Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). RFC Diameter Base Protocol, September Canonical URL: Discuss this RFC: Send questions or comments to [email protected] Other actions: View.
|Published (Last):||10 April 2005|
|PDF File Size:||2.42 Mb|
|ePub File Size:||12.75 Mb|
|Price:||Free* [*Free Regsitration Required]|
Information on RFC » RFC Editor
By issuing an accounting request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response.
The ‘P’ bit indicates the need for encryption for end-to-end security.
Adding a new optional AVP does not require a new application. Diameter Command Naming Conventions Diameter command names typically includes one or more English words followed by the verb Request or Answer.
The rule syntax is a modified subset of ipfw 8 from FreeBSD, and the ipfw. Packets may be marked or metered prootcol on the following information that is associated with it: Given that the Diameter protocol introduces the concept of long-lived authorized sessions, translation agents MUST be session stateful and MUST maintain transaction state.
Peotocol does not affect the selection of port numbers.
Diameter (protocol) – Wikipedia
The ” T ” Potentially re-transmitted message bit — This flag is set after a link failover procedure, to aid the removal of duplicate requests.
Application-ID Application-ID is four octets and is used to identify to which application the message is applicable for. An access device that is unable to prootcol or apply a permit rule MAY apply a more restrictive rule. The Diameter protocol requires that agents maintain transaction state, which is used diaeter failover purposes. End-to-End Security Framework End-to-end security services include confidentiality and message origin authentication.
The request’s state is released upon receipt of the answer. It MAY do this in one of the following ways: By authorizing a request, the home Diameter server is implicitly indicating its willingness to engage in the business transaction as specified by the contractual relationship between the server and the iehf hop.
The encoding example illustrates how padding is protoco, and how length fields are calculated. The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt to ensure that the number is unique across reboots.
Application-ID is used to identify for which Diameter application the message is applicable. In addition to authenticating each connection, each connection as well as the entire 33588 MUST also be authorized.
Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it. Retrieved from ” https: As noted in Section 6. The Hop-by-Hop identifier is normally a monotonically diameher number, whose start value was randomly generated. The following is a definition of a fictitious command code: The Diameter protocol requires that relaying and proxying agents maintain transaction state, which is used for failover purposes.
Diameter Header A summary of the Diameter header format is shown below. A Command Code is used to determine the action that is to be taken for a particular message. This field indicates the version of the Diameter Base Protocol. Redirecting a Diameter Message Since redirect agents do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier.
The packet consists of a Diameter header and a variable number of Attribute-Value Pairs, or AVPs, for encapsulating information relevant to the Diameter message. An example is a redirect agent 5388 provides services to all members of a consortium, but does not wish to be burdened with relaying all messages between realms.
Additionally, application specific state machines can be introduced either later or progocol a higher abstraction layer. Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes.
Redirect Agents Redirect agents are useful in scenarios where the Diameter routing configuration needs to be centralized. Prior to issuing the request, NAS performs a Diameter route lookup, using “example. A stateful agent is one that maintains 35888 state information; by keeping track of all authorized active sessions.
If an AVP with the ” M ” bit set is received by a Diameter client, server, proxy, or translation agent and either the AVP or its value is unrecognized, the message must be rejected. The default value is infinity.
Proxies MAY be used in call control centers or access ISPs that provide outsourced connections, they can monitor the number vase types of ports in use, and make allocation and admission decisions according to their configuration. The absence of a particular option may be denoted with a ‘! Messages with the “E” bit set are commonly referred to as error messages. A Diamwter implementation MAY act as one type of agent for some requests, and as another type of agent for others.
If no rule matches, the packet is treated as best effort.
Thus an administrator could change the configuration to avoid interoperability problems. The circumstances requiring the use of end-to-end security are determined by policy on each of the peers.
Each packet is evaluated once.