home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
drafts
/
draft_ietf_q_t
/
draft-ietf-roamops-actng-01.txt
< prev
next >
Wrap
Text File
|
1997-03-06
|
61KB
|
1,450 lines
ROAMOPS Working Group Bernard Aboba
INTERNET-DRAFT Microsoft Corporation
<draft-ietf-roamops-actng-01.txt >
6 March 1997
The Accounting Problem in Roaming
1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working docu-
ments of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute work-
ing documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference mate-
rial or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
The distribution of this memo is unlimited. It is filed as <draft-
ietf-roamops-actng-01.txt>, and expires September 15, 1997. Please
send comments to the authors.
2. Abstract
This document describes the accounting problems that arise in the pro-
vision of inter-provider services, such as provision of dialup roaming
capabilities. These include issues relating to standardization of
accounting record formats, and inter-provider transfers of accounting
record bundles. Work relevant to the solution of these problems are
reviewed, and recommendations are made on the direction of future
standardization work.
3. Introduction
3.1. Terminology
This document frequently uses the following terms:
Network Access Server
The Network Access Server (NAS) is the device that clients
contact in order to get access to the network.
Aboba [Page 1]
INTERNET-DRAFT 6 March 1997
Accounting
The goal of network accounting is to accurately measure and
record metrics relevant to the analysis of usage and the
billing of users and organizations.
Checkpoint event
A checkpoint event is an accounting event that presents a
snapshot of resource usage during a user's session.
Session record
A session record represents a summary of the resource con-
sumption of a user over the entire session. Accounting gate-
ways creating the session record may do so by processing
checkpoint events.
Accounting Protocol
A protocol used for the communication of accounting events.
Full Service Accounting Protocol
An accounting protocol that in addition to communicating
accounting events provides for encryption and signing of
accounting data, as well as signed receipts. Full service
accounting protocols are desirable for use in inter-organi-
zational accounting .
Intra-organizational accounting event
An intra-organizational accounting event is one which is
generated by the local ISP's users.
Inter-organizational accounting event
An inter-organizational accounting event is one which is
generated by users from outside the local ISP's domain.
Accounting Gateway
The Accounting Gateway is a server which receives accounting
data from network devices such as a NASes and routers,
translates this data into session records, and routes the
session records to intra and inter-organizational billing
servers.
3.2. Roaming accounting requirements
Given the growth of the Internet, it is likely that authentication and
accounting servers involved in roaming will need to handle a large
flow of events. For example, if a roaming association has 10 members,
each of whom have 100,000 users, and 5 percent of all logins involve
roaming, then if the users log in 20 times a month on average, each
accounting server will need to handle approximately 2 million
records/month and the accounting agent will need to handle 1 million
records/month. For this reason, it is very important that the
accounting record formats be compact and that the accounting transfer
processes be efficient.
Aboba [Page 2]
INTERNET-DRAFT 6 March 1997
Given that large sums of money may change hands as a result of roaming
accounting transfers, it is highly desirable that the accounting
records be transferred securely and robustly. In order to address
security concerns, it is desirable for an inter-organizational
accounting transfer protocol to support "full service" functions such
as mutual authentication; signing of accounting record bundles;
signed receipts for accounting record transfers; and encryption of
accounting record bundles. Accounting gateways will also need to be
able to reliably route accounting record bundles to the appropriate
destinations.
Since intra-organizational accounting events do not cross organiza-
tional boundaries, "full service" accounting transfer features such as
digital signing of accounting bundles and non-repudiation of receipt
typically are not required, although it is highly desirable that both
inter and intra-organizational accounting transfers exhibit the char-
acteristics of high reliability transaction processing systems, such
as atomicity, consistency, isolation and durability (ACID), as
described in [5].
Durability implies that an inter or intra-organizational accounting
transfer protocol must be able to recover from a variety of faults,
including partially completed transfers and non-supported metrics.
It is desirable that accounting record formats be flexible. While the
standard accounting record format must be able to encode metrics com-
monly used by ISPs in determining a user's bill, it must also be
extensible so that other metrics can be added in the future. These
metrics may either be IETF-standard metrics, or they may be vendor-
specific metrics. Since it is possible that the accounting record
format will itself evolve over time, or that multiple formats will be
in common use, it is necessary that the type and version of the
accounting record be communicated as part of the accounting record
transfer.
4. Overview of the roaming accounting architecture
The goal of the roaming accounting architecture is to enable ISPs to
be compensated for use of the their network infrastructure by roaming
users. The accounting architecture, which is shown below, involves
interactions between network devices such as NASes and routers,
accounting gateways, billing servers, and accounting servers.
