Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). RFC Diameter Base Protocol, September Canonical URL: Discuss this RFC: Send questions or comments to [email protected] Other actions: View.
|Published (Last):||6 November 2013|
|PDF File Size:||7.35 Mb|
|ePub File Size:||19.96 Mb|
|Price:||Free* [*Free Regsitration Required]|
Transaction state implies that upon forwarding a request, its Hop-by-Hop identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received. These services are provided by supporting AVP integrity and confidentiality between two peers, communicating through agents. For example, administrators within the home realm may not wish to honor requests that have been ciameter through an untrusted realm.
The originator of an Answer message MUST ensure that the End-to-End Identifier field contains the same value that was found in the corresponding request.
Diameter (protocol) – Wikipedia
Maintaining session state MAY be useful in certain applications, such as: This is a valid packet, but it only has one use, to try to circumvent firewalls. If no rule matches, the packet is treated as best effort.
The metering options MUST be included. For IPv4, a typical first rule is often “deny in ip! A local realm may wish to limit this exposure, for example, by establishing credit limits for intermediate realms and refusing to accept responses which would violate those limits.
The values are for protofol, standard commands allocated by IANA. Diameter Applications can extend the base protocol by adding new commands, attributes, or both. Packets iietf be marked or metered based on the following information that is associated with it: An access device that is unable to interpret or apply a deny rule MUST terminate the session.
Some common Diameter commands defined in the protocol base and applications are:. The application can be an authentication application, an accounting application or a vendor specific application. The supported ICMP types are: Since enforcing policies requires an understanding of the service being provided, Proxies MUST only advertise the Diameter applications they support. The following is a definition of a fictitious command code: Further, since redirect agents never relay requests, they are not required to maintain transaction state.
Retrieved 30 April rfv One or more Session-Ids must follow. Translation gfc are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at a slower pace. When set the AVP Code belongs to the specific vendor code address space. If an AVP with the ” M ” bit set is received by a Diameter client, server, proxy, or translation agent and either the AVP or its value is unrecognized, the message must be rejected.
This AVP would be encoded as follows: In case of redirecting agents, the Hop-by-Hop Identifier is maintained in the header as the Diameter agent responds with an answer rdc.
The “ip” keyword means any protocol will match. The AVP can ; appear anywhere in the message. Diameter sessions MUST be routed only through authorized nodes that have advertised support for the Diameter application required by the session. Unsigned32 32 bit unsigned value, in network byte order.
The AVP contains the identity of the peer the request was received from. The Prorocol defines a core state machine for maintaining connections between peers and processing messages. On 6h 28m 16s UTC, 7 February the time value will overflow.
Since redirect agents do not receive answer messages, they cannot maintain session state. A stateless agent is one that only maintains transaction state.
After that the transport connection can be disconnected. Accounting requests without corresponding authorization responses SHOULD be subjected to further scrutiny, as should accounting requests indicating a difference between the requested and provided service. Archived from the original on 4 July