Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ).
|Published (Last):||26 July 2005|
|PDF File Size:||4.18 Mb|
|ePub File Size:||9.52 Mb|
|Price:||Free* [*Free Regsitration Required]|
The AVP contains the identity of the peer the request was received from. Relays modify Diameter messages by inserting and removing routing information, but do not modify any other portion of a dia,eter. Maintaining session state MAY be useful in certain applications, such as: Archived from the original on 4 July Session A session is a related progression of events devoted to a particular activity.
Diameter Agent A Diameter Agent is a Diameter node that provides either relay, proxy, redirect diameger translation services. See the text from RFC Section: In order to preserve interoperability, a Diameter implementation MUST be able to exclude from a Diameter message any Mandatory AVP which is neither defined in the base Diameter protocol nor in any of the Diameter Application specifications governing the message in which it appears.
For more information please refer https: Downstream Downstream is used to identify the direction of a particular Diameter diwmeter from the home server towards the access device. It is important to note that there is no relationship between a connection and a session, and that Diameter messages for multiple sessions are all multiplexed through a single connection.
Transmission-level security [ RADIUS ] defines an application-layer authentication and integrity scheme that is required only for use with Response packets. If Diameter receives data up from TCP that cannot be parsed or identified as a Diameter error made by the peer, the stream is compromised and cannot be recovered. OctetString The data contains arbitrary data of variable length.
Local Action The Local Action field is used to identify how a message should be treated. Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.
RFC – part 1 of 5
The Diameter protocol requires that agents maintain transaction state, which is used for failover purposes. Broker A broker is a business term commonly used in AAA infrastructures.
Diameter Relays and redirect agents are, by definition, protocol transparent, and MUST transparently support the Diameter base protocol, which includes accounting, and all Diameter applications. However, just because a new authentication application id is required, does not imply that a new accounting application id is required. Each of these AVPs follows – in the order in which they are specified – including their headers and padding.
The following Command Codes are defined in the Diameter base protocol: For example, where TLS or IPsec transmission- level security is sufficient, there may be no need for end-to-end security. Hop-by-Hop Identifier The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order and aids in matching requests and replies.
Expiration time Specifies the time which a dynamically discovered route table entry expires.
The list may be specified as any combination of ranges or individual types separated by commas. If cleared, the message is an answer.
Since additional code points are added by amendments to the standard from time to time, implementations MUST be prepared to encounter any code point from 0x to 0x7fffffff. Application-ID Application-ID is four octets and is used to identify to which application the message is applicable for. Command-Code The Command-Code field is three diametter, and is used in order to communicate the command associated with the message.
A route entry can have a different destination based on the application identification AVP of the message. The following actions are supported: Diameter implementations are required to support all Mandatory AVPs which are allowed by the message’s formal syntax and defined either in the base Diameter standard or in one of the Diameter Application specifications governing the message.
Diameter Base Protocol Support
The specific behavior of the Diameter server or client receiving a request depends on the Diameter application employed. Multi-session A multi-session represents a logical linking of several sessions.
The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer. Team-Diameter March 1, at 2: Chinmoy March 20, at 8: Adding a new optional AVP bse not require a new application. Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis.
End-to-end security policies include: Authorization The act of determining whether a requesting entity subject will be allowed access to a resource object. Proxies that wish to limit resources MUST maintain session state.
The metering options MUST be included.
The Session-Id is then used in all subsequent messages to identify the user’s session see Section 8 for more information. The default value is infinity. The request is identified by the R equest bit in the Diameter header set to one 1to ask that a particular action be performed, such as authorizing a user or terminating a session. When relays or proxy are involved, this hop-by-hop security does not protect the entire Diameter user session.
This is described in Section 5.
A given Diameter instance of the peer state machine MUST NOT use more than one transport connection to communicate with a given peer, unless multiple instances prtoocol on the peer in which case a separate connection per process is allowed.