In this architecture, local ISPs operating accounting gateways in
order to translate between the accounting protocols used by NAS
devices and routers and the roaming standard accounting record format
and transfer method. Local ISP accounting gateways are also responsi-
ble for summarizing checkpoint events into session records, as well as
routing accounting events.
Accounting events originating on a local ISP fall into two categories:
intra-organizational accounting events, which are events generated by
local customers; and inter-organizational accounting events, which are
Aboba [Page 3]
INTERNET-DRAFT 6 March 1997
events generated by customers from other domains. One of the functions
of the accounting gateway is to distinguish between the two types of
events and route them appropriately. For accounting events originating
on a local ISP, Intra-organizational accounting events are routed to
the local billing server, while inter-organizational accounting events
will be routed to the accounting agent.
While it is not required that the accounting record formats used in
inter and intra-organizational accounting transfers be the same, this
is highly desirable, since this elminates translations that would oth-
erwise be required.
In the roaming accounting architecture, the function of the accounting
agent is to compute charges owed by member organizations. While a
roaming consortium may act as the accounting agent, it is also possi-
ble for ISPs to settle among themselves. When the accounting agent's
accounting gateway receives inter-organizational events from a local
ISP's accounting gateway, it routes the events to the accounting
server, in addition to sending copies to the home ISP. Copies are pro-
vided in order to enable the home ISP to audit accounting agent
charges, as well to bill back to the originating domain.
Once received by the home ISP, the copied accounting records will be
processed by the home ISP's billing server, and will also typically be
copied to the originating organization.
+------------+ +------------+ +------------+
| | | | | |
| ISPB | | ISPA | | ISPA |
| Router | | Billing |<---------| Acctg. |
Aboba [Page 4]
INTERNET-DRAFT 6 March 1997
| | | Server | | Gateway |
| | | | | |
+------------+ +------------+ +------------+
| ^
| |
Accounting | |
Protocol | Inter-organizational |
(RADIUS, | Accounting Events |
SNMP, | |
Syslog, | |
TACACS+, | |
etc.) | |
| |
V V
+------------+ +------------+
| | | |
| ISPB | Inter-organizational | ISPGROUP |
| Acctg. |<----------------------------->| Acctg. |
| Gateway |\ Accounting Events | Gateway |
| | \ | |
| | \ | |
+------------+ \ +------------+
^ \ |
| \ Intra-organizational |
Accounting | \ Accounting Events |
Protocol | \ |
(RADIUS, | \ |
SNMP, | \ |
Syslog, | \ |
TACACS+, | \ |
etc.) | \ |
| \ V
+------------+ +------------+ +------------+
| | | | | |
| ISPB | | ISPB | | ISPGROUP |
| NAS | | Billing | | Accounting |
| | | Server | | Server |
| | | | | |
+------------+ +------------+ +------------+
^
|
PPP |
Protocol |
|
|
V
+------------+
| |
| |
| Fred |
| |
| |
+------------+
Aboba [Page 5]
INTERNET-DRAFT 6 March 1997
5. Accounting transfer protocol recommendation
The requirements for roaming accounting record transfers closely
resemble the requirements for interoperable Internet Electronic Docu-
ment Interchange (EDI), as described in [12], since both applications
may transmit encrypted and signed entities, and request and receive
signed receipts. Since these features are also of interest in a wide
variety of EDI and Electronic Commerce (EC) applications, the EDIINT
working group has been chartered to standardize their use over the
Internet. For further information on the mechanisms proposed for
secure EDI over the Internet, please consult references [6] - [12].
Given the close correspondence between the work of the EDIINT working
group and the requirements for roaming accounting record transfer, it
is proposed that the ROAMOPS working group consider adoption of MIME-
based Secure EDI, as described in [11], for "full service" accounting
record transfers.
Since Secure MIME-enabled mail servers are expected to become widely
available in the next year, use of this technology will enable a "full
service" accounting transfer method to be made available in relatively
short order. Since it is likely that this technology will become
available sooner than it would be possible for the ROAMOPS group to
develop a secure accounting transfer method based on alternative secu-
rity techniques (such as shared secrets), it is recommended that the
group focus on use of Secure MIME as an accounting record transfer
mechanism.
It should be noted that in order to make use of the techniques pro-
posed in [11], it is not required that accounting record formats con-
form to EDI standards such as UN/EDIFACT or EDI X.12, although this
may be desirable in some circumstances. What is required is that a
MIME type be defined for the accounting record format.
When MIME-based secure EDI is used to transfer accounting record bun-
dles between organizations, it is recommended that the bundles be
encrypted as well as signed, and that a signed receipt be requested.
