Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||23 November 2004|
|PDF File Size:||15.11 Mb|
|ePub File Size:||16.64 Mb|
|Price:||Free* [*Free Regsitration Required]|
The End-to-End Identifier is not modified by Diameter agents of any kind, and the same value in the corresponding request is used in the answer. The combination of the Origin-Host see Section 6. Every Diameter message MUST contain a command code in its header’s Command-Code field, which is used to determine the action that diaameter to be taken for a particular message.
RFC – Diameter Base Protocol
The ” E ” Diameteg bit — If set, the message contains a protocol error, and the message will not conform to the CCF described for this command. Likewise, this reduces rffc configuration load on Diameter servers that would otherwise be necessary when NASes are added, changed or deleted.
The format of the header is: Each new definition must be either defined or listed with a reference to the RFC that defines the format.
AVPs containing dismeter and passwords should be considered sensitive. Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation. Command Flags The Command Flags field is eight bits.
The keyword “any” is 0. Since 3858 policies requires an understanding of the service being provided, Proxies MUST only advertise the Diameter applications they support.
Prior to bringing up a connection, authorization checks are performed at each connection along the path. If no rule matches, the packet is dropped if the last rule evaluated was a permit, and passed if the last rule was a deny. One or more Session-Ids must follow. The name is a play on words, derived from the RADIUS protocol, which is the predecessor a diameter is twice the radius. The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer.
These Diameter agents are useful for several reasons: Fragmented packets that have a non-zero diamter i. A Command Code is used to determine the action that is to be taken for a particular message.
For example, administrators within the home realm may not wish to honor requests that have been routed through an untrusted realm. A stateful agent is one that maintains session state information; by keeping track of all authorized active sessions.
It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication. Duplicate answer messages that are to be locally consumed see Section 6.
The absence of a particular flag may be denoted with a ‘! Diameter is used for many different interfaces defined by the 3GPP djameter, with each interface typically defining new commands and attributes.
This routing decision is performed using a list of supported realms, and known peers. Any AVP for which the P bit may be set or which may be encrypted may be considered sensitive. The Diameter protocol requires that agents maintain transaction rtc, which is used for failover purposes. Diameter is an authentication, authorization, and accounting protocol for computer networks.
Match if the ICMP type is in the list types.
Information on RFC » RFC Editor
The Hop-by-Hop identifier is normally a monotonically increasing number, whose start value was randomly generated. Role of Diameter Agents In addition to client and servers, the Diameter protocol introduces relay, proxy, redirect, and translation agents, each of which is defined in Section 1.
Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply. Transaction state implies that upon forwarding a request, its Hop-by-Hop fiameter is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received.
Relaying of Diameter messages The example provided in Figure 2 depicts a request issued from NAS, which is an access device, for the user bob example. It is set when resending requests not yet acknowledged as an indication of a possible duplicate due to a link failure.