Cisco Prime Access Registrar 9.2.1 Release Notes

Error-Based Routing/Failover

Prime Access Registrar supports failover only when the upstream Diameter node (remote server) is not responding or not reachable. When the upstream node responds with some error (e.g. Diameter-unable-to-deliver), Prime Access Registrar just sends an error response to the downstream Diameter node (client) without attempting to route/failover to the next available peer.

With the error-based routing/failover feature, Prime Access Registrar can resend requests to the next available remote server based on the error code sent by the previous remote server.

Following parameters are introduced in Diameter service to support the error-based routing feature:

• EnableErrorBasedRouting—Can be set to TRUE or FALSE to indicate whether the error-based routing feature is enabled or not. Default value is FALSE.
• ErrorCodesToBeRouted—This parameter is available only when the EnableErrorBasedRouting parameter is set to TRUE. You can specify the error codes, separated by colon (:), based on which Prime Access Registrar should route the incoming requests to the next available peer. E.g. 3002:3003:3004. Error Codes 3001 through 3010 are supported.

If Prime Access Registrar receives a response for any request with an error code (e.g. diameter-unable-to-deliver, diameter-too-busy, and so on), and if EnableErrorBasedRouting parameter is set to TRUE, then the received error code is compared with the error codes configured as part of ErrorCodesToBeRouted parameter. If the error codes match, Prime Access Registrar routes the request to the next failover peer instead of responding back to the client with the received error.

The following is a sample CLI of the Diameter service configuration:

Optimized DEA Response Handling

As part of the Diameter EAP Answer (DEA) handling process, when Prime Access Registrar receives a Diameter EAP Request (DER), it creates a Multimedia-Authentication-Request (MAR) and sends it to the configured remote server. If the remote server responds back with some error code (e.g. diameter-unable-to-deliver), Prime Access Registrar sends a DEA- Challenge back to the client with AT-Notification set and the Result-Code as Diameter-Multi-Round-Auth. When the client sends a subsequent DER with the response to the AT-notification, Prime Access Registrar sends the DEA with the Result-Code as Diameter-Authentication-Rejected.

With the optimized DEA response handling process, Prime Access Registrar can skip the AT-Notification call flow and directly send the DEA with the specific error code as received from the remote server. This optimization helps in heavy traffic scenarios by reducing a call flow.

The following parameter is introduced in EAP-SIM, EAP-AKA, and EAP-AKA PRIME services:

EnableSKIPNotificationFlag—TRUE/FALSE. If set it to TRUE, the AT-Notification flow is skipped and the DEA message is returned with the specific error code as received from the remote server. Default value is FALSE.

The following is a sample CLI of the EAP-AKA service configuration:

Enhanced EAP Framework

The existing EAP framework in Prime Access Registrar does not support EAP attributes with different order. This results in error response even if the access request contains all the expected EAP attributes.

The enhanced EAP framework allows Prime Access Registrar to parse and validate the EAP attributes received in any order. This enhancement does not have any configuration changes in Prime Access Registrar.

Using the Bug Search Tool

Use the Bug Search tool (BST) to get the latest information about Cisco Prime Access Registrar bugs. BST allows partners and customers to search for software bugs based on product, release, and keyword, and it aggregates key data such as bug details, product, and version.

BST allows you to:

• Quickly scan bug content
• Configure e-mail notifications for updates on selected bugs
• Start or join community discussions about bugs
• Save your search criteria so you can use it later

When you open the Bug Search page, check the interactive tour to familiarize yourself with these and other Bug Search features.

Step 1 Log into the Bug Search Tool.

a. Go to https://tools.cisco.com/bugsearch.

b. At the Log In screen, enter your registered Cisco.com username and password; then, click Log In. The Bug Search page opens.

Note If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 2 To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 3 To search for bugs in a particular release:

a. In the Search For field, enter the product name and the release version, e.g. Cisco Prime Access Registrar 9.2.1, and press Return. (Leave the other fields empty.)

b. When the search results are displayed, use the filter and sort tools to find the types of bugs you are looking for. You can search for bugs by severity, by status, how recently they were modified, according to the number of support cases associated with them, and so forth.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2021 Cisco Systems, Inc. All rights reserved.