Either S/MIME or PGP/MIME may be used to accomplish this.
Since MIME-based secure EDI requires public key authentication tech-
nology, a mechanism must be provided for acquiring the public key of
the participants in an exchange. While DNS Security can be used for
this purpose, this is not required, since in roaming messages need
only be sent between entities with a pre-existing business relation-
ship. As a result, it is possible to statically configure accounting
gateways with the required public keys.
With MIME-based secure EDI, the accounting records are transferred
using S/MIME or PGP/MIME over SMTP. Since SMTP server technology is
mature, it is believed that this method can satisfy durability as well
as security requirements.
Aboba [Page 6]
INTERNET-DRAFT 6 March 1997
5.1. Case study
Let us assume that we have a roaming user Fred, who works at BIGCO.
BIGCO has established a relationship with ISPA, who has joined the
roaming consortia ISPGROUP. Fred now travels to another part of the
world and wishes to dial in to the network provided by ISPB.
ISPB will account for Fred's resource usage, and will submit a session
record to ISPGROUP for compensation. ISPGROUP will in turn bill ISPA,
who will bill BIGCO. Eventually BIGCO will pay ISPA, ISPA will pay
ISPGROUP, and ISPGROUP will pay ISPB. In order for all parties to
verify that they have been properly charged or compensated for Fred's
session, the following events must occur:
ISPB: Network devices generate accounting data for Fred
ISPB: Accounting gateway generates a session record for Fred
ISPB: Accounting gateway routes the session record to
ISPGROUP and to the local billing server
ISPB: Billing server processes the session record,
credits ISPGROUP account
ISPGROUP: Accounting gateway routes the session record to the
accounting server and to ISPA
ISPGROUP: Accounting server processes the session record,
debits ISPA account, credits ISPB account
ISPA: Accounting gateway routes the session record to the
local billing server and to BIGCO
ISPA: Billing server processes the session record,
debits BIGCO account, debits ISPGROUP account
BIGCO: Accounting gateway routes the session record to the
local billing server
BIGCO: Billing server processes the session record,
debits Fred's account, debits ISPA account.
Each of these events is discussed below.
5.2. ISPB network devices generate accounting data for Fred
In order to keep track of network resources consumed by Fred, ISPB's
accounting gateway will collect accounting data produced by network
devices such as routers and NASes. This data may be produced in many
forms, and may be communicated via a variety of protocols, including
RADIUS, TACACS+, SNMP, and SYSLOG. The accounting data may be trans-
mitted from network devices to the accounting gateway (as in RADIUS,
TACACS+, SYSLOG, or SNMP traps), or the accounting gateway may poll
for the data (via SNMP GETs).
Accounting data may refer to resources consumed over the life of a
session, or it may be a checkpoint event. Checkpoint events refer to
resource consumption at a specific point in time, rather than repre-
senting a summary of resources consumed over a session. Prior to
transfer to a billing server or accounting agent, checkpoint events
are typically summarized into a session record.
Aboba [Page 7]
INTERNET-DRAFT 6 March 1997
5.3. ISPB accounting gateway generates a session record for Fred
Since there is currently no standards-track network accounting proto-
col, ISP accounting practices vary more widely than authentication
practices, where RADIUS authentication is very widely deployed. As a
result, it appears difficult to standardize on an accounting protocol
that can be used for communication between ISPs and a accounting
agent. Therefore, the roaming accounting architecture anticipates that
while ISPs will use an accounting protocol of their choice to communi-
cate accounting information between network devices and the accounting
gateway, a standardized accounting record format and transfer method
will be used for communication between accounting gateways.
In order to allow for transmission of accounting information to the
accounting agent, ISPB will summarize the accounting information
relating to Fred's session in a standard session record format.
5.4. ISPB accounting gateway routes the session record to ISPGROUP
and to the local billing server
ISPB's accounting gateway examines Fred's session record, and routes
it to the appropriate destinations. It does this based on whether the
accounting records refer to transactions occurring within the ISP's
organization, or whether they refer to transactions occurring between
organizations. In this case, since Fred is a roaming user, this is an
inter-organizational accounting event, and the accounting gateway will
send session record to the accounting agent, as well as to the local
biling server. In this example, the accounting agent is run by ISP-
GROUP, but it could just as easily be run by ISPA, in which case the
two ISPs would settle directly.
When routing accounting record bundles, ISPB's accounting gateway
machine will operate as an S/MIME or PGP/MIME-enabled SMTP server. In
order to improve efficiency, the accounting gateway will sort account-
ing records into bundles prior to mailing them to their destination.
