Moby Dick Consolidated System Integration Plan

More documents

Recommendations

Info

D0103v1.doc Version 1 6.7.2003 4.5.6.2 Requirements 4.5.6.2.1 Auditing Requirements There are three tasks to be accomplished to detect SLG violation: ? Determine the downtime of MobyDick entities ? Determine whether all consecutive registration attempts of a user currently in the home domain, fail within the pre-defined time interval . Failures due to invalid NAI and credentials do not violate SLG. To perform this task it is necessary to query the customer database to check, whether the NAI is valid (is a home user). The validity check of the credentials supplied by the user will rely on the response coming from the AAAC server. This response is reflected in the AAAC client’s response to the mobile terminal. This means correct implementation and behaviour of the AAAC server and client is assumed and expected. ? Determine whether all consecutive service requests of an authenticated user are rejected or ignored within the pre-defined time interval . 4.5.6.2.2 Logging Requirements Downtime determination requires Moby Dick entities to periodically send a sign of life. The sign of life contains the identity of the entity (EntityID) and a Timestamp. The time interval must be configurable. To determine whether registration attempts are successful following events need to be logged: ? Each valid registration request must be logged by the AAAC Client, ? Each registration response must be logged by the AAAC Client. The receipt of a valid registration request must be logged and the log must contain the following information: EventID, Timestamp, CoA, and NAI. EventID identifies uniquely the event that occurs; in this case the arrival of a valid registration request. The arrival of a valid registration request will trigger a sequence of message exchange in the provider’s network to carry out the registration process. In the end the AAAC Client will receive a response from the AAAC Server or a request timeout will occur. This will lead to AAAC Client sends a registration response containing the result of the request to the MN. Note here that communication errors can lead to missing response. MN should perform registration retries, if no positive answer is received after a certain timeout. The following information needs to be logged after sending a response to the MN: EventID, Timestamp, CoA, NAI, and ResultCode. The ResultCode should tell whether the registration is successful or not, and if not due to what reason. To determine whether service requests are accepted following events need to be logged: • Each service request sent to QoS broker must be logged by the QoS Manager, • Each corresponding response coming from QoS broker must be logged by the QoS Manager. After detecting that a new service is requested by a MN (MN sends a packet marked with a DSCP not being used), the QoS Manager in the access router needs to log the following information regarding this event: EventID, Timestamp, DSCP, DestAddr, CoA, and NAI. EventID identifies the arrival of a service request. The arrival of a service request will trigger a sequence of message exchange between QoS Manager and QoS Broker. In the end the QoS Manager will receive a response from the QoS Broker or a request timeout will occur. This will lead to QoS Manager configures the Access Router to forward or drop the packets of this requested service. The following information needs to be logged: EventID, Timestamp, DSCP, DestAddr, CoA, NAI, and ResultCode. The ResultCode states whether the requested service is accepted or not, and if not due to what reason. 4.5.6.3 Architecture The following figure depicts the logging and auditing architecture. As described in the section on Logging Requirements, in addition to availability events, AAAC Clients have to log user registration events, while QoS Managers have to log service authorization events. Both entities, the AAAC Client and the QoS Manager, reside in each Access Router. Events to be logged will first be stored in the Local Log via an Integrated Logger. This Local Log will be managed by Local Log Management module, which has the responsibility to transfer the logs to the Central Log Management module. The Central Log Management module will store the logs in the Audit Trail before being fetched by the Auditing module to be examined with respect to the given commitments. D0103v1.doc 136 / 168
