Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). RFC Diameter Base Protocol, September Canonical URL: Discuss this RFC: Send questions or comments to [email protected] Other actions: View.
|Published (Last):||11 November 2004|
|PDF File Size:||14.98 Mb|
|ePub File Size:||16.48 Mb|
|Price:||Free* [*Free Regsitration Required]|
The format of the Data field MUST be one of the following base data types or a data type derived from the base data types. Retrieved 12 October The format of the header is: Unsigned32 32 bit unsigned value, in network byte order.
The list may be specified as any combination of ranges or individual types separated by commas. In this case, all IP numbers from 1. It MAY do this in one of the following ways: Command Flags The Command Flags field is eight bits. However, they differ since they modify messages to implement policy enforcement.
Information on RFC » RFC Editor
The packet consists of a Diameter header and a variable number of Attribute-Value Pairs, or AVPs, for encapsulating information relevant to the Diameter message.
The keyword “any” is 0. Here there are two: The encoding example illustrates how padding is used and how length gase are calculated. Proxies that wish to limit resources MUST maintain session state. Command-Code The Command-Code field is three octets, and is used in order to communicate the command associated with the message. Fragmented packets that have a non-zero offset i.
RFC – part 2 of 5
Senders of request messages MUST insert progocol unique identifier on each message. It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
The RFC defines a core state machine for maintaining connections between peers and processing messages. Adding a new 5388 AVP does not require a new application. Diameter sessions MUST be routed only through authorized nodes that have advertised support for the Diameter application required by the session.
Since Relays do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier. The application pritocol be an authentication application, an accounting application or a vendor specific application.
Protoxol 32 bit signed value, in network byte order. Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply.
Packets bas be marked or metered based on the ffc information that is associated with it: Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes.
This is known as the Realm Routing Table, as is defined further in Section 2. Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.
The default value is zero. Each English word is delimited by a hyphen. Security policies, which are not the subject of standardization, may be applied by next hop Diameter peer or by destination realm. A local realm may wish to limit this exposure, for example, idtf establishing credit limits for intermediate realms and refusing to accept responses which would violate those limits.
Packets may be filtered based on the following information that is associated with it: The ” R ” Request bit — If set, the message is a request. A three-letter acronym for both the request and answer is also normally provided. There is one kind of packet that the access device MUST always discard, that is an IP fragment with a fragment offset of one.
The ” T ” Potentially re-transmitted message bit — Diameterr flag is set after a link failover procedure, to aid the removal of duplicate requests.
End-to-end security policies include: The “ip” keyword means any protocol will match. Baes each step, forwarding of an authorization response is considered evidence of a willingness to take on financial risk relative to the session. Archived from the original on 4 July Due to space constraints, the short form DiamIdent is used to represent DiameterIdentity.
Some common Diameter commands defined in the protocol base and applications are:. This is part of the basic protocol functionality and all stacks should support it and as such abstract from the connectivity related operations.
Translation agents are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at pfotocol slower pace. Thus an administrator could change the configuration to avoid interoperability problems.