When a suitable bundle of accounting records has been accumulated, the
accounting gateway will initiate the transfer. In this case, Fred's
accounting record will be sent to multiple destinations.
While intra-organizational accounting transfers typically will not
require signed accounting bundles or signed receipts, it still may
prove useful to request that a receipt be generated in order to be
able to confirm the success of the transfer. Use of receipts will
allow an accounting gateway to keep track of discrepancies between the
number of accounting record bundles it believes were successfully sent
to the local billing server, and the number of receipts collected.
These discrepancies can be used to detect partially completed account-
ing record transfers and to retransmit them.
When used to transfer an accounting record bundle to the accounting
agent, ISPB will encrypt the bundle, as well as signing it, and will
request a signed receipt.
Aboba [Page 8]
INTERNET-DRAFT 6 March 1997
5.5. ISPB billing server processes the session record, credits ISP-
GROUP account
In order to allow itself to audit the charges and/or compensation
offered by ISPGROUP, ISPB's billing server will process Fred's session
record and credit the ISPGROUP account. If SMTP is used to transmit
the session record between the accounting gateway and billing server,
then the billing server will need to retrieve the accounting record
bundle from its mailbox and process it, sending a receipt in response
to the accounting gateway's request.
5.6. ISPGROUP accounting gateway routes the session record to the
accounting server and to ISPA
Once ISPGROUP receives the signed and encrypted accounting record bun-
dle from ISPB, it will send back a signed receipt as requested, and in
addition will verify the signature, decrypt the bundle, and then send
copies to the accounting server as well as to ISPA. This is done in
order to enable ISPA to audit the bill received from ISPGROUP, as well
as to bill back BIGCO for the charges. In transferring the accounting
record bundle to ISPA, ISPGROUP will encrypt it, and sign it, in addi-
tion to requesting a receipt.
5.7. ISPGROUP accounting server processes the session record, debits
ISPA account, credits ISPB account
ISPGROUP's accounting server processes the session record, and as a
result, ISPA's account is debited, and ISPB's account is credited. If
SMTP is used to transmit the session record between ISPGROUP's
accounting gateway and the accounting server, then the accounting
server will need to retrieve the accounting record bundle from its
mailbox and process it, sending a receipt in response to the account-
ing gateway's request.
5.8. ISPA accounting gateway routes the session record to the local
billing server and to BIGCO
Once ISPA has received the signed accounting record bundle from ISP-
GROUP, it will send back a signed receipt as requested, and in addi-
tion will verify the signature, decrypt the bundle, and then send
copies to the local billing server as well as to BIGCO. This is done
in order to enable BIGCO to audit the bill for Fred's usage.In trans-
ferring the accounting record bundle to BIGCO, ISPA will encrypt it,
and sign it, in addition to requesting a receipt.
5.9. ISPA billing server processes the session record, debits BIGCO
account, debits ISPGROUP account
ISPA's billing server processes the session record, and as a result,
BIGCO's account is debited, and ISPGROUP's account is also debited.
Aboba [Page 9]
INTERNET-DRAFT 6 March 1997
If SMTP is used to send the session record between ISPA's accounting
gateway and the billing server, then the billing server will need to
retrieve the accounting record bundle from its mailbox and process it,
sending a receipt in response to the accounting gateway's request.
5.10. BIGCO accounting gateway routes the session record to the local
billing server
Once BIGCO has received the signed accounting record bundle from ISPA,
it will send back a signed receipt as requested, and in addition will
verify the signature, decrypt the bundle, and then forward the message
to the local billing server.
5.11. BIGCO billing server processes the session record, debits
Fred's account, debits ISPA account
BIGCO's billing server processes the session record, and as a result,
Fred's account is debited, as is ISPA's account. If SMTP is used to
transit the session record between BIGCO's accounting gateway and the
billing server, then the billing server will need to retrieve the
accounting record bundle from its mailbox and process it, sending a
receipt in response to the accounting gateway's request.
6. Location of the accounting agent
In order to be able to upload an accounting record bundle to a
accounting agent, it will typically be necessary for a relationship to
exist between the local ISP and the accounting agent. As a result, it
is expected that the ISP's accounting gateway will be statically con-
figured with the domain names and addresses of its accounting agents.
The configuration files might appear as follows:
ispc.com accounting-agent=acct.ispc.com port=25
ispgroup1.com accounting-agent=acct.ispgroup1.com port=25
ispgroup2.com accounting-agent=www.ispgroup2.com port=1649
These configuration files imply that ISPB belongs to the roaming con-
sortia ISPGROUP1 and ISPGROUP2, and that accounting records bound for
these roaming consortia should be sent to the accounting agents oper-
ated within these domains. On the other hand, ISPB sends accounting
bundles to the ISPC accounting agent directly.
