This section explains how to configure the BSF Service and the resource adaptors it uses.

Below are instructions for configuring BSF SLEE profile attributes and the HTTP, Cassandra-CQL, and Diameter Base resource adaptors.

BSF SLEE profile

The BSF Server uses a SLEE profile for most of its configuration. The profile ID is bsf-config/default. It may be updated using Rhino Element Manager or rhino-console commands.

Below are descriptions and defaults for the available profile attributes, followed by instructions for viewing and updating the current configuration.

Attribute name Description Default value
HSSDestinationRealm

The Diameter Destination-Realm value that will be set in Zh requests to the HSS.

zh-realm
HSSDestinationHost

The Diameter Destination-Host value that will be set in Zh requests to the HSS.

zh-server
CassandraQueryTimeoutMS

The Cassandra query timeout in ms.

5000
GUSSLookupCQL

The CQL statement for retrieving a user’s GBA User Security Settings (GUSS) from Cassandra.

SELECT guss_data FROM guss_by_impi
  WHERE impi = ?
GUSSUpdateCQL

The CQL statement for updating a user’s GBA User Security Settings (GUSS) in Cassandra. GUSS updates occur when the HSS returns a new GUSS in a Zh response.

UPDATE guss_by_impi USING TTL 86400
  SET guss_data = ?
  WHERE impi = ?
BootstrapInfoLookupCQL

The CQL statement for retrieving a user’s bootstrapped authentication info from Cassandra.

SELECT impi,ck,ik FROM bootstrap_info
  WHERE btid = ?
BootstrapInfoUpdateCQL

The CQL statement for updating a user’s bootstrapped authentication info in Cassandra. Bootstrap info updates occur after the UE has successfully completed the bootstrap procedure with a valid challenge response.

UPDATE bootstrap_info USING TTL ?
  SET impi = ?, ck = ?, ik = ?
  WHERE btid = ?
TMPILookupCQL

The CQL statement for looking up a user’s IMPI by TMPI (temporary private identifier) from Cassandra.

SELECT impi FROM impi_by_tmpi
  WHERE tmpi = ?
TMPIUpdateCQL

The CQL statement for updating a user’s TMPI in Cassandra. TMPI updates occur after the UE has successfully completed the bootstrap procedure with a valid challenge response.

UPDATE impi_by_tmpi USING TTL ?
  SET impi = ?
  WHERE tmpi = ?
AVLookupCQL

The CQL statement for retrieving an authentication vector from Cassandra.

SELECT impi,tmpi,realm,rand,autn,ck,ik,xres,key_lifetime,used
  FROM auth_vector
  WHERE id = ?
AVUpdateCQL

The CQL statement for saving an authentication vector in Cassandra. AVs are stored when the BSF has retrieved an AV from the HSS, and sent the challenge to the UE. A subsequent challenge response from the UE will cause the AV to retrieved to validate the parameters in the challenge response.

UPDATE auth_vector USING TTL 60
  SET impi = ?, tmpi = ?, realm = ?, rand = ?, autn = ?, ck = ?, ik = ?, xres = ?, key_lifetime = ?, used = false
  WHERE id = ?
AVUpdateUsageCQL

The CQL statement for marking an authentication vector as used in Cassandra.

UPDATE auth_vector USING TTL 60
  SET used = true
  WHERE id = ?
----

Viewing the current configuration

To view the current BSF configuration, use the listprofileattributes command in rhino-console. For example:

> listprofileattributes bsf-config default
AVLookupCQL=SELECT impi,tmpi,realm,rand,autn,ck,ik,xres,key_lifetime,used FROM auth_vector WHERE id = ?
AVUpdateCQL=UPDATE auth_vector USING TTL 60   SET impi = ?, tmpi = ?, realm = ?, rand = ?, autn = ?, ck = ?, ik = ?, xres = ?, key_lifetime = ?, used = false WHERE id = ?
AVUpdateUsageCQL=UPDATE auth_vector USING TTL 60  SET used = true WHERE id = ?
BootstrapInfoLookupCQL=SELECT impi,ck,ik FROM bootstrap_info WHERE btid = ?
BootstrapInfoUpdateCQL=UPDATE bootstrap_info USING TTL ?   SET impi = ?, ck = ?, ik = ?, rand = ? WHERE btid = ?
CassandraQueryTimeoutMS=5000
GUSSLookupCQL=SELECT guss_data FROM guss_by_impi WHERE impi = ?
GUSSUpdateCQL=UPDATE guss_by_impi USING TTL 86400   SET guss_data = ? WHERE impi = ?
HSSDestinationHost=zh-server
HSSDestinationRealm=zh-realm
TMPILookupCQL=SELECT impi FROM impi_by_tmpi WHERE tmpi = ?
TMPIUpdateCQL=UPDATE impi_by_tmpi USING TTL ?   SET impi = ? WHERE tmpi = ?

