AAA is a network framework and an abbreviation for Authentication, Authorization and Accounting. It is a security architecture for controlling access to computer and network resources. If you are looking for more detailed information about this framework you can search for ‘AAA network service framework’ or use Juniper website.
Almost one year ago, when I started working on AAA project, I didn’t know anything about what I am going to work on. I even had no idea what it is for. Due to limited time I had, I left all definitions behind and started looking at AAA as an application with its own rules. It helped me to keep myself away from all distractions and focus on developing an unfinished application. Furthermore, understanding AAA needs having sufficient knowledge in network and telecommunication area.
In this chapter I’m going to represent a basic model which has been used for ADSL Internet and describe it step by step.
Authentication Request: User wants to access to the network with its credentials
Accounting Request: BRAS sends user’s usage data to AAA Server periodically to be stored and calculated for the future needs
CoA Request: It is the only way that AAA Server can start talking to BRAS and will happen anytime AAA Server wants to change user’s connection parameters
- User(ADSL Modem) requests for authentication through DSLAM using PPP protocol
- DSLAM sends the request to BRAS
- BRAS sends ‘Authentication Request’ to AAA Server using RADIUS or Diameter protocol
AAA sends ‘Authentication Response’ to BRAS
- BRAS routes user to the Internet/Intranet
- ‘Accounting Request’ packet will be send to AAA Server by BRAS frequently according to the specified time defined in ‘Authentication Response’
AAA Server responds ‘Accounting Response’ to inform that the packet has been received
- If it is needed to change user behavior such as Credit or Downstream/Upstream speed rate, ‘CoA Request’ will be sent to BRAS.
BRAS will answer the request via ‘CoA Response’ including status code which indicates whether the operation has done successfully or not.
If you haven’t discovered yet that why your internet speed suddenly increases or decreases in certain times, It’s time to know that it’s all CoA packet responsibility.
AAA: Authentication Authorization Accounting
RADIUS: Remote Authentication Dial In User Service
BRAS: Broadband Remote Access Server
DSLAM: Digital Subscriber Line Access Multiplexer
ADSL: Asymmetric Digital Subscriber Line
CoA: Change of Authorization