Sign in Subscribe

ACR (Accounting request)

Last updated on 

An accounting request (ACR) is a message exchange protocol used in computer networks to collect accounting information about user activities. The ACR is defined in the Remote Authentication Dial-In User Service (RADIUS) protocol, which is widely used in enterprise networks and internet service provider (ISP) networks to control access to network resources and bill customers for network usage.

In this article, we will explain the ACR in detail, including its purpose, structure, and usage in RADIUS-based networks.

Purpose of ACR

The main purpose of the ACR is to collect accounting information about user activities in a network. This information is used for billing purposes, network management, and security auditing. The ACR allows network administrators to collect information about user sessions, such as the duration of the session, the amount of data transmitted and received, and the IP addresses used.

The accounting information collected by the ACR is sent to a RADIUS server, which can use this information for various purposes. For example, the RADIUS server can generate bills for customers based on their usage, enforce usage limits, monitor network performance, and detect security threats.

Structure of ACR

The ACR is a message exchange protocol that consists of two types of messages: ACR-Request and ACR-Response. The ACR-Request message is sent by a network access server (NAS) to a RADIUS server to request accounting information for a user session. The ACR-Response message is sent by the RADIUS server to the NAS in response to the ACR-Request message.

The ACR-Request message contains the following fields:

  1. Code: Specifies the type of message, which is set to 4 for ACR-Request messages.
  2. Identifier: A unique identifier that is used to match the response message with the request message.
  3. Length: The length of the entire message in octets.
  4. Authenticator: A 16-byte field that is used to authenticate the message. The authenticator is generated by the NAS and is encrypted using a shared secret key that is known by both the NAS and the RADIUS server.
  5. Attributes: A list of attributes that are used to provide information about the user session. The attributes are encoded as type-length-value (TLV) tuples, where the type field specifies the attribute type, the length field specifies the length of the attribute value, and the value field contains the attribute value.

The ACR-Response message contains the following fields:

  1. Code: Specifies the type of message, which is set to 5 for ACR-Response messages.
  2. Identifier: The same identifier as the ACR-Request message.
  3. Length: The length of the entire message in octets.
  4. Authenticator: A 16-byte field that is used to authenticate the message. The authenticator is generated by the RADIUS server and is encrypted using the shared secret key.
  5. Attributes: A list of attributes that are used to provide accounting information about the user session. The attributes are encoded in the same format as in the ACR-Request message.

Usage of ACR

The ACR is used in RADIUS-based networks to collect accounting information for user sessions. When a user logs in to the network, the NAS sends an Access-Request message to the RADIUS server to authenticate the user. If the authentication is successful, the RADIUS server sends an Access-Accept message to the NAS, which grants access to the network resources.

After the user session is completed, the NAS sends an ACR-Request message to the RADIUS server to collect accounting information about the session. The ACR-Request message contains a list of attributes that describe the session, such as the start time, end time, duration, and data usage.

The RADIUS server receives the ACR-Request message and processes the accounting information contained in the message. The server then generates an ACR-Response message that contains a list of attributes that provide accounting information about the session. The attributes may include the session duration, data usage, and other information that the network administrator wants to track.

The NAS receives the ACR-Response message and forwards it to the appropriate accounting server or billing system. The accounting server or billing system uses the accounting information to generate bills for customers, enforce usage limits, and monitor network performance.

The ACR can also be used for security auditing purposes. For example, if a security breach occurs in the network, the ACR can be used to track the activities of the user who caused the breach. The ACR can provide information about the user's login time, IP address, and data usage, which can help in identifying the source of the breach.

The ACR is a critical component of RADIUS-based networks, as it provides accounting information that is essential for billing, network management, and security auditing purposes. The ACR allows network administrators to track user activities and enforce usage policies, which helps to ensure the security and stability of the network.

Conclusion

In conclusion, the accounting request (ACR) is a message exchange protocol that is used in RADIUS-based networks to collect accounting information about user sessions. The ACR allows network administrators to track user activities, enforce usage policies, and monitor network performance. The ACR consists of two types of messages: ACR-Request and ACR-Response. The ACR-Request message is sent by the NAS to the RADIUS server to request accounting information for a user session, while the ACR-Response message is sent by the RADIUS server to the NAS in response to the ACR-Request message. The ACR is a critical component of RADIUS-based networks, as it provides accounting information that is essential for billing, network management, and security auditing purposes.