Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
|Published (Last):||7 August 2013|
|PDF File Size:||16.88 Mb|
|ePub File Size:||14.40 Mb|
|Price:||Free* [*Free Regsitration Required]|
It is important to protovol that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
Authorization Session State Machine Diameter Server A Diameter server is a Diameter node that handles authentication, authorization, and accounting requests for a particular realm.
The absence of a particular option may be denoted with a ‘!
It MAY do this in one of the following ways: Authentication The act of verifying the identity of an entity subject. Furthermore, if the transport characteristics of a command are diajeter for example, with respect to the number of round trips requireda new Command Code MUST be registered.
The changes introduced in this document focus on fixing issues that have surfaced during the implementation of Frc RFC In addition, they MUST fully support each Diameter application that is needed to implement proxied services, e. If cleared, the message is an answer. It is set when resending requests not yet acknowledged, as an indication of a possible duplicate due to a link failure. Peer discovery and configuration RADIUS implementations typically require that the name or address of servers or clients be manually configured, along with the corresponding shared secrets.
The application can be an authentication application, an accounting application, or a vendor-specific application. Session A session is a related progression of events devoted to a particular activity.
By issuing an accounting request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response.
Real-time Accounting Real-time accounting involves the processing of information on resource usage within a defined time window. The specific behavior of the Diameter server or client receiving a request depends on the Diameter application employed.
In summary, this document defines the base protocol specification for AAA, which includes support for accounting. If Diameter receives data up from TCP that cannot be parsed or identified as a Diameter error made by the peer, the stream is compromised and cannot be recovered. Diamerer The string in the NAI that immediately follows the ‘ ‘ character.
The first two octets of the Address. The rule syntax is a modified subset of ipfw 8 from FreeBSD, and the ipfw. Accounting servers creating the baze record may do so diamdter processing interim accounting events or accounting events from several devices serving the same user. It is also suggested that inter-domain traffic would primarily use TLS.
Since redirect agents do not receive answer messages, they cannot maintain session state.
In addition, they MUST fully support each Diameter application that is needed to implement the intended service, e. However, just because a new authentication application id is required, does not imply that a new accounting application id is required. Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation.
This includes fixes to the Diameter extensibility description Section 1. Proxies MAY be used in call control centers or access ISPs that provide outsourced connections, they can monitor the number and types of ports in use, and make allocation and admission decisions baxe to their configuration.
RFC – Diameter Base Protocol
Some of these AVP values are used by the Diameter protocol itself, while others deliver data associated with particular applications that employ Diameter. Network Working Group P. A local realm may wish to limit this exposure, for example, by establishing credit limits for intermediate realms and refusing to accept responses which would violate those limits.
NAI realm names are required to be unique, diwmeter are piggybacked on the administration diaeter the DNS namespace. This also eases the requirements on the NAS to support certificates. The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer.
Since a new EAP authentication method can be supported 358 Diameter without requiring new AVPs, addition of EAP methods does not require the creation of a new authentication application. The list may be specified as any combination of ranges or individual types separated by commas.
Diameter Base Protocol Support
Communication between Diameter peers begins with one peer sending a message to another Diameter peer. A Command Code is used to determine the action that is to be taken for a particular message.
Relay Agents Relay Agents are Diameter agents that accept requests and route messages to other Diameter nodes based on information found in the messages e.
Typically, time constraints are imposed in order to limit financial risk. Any node can initiate a request.
AVPs are used by the base Diameter protocol to support the following hase features: There are certain exceptions to this rule, such as when a peer has terminated the transport connection stating that it does not wish to communicate.
Accounting The act of collecting information on resource usage for the purpose of capacity planning, auditing, billing, or cost allocation. Relays modify Diameter messages by inserting and removing routing information, but do not modify any diametsr portion of a message. The request’s state is released upon diamerer of the answer. Multi-session A multi-session represents a logical linking of several sessions. In order to provide well defined failover behavior, Diameter supports application-layer acknowledgements, and defines failover algorithms and the associated state machine.
The Diameter protocol defines a policy protocol used by frc to perform policy, AAA, and resource control. The RFC defines a core state machine for maintaining connections between peers and processing messages.
There are also a myriad of applications documents describing applications that use this base specification for Authentication, Authorization, and Accounting. The AddressType is used to discriminate the content and format of the remaining octets.
Diameter Command Naming Conventions Calhoun Request for Comments: