Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.
|Published (Last):||2 September 2010|
|PDF File Size:||15.93 Mb|
|ePub File Size:||9.31 Mb|
|Price:||Free* [*Free Regsitration Required]|
Furthermore, all Diameter messages contain an Application Identifier, which is used in the message forwarding process. This behavior is handled via the Tc timer, whose recommended value is 30 seconds. To test for a particular IP version, the bits part can be set to zero. The supported IP options are: Diameter makes use of the realm, also loosely referred to as domain, to determine whether messages can be satisfied locally, or whether they must be routed or redirected.
By authorizing a request, rffc home Diameter server is implicitly indicating its willingness to engage in the business transaction as specified by the contractual relationship between the server and the previous hop. A stateless agent is one that only maintains transaction state. This document also defines the Diameter failover algorithm and state machine.
These changes in sessions are tracked with the Accounting-Sub-Session-Id. The base protocol also defines certain rules that apply to all exchanges of messages between Diameter nodes. Through DNS, Diameter enables dynamic discovery of peers. Since within [ IKE ] authentication occurs only within Phase 1 prior to the establishment of IPsec SAs in Phase 2, it is typically not possible to define separate trust or authorization schemes for each application.
Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply. In summary, this document defines the base protocol specification for AAA, which includes support for accounting.
Some of these AVP values are used by the Diameter protocol itself, while others deliver data associated with particular applications that employ Diameter. The Hop-by-Hop identifier is normally a monotonically increasing number, whose start value was randomly generated. Time constraints are typically imposed in order to limit financial risk. Correlation of Accounting Records Translation agents are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at a slower pace.
This field contains the contents of the Origin-Host Section 6. Table of Contents 1. A home realm may also wish to check that each accounting request diameteer corresponds to a Diameter response authorizing the session.
If the base accounting is used without any mandatory AVPs, new commands or additional mechanisms e. Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation.
An access device MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner’s infrastructure.
Protocol Overview The base Diameter protocol may be used by itself for accounting applications, but for use in authentication and authorization it is always extended for a particular application. By providing explicit support for inter-domain roaming and message routing Sections 2.
You can help by adding to it. Roaming Relationships Roaming relationships include relationships between companies and ISPs, relationships among peer ISPs within a roaming consortium, and relationships between an ISP and a roaming consortium. The “ip” keyword means any protocol will match. If cleared, the message MUST be locally processed. It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
Static or Dynamic Specifies whether a route entry was statically configured, or dynamically discovered. Diameter connections and sessions In the example provided in Figure 1peer connection A is established between the Client and its local Relay. In addition, they MUST fully support each Diameter application that is needed to implement the client’s service, e.
This field is only present if the respective bit-flag is enabled. By issuing an accounting request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response.
A Command Code is used to determine the action that is to be taken for a particular message. Accounting requests without corresponding authorization responses SHOULD be subjected to further scrutiny, as should accounting requests indicating a difference between diameer requested and provided service.
Description of the Document Set The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order that is used to match the requests with their answers as the same value in the request is used in the response. An access device that is unable to interpret or apply a permit rule MAY apply a more restrictive rule.
Match if the TCP header contains the comma separated list of flags specified in spec. The absence of a particular option may be denoted with a ‘! A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter. The default value is zero. Therefore, each connection is authenticated, replay and integrity protected and confidential on a 35888 basis.
Diameter (protocol) – Wikipedia
A Diameter node MAY initiate connections from a source port other than the one that it declares it accepts incoming connections on, and MUST be prepared to receive connections on port The name is a play on words, derived from the RADIUS protocol, which is the rvc a diameter is twice the radius. Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it.
The absence of a particular flag may be denoted with a ‘! Packets may be marked or metered based on the following information that is associated with it: Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes.
One or more Session-Ids must follow. If Diameter receives data up from TCP that cannot be parsed or identified as a Diameter error made by the peer, the stream is compromised and cannot be recovered. A Diameter client generates Diameter messages to request authentication, authorization, and accounting services protcool the user.
Further, since redirect agents never relay requests, they are not required to maintain transaction state.