In this case, the configuration file indicates that accounting bundles
for ISPC should be sent to the machine acct.ispc.com on port 25; that
accounting bundles for ISPGROUP1 should be sent to acct.ispgroup1.com
on port 25, and that accounting bundles for ISPGROUP2 should be sent
to www.ispgroup2.com on port 1649.
In order to provide information on the transaction endpoints as well
as all the intermediate participants, it is desirable for accounting
records to include the roaming relationship path, and for accounting
Aboba [Page 10]
INTERNET-DRAFT 6 March 1997
record bundles to include the name of the accounting agent to whom the
records are to be submitted.
Where a DNS Roaming Relationship record is used, the accounting gate-
way needs to maintain a cache mapping domains to roaming relationship
paths and accounting agents. When the accounting gateway receives a
RADIUS Accounting-Request message (START or STOP), it will find the
roaming relationship path and accounting agent corresponding to the
NAI in the cache, and will insert this in the accounting record for
the session.
The cache filled in as DNS Roaming Relationship records are received.
Ordinarily a Roaming Relationship resource record is kept in the cache
until it times out. This implies that the cache will typically remain
constant between the time that the authentication is processed and
when the accounting records are generated.
The possible exceptions to this behavior are when the TTL expires in
mid-session or if the accounting gateway is restarted, resulting in a
flushing of the cache. In these cases if the Roaming Relationship
record has changed it is possible that the existing sessions may be
accounted for incorrectly. To avoid this, the accounting gateway MUST
NOT modify the cache entry for a domain with a session in progress.
7. Accounting record formats
In order to allow for accounting record bundles between organizations,
it is necessary to provide for a standard accounting record format.
Desirable qualities for an accounting record format include:
Extensibility
In the future it is likely that new accounting metrics will
arise, or existing metrics will fall by the wayside. There-
fore it is important that the accounting record format be
extensible. In particular, it is highly desirable for ven-
dors to be able to generate their own metrics without fear
of colliding with each other.
Compactness
Given the growth of the Internet, today's ISPs process a
large number of accounting records every day. Not only does
processing of the records require many CPU cycles, but
transmitting the records can consume considerable bandwidth.
Therefore it is desirable for the accounting record format
to be as compact as possible, and to contribute to efficient
processing.
7.1. ASCII vs. BINARY formats
Today most accounting records are in NVT ASCII, often with a fixed
record format. This has the advantage of being easy to read and debug,
Aboba [Page 11]
INTERNET-DRAFT 6 March 1997
as well as being easy to parse. However, the use of a fixed format is
a substantial liability, since new accounting metrics are continually
emerging.
In order to provide for extensibility, it is possible to specify a
fixed format for the initial portion of the accounting record, while
allowing additional metrics to be added via use of appropriate tags.
In order to allow a record to extend over multiple lines, it is possi-
ble to specify that lines beginning with one or more spaces should be
considered a continuation of the previous line.
Most NVT ASCII accounting formats now in use consume between 60 and
140 octets per record. However, these records are highly compressible,
often exhibiting compression ratios of 3:1 or greater, so that when
compressed accounting bundles are transmitted, space consumption of 50
octets/record is frequently achievable.
Via use of Attribute Value Pairs (AVPs), binary accounting record for-
mats are easily engineered for extensibility, and as a result, they
are popular for use in accounting protocols such as RADIUS and
TACACS+. Via use of a vendor field, it is possible to ensure that ven-
dor-specific metrics will not conflict with IETF-defined accounting
metrics, and assuming that suitable space is left for length and
attribute fields, it is possible to allow for representation of a
large number and variety of accounting metrics.
Since NAS devices and routers typically provide accounting data in
binary format, binary accounting records can typically be generated
more easily than NVT ASCII records. Similarly, billing servers can
process these records more efficiently, since less parsing and conver-
sion is required.
Binary accounting records are also typically more compact than NVT
ASCII formats, although this advantage is reduced when compression is
employed. Although binary accounting records are typically compress-
ible, they are typically much less compressible than equivalent NVT
ASCII formats.
