Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.
|Published (Last):||7 April 2008|
|PDF File Size:||5.51 Mb|
|ePub File Size:||9.33 Mb|
|Price:||Free* [*Free Regsitration Required]|
Thus an administrator could change the configuration to avoid interoperability problems.
The request is identified by the R equest bit in the Diameter header set to one 1to ask that a particular rrc be performed, such as authorizing a user or terminating a session. Since relays make decisions based on information in routing AVPs and realm forwarding tables they do not keep state on NAS resource usage or sessions in progress.
These Diameter agents are useful for several reasons: This section needs expansion. For a given application, advertising support of an application implies that the sender supports all command codes, and the AVPs specified in the associated ABNFs, described in the specification.
Sessions This section attempts to provide the reader with an understanding of the difference between connection and session, which are terms used extensively throughout this document.
The keyword “any” is 0. Since redirect agents do prottocol relay messages, and only return an answer with the information necessary for Diameter agents to communicate directly, they do not modify messages.
The name is a play on words, derived from the RADIUS protocol, which is the predecessor a diameter is twice the radius.
Each of these AVPs follows – in the order in which they are specified – including their headers and padding. An example of a multi-session would be a Multi-link PPP bundle.
On 6h 28m 16s UTC, 7 February the time value will overflow. NAI realm names are required to be unique, and are piggybacked on the administration of the DNS namespace.
RFC – part 2 of 5
Only this exact IP number will match the rule. The Diameter protocol also supports server-initiated messages, such as a request to abort service to a particular user. User The entity requesting or diameteer some resource, in support of which a Diameter client has generated a request.
A route entry can have a different destination based on the application identification AVP of the message. Transaction state implies that upon forwarding a request, its Hop-by-Hop Identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received. Messages with the “E” bit set are commonly referred to diammeter error messages.
Unsigned32 32 bit unsigned value, in network byte order. Authentication The act of verifying the identity of an entity subject. Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis.
The routing table MAY consist of only such an entry. Retrieved from ” https: E rror – If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command. Command-Code The Command-Code field is three octets, and is used in order to communicate the command associated with the message. P roxiable – If set, the message MAY be proxied, relayed or redirected. Fragmented packets that have a non-zero offset i.
For a match to occur, the same IP version must be present in the packet that was used in describing the IP address.
Diameter Base Protocol Support
Each packet is evaluated once. Derivation of dynamic session keys is enabled via transmission-level security. In order to provide well defined failover behavior, Diameter supports application-layer acknowledgements, and defines failover algorithms and the associated state machine.
The set of AVPs included in the message is determined by a particular Diameter application. The supported TCP flags are: Prior to bringing up a connection, authorization checks are performed at each connection along the path. A local realm may wish to limit this exposure, for example, by establishing credit limits for intermediate realms and refusing to accept responses which would violate those limits.
Support for server-initiated messages is mandatory in Diameter, and is described in Section 8. The supported TCP options are: In addition, they MUST fully support each Diameter application that is needed to implement the intended service, e.
An access device MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner’s infrastructure.
User session X spans from the Client via the Relay to the Server. Some of these AVP values are used by the Diameter protocol itself, while others deliver data associated with particular applications that employ Diameter.
Communication between Diameter peers begins with one peer sending a message to another Diameter peer. Internet Standards Application layer protocols Computer access control protocols Authentication protocols. Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes. The rule syntax is a modified subset of ipfw 8 from FreeBSD, and the ipfw.
Translation Agents A translation agent is a device that provides translation between two protocols e. The following Application Identifier values are defined: Role of Diameter Agents In addition to client and servers, the Diameter protocol introduces relay, proxy, redirect, and translation agents, each of which is defined in Section 1.