D0103v1.doc Version 1 6.7.2003 Access Router AAAC Client Integrated Logger QoS Manager Integrated Logger Local Log Audit Trail Auditing Local Log Mgmt Central Log Mgmt Figure 92: Auditing and Logging Architecture The task carried out by the Integrated Logger should not significantly affect the tasks of the hosting entity, i.e., the AAAC Client and the QoS Manager. This is the reason why the event logs are not s ent directly to a central Audit Trail, which may last longer due to the network communication overhead. Since QoS Manager does not aware of NAI, a way to map a CoA to NAI needs to be found to allow for logging of NAI in the service authorization event logs. This mapping can be done with the help of the AAAC Client, who knows exactly which NAI a certain CoA belongs to, as long as the MN having this CoA is currently registered by this AAAC Client. Because this is a logging issue, the required communication will be carried out between the AAAC Client’s Integrated Logger and the QoS Manager’s Integrated Logger. The information on CoA-NAI mapping will be provided to the Integrated Logger by the AAAC Client. The Local Log is not implemented as a flat file, but as a MySQL database. This requires a running MySQL server in each Access Router. Logs that have been successfully sent to the Central Log Management will be deleted from the Local Log. In this regard MySQL provides for a reliable and easy manipulation of event logs. Since each Local Log Management in each Access Router is connected to the Central Log Management, the data transfer need to be controlled, so that no packet loss occurs due to buffer overflow. The Audit Trail is a MySQL database, which has the same structure as the Local Log. It stores the event logs collected from every Local Log before being processed by the Auditing module. Logs in the Audit Trail that have been completely processed will be deleted or moved into data archives by the Auditing module. The result of the auditing process is a report telling whether or not violation to each commitment has occurred. This report is written into different flat files for each customer in case of user registration and service authorization, and for each entity in case of entity availability. 4.5.6.4 Data Structures Based on the logging requirements, five types of events have been identified, which can be separated into three groups. The five types of events are Entity Availability Event, User Registration Request Event, User Registration Response Event, Service Authorization Request Event, and Service Authorization Response Event. The three groups are obviously Entity Availability Event Group, User Registration Event Group, and Service Authorization Event Group. All event logs in a group will be stored in the same MySQL table in the Local Log, and after being collected in the same MySQL table in the Audit Trail. The three tables corresponding to the three groups are named SoL (Sign of Life), UsrReg (User Registration), and SvcAuth (Service Authorization). The following subsections describe the data structure of each table. 4.5.6.4.1 Sign of Life MySQL Table: SoL D0103v1.doc 137 / 168
Page 1 and 2:
IST-2000-25394 Moby Dick D0103 Moby
Page 3 and 4:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 5 and 6:
D0103v1.doc Version 1 6.7.2003 5.1.
Page 7 and 8:
D0103v1.doc Version 1 6.7.2003 Abbr
Page 9 and 10:
D0103v1.doc Version 1 6.7.2003 1 In
