UTM 5: Universal ISP Billing System

Description of UTM Modules

The Billing System Core

The Core of the billing system NetUP UTM is the main module responsible for work with the database, providing database access, and processing incoming data according to the internal rules (namely tariffication and periodical charges). The core of the billing system is a separate multithreaded process working in a user mode. When started, the core usually works in the mode of administrator privileges. Due to its structure the core perfectly blends with multiprocessor systems and, at high traffic, evenly distributes all available resources.

The URFA query handler (UTM Remote Function Access) is a server for proceduring remote calls. It receives system client connections and processes requested commands inside of the core. Basically, this component serves customer and administrator interfaces.

URFA is a protocol for accessing to the core by using external applications. It performs authorization of a remote user via CHAP scheme and maintains the work of the user. The protocol supports data transmission and function calls. URFA checks whether the user is allowed to access to a called function, and if allowed then it permits to start data exchange. In the other case the system rejects the access.

For each session it is allocated a random 128-bit identifier (SID), its reduplication is impossible. SID may be reused for gaining access. In case of a fault, on retrieving the access SID is deleted, and a user has to enter his login/password again. SID is associated with an IP address of a user and it is automatically deleted after a timeout (web_session_timeout variable). A session may be restored only if the access is gained with the system user rights.

On opening a session it is being created a table of allowed calls containing a list of symbols (available in the system at the moment of creation) and access rights to them. If, after the session has been started an additional module is loaded, then these calls are among unallowed to a user. In this case a user has to connect again.

If at the momend when the module is being unloaded it is being used by someone, the operation fails. However, all symbols of the module are marked as deleted, and in future all such calls will be unsuccessful. When the last link to symbols is removed (the session is closed) the module can be finally unloaded. Permanent modules cannot be unloaded; on an attempt to unload them it will be returned an error, this doesn't affect the module work.

If the licence verification fails a module cannot be loaded. A licence is associated with binary code of a module. This guarantees that a loaded module was originally developed by NetUP and fully meets the demands of safety and works correctly. However, on updating a module an updated licence is required.

Netflow Buffer receives traffic data in Netflow v5 format. For devices that do not support the Netflow v5 protocol it is necessary to use a converter Get-XYZ. The tool may be used to convert almost any protocol to Netflow v5.

Traffic Classifier is a module of the Core sorting all traffic and dividing it into categories (traffic classes) according to characteristics defined in the billing system settings. These characteristics may be set by using the UTM Administrator Control Center.

Business Logic Module is responsible for tariffication of all services, including IP traffic transmission. It performs translation of quantity of rendered services in monetary equivalent taking into account all dependencies set by administrator of the system.

System Log keeps records concerning operation of the billing system. It allows an administrator diagnosing the system and acquire information concerning system operation failures.

Database Access Module is a unified database interface and performs transformation of intrasystem data inqueries to external database inqueries. This makes the billing system independent from any certain DBMS.

Data is collected by using Netflow buffer or via URFA. Initial data is read from the database on start of the billing system. Changes, made by accessing the database directly, may cause uncontrolled behaviour of the billing system.

Netflow data goes in the Business Logic Module where it is processed, and all necessary charges are performed. In case of a high peak load Netflow stream can be buffered that decreases possible losses. Raw Netflow data is saved by using an object-oriented database (Gigabase). On start a module of the database is created in a separate thread and with a high priority.

URFA supports dynamic module loading (liburfa). They may be either unloadable or permanent. The latter ones are modules containing calls critical to the billing system management or those which may cause system faults if unloaded. The former ones are usually call libraries. Modules, loaded at the present moment can be seen in the Administrator Control Center, 'Additional features'/'LibURFA Plugins'.

NetUP RADIUS Module

NetUP RADIUS Module (a module for VPN/PPPoE/Dial-up connections) is a RADIUS server intended for processing authorization requests and accounting for consumed services.

NetUP RADIUS server is an application processing requests via RADIUS protocol (Remote Authentication Dial In User Service) in real time. On processing the requests the RADIUS server communicates with the core of the billing system via URFA protocol.

Remote Authentication Dial In User Service (RADIUS) protocol is documented in RFC 2138 and RFC 2139, and is intended for authorization, authentication and accounting between a Network Access Server (NAS) and Authorization Server. To the protocol it is officially assigned UDP port 1812.

Database

All data concerning subscribers, their personal accounts and services is stored in the Gigabase DB on the database server (MySQL 3.x, 4.x and PostgreSQL 7.x). It is highly recommended to use MySQL with InnoDB support as this solution allows essentially increase data storage reliability.

Billing system database is a critical component as it keeps very important data. That is why it is recommended to backup the database periodically by using the utm5_backup.sh tool.

For moving data concerning subscriber accounts, tariffs, charges it serves the to_utm.pl tool. The program is written in the Perl language and is available in its source code. That is why it is possible to move data from almost any system by modifying the code of the script according to a structure of the database the data is moved from.

Administrator Control Center (Java-based)

All personal accounts and settings are managed by using the UTM Administrator Control Center. The Administrator Control Center is a Java application installed on a PC of administrator. It is remotely connected to the core on its start. For functioning of the application it is required an operating system supporting graphic shell and Java v2 virtual machine.

Customer Virtual Office

A subscriber can check balance and see service reports in the personal Virtual Office. For entering the Virtual Office it is necessary to launch an Internet browser (Internet Explorer, Opera, Netscape Navigator, Konqueror) and enter an URL of the following type: https://your.server/cgi-bin/utm5/aaa5

UTM5 Wintray Tool

UTM5 Wintray Tool may be used by subscribers for convenient checking of their balance. çîâàòü óòèëèòó utm5_wintray.

The application runs on a client PC and periodically refreshes information concerning current balance and amount of remaining prepaid traffic. For start of the tool it is necessary to enter address of the billing system Core and login/password for Internet access.

Additionally, by using the tool it is possible to switch on/off Internet access.