7.2. Example accounting metrics
Examples of accounting metrics include:
User Name (String; the user's ID, including prefix or suffix)
NAS IP address (Integer; the IP address of the user's NAS)
NAS Port (Integer; identifies the physical port on the NAS)
Service Type (Integer; identifies the service provided to the user)
NAS Identifier (Integer; unique identifier for the NAS)
Delay Time (Integer; time client has been trying to send)
Input Octets (Integer; in stop record, octets received from port)
Output Octets (Integer; in stop record, octets sent to port)
Session ID (Integer; unique ID identifying the session)
Authentication (Integer; indicates how user was authenticated)
Session Time (Integer; in stop record, seconds of received service)
Aboba [Page 12]
INTERNET-DRAFT 6 March 1997
Input Packets (Integer; in stop record, packets received from port)
Output Packets (Integer; in stop record, packets sent to port)
Termination Cause (Integer; in stop record, indicates termination cause)
Multi-Session ID (String; for linking of multiple related sessions)
Link Count (Integer; number of links up when record was generated)
NAS Port Type (Integer; indicates async vs. sync ISDN, V.120, etc.)
7.3. Binary accounting format proposal
7.3.1. Attribute Value Pair format
The Binary Accounting Format represents accounting records as a series
of Attribute Value Pairs (AVPs), similar to those described in [20].
The AVP format is as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M 0 0| Overall Length | Vendor ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Value... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M = Mandatory. This bit is used to provide an accounting agent with
guidance as to how it should respond when encountering attributes that
it does not understand.
M = 0 indicates that the accounting agent may ignore the attribute.
M = 1 indicates that the accounting agent not supporting this
attribute must not process the record, and should return an error.
7.3.1.1. Length
The length field, indicates the number of octets in the AVP, including
the Flags, Length, Vendor ID, Attribute, and Value fields. Given that
the length field is 13 bits long, AVPs may have a maximum length of
8192 octets.
7.3.1.2. Vendor ID
Vendor ID is the IANA assigned "SMI Network Management Private Enter-
prise Codes" value, encoded in entwork byte order. The value 0,
reserved in this table, corresponds to IETF adopted Attribute values,
defined within this document. Vendors looking to implement EAF exten-
sions can use their own Vendor ID along with private attribute values
in order to guarantee that they will not collide with another vendor's
Aboba [Page 13]
INTERNET-DRAFT 6 March 1997
extensions.
7.3.1.3. Attribute
The attribute field, which is 16 bits in length, indicates the
accounting metric encoded in the value field.
7.3.1.4. Value
The value field encodes the value of the attribute indicate in the
attribute field.
7.4. Attributes
The IETF attribute space is subdivided into the following regions:
Attributes Purpose
---------- -------
0 - 255 RADIUS attributes
256 - 1023 Reserved
In order to provide for the efficient operation of accounting gate-
ways, the first 256 attributes in EAF are reserved for use by RADIUS
attributes.
Only RADIUS attributes described in [4], [5], and [9] are allowed to
use Vendor ID 0. Vendor-specific attributes MUST NOT use the RADIUS
Vendor-specific attribute along with EAF Vendor ID 0, but instead MUST
set the vendor ID field appropriately.
7.4.1. Global attributes
The following attributes refer not to the characteristics of a partic-
ular accounting record, but to the entire set of records being pre-
sented. These attributes MUST be included first in the accounting
record stream, prior to the inclusion of any accounting records. The
global attributes are separated from the accounting records by an End
of Global Attributes AVP.
7.4.1.1. Timestamp
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0| 14 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1024 | NTP Timestamp |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Aboba [Page 14]
INTERNET-DRAFT 6 March 1997
| |
| |
/ NTP Timestamp /
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Timestamp AVP is a 64-bit NTP timestamp used to identify the
time at which the packet was first sent. It is used as a unique
identifier for the packet, so that if the transmission is aborted,
a subsequent retransmission will use the same timestamp field.
7.4.1.2. Source
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1025 | Source...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Source AVP is a string indicating the fully qualified domain
name of the ISP from which the accounting data is being sent. This
attribute MUST be included in every accounting record bundle.
7.4.1.3. Destination
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1026 | Destination...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Destination AVP is a string indicating the fully qualified
domain name of the accounting agent to whom the accounting data is
being sent. This attribute MUST be included in every accounting
record bundle.
7.4.1.4. Number of Records
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0| 12 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1027 | Number of records |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Aboba [Page 15]
INTERNET-DRAFT 6 March 1997
| Number of records |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Number of Records AVP provides the number of records included
in the accounting record bundle. This attribute is optional.
7.4.1.5. Error Reporting Email Address
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1028 | Admin Email Address...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Error Reporting Email Address AVP provides the e-mail address
to which error messages should be sent in the event of problems
with the accounting record bundle. This attribute MUST be included
in every accounting record bundle.
