Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). RFC Diameter Base Protocol, September Canonical URL: Discuss this RFC: Send questions or comments to [email protected] Other actions: View.
|Published (Last):||1 March 2010|
|PDF File Size:||20.68 Mb|
|ePub File Size:||13.21 Mb|
|Price:||Free* [*Free Regsitration Required]|
The request is identified by the R equest bit in the Diameter header set to one 1to ask that a particular action be performed, such as authorizing a user or terminating a session.
This field is only present if the respective bit-flag is enabled. Senders of request messages MUST insert a unique identifier on each message. The supported ICMP types are: Redirecting a Diameter Message Since redirect agents do not perform any application rc processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier.
RFC – part 2 of 5
The application can be an authentication application, an accounting application or a vendor specific application. The following Command Codes are defined in the Diameter base protocol: Relaying of Diameter messages The example provided in Figure 2 depicts a request issued from NAS, which is an access device, for the user bob example. Proxies MAY be used in call control centers or access ISPs that provide outsourced connections, they can monitor the number and types of ports in use, and make allocation and admission decisions according to their configuration.
Received answers that do not match a known Hop-by-Hop Identifier are ignored by the Diameter agent. Hop-by-Hop Identifier The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order and aids in matching requests and replies. The ‘P’ bit indicates the need for encryption for end-to-end security. The originator of an Answer message MUST ensure that the End-to-End Identifier field contains the same value that was found in the corresponding request.
Additionally, application specific state machines can be introduced either later or at a higher abstraction layer. Packets may be filtered based on the following information that is associated with it: The fields are transmitted in network byte order.
This is a valid packet, but it only has one use, to try to circumvent firewalls. It is set when resending requests not yet acknowledged as an indication of a possible duplicate due to a link failure.
The AVP can ; appear anywhere in the message. Thus an administrator could change the configuration to avoid interoperability problems. The Diameter protocol requires that relaying and proxying agents maintain transaction state, which is used for failover purposes. Accounting AVPs may be considered sensitive. For example, where TLS or IPsec transmission- level security is sufficient, there may be no need for end-to-end security.
The Diameter protocol defines a policy protocol used by clients to perform policy, AAA, and resource control. If cleared, the message is an answer. Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it.
The Diameter protocol was initially developed by Pat R. Diameter Command Naming Conventions Diameter command names typically includes protoco, or more English words followed by the verb Request or Answer. End-to-End Identifier The End-to-End Identifier is an unsigned bit integer field in network byte order and is used to detect duplicate messages.
However, they differ since they modify messages to implement policy enforcement. Every Diameter message MUST contain a command code in its header’s Command-Code field, which is used to determine the action that is to be taken for a particular message. If cleared, the message is an answer. Transaction state implies that upon forwarding a request, its Hop-by-Hop identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received.
RFC – Diameter Base Protocol
Diameter agents only need to be concerned about the number of requests they send based on a single received request; retransmissions by other entities need not be tracked.
The ” T ” Potentially re-transmitted message bit — This flag is set after a link failover procedure, to aid the removal of duplicate requests.
An access device MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner’s infrastructure. OctetString The data contains arbitrary data of variable length.
Views Read Edit View history. This requires that proxies maintain the state of their downstream peers e. For a match to occur, the same IP version must be present in the packet that was used in describing the IP address.
Integer32 32 bit signed value, in network profocol order.