Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||22 August 2010|
|PDF File Size:||12.5 Mb|
|ePub File Size:||3.43 Mb|
|Price:||Free* [*Free Regsitration Required]|
End-to-End Identifier The End-to-End Identifier is an unsigned bit integer field in network byte order and is used to detect duplicate messages. The supported TCP options are: The RFC defines an authorization and an accounting state machine. The keyword “any” is 0.
If no rule matches, the packet is treated as rrc effort. An access device MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner’s infrastructure. The metering options MUST be included. Transaction state implies that upon forwarding a request, its Hop-by-Hop Identifier is saved; 35588 field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received.
An access device that is unable to interpret or apply a deny rule MUST terminate the session.
DIAMETER – The Wireshark Wiki
Upon reboot implementations MAY set the high order 12 bits to contain the low order 12 bits of current time, and the low order 20 bits to a random value. End-to-End Security Tfc End-to-end security services include confidentiality and message origin authentication. Translation Agents A translation agent is a device that provides translation between two protocols e. The bit value is transmitted in network byte order.
The Diameter protocol requires that agents maintain transaction state, which is used for failover purposes. Diameter sessions MUST be routed only through authorized nodes that have advertised support for the Diameter application required by the session.
Each packet is evaluated once. If cleared, the message MUST be locally processed.
Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply. Diameter Command Naming Conventions Diameter command names typically includes one or more English words followed by the verb Request or Answer. Thus an administrator could change the configuration to avoid interoperability problems. See the frag option for details on matching fragmented packets.
Maintaining session state MAY be useful in certain applications, such as: Translation of messages can only occur if the agent recognizes the application of a particular request, and therefore translation agents MUST only advertise their locally supported applications.
The circumstances requiring the use of end-to-end security are determined by policy on each of the peers.
A stateless agent is one that only maintains transaction state. Redirecting a Diameter Message Since redirect agents do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier.
The supported ICMP types are: By issuing an accounting request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response. The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt to ensure that diamerer number is unique across reboots. Transaction state implies that upon forwarding a request, its Hop-by-Hop identifier is saved; the field is replaced with a locally unique identifier, which is siameter to its original value when the corresponding answer is received.
This section needs expansion. Messages with the “E” bit set are commonly referred to as error messages. The following format is used in the definition: In case of redirecting agents, the Hop-by-Hop Identifier is maintained in the header as the Diameter agent responds with an answer message.
Application-ID Application-ID is four octets and is used to identify to which application the message is applicable for. Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation.
Accounting requests without corresponding authorization responses Diamter be subjected to further scrutiny, as should accounting requests indicating a difference between the requested and provided service. The following Command Codes are defined in the Diameter base protocol: It is set when resending requests not yet acknowledged, as an indication of a possible duplicate due to a link failure.
The application can be an authentication application, an accounting application, or a vendor-specific application. Proxies MAY be used in call control centers diiameter access ISPs that provide outsourced connections, they can monitor the number and types of ports in use, and make allocation and admission decisions according to their configuration.
Adding a new optional AVP does not require a new application. The packet consists of a Diameter header and a variable number of Attribute-Value Pairs, or AVPs, for encapsulating information relevant to the Diameter message.
A Command Code is used to determine the action that is to be taken for a particular message. Further, since redirect agents never relay requests, they are not required to maintain transaction state.
The application can be an authentication application, an accounting application or a vendor specific application. The default value is infinity.