 5
Multi-domain Feature n M-VPN
service provision spans multiple network domains The total charge should be shared among the involved providers in a fair and efficient way èThus, the right incentives will be maintained on the provider level too l
Charging Mobile VPNs - 6
Our contribution (I) n We
specify in detail and justify a charging scheme for M-VPN services, which: Includes all chargeable features of the service l charges users fairly l achieves fair sharing of revenue among providers l provides all involved parties with the right incentives, thus helping providers be competitive l
Charging Mobile VPNs - 7
Our contribution (II) n We
specify a complete yet lightweight accounting and charging architecture
n It
can be combined with previous related works of projects: IST MobyDick on AAAC architecture for IPv6 QoSenabled access services to mobile users l CATI on accounting and charging for QoS-enabled static VPN services l
Charging Mobile VPNs - 8
Background on Charging
Charging Mobile VPNs - 9
Charging Guaranteed Services: The Time-Volume Approach n F.P.Kelly,
“Tariffs and Effective Bandwidths in Multiservice Networks”, Proceedings of ITC’94 a·T + b·V + c = T · (a + b·M) + c l a, b are derived from the effective bandwidth curve
n The
charge is a function of
the SLA, l the anticipated mean rate m, and l the actual mean rate M, l and can be minimized if the user chooses a, b appropriately l
Charging Mobile VPNs - 10
Charging Elastic Services n Proportionally
to the volume of the inserted traffic (volume-based)
n According
to some measure of burstiness (burstiness-based) l
e.g., by measuring the top 90-percentile of the distribution of the load produced per minute
Charging Mobile VPNs - 11
Charging Static VPN Services nA l
theoretically justified approach: Apply additive charging over all individual flows arising within the VPN
n Commercial
approaches vary:
Additive charging plus some extra charges for value-adding features (as security, always-on, etc.) l On a per customer basis l
Charging Mobile VPNs - 12
Charging and the Business Roles in M-VPN Provision
Charging Mobile VPNs - 13
User Types, Applications, QoS n
Users are classified into different types: l
n
e.g. technical employees, managers, etc.
Assumption: each user-type utilizes a specific set of applications, for each of which: there is a set of permissible QoS classes l an estimate for the anticipated mean rate per QoS class è The particular QoS class to serve the application each time is specified in the SLA l
Charging Mobile VPNs - 14
What Should Charging Reflect? n The
charge for the transport of traffic for an individual IPsec flow in a QoS class
n The
charge for mobility support
n The
charge for security support
Charging Mobile VPNs - 15
Business Roles Federation Agreement VPN SPS
IPsec tunnel
M-VPN Provider Network
IPsec flow
FA
VPN contract
Customer C SG
Visited Connectivity Provider Network Users of Customer C
SG
Connect. Connect. Provider A Provider B Network Network
HA
Home Connectivity Provider Network Users of Customer C Charging Mobile VPNs - 16
… and their Tasks for Charging and Accounting n The l
federated CPs serve as 3rd-Party providers
each offers a certain part of the M-VPN service
n Each
CP has to:
Measure resource usage and associate it to its users l Charge for transport, mobility and security support in his domain, and allocate charges to users l Send the accounting and charging information to VPN SPS platform l
n M-VPN
provider charges for packing the complete M-VPN service Charging Mobile VPNs - 17
The Details of the Charging Scheme
Charging Mobile VPNs - 18
Charging for Transport n Time-Volume
approach is adopted for guaranteed services, as it: Benefits from the available a priori knowledge of the anticipated mean rate of an IPsec flow l Can distinguish among different QoS classes l Includes a fixed charge for each IPsec connection l
§ Useful for charging security and mobility support l
Is also applicable to elastic services
Charging Mobile VPNs - 19
Determining a, b, c n For
each application and for each type of user, statistical estimates of the anticipated mean rate m are maintained for each QoS class l The optimal [a, b, c] tariff is uniquely determined by the pair [user identity, SLA]
n Trade-off
between accuracy in the estimation of the mean rate of an IPsec flow and the monitoring and storage overhead l
e.g. keeping statistics per user or per user-type ? Charging Mobile VPNs - 20
Charging for Security
Cs : encapsulation traffic
processing capacity
... Bs : capacity of
encapsulation buffer
n Packet
encapsulation according to IPsec Charging Mobile VPNs - 21
Per Volume Charge for Security n Encapsulation
capacity constraint is similar to that of a transmission link with buffer Traffic served by DiffServ QoS classes conforms to the restrictions imposed by DiffServ èIPsec encapsulation can be dimensioned so as to be free of losses èno scarce resources are involved and no extra charge is required l
n For
best-effort traffic, an extra charge should be introduced according to burstiness
Charging Mobile VPNs - 22
Per Time Charge for Security n The
identity of an IPsec tunnel as well as the number of IPsec flows that can be multiplexed in it are scarce resources l
A charge per time-unit should be included to prevent aimless maintenance of IPsec tunnels and flows
n Volume
and time overhead induced by security support are already accommodated by charging for transport Charging Mobile VPNs - 23
