Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.
|Published (Last):||5 September 2009|
|PDF File Size:||2.43 Mb|
|ePub File Size:||17.4 Mb|
|Price:||Free* [*Free Regsitration Required]|
Match if the ICMP type is in the list types.
In addition, they MUST fully support each Diameter application that is needed to implement the intended service, protocll. If the base accounting is used without any mandatory AVPs, new commands or additional mechanisms e.
Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes. A three-letter acronym for both the request and answer is also normally provided. Each English word is delimited by a hyphen. A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter.
Security is discussed in Section Security policies, which are not the subject of standardization, may be applied by next hop Diameter peer or by destination realm.
As a result, relays never originate messages, do not need to understand the semantics of messages or non-routing AVPs, and are capable of handling any Diameter application or message type.
This requires that proxies maintain the state of their downstream peers e.
RFC – part 1 of 5
The absence of a particular option 3588 be denoted with a ‘! Protpcol Diameter protocol also supports server-initiated messages, such as a request to abort service to a particular user. It is also possible for the base protocol to be extended for use in new applications, via the addition of new commands or AVPs. The following bits are assigned: Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis.
It is important to note that there is no relationship between a connection and a session, and that 33588 messages for multiple sessions are all multiplexed through a single connection.
This is a valid packet, but it only has one use, to try to circumvent firewalls. The combination of the home domain and the accounting application Id can be used diametdr order to route the request to the appropriate accounting server. Each authorized session is bound to a particular service, and its state is considered active either until it is notified otherwise, portocol by expiration.
Description of the Document Set Diameter agents only need to be concerned about the number of requests they send based on a single received request; retransmissions by other entities need not be tracked. T Potentially re-transmitted message – This flag is set after a link failover procedure, to aid the removal of duplicate requests.
Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation.
The routing table MAY consist of only such an entry. There is one kind of packet that the access device MUST always discard, that is an IP fragment with a fragment offset of one. Server Dlameter One or more servers the message is to be routed to. Since additional code points are added by amendments to the standard from time to time, implementations MUST be idameter to encounter any prtoocol point from 0x to 0x7fffffff.
The application can be an authentication application, an accounting application or a vendor specific application.
Translation of messages can only occur if the agent recognizes the application of a particular request, and therefore translation agents Rffc only advertise their locally supported applications. The combination of the Origin-Host see Section 6. A stateful agent is one that maintains session state information; by keeping track of all authorized active sessions.
It belongs to the application layer protocols in the internet protocol suite. Each “user” of a service causes an auth request to be sent, with a unique session identifier. Command-Code The Command-Code field is diwmeter octets, and is used in order to communicate the command associated with the message.
Diameter Base Protocol Support
Internet Standards Application layer protocols Computer access control protocols Authentication protocols. Once the receiver has completed the request it issues the corresponding answer, which includes a result code that communicates one of the following: Derivation of dynamic session keys is enabled via transmission-level security.
Packets may be filtered based on the following information that is associated with it: Creation of a new application should be viewed as a last resort. The supported TCP options are: Major changes to an application include: It MAY do this in one of the following ways: All Diameter packets with the same Session-Identifier are considered to be part of the same session. The base protocol does not require an Application Identifier since its support is mandatory. As with proxy agents, redirect agents do not keep state with respect to sessions or NAS resources.
Application Identifier An application is identified by a vendor id and an application id. Diameter 3858 Naming Conventions Proxies that wish to limit resources MUST maintain session state. If Diameter receives data up from TCP that cannot be parsed or identified as a Diameter prohocol made by the peer, the stream is compromised and cannot be recovered. Diameter Relays and redirect agents are, by definition, protocol transparent, and MUST transparently support the Diameter base protocol, which includes accounting, and all Diameter applications.