Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||28 March 2017|
|PDF File Size:||4.98 Mb|
|ePub File Size:||7.30 Mb|
|Price:||Free* [*Free Regsitration Required]|
The supported TCP options are: Redirecting a Diameter Message Since redirect agents do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier. Fragmented packets that have a non-zero offset i.
Diameter sessions MUST be routed only through authorized nodes that have advertised support for the Diameter application required by the session. For example, administrators within the home realm may diamerer wish to honor requests that have been routed through an untrusted realm.
An example is a redirect agent that provides services to all members of a consortium, but does not wish to be burdened with relaying all messages between realms. The list may be specified as any combination of ranges or individual types separated by commas.
Maintaining session state MAY be useful in certain applications, such diaketer It is set when resending requests not yet acknowledged as an indication of a possible duplicate due to a link failure. T Potentially re-transmitted message – This flag is set after diameeter link failover procedure, to aid the removal of duplicate requests.
Command Flags The Command Flags field is eight bits. However, the protocol’s failover procedures require that agents maintain a copy of pending requests. If an optional rule has no ; qualifier, then frc or 1 such AVP may be ; present. Views Read Edit View history. The absence of a particular option may be denoted with a ‘!
RFC – Diameter Base Protocol
If no rule matches, the packet is dropped if the last rule evaluated was a permit, and passed if the last rule was a deny. The application can be an authentication application, an accounting application or a vendor specific application.
The request is identified by the R equest bit in the Diameter header set to one 1to ask that a particular action diametwr performed, such as authorizing a user or terminating a session.
To test for a particular IP version, the bits part can be set to zero.
Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it. Each packet is evaluated once.
Integer64 64 bit signed value, in network byte order. This is known as the Realm Routing Table, as is defined further in Section 2. Due to space constraints, the short form DiamIdent is used to represent DiameterIdentity. Thus an administrator could change the configuration to avoid interoperability problems. Some common Diameter commands defined in the protocol base and applications are:. The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer.
Likewise, this reduces the configuration load on Diameter servers that would otherwise be necessary when NASes are added, changed or deleted. Each of these AVPs follows – in the order in which they are specified – including their headers and padding.
RFC – part 2 of 5
At each step, forwarding of an authorization response is considered evidence of a willingness to take on financial risk relative to the session. All proxies MUST maintain transaction state.
In addition to authenticating each connection, each connection as well as the entire session MUST also be authorized. If no rule matches, the packet is treated as best effort.
Packets may be marked or metered based on the following information that is associated with it: E rror – If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command.
Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply.
A Diameter implementation MAY act as one type of agent for some rvc, and as another type of agent for others.
Relays modify Diameter messages by inserting and removing routing information, but do not modify any other portion of a message. A stateful agent is one that maintains session state information; by keeping track of all authorized active sessions.