Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
|Published (Last):||1 September 2005|
|PDF File Size:||6.96 Mb|
|ePub File Size:||5.95 Mb|
|Price:||Free* [*Free Regsitration Required]|
A Diameter implementation MAY act as one type of agent for some requests, and as another type of agent for others. The supported TCP options are: Failover [ RFC ] does not define failover mechanisms and, as a result, failover behavior differs between implementations. Diameter Request Routing Overview This is a valid packet, but it only has one use, to try to circumvent firewalls.
Failover and Failback Procedures The following format is used in the definition: Description of the Document Set The Diameter specification consists of an updated version of the base protocol specification this document and the Transport Profile [ RFC ]. Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis.
It represents the consensus of the IETF community. Diameter connections and sessions In the example provided in Figure 1peer connection A is established between the Client and its local Relay. As with relay agents, redirect agents do not keep state with respect to sessions or NAS resources.
Translation of messages can only occur if the agent recognizes the application of a particular request, and therefore translation agents MUST only advertise their locally supported applications.
Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply.
The AVP can ; appear anywhere in the message. Redirect Agents Redirect agents are useful in scenarios where the Diameter routing configuration needs to be centralized. Translation agents are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at a slower pace.
A stateless agent is one that only maintains transaction state. This field is only present if the respective bit-flag is enabled.
As such, there is no versioning support provided by these Application Ids themselves; every Diameter application is a standalone application. Typically, it is implemented in order to provide for partial accounting of a user’s session in case a device reboot or other network problem prevents the delivery of a session summary message or diametwr record. Proxies MAY be used in call control centers or access ISPs that provide outsourced connections, they can monitor the number and types of ports in use, and make allocation and admission protlcol according to their configuration.
This section needs expansion.
Diameter (protocol) – Wikipedia
Diameter Agent A Diameter Agent is a Diameter node that provides either relay, proxy, redirect or translation services. The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt to ensure that the number is unique across reboots. Static or Dynamic Specifies whether a peer entry was statically configured, or dynamically discovered.
The following bits are assigned: Every Diameter message MUST contain a command code in its header’s Command-Code field, which is used to determine the action that is to be taken for a particular message.
By issuing an accounting request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response. A stateless agent is one that only maintains transaction state.
Thus an administrator could change the configuration to avoid interoperability problems. Examples are removal of obsolete types, fixes to the state machine, clarification of the election process, message validation, fixes to Failed-AVP and Result-Code AVP values, etc.
Application Identifier An application is identified by a vendor id and an application id. The keyword “any” is 0. This document specifies the message format, transport, error reporting, accounting and security services to be used by all Diameter applications.
The routing table MAY consist of only such an entry. Diameter Agent A Diameter Agent is a Diameter node that provides relay, proxy, redirect, or translation services. It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
A stateless agent is one that only maintains transaction state.
In case of redirecting agents, the Hop-by-Hop Identifier is maintained in the header as the Diameter agent responds with an answer message. Server Identifier One or more servers the message is to be routed to. In the event that a logical grouping of AVPs is necessary, and multiple “groups” are possible in a given command, it is recommended that a Grouped AVP be used see Section 4.
The Hop-by-Hop identifier is normally a monotonically increasing number, whose start value was randomly generated. Failover and Failback Procedures Additional security information, when needed e. Diameter implementations are required to support all Mandatory AVPs which bade allowed by the message’s formal syntax and defined either in the base Diameter standard or in one of diaeter Diameter Application specifications governing the message.
It is suggested that IPsec can be used primarily at the edges and in intra-domain traffic, such as using pre-shared keys between a NAS a local Protofol proxy. A local realm may wish to limit this exposure, for example, by establishing credit limits for intermediate realms and refusing to accept responses which would violate protoocol limits.
In addition, they MUST fully support each Diameter application that is needed to implement the client’s service, e. An access device that is unable to interpret or protocll a deny rule MUST terminate the session. Diameter proxies MUST support the base protocol, which includes accounting. These changes in sessions are tracked with the Accounting-Sub-Session-Id. Interim accounting An interim accounting message provides a snapshot of usage during a user’s session.