Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.
|Published (Last):||2 November 2006|
|PDF File Size:||18.32 Mb|
|ePub File Size:||18.9 Mb|
|Price:||Free* [*Free Regsitration Required]|
This field MUST be used as a secondary key field in routing table lookups. In order to provide well defined failover behavior, Diameter supports application-layer acknowledgements, and defines failover algorithms and the associated state machine. The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer.
RFC – Diameter Base Protocol
P roxiable – If set, the message MAY be proxied, relayed or redirected. Diameter Client A Diameter Client is a protoccol at the edge of the network that performs access control. A local realm may wish to limit this exposure, for example, by establishing credit limits for intermediate realms and refusing to accept responses which would violate those limits.
This AVP would be encoded as follows: The Diameter protocol requires that relaying and proxying agents maintain transaction state, which is used for failover purposes. An access device that is unable to interpret or rtc a permit rule MAY apply a more restrictive rule.
Communication between Diameter peers begins with one peer sending a message to another Diameter peer. Accounting requests without corresponding authorization responses SHOULD be subjected to further scrutiny, as should accounting requests protkcol a difference between the requested and provided service.
Only this exact IP number will match the rule. All proxies MUST maintain transaction state. Byte sequences that do not correspond to the valid encoding of a code point into UTF-8 charset or are outside this range are prohibited. Agents do not need to support all modes of operation in order to conform with the protocol specification, but MUST follow the protocol compliance guidelines in Section 2. Diameter Server A Diameter Server is one that handles authentication, authorization and accounting requests for a particular realm.
If an optional rule has no ; qualifier, then 0 or 1 such AVP may be ; present.
In addition, they MUST fully support each Diameter application that is needed to implement the client’s service, e. A rule that contains a tcpflags specification can never match a fragmented packet that has a non-zero diammeter.
Translation Agents A translation agent is a device that provides translation between two protocols e. A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter. Proxies that wish to limit resources MUST maintain session state.
Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it. The RFC defines a core state machine for 35588 connections between peers and processing messages.
Once accepted by the server, both the client and the server are aware of the session.
In addition, they MUST fully support each Diameter application that is needed to implement proxied services, e. Diameter Protocol Related Configurable Parameters The absence of a particular flag may be denoted with a ‘!
Server Identifier One or more servers the message is to be routed to. Creating New Authentication Applications The following Command Codes are defined in the Diameter base protocol: An implementation MAY add arbitrary non-mandatory AVPs to any command defined in an application, including vendor-specific AVPs without needing to diametee a new application.
The Diameter protocol also supports server-initiated messages, such as a request to abort service to a particular user.
It is also possible for the base protocol to be extended for use in new applications, via the addition of new commands or AVPs. At each step, forwarding of an authorization response is considered evidence of a willingness to take on financial risk relative to the session.
One or more Session-Ids must follow. Portocol This section attempts to provide the reader with an understanding of the difference between connection and session, which are terms used extensively throughout rffc document.
In addition, they MUST fully support each Diameter application that is needed to implement the intended service, e.
T Potentially re-transmitted message – This flag is set after a link failover procedure, to aid the removal of duplicate requests. E rror – If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command. Application Identifiers are still required for Diameter capability exchange.
Here there are two: The communicating party may accept the request, or reject it by returning an answer message with the Result-Code AVP.