Page 11 and 12:
D0103v1.doc Version 1 6.7.2003 3 Mo
Page 13 and 14:
D0103v1.doc Version 1 6.7.2003 Doma
Page 15 and 16:
D0103v1.doc Version 1 6.7.2003 NCP
Page 17 and 18:
D0103v1.doc Version 1 6.7.2003 It w
Page 19 and 20:
D0103v1.doc Version 1 6.7.2003 curr
Page 21 and 22:
D0103v1.doc Version 1 6.7.2003 •
Page 23 and 24:
D0103v1.doc Version 1 6.7.2003 No A
Page 25 and 26:
D0103v1.doc Version 1 6.7.2003 o Fo
Page 27 and 28:
D0103v1.doc Version 1 6.7.2003 NCP
Page 29 and 30:
D0103v1.doc Version 1 6.7.2003 4.1.
Page 31 and 32:
D0103v1.doc Version 1 6.7.2003 4.1.
Page 33 and 34:
D0103v1.doc Version 1 6.7.2003 asso
Page 35 and 36:
D0103v1.doc Version 1 6.7.2003 Mobi
Page 37 and 38:
D0103v1.doc Version 1 6.7.2003 WP4
Page 39 and 40:
D0103v1.doc Version 1 6.7.2003 Para
Page 41 and 42:
D0103v1.doc Version 1 6.7.2003 Ackn
Page 43 and 44:
D0103v1.doc Version 1 6.7.2003 inst
Page 45 and 46:
D0103v1.doc Version 1 6.7.2003 MT P
Page 47 and 48:
D0103v1.doc Version 1 6.7.2003 The
Page 49 and 50:
D0103v1.doc Version 1 6.7.2003 RtSo
Page 51 and 52:
D0103v1.doc Version 1 6.7.2003 auth
Page 53 and 54:
D0103v1.doc Version 1 6.7.2003 In a
Page 55 and 56:
D0103v1.doc Version 1 6.7.2003 AR s
Page 57 and 58:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 59 and 60:
D0103v1.doc Version 1 6.7.2003 Even
Page 61 and 62:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 63 and 64:
D0103v1.doc Version 1 6.7.2003 Filt
Page 65 and 66:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 67 and 68:
D0103v1.doc Version 1 6.7.2003 •
Page 69 and 70:
D0103v1.doc Version 1 6.7.2003 The
Page 71 and 72:
D0103v1.doc Version 1 6.7.2003 is t
Page 73 and 74:
D0103v1.doc Version 1 6.7.2003 4.3
Page 75 and 76:
D0103v1.doc Version 1 6.7.2003 4.3.
Page 77 and 78:
D0103v1.doc Version 1 6.7.2003 This
Page 79 and 80:
D0103v1.doc Version 1 6.7.2003 This
Page 81 and 82:
D0103v1.doc Version 1 6.7.2003 4.3.
Page 83 and 84:
D0103v1.doc Version 1 6.7.2003 4.3.
Page 85 and 86: D0103v1.doc Version 1 6.7.2003 The
Page 87 and 88: D0103v1.doc Version 1 6.7.2003 4.3.
Page 89 and 90: D0103v1.doc Version 1 6.7.2003 be u
Page 91 and 92: D0103v1.doc Version 1 6.7.2003 o Ma
Page 93 and 94: D0103v1.doc Version 1 6.7.2003 Gene
Page 95 and 96: D0103v1.doc Version 1 6.7.2003 Upli
Page 97 and 98: D0103v1.doc Version 1 6.7.2003 Now
Page 99 and 100: D0103v1.doc Version 1 6.7.2003 3. D
Page 101 and 102: D0103v1.doc Version 1 6.7.2003 User
Page 103 and 104: D0103v1.doc Version 1 6.7.2003 Inte
Page 105 and 106: D0103v1.doc Version 1 6.7.2003 User
Page 107 and 108: D0103v1.doc Version 1 6.7.2003 Serv
Page 109 and 110: D0103v1.doc Version 1 6.7.2003 S1 E
Page 113 and 114: D0103v1.doc Version 1 6.7.2003 Old
Page 115 and 116: D0103v1.doc Version 1 6.7.2003 This
Page 117 and 118: D0103v1.doc Version 1 6.7.2003 Leng
Page 121 and 122: D0103v1.doc Version 1 6.7.2003 MN M
Page 125 and 126: D0103v1.doc Version 1 6.7.2003 Afte
Page 127 and 128: D0103v1.doc Version 1 6.7.2003 Pack
Page 131 and 132: D0103v1.doc Version 1 6.7.2003 miss
Page 133 and 134: D0103v1.doc Version 1 6.7.2003 Conn
Page 135: D0103v1.doc Version 1 6.7.2003 4.5.
Page 139 and 140: D0103v1.doc Version 1 6.7.2003 Logg
Page 141 and 142: D0103v1.doc Version 1 6.7.2003 repr
Page 143 and 144: D0103v1.doc Version 1 6.7.2003 Type
Page 145 and 146: D0103v1.doc Version 1 6.7.2003 o DM
Page 147 and 148: D0103v1.doc Version 1 6.7.2003 5 Mo
Page 149 and 150: D0103v1.doc Version 1 6.7.2003 MN A
Page 151 and 152: D0103v1.doc Version 1 6.7.2003 3 AA
Page 153 and 154: D0103v1.doc Version 1 6.7.2003 give
Page 155 and 156: D0103v1.doc Version 1 6.7.2003 9 Ha
Page 157 and 158: D0103v1.doc Version 1 6.7.2003 MN 1
Page 161 and 162: D0103v1.doc Version 1 6.7.2003 No.
Page 165 and 166: D0103v1.doc Version 1 6.7.2003 MN R
Page 167 and 168: D0103v1.doc Version 1 6.7.2003 for
show all

Moby Dick Consolidated System Integration Plan

Create successful ePaper yourself

Delete template?

Save as template?