Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.

Author: Akira Arabei
Country: Lebanon
Language: English (Spanish)
Genre: Automotive
Published (Last): 25 April 2013
Pages: 316
PDF File Size: 5.16 Mb
ePub File Size: 5.16 Mb
ISBN: 732-4-70293-762-4
Downloads: 81696
Price: Free* [*Free Regsitration Required]
Uploader: Dailrajas

For example, where TLS or IPsec transmission- level security is sufficient, there may be no need for end-to-end security. This section needs expansion. It is also suggested that inter-domain traffic would primarily use TLS. Role of Diameter Agents In addition to client and servers, the Diameter protocol introduces relay, proxy, redirect, and translation agents, each of which is defined in Section 1.

To test for a particular IP version, the bits part can be set to zero. Adding a new optional AVP does not require a new application. End-to-end security is security between two Diameter nodes, possibly communicating through Diameter Agents.

Relaying and Proxying Answers Each new definition must be either prorocol or listed with a reference to the RFC protovol defines the format. The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order that is used to match the requests with their answers as the same value in the request is used in the response.

Similarly, for the originator of a Diameter message, a “P” in rtc “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator diametre the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.

Translation of messages can only occur if the agent recognizes the application of a particular request, and therefore translation agents MUST only advertise their locally supported applications. Diameter makes use of the realm, also loosely referred to as domain, to determine whether messages can be satisfied locally, or whether they must be routed or redirected.


The RFC defines a core state machine for maintaining connections between peers and processing messages. In addition, they MUST fully support each Diameter application that is needed to implement the intended service, e. Both the request and the answer for a given command share the same command rdc.

Unsigned64 64 bit unsigned value, in network byte order. The absence of a particular option may be denoted with a ‘! The ” E ” Error bit — If set, the message contains a diamefer error, and the message will not conform to the CCF described for this command.

In addition to addressing the above requirements, Diameter also provides support for the following: The specific behavior fiameter the Diameter server or client receiving a request depends on the Diameter application employed. LOCAL – Diameter messages that resolve to a route entry with the Local Action set to Local can be satisfied locally, and do not need to be routed to another server.

Translation Agents A translation agent is a device that provides translation between orotocol protocols e. As a result, proxies need to understand the semantics of the messages passing through them, and may not support all Diameter applications.

Support for server-initiated messages is mandatory in Diameter, and is described in Section 8. The identifier MUST remain locally unique for a period of at least 4 minutes, even across reboots. As ofthe only value diametdr is 1.

A Command Code is used to determine the action that is to be taken for a particular message. E rror – If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command.

Information on RFC » RFC Editor

A Diameter node MAY initiate connections from a source port other than the one that it declares it accepts incoming connections on, and MUST be prepared to receive connections on port When relays or proxy are involved, this hop-by-hop security does not protect the entire Diameter user session. Creation of a new application should be viewed as a last resort. Portocol using this site, you agree to the Terms of Use and Privacy Policy. A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter.


Initially, it is expected that Diameter will be deployed within new network devices, as well as within gateways enabling communication between legacy RADIUS devices and Diameter agents. An administrative domain MAY act as a local realm for certain users, while being a home realm for others.

This routing decision is performed gfc a list of supported realms, and known peers. Should a new Diameter usage scenario find itself unable to fit within an existing application without requiring major changes to the specification, it may be desirable to create a new Diameter application.

This requires that proxies maintain the 5388 of their downstream peers e. However, they differ since they modify messages to implement policy enforcement. The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer.

Diameter (protocol)

Diameter defines agent behavior explicitly; this is described in Section 2. The following Application Identifier values are defined: Security is discussed in Section Peer discovery and diaameter RADIUS implementations typically require that the name or address of servers or clients be manually configured, along with the corresponding shared secrets.

A broker is either a relay, proxy or redirect agent, and MAY be operated by roaming consortiums. The first two octets of the Address. AVPs are used by the base Diameter protocol to support the following required features: If no rule matches, the packet is prltocol if the last rule evaluated was a permit, and passed if the last rule was a deny.