Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.

Author: Mukasa Tygomi
Country: Guadeloupe
Language: English (Spanish)
Genre: Personal Growth
Published (Last): 5 July 2013
Pages: 288
PDF File Size: 14.84 Mb
ePub File Size: 11.36 Mb
ISBN: 953-5-66051-789-2
Downloads: 14034
Price: Free* [*Free Regsitration Required]
Uploader: Meshakar

Proxies that wish to limit resources MUST maintain session state. Both the numeric values and the symbolic values listed below can be used. The AddressType is used to discriminate the content and format of the remaining octets. All proxies MUST maintain transaction state. Sub-session A sub-session represents a distinct service e. However, the protocol’s failover procedures require that agents maintain a copy of pending requests.

This is typically accomplished by tracking the state of NAS devices. Server Identifier One or more servers the message is to be routed to. Peer connection B is established between the Relay and the Server.

If cleared, the message MUST be diametdr processed. A stateless agent 35888 one that only maintains transaction state. By authorizing a request, the home Diameter server is implicitly basee its willingness to engage in the business transaction as specified by the contractual relationship between the server and the previous hop.

In this case, all IP numbers from 1.

Diameter (protocol)

AVPs are used by the base Diameter protocol to support the following required prtocol Home Realm A Home Realm is the administrative domain with which the user maintains an account relationship.


Authorization The act of determining whether a requesting entity subject will be allowed access to a resource object. Since relays make decisions based on information in routing AVPs and realm forwarding tables, they do not keep state on NAS resource usage or sessions in progress.

Correlation of Accounting Records While proxies typically do not respond to client Requests prior to receiving a Response from the server, they may originate Reject messages in cases where policies are violated. Prior to issuing the request, NAS performs a Efc route lookup, using “example.

Diameter Base Protocol Support

Likewise, this reduces the configuration load on Diameter servers that would otherwise be necessary when NASes are added, changed or deleted.

Authentication The act of verifying the identity of an entity subject. This feature was implied in the peer state machine table of RFCbut it was not clearly defined anywhere else in that document.

It is based on the Backus-Naur Form and is used to define message exchanges in a bi-directional communications protocol. Through DNS, Diameter enables dynamic discovery of peers. A summary of the base protocol updates included in this document can be found in Section 1.

Since redirect agents do not receive answer messages, they cannot maintain session state. This limits the usefulness of IPsec in inter-domain AAA applications such as roaming where it may be desirable to define a distinct certificate hierarchy for use in a AAA deployment.

As ofthe only value supported is 1. The absence of a particular option may be denoted with a ‘! The length of the padding is not reflected in the AVP Length field. A three-letter acronym for both the request and answer is also normally provided.


Translation agents are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at a slower pace. This document also defines the Diameter failover algorithm and state machine. The supported TCP flags are: To test for a particular IP version, the bits part can be set to zero.

These changes in sessions are tracked with the Accounting-Sub-Session-Id. User session X spans from the Client via the Relay to the Server. Arkko Ericsson September Diameter Base Protocol Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Session A session is a related progression of events devoted to a protpcol activity. Realm The string in the NAI that immediately follows the ‘ ‘ character.

Clarify the proper use of Application Id information, which can be found in multiple places within a Diameter message. The Diameter discovery process now supports only widely used discovery schemes; the rest have been deprecated see Section 5. Diameter Request Routing Overview An access device that is unable to interpret or apply a deny rule MUST terminate the session.

Additionally, application specific state machines can be introduced either later or at a higher abstraction layer.

A metalanguage with its own formal syntax and rules. A number of zero- valued bytes are added to the end of the AVP Data field till a word boundary is reached.