Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
|Published (Last):||1 August 2015|
|PDF File Size:||5.11 Mb|
|ePub File Size:||17.12 Mb|
|Price:||Free* [*Free Regsitration Required]|
The Message Length field indicates the length of the Diameter message in bytes, including the header fields and the padded AVPs. Diameter includes support for error handling Section 7capability negotiation Section 5.
Typically, it is implemented in order to provide for partial accounting of a user’s session in case a device reboot or other network problem prevents the delivery of a session summary message or session record.
Redirecting a Diameter Message Since redirect agents do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Dizmeter.
Since redirect agents do not sit in the forwarding path, they do not alter any AVPs transiting between client and server.
Diameter connections and sessions In the example provided in Figure 1peer connection Pritocol is established between the Client and its local Relay. The format of the Data field MUST be one of the following base data types or a data type derived from the base data types. Accounting Application Extension and Requirements If the CCF definition of a command allows it, an implementation may add arbitrary optional AVPs with the M-bit cleared including vendor- specific AVPs to that command without needing to define a new application.
Proxies that wish to limit resources MUST maintain session state. Each authorized session is bound to a particular service, and its state is considered active either until it is notified otherwise or until expiration.
RFC – Diameter Base Protocol
Diameter Command Naming Conventions A stateless agent is one that only maintains transaction state. The base protocol does not require an Application Identifier since its support is mandatory. The Diameter protocol requires that agents maintain transaction state, which is used for failover purposes. Static or Dynamic Specifies whether a route entry was statically configured, or dynamically discovered.
This security protects the entire Diameter proyocol path from baase originating Diameter node to the terminating Diameter node.
The supported IP options are: The metering options MUST be included. Session state A stateful agent is one that maintains session state information, by keeping track of all authorized active sessions. Creating New Diameter Applications Diameter proxies MUST support the base protocol, which includes accounting. However, since RADIUS does not provide explicit support for proxies, and lacks auditability and transmission-level security features, RADIUS- based roaming is vulnerable to attack from external parties as well as susceptible to fraud perpetrated by the roaming partners themselves.
In accounting, [ RADACCT ] assumes that replay protection is provided by the backend billing server, rather than within the protocol itself.
Diameter Relays and redirect agents are, by definition, protocol transparent, and MUST transparently support the Diameter base protocol, which includes accounting, and all Diameter applications. Please refer to the current edition of the “Internet Official Protocol Standards” STD 1 for the standardization state and status of this protocol. An AVP includes a header and is used to encapsulate protocol-specific data e.
Thus an administrator could change the configuration to avoid interoperability problems. From the point of view of extensibility, Diameter authentication, authorization, and accounting applications are treated in the same way.
The fields are transmitted in network byte order. A mandatory AVP is defined as one which has the “M” bit set when sent within an accounting command, regardless of whether it is required or optional within the ABNF for the accounting application. For IPv4, a typical first rule is often “deny in ip!
This does not affect the selection of port numbers. The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt to ensure that the number is unique across reboots.
Redirect Agent Rather than forwarding requests and responses between clients and servers, redirect agents refer clients to servers and allow them to communicate directly. User session X spans from the Client via the Relay to the Server.
Capabilities exchange in the open state has been re-introduced in a separate specification [ RFC ], which clearly defines new commands for this feature. Diameter makes use of the realm, also loosely referred to as domain, to determine whether messages can be satisfied locally, or whether they must be routed or redirected.
AVPs are used by the base Diameter protocol to support the following required features: A Diameter node MAY initiate connections from a source port other than the one that it declares it accepts incoming connections on, and MUST be prepared to receive connections on port Any node can initiate a request.
The Transport Profile document [ RFC ] discusses transport layer issues that arise with AAA protocols and recommendations on how to overcome these issues. From Wikipedia, the free encyclopedia. Command Flags The Command Flags field is eight bits. By authorizing a request, the home Diameter server is implicitly indicating its willingness to engage in the business transaction as specified by the contractual relationship between the server and the previous hop.
A broker is either a relay, proxy or redirect agent, and MAY be operated by roaming consortiums.