Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.
|Published (Last):||26 December 2016|
|PDF File Size:||11.20 Mb|
|ePub File Size:||6.61 Mb|
|Price:||Free* [*Free Regsitration Required]|
Command Flags The Command Flags field is eight bits.
The supported IP options are: The combination of the Origin-Host see Section 6. The Proxy-Info AVP allows stateless agents to prtoocol local state to a Diameter request, with the guarantee that the same state will be present in the answer. End-to-End Identifier The End-to-End Identifier is an unsigned bit integer field in network byte order and is used to detect duplicate messages.
Diameter Protocol The Diameter base protocol provides the following facilities: A stateful agent is one that maintains session state information; by keeping track of all authorized active sessions. pprotocol
Each “user” of a service causes an auth request to be sent, with a unique session identifier. Diameter connections and sessions In the example provided in Figure 1peer connection A is established between the Client and its local Relay. Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation.
Diameter Server A Diameter Server is one that handles authentication, authorization and accounting requests for a particular realm. Local Realm A local realm is the administrative domain providing services to a user.
Security is discussed in Section These changes in sessions are tracked with the Accounting-Sub-Session-Id. Since redirect agents do not receive answer messages, they cannot maintain session state. Application-ID Application-ID is four octets and is used to identify to which application the message is applicable for.
This scenario is advantageous since it does not require that the consortium provide routing updates to its members when changes are made to a member’s infrastructure. Received answers that do not match a known Hop-by-Hop Identifier are ignored by the Diameter agent.
This page was last edited on 19 Octoberat Support for server-initiated messages is mandatory in Diameter, and is described in Section 8. This results in a large administrative burden, and creates the temptation to reuse the RADIUS shared secret, which can result in major security vulnerabilities if the Request Authenticator is not globally and temporally unique as required in [ RADIUS ].
NAI realm names are required to be unique, and are piggybacked on the administration of the DNS namespace.
In accounting, [ RADACCT ] assumes that replay protection is provided by the backend billing server, rather than within the protocol itself. As a result, relays never originate messages, do not need to understand the semantics of messages or non-routing AVPs, and are capable of handling any Diameter application or message type. Real-time Accounting Real-time prtocol involves the processing of information on resource usage within a defined time window.
Please refer to the current edition of the “Internet Official Protocol Standards” STD 1 for the standardization state and status of this protocol. Since a new EAP authentication method can be supported within Diameter without requiring new AVPs, addition of EAP methods does not require the creation of a new authentication application.
Only this exact IP number will match the rule.
Diameter Base Protocol Support
Integer64 64 bit signed value, in network byte order. Transaction state The Protockl protocol requires that agents maintain transaction state, which is used for failover purposes. For AVPs of type Enumerated, an application may require a new value to communicate some service-specific information.
Within an accounting command, setting the “M” bit implies that a backend server e. From Wikipedia, the free encyclopedia. For example, where TLS or IPsec transmission- level security is sufficient, there may be no need for end-to-end security. Redirect Agents Redirect agents are useful in scenarios where the Diameter routing configuration needs to be centralized. Diameter AVPs Diameter AVPs carry specific diametdr, accounting, authorization, routing and security information as well as configuration details for the request and reply.
One or more Session-Ids must follow. The routing table MAY consist of only such an entry. The combination of the home domain and the accounting application Id can be used in order to route the request to dizmeter appropriate accounting server. Role of Diameter Agents Therefore, each connection prrotocol authenticated, replay and integrity protected and confidential on a per-packet basis.
Relaying and Proxying Answers It is also possible for the base protocol to be extended for use in new applications, via the addition of new commands or AVPs.
The request’s state is released upon receipt of the answer. This field contains the contents of the Origin-Host Section 6. The ” T ” Potentially re-transmitted message bit — This flag is set after a link failover procedure, to aid the removal of duplicate requests.
Rc answer messages that are to be locally consumed see Section 6.