Updating profile attributes

To update one or more profile attributes, use the setprofileattributes command in rhino-console. For example:

> setprofileattributes bsf-config default HSSDestinationRealm home1.net HSSDestinationHost hss.home1.net
Set 2 attributes in profile bsf-config/default
Note Changes to BSF profile attributes take effect immediately. No service restart is required.

HTTP RA

The HTTP RA is used to receive HTTP requests from UEs and to send HTTP responses. The name of the HTTP RA entity created by default is bsf-http-ra.

Below are the HTTP RA configuration properties that are relevant to the BSF Server .

Property name Description Default value
BindAddresses

A set of node IDs together with the IP and port that the HTTP RA will bind to on those nodes. If using this property, do not specify ListenAddress or ListenPort.

The format is {<node-id>}<ip-address>:<port> for each node, comma-separated. For example:

{101}192.168.0.1:8001,{102}192.168.0.2:8001

Not set.
ListenAddress

The hostname or IP address that the HTTP RA will bind to. If BindAddresses is specified, then this property is ignored.

0.0.0.0
ListenPort

The TCP port number that the HTTP RA will listen on. See also Configure HTTP port mapping. If BindAddresses is specified, then this property is ignored.

8001
SecureListenPort

The TCP port number that the HTTP RA will listen on for HTTPS requests. If this is set, then Keystore and KeyStorePassword must also be set.

Not set.
KeyStore

The path to a keystore file containing the server certificates for HTTPS connections. This must be set to a location that the BSF Server has Java permissions to access - a good choice is ${rhino.dir.base}/http-ra.ks.

Not set.
KeyStorePassword

The password required to access the key store.

Not set.

Reactivating the RA

Changing any of the above properties will require the RA to be reactivated. To reactivate in rhino-console, use the updateraentityconfigurationproperties command. For example:

> updateraentityconfigurationproperties bsf-http-ra ListenPort 9000
> deactivateraentity bsf-http-ra
> activateraentity bsf-http-ra
Tip See the HTTP Resource Adaptor Guide for more information.

Cassandra-CQL RA

The Cassandra-CQL RA is used to perform queries against the Cassandra database. The name of the Cassandra-CQL RA entity created by default is cassandra-cql-ra.

Below are the Cassandra-CQL RA configuration properties that are relevant to the BSF Server.

Property name Description Default value
keyspace

The Cassandra keyspace that will be used for all queries.

opencloud_gaa_bootstrap_info
cassandraContactPoints

Comma separated list of hostname/ip addresses of cassandra nodes used to discover the cluster topology.

localhost
policy.protocol.port

The TCP port used to connect to a Cassandra node.

9042

Reactivating the RA

Changing any of the above properties will require the RA to be reactivated. To reactivate in rhino-console, use the updateraentityconfigurationproperties command. For example:

> updateraentityconfigurationproperties cassandra-cql-ra cassandraContactPoints 10.0.0.1,10.0.0.2
> deactivateraentity cassandra-cql-ra
> activateraentity cassandra-cql-ra
Tip See the Cassandra CQL Resource Adaptor Guide for more information.

Diameter Base RA

The Diameter Base RA is used to communicate with the HSS using the Zh Diameter application (3GPP TS 29.109). The name of the Diameter Base RA entity created by default is diameterbase.

Most of the Diameter Base RA’s configuration is defined in XML strings stored in a SLEE profile. The default profile ID used for configuration is DiameterConfig/DiameterZhConfig.

Below are the profile attributes that affect the BSF Server operation.

Profile attribute Description Default value
PeerTable

Describes the Diameter peers that the RA can connect to. Typically this will be the primary and secondary HSS hosts.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE peer-table PUBLIC
  "-//Open Cloud Ltd.//DTD Diameter Peer Table Configuration 1.1.0//EN"
  "http://www.opencloud.com/dtd/diameter-peer-table-1.1.0.dtd">
<peer-table>
  <peer connectAtStartup="true">
    <uri>${zh-server.uri}</uri>
    <address>${zh-server.address}</address>
  </peer>
</peer-table>
RealmTable

Describes how different applications are routed to Diameter peers. In the BSF’s case we just want everything to go to the HSS.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE realm-table PUBLIC
  "-//Open Cloud Ltd.//DTD Diameter Realm Table Configuration 1.0//EN"
  "http://www.opencloud.com/dtd/diameter-realm-table-1.0.dtd">
<realm-table>
  <default-route>
    <peer-ref>
      <hostname>${zh-server.hostname}</hostname>
      <metric>1</metric>
    </peer-ref>
  </default-route>
</realm-table>
Note The ${zh-server.address} and similar properties in the XML above are obtained from the config.properties file of the deployment module, as described in Installing the BSF Server. After deployment in the SLEE, these profiles will contain the substituted values.

Updating profile attributes

The profile values can be edited manually in Rhino Element Manager or rhino-console. Alternatively update config.properties in your deployment module.

Tip See the Diameter Resource Adaptors Guide for more information.
Previous page Next page