Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||26 September 2013|
|PDF File Size:||18.88 Mb|
|ePub File Size:||1.66 Mb|
|Price:||Free* [*Free Regsitration Required]|
The name is a play on words, derived from the RADIUS protocol, which is the predecessor a diameter is twice the radius. This field indicates the version of the Diameter Base Protocol. Retrieved 30 April The ” E ” Error bit — If set, the message contains a protocol error, and the message will not conform to the CCF described for this command.
Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis. The Hop-by-Hop identifier is normally a monotonically increasing number, whose start value was randomly generated.
The packet consists of a Diameter header and a variable number of Attribute-Value Pairs, or AVPs, for encapsulating information relevant to the Diameter message. Relay Agents Relay Agents are Diameter agents that accept requests and route messages to other Diameter nodes based on information found in the messages e.
To test for a particular IP version, the bits part can be set to zero. As ofthe only value supported is 1.
RFC – part 2 of 5
The request is identified by the R equest bit in the Diameter header set to one 1to ask that a particular action be performed, such as authorizing a user or terminating a session. Due to space constraints, the short form DiamIdent is used to represent DiameterIdentity. Retrieved from ” https: The following Command Codes are defined in the Diameter base protocol: The keyword “assigned” is the address or set of addresses assigned to the terminal.
The example provided in Figure 3 depicts a request issued from the access device, NAS, for the user bob example. End-to-End Security Framework End-to-end security services include confidentiality and message origin authentication. Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply. A number of zero- valued bytes are added to the end of the AVP Data field dia,eter a word boundary is reached.
The Proxy-Info 3858 allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer. The RFC defines a core state machine for maintaining connections between peers and processing messages.
This AVP would be encoded as follows: Byte sequences that do not correspond to the valid encoding of dizmeter code point into UTF-8 charset or are outside this range are prohibited. Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.
Translation Agents A translation agent is a device that provides translation between two protocols e. Views Read Edit View rff.
DIAMETER – The Wireshark Wiki
Which AVPs are sensitive is determined by service provider policy. OctetString The data contains arbitrary data of variable length. In this case, all IP numbers from 1. The length of the padding is not reflected in the AVP Length field. The ” R ” Request bit — If set, the message is a request. Redirecting a Diameter Message Since redirect agents do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier.
The list may be specified as any combination of ranges or individual types separated by commas. Upon reboot implementations MAY set the high order 12 bits to contain the low order 12 bits of current time, and the low order 20 bits to a random value.
Diameter Relay and redirect agents must not reject messages with unrecognized AVPs. Transaction state implies that upon forwarding a request, its Hop-by-Hop identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received.
The Message Length field indicates the length of the Diameter message in bytes, including the header fields and the padded AVPs. The circumstances requiring the use of end-to-end security are determined by policy on each of the peers.
Obsolete RFCs are indicated with strikethrough text. Messages with the “E” bit set are commonly referred to as error messages. Each authorized session diajeter bound to a particular service, and its state is considered active either until it is notified otherwise, or by expiration.
An example is a redirect agent that provides services to all members of a consortium, but does not wish to be burdened with relaying all messages between realms. Some common Diameter commands defined in the protocol base and applications are:.
Given that the Diameter protocol introduces the concept of long-lived authorized sessions, translation agents MUST be session stateful and MUST maintain transaction state. The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order that is used to match the requests with their answers as the same value in the request is used in the response.