Additional Fixed Charges n The
M-VPN provider introduces:
A fixed charge depending on the security level for the overhead of creating an IPsec flow, and l A fixed charge for the “packing” of the M-VPN service l
§ “Packing” of the M-VPN service implies management of the security gateways, which provides the duplex nature of the M-VPN service and a uniform (i.e. end-toend) security level
Charging Mobile VPNs - 24
Charging for Mobility n Packet
encapsulation according to Mobile IP
èCharging
can be treated similarly to the case of security support
n The
terminal or/and IP address allocated are both “scarce” resources l
A charge per time unit should be introduced
Charging Mobile VPNs - 25
The Complete Charging Scheme nA
user of type j using an application i that is served by a DiffServ QoS class q is charged according to the formula:
(p + a
ijq
(mijq ) )⋅ T + bijq ( mijq ) ⋅V + cs
l p is the sum of the charges for mobility and
security support per time unit l cs is the fixed charge for security support l mijq is the anticipated mean rate n These
terms should be added for all (i,j,q)
Charging Mobile VPNs - 26
Sharing of Revenue n Connectivity
Providers collect:
The charges for transport l The charges for mobility support l The variable charges for security support l
n The
M-VPN provider also collects the fixed charges for: security support l “packing” the M-VPN services l
Charging Mobile VPNs - 27
The Complete Accounting and Charging Architecture
Charging Mobile VPNs - 28
The architecture ... n is
compliant the main relevant standards:
IETF AAA on forwarding of accounting information l TMN Layers’ hierarchy l TINA Accounting Ladder Model l TINA format of the accounting and charging records l TMForum on the generation and content of the accounting and charging records l
n can
be combined with previous related works Charging Mobile VPNs - 29
Access Layer
Accounting Management Console
Customer Accounting Console
Service Layer
Charging 5. Records
Accounting Server
Rating Center QoSSLAInfoContract/ FederatedContract
Resource Layer
Charging Records
AO
Accounting Records 3.
6. Charging Records
Federated Accounting Center 2. Accounting Records
4.
Accounting Repository 1. Accounting Records
Accountable Objects Accounting and Charging Subsystem of 3rd-party Provider
Resource Layer of the Accounting and Charging Subsystem of the VPN Provider
AO Accountable Objects
Concluding Remarks
Charging Mobile VPNs - 31
Concluding Remarks n The
charging scheme developed
covers all details for charging M-VPNs l is fair for users and providers, l provides them with the right incentives l enables fair sharing of revenue among providers l
n The
Accounting and Charging architecture
meets all requirements of the context l is conformant to the main relevant standards l was implemented and tested successfully in INTERNODE trials l
Charging Mobile VPNs - 32
Support Slides
Charging Mobile VPNs - 33
The Time-Volume Approach αon /off (s, t)
f(m; M ) = a(m) + b(m) ⋅ M
penalty due to inaccurate declaration
charge =
T * f(m; M)
= a(m) ⋅T +b(m)⋅V
slope
b(m) effective bandwidth
αON /OFF
accurate declaration charge = T *α
a(m)
ON / OFF
m declared
M Charging Mobile VPNs - 34
ON/OFF Source Model The notion of effective bandwidth summarizes resource usage of a bursty source described with many parameters ON/OFF source: ON & OFF periods are exponentially distributed with mean ON period = 1/a, mean OFF period = 1/b 1/h on h b
a off
mean rate m = b*h/(a+b)
on
time
off
(
)
1 m sh a ( m , h ) = log 1 + e − 1 effective bandwidth h s Charging Mobile VPNs - 35
Background: IETF AAA Considerations Billing Billing Server Server Intra- domain Transfer Transfer Intra-domain session records protocol protocol session records Inter -domain Accounting Accounting Proxy/Server session records Server or Accounting Accounting protocol protocol Network Device Serving Network
Home Network Charging Mobile VPNs - 36
Background: TMForum Considerations Roaming Performance / Usage Trends Customer Care Processes
Customer QoS Management
Invoicing Collection
Customer QoS Management
Invoicing Collection
Service Layer Management
Service Quality Management
Rating and Discounting
Service Quality Management
Rating and Discounting
SP
NO
Network Layer Management
Network Data Management Serving Network
Network Data Management Home Network Charging Mobile VPNs - 37
Related Work: IST MobyDick n
Hasan, J. Jähnert, S. Zander, and B. Stiller. “Authentication, Authorization, Accounting, and Charging for the Mobile Internet”. Mobile Summit 2001, Barcelona, Spain, September 2001.
n
An inter-domain Authorization, Authentication, Accounting and Charging architecture for IPv6-based QoS-enabled access services to mobile users l Inter-domain negotiation of each service flow by AAAC servers l Our charging and accounting subsystem can serve as part of the AAAC server. Charging Mobile VPNs - 38
Related Work: CATI Project n
n n
B. Stiller, T. Braun, M. Günter and B. Plattner. “The CATI Project: Charging and Accounting Technology for the Internet”. (ECMAST'99), Madrid, May 1999 An accounting and charging architecture and a charging scheme for QoS-enabled static VPN services The charging scheme is prescribed to have: l a variable charge per time, a variable charge per volume, and a fixed charge l our charging scheme is of the same form, and specified in detail Charging Mobile VPNs - 39