7.4.1.6. Administrative Contact
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1029 | Admin Contact...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Administrative Contact AVP denotes the E-mail address, phone
number, address, etc. of the person who should be contacted in the
event of problems with the accounting record stream. This attribute
MUST be included in every accounting record bundle.
7.4.1.7. Accounting Gateway FQDN
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1030 | Accounting Gateway FQDN...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Accounting Gateway FQDN AVP provides the fully qualified domain
name of the accounting gateway sending the accounting record bun-
dle. This AVP is optional.
Aboba [Page 16]
INTERNET-DRAFT 6 March 1997
7.4.1.8. Accounting Gateway IP Address
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| 12 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1031 | Accounting Gateway IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Accounting Gateway IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Accounting Gateway IP Address AVP provides the IP address of
the accounting gateway sending the accounting record bundle. This
AVP is optional.
7.4.1.9. Attribute List
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0| >=10 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1032 | Attributes...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Attribute List AVP is used to provide the accounting agent with
a list of all the Vendor ID/attributes included in the accounting
record bundle. This provides a quick way for the accounting agent
to determine whether it is capable of processing the bundle. Use
of the Attribute List AVP is optional.
7.4.1.10. End of Global Attributes
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0| 6 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2047 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The End of Global Attributes AVP is included in order to separate
the global attributes from the accounting records. It MUST be
included at the end of the global attributes.
7.4.2. Accounting record attributes
The following attributes refer to the characteristics of a particular
accounting record.
Aboba [Page 17]
INTERNET-DRAFT 6 March 1997
7.4.2.1. Accounting Record Separator
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| 6 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2048 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Accounting Record Separator AVP is used to denote the end of an
accounting record. This attribute MUST be included for every
accounting record.
7.4.2.2. Roaming relationship path
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2049 | Roaming Relationship path...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The roaming relationship path AVP is a string indicating the roam-
ing relationship path by which the user was granted access to the
network. This AVP MUST be included for roaming accounting records.
7.4.2.3. Time zone
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| 9 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2050 | Time Zone |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time Zone |
+-+-+-+-+-+-+-+-+
The Time Zone AVP is a string indicating the timezone abbreviation
for the timestamps included in this accounting record.
7.4.2.4. Elapsed Time
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| 10 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2051 | Elapsed Time |
Aboba [Page 18]
INTERNET-DRAFT 6 March 1997
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Elapsed Time |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Elapsed Time AVP is binary value encoding the elapsed time in
seconds for the accounting event. This can be ued when start and
stop times are not available.
7.4.2.5. Reason
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| >=7 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2052 | Reason...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Reason AVP is a string providing information on why the event
occurred.
7.4.2.6. Pages
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| 12 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2053 | Pages |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pages |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Pages AVP is a binary number indicating the number of pages of
text associated with the event.
7.4.2.7. Bandwidth reserved
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0| 12 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2054 | Bandwidth |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Bandwidth |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Bandwidth reserved AVP is a binary number indicating the of
bandwidth reserved during the event.
Aboba [Page 19]
INTERNET-DRAFT 6 March 1997
8. Security considerations
In a pure RADIUS proxy-based scheme without access to public key
authentication it is not possible to sign accounting record bundles or
request signed receipts. As a result, without public key authentica-
tion it is not possible to verify the origin of an accounting record
bundle, or to prove that an accounting record bundle was received.
Nevertheless, it is possible to request receipts and provide for non-
signed receipts, and to provide some degree of protection for account-
ing transfers via use of shared-secret authentication.
However, even with public key authentication technology, roaming
accounting remains vulnerable to fraud on the part of local ISPs.
Since the local ISP must have access to any private keys used for
signing by accounting gateways, it is possible for the local ISP to
submit inaccurate accounting records to the accounting agent. All pub-
lic key technology provides is the ability to verify the origin of
those fraudulent accounting records.
In this respect, it makes little difference whether the local ISP sub-
mits accounting records, or proxies accounting protocol packets to the
accounting agent. Either accounting records or accounting protocol
packets may be forged by the local ISP; for example, an accounting
gateway could hold incoming accounting packets and retransmit them
later, making it appear that the session was longer than it actually
was.
Requiring the NAS to communicate directly with the accounting agent
provides little extra security. Aside from the scalability problems
that would result from this when a shared-secret authentication scheme
is used, since the local ISP has access to all the NAS shared secrets
or private keys, it has at its disposal all the information necessary
to forge authentication and accounting packets.
Note that an authentication proxy run by the accounting agent is not
on the authentication route path, then the accounting agent will not
be able to match a session record submitted for payment with a proxied
authentication.
