$Id$ VOIP ACCOUNTING WITH CISCO VSA INTRODUCTION Cisco VoIP gateways can use radius accounting to log call records, however FreeRadius in it's default configuration is not very well suited to the job as the default database config is designed with standard dial-up ISP Authentication and Post billing in mind. The typical configuration on FreeRadius with a MySQL backend will not handle the load of accounting for multiple Cisco gateways under full utilisation. The default database config also thows away all non-standard RADIUS attributes which infact contains alot of highly useful information pertinent to VoIP. The good news is that with a few modifications to the configuration files and the use of Postgresql (or another heavy duty SQL server) insead of MySQL FreeRadius can be made into a reliable, flexible and scalable (and free!) billing solution for VoIP providors. MySQL cannot be used as the configuration relies on the connect and disconnect time as reported by the Cisco gatways (Cisco VSA attributes "h323-connect-time" and "h323-disconnect-time") and MySQL limited date handling does not recognise full Cisco date stamps time as a valid "datetime". (While Oracle and possibly some other high end DBs should support Cisco time format they have not been tested at this time). MySQL could possibly be supported in future but it would require extra pre-processing by a FreeRADIUS module to do so and there is no plan currently to impliment this, although working code that impliments this would be happily accepted. This reliance on VSA records REQUIRES that all cisco devices be configured to send VSA attributes. This system is not known to work with any non-cisco equipment, although it is theoretically possible for non-cisco equipment to impliment Cisco VSA attributes... This is required as the default FreeRadius SQL configuration (where RADIUS "Start" records are INSERTed into the database, and then UPDATEd with information from the associated "Stop" record) does not scale as well as this solution which strictly uses INSERTs. As call start and stop times are not contained in "standard" radius attributes (They are added/updated by FreeRadius when the record is logged in the default configuration.) This REQUIRES all equipment be kept is timesync with the use on NTP otherwise similtaneous records from different gateways may have differing timestamps. CONFIGURATION * Install and configure FreeRadius as appropriate for your system. * Test that FreeRadius is recieving accounting records from your gateway. Do not proceed until you are certain this is working. * Configure all the NASes to send VSA attributes. On older Ciscos use one of the following commands (depending if you are using SIP or H323): "gw-accounting h323 vsa" "gw-accounting sip vsa" On Ciscos with newer versions of IOS need both of the following commands: "gw-accounting aaa" "radius-server vsa send" * Create a Database to hold your billing records. ie: "createdb radius" * Import the SQL schema to your database. ie: "psql radius < cisco_h323_db_schema-postgres.sql" * In /etc/raddb/radiusd.conf set "with_cisco_vsa_hack = yes" * In /etc/raddb/radiusd.conf add "$INCLUDE ${confdir}/pgsql-voip.conf" (You can find the correct section by searching for "sql.conf") * In /etc/raddb/radiusd.conf add "pgsql-voip" to the "accounting { }" section. * (re)Start radiusd If you wish to do RADIUS SQL Authentication using the same database, you must use src/modules/rlm_sql/drivers/rlm_sql_postgresql/db_postgresql.sql as well as this schema. This is left as an excercise for the reader. -- Peter Nixon [ codemonkey@peternixon.net ]