Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.

Author: Arashir Keramar
Country: Turkey
Language: English (Spanish)
Genre: Environment
Published (Last): 22 June 2017
Pages: 118
PDF File Size: 9.2 Mb
ePub File Size: 15.82 Mb
ISBN: 695-7-42623-651-3
Downloads: 82851
Price: Free* [*Free Regsitration Required]
Uploader: Votaur

Therefore, it is imperative that the designers of new applications understand their requirements before using Diameter. Since relays do not make policy decisions, they do not examine or alter non-routing AVPs.

Redirect Agent Rather than forwarding requests and responses between clients and servers, redirect agents refer clients to servers and allow them to communicate directly. Unsigned32 32 bit unsigned value, in network byte order.

An AVP includes a header and is used to bae protocol-specific data e. The Diameter discovery process now supports only widely used discovery schemes; the rest have been deprecated see Section 5.

Network Working Group P. Derivation of dynamic session keys is enabled via transmission-level security. The old method is kept for backward compatibility reasons.

RFC – Diameter Base Protocol

A stateful agent is one that maintains session state information; by keeping track of all authorized active sessions. Likewise, this reduces basf configuration load on Diameter servers that would otherwise be necessary when NASes are added, changed or deleted.

Diameter sessions MUST be routed only ddiameter authorized nodes that have advertised support for the Diameter application required by the session. A Diameter node MAY act as an agent for certain requests while acting as a server for others.

Adding a new optional AVP does not require a new application.

In order to provide universal support for transmission-level security, and enable both intra- and inter-domain AAA deployments, IPsec support is mandatory in Diameter, and TLS support is optional. Clarify the proper use of Application Id information, which can be found in multiple places within a Diameter message. The definition contains a list of valid values and their interpretation and is described in the Diameter application introducing the AVP.


Internet Standards Application layer diametee Computer access control protocols Authentication protocols. Commands A new command is used within the existing application because either an pdotocol command is added, an existing command has been modified so that a new Command Code had to be registered, or a command has been deleted.

This document also defines the Diameter failover algorithm and state machine. Accounting The act of collecting information on resource usage for the purpose of capacity planning, auditing, billing or cost allocation.

By using this site, you agree to the Terms of Use and Privacy Policy. It is set when resending requests not yet acknowledged, as an indication of a possible diajeter due to a link failure. Since the expected behavior is not defined, it varies between implementations. Thus an administrator could change the configuration to avoid interoperability problems. It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.

This document more clearly specifies what information AVPs and Application Ids can be used for making general routing decisions. The request’s state is released upon receipt of the answer. A comprehensive list of changes ddiameter not shown here for practical reasons. Sessions This section attempts to provide the reader with an understanding prorocol the difference between connection and session, which are terms used extensively throughout this document.

Both the protovol and the answer for a given command share the same command code. Within an accounting command, setting the “M” bit implies that a backend server e. When set the AVP Code belongs to the specific vendor code address space. A stateless agent is one that only maintains transaction state. Accounting The act of collecting information on resource usage for the purpose of capacity planning, auditing, billing, or cost allocation. 358 A session is a related progression of events devoted protocl a particular activity.

Translation Agents A translation agent is a device that provides translation between two protocols e. Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes.

Local Action The Local Action field is used to identify how a message should be treated. Role of Diameter Agents In addition to client and servers, the Diameter protocol introduces relay, proxy, redirect, and translation agents, each of which is defined in Section 1. Since Relays do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Diametter Application Identifier.


The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt to ensure that the number is unique across reboots. Description of the Document Set Without obtaining an adequate license from the person s controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for hase as an RFC or to translate it portocol languages other than English.

This is a valid packet, but it only rf one use, to try to circumvent firewalls. Realm The string in the NAI that immediately follows the ‘ ‘ character.

Diameter (protocol)

OctetString The data contains arbitrary data of variable length. Diameter defines 3588 behavior explicitly; this is described in Section 2. An administrative domain MAY act as a local realm for certain users, while being a home realm for others.

Since redirect agents do not sit in the forwarding path, they do not alter any AVPs transiting between client and orotocol. Agents do not need to support all modes of operation in order to conform with the protocol specification, but MUST follow the protocol compliance guidelines in Section 2.

RFC – part 2 of 5

Realm Name This is the field that is typically used as a primary key in the routing table lookups. Table of Contents 1. Should a new Diameter usage scenario find itself unable to fit within an existing application without requiring major changes to the specification, it may be desirable to create a new Diameter application.