When used in concert with public key authentication and a token-based
scheme, such matching can protect against fictitious sessions created
by the local ISP. As a result, accounting agents may require that all
authentications pass through their proxies as the first hop, even
where the authentication could be handled directly between the local
ISP proxy and the home authentication server.
Without public key authentication, this matching process does not pro-
tect against fictitious sessions created by the local ISP, although it
does require the local ISP to forge both the authentication and the
subsequent accounting record.
Aboba [Page 20]
INTERNET-DRAFT 6 March 1997
9. Acknowledgements
Thanks to Glen Zorn of Microsoft for useful discussions of this prob-
lem space.
10. References
[1] B. Aboba, J. Lu, J. Alsop, J. Ding. "Review of Roaming Implemen-
tations." draft-ietf-roamops-imprev-01.txt, Microsoft, Aimnet, i-Pass
Alliance, Asiainfo, January, 1997.
[2] B. Aboba, G. Zorn. "Dialing Roaming Requirements." draft-ietf-
roamops-roamreq-02.txt, Microsoft, January, 1997.
[3] C. Rigney, A. Rubens, W. Simpson, S. Willens. "Remote Authenti-
cation Dial In User Service (RADIUS)." RFC 2058, Livingston, Merit,
Daydreamer, January, 1997.
[4] C. Rigney. "RADIUS Accounting." RFC 2059, Livingston, January,
1997.
[5] J. Gray, A. Reuter. Transaction Processing: Concepts and Tech-
niques, Morgan Kaufmann Publishers, San Francisco, California, 1993.
[6] R. Fajman. "An Extensible Message Format for Message Disposition
Notifications." draft-ietf-receipt-mdn-02.txt, National Institute of
Health, November, 1996.
[7] M. Elkins. "MIME Security with Pretty Good Privacy (PGP)." RFC
2015, The Aerospace Corporation, October, 1996.
[8] G. Vaudreuil. "The Multipart/Report Content Type for the Reporting
of Mail System Administrative Messages." RFC 1892, Octel Network Ser-
vices, January, 1996.
[9] J. Galvin., et al. "Security Multiparts for MIME: Multipart/Signed
and Multipart/Encrypted." RFC 1847, Trusted Information Systems, Octo-
ber, 1995.
[10] D. Crocker. "MIME Encapsulation of EDI Objects." RFC 1767, Bran-
denburg Consulting, March, 1995.
[11] M. Jansson, C. Shih, N. Turaj, R. Drummond. "MIME-based Secure
EDI." draft-ietf-ediint-as1-02.txt, LiNK, Actra, Mitre Corp, Drummond
Group, November, 1996.
[12] C. Shih, M. Jansson, R. Drummond, L. Yarbrough. "Requirements for
Inter-operable Internet EDI." draft-ietf-ediint-req-01.txt, Actra,
LiNK, Drummond Group, May, 1995.
[13] R. Fielding, et al. "Hypertext Transfer Protocol - HTTP/1.1."
draft-ietf-http-v11-spec-07, UC Irvine, August, 1996.
Aboba [Page 21]
INTERNET-DRAFT 6 March 1997
[14] A. Gulbrandsen, P. Vixie. "A DNS RR for specifying the location
of services (DNS SRV)." RFC 2052, Troll Technologies, Vixie Enter-
prises, October 1996.
[15] D. Eastlake, 3rd, C. W. Kaufman. "Domain Name System Security
Extensions." Draft-ietf-dnnsec-secext-10.txt, CyberCash, Iris, August,
1996.
[16] B. Aboba. "The Roaming Relationships (REL) Resource Record in
the DNS. " draft-ietf-roamops-dnsrr-02.txt, Microsoft, March, 1997.
[17] C. Rigney, W. Willats. "RADIUS Extensions." draft-ietf-radius-
ext-00.txt, Livingston, January, 1997.
[18] R. Rivest, S. Dusse. "The MD5 Message-Digest Algorithm", RFC
1321, MIT Laboratory for Computer Science, RSA Data Security Inc.,
April 1992.
[19] S. Bradner. "Key words for use in RFCs to Indicate Requirement
Levels." draft-bradner-key-words-02.txt, Harvard University, August,
1996.
[20] K. Hamzeh, T. Kolar, M. Littlewood, G. S. Pall, J. Taarud, A. J.
Valencia, W. Verthein. "Layer Two Tunneling Protocol -- L2TP." draft-
ietf-pppext-l2tp-01.txt, Ascend Communications, December, 1996.
11. Authors' Addresses
Bernard Aboba
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
Phone: 206-936-6605
EMail: bernarda@microsoft.com
Aboba [Page 22]
