Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
Application-ID Application-ID is four octets and is used to identify to which application the message is applicable for. The base protocol also defines certain rules that apply to all exchanges of messages between Diameter nodes.
Creating New Authentication Applications These changes in sessions are tracked with the Accounting-Sub-Session-Id. This field is only present if the respective bit-flag is enabled. The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee that the same state will be present in the answer.
Initially, it is expected that Diameter will be deployed within new network devices, as well as within gateways enabling communication between legacy RADIUS devices and Diameter agents. Application Identifier An application is identified by a vendor id and an application id. Peer discovery protoco configuration RADIUS implementations typically require that the name or address of servers or clients be manually configured, along with the corresponding shared secrets.
Since redirect agents do not receive answer messages, they cannot maintain bzse state. The creation of new AVPs can happen in various ways. Each leg of the bundle would be a session while the entire bundle would be a multi-session.
Diameter Relay and redirect agents must not reject messages with unrecognized AVPs. A three-letter acronym for both the request and answer is also normally provided. Each authorized session is bound to a particular service, and its state is considered active either until it is notified otherwise, or by expiration.
A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter. A Peer Table entry contains the following fields: Any node can initiate a request. The Transport Profile document [ RFC ] discusses transport layer issues that arise with AAA protocols and recommendations on how to overcome these issues. As noted in Section 6. A mandatory AVP is defined as one which has the “M” bit set when sent within an accounting command, regardless of whether it is required or optional within the ABNF for the accounting application.
As such, there is no versioning support provided by these Application Ids themselves; every Diameter application is a standalone application. Diameter Client A Diameter Client is a device at the edge of the network that performs access control.
Initially, it is expected that Diameter will be deployed within new network devices, as well as within gateways enabling communication between legacy RADIUS devices and Diameter agents.
Since within [ IKE ] authentication occurs only within Phase 1 prior to the vase of IPsec SAs in Phase 2, it is typically not possible to define separate trust or authorization schemes for each application.
Unsigned32 32 bit unsigned value, in network byte order. The “ip” keyword means any protocol will match.
Table of Contents 1. This MAY require that new AVP values be assigned to represent the new authentication transform, or any other scheme that produces similar results.
By providing explicit support for inter-domain roaming and message routing Sections 2. Table of Contents 1.
The use of a secured transport for exchanging Diameter messages ptotocol mandatory. An example of a multi-session would be a Multi-link PPP bundle. User session X spans from the Client via the Relay to the Server.
These applications are introduced in this document but specified elsewhere. It is also possible for the base protocol to be extended for use in new applications, via the addition of new commands or AVPs.
Since redirect agents do not relay messages, and only return an answer with the information necessary for Diameter agents to communicate directly, they do not modify messages. Accounting The act of collecting information on resource usage for the purpose of capacity planning, auditing, billing or cost allocation. Description of the Document Set The Diameter specification consists of an updated version of the base protocol specification this document and the Transport Profile [ RFC ].
The request is identified by the R equest bit in the Diameter header set to one 1to ask that a particular action be performed, such as authorizing a user or terminating a session. Only this exact IP number will match the rule. If the CCF definition of a command allows it, an implementation may add arbitrary optional AVPs with the M-bit cleared including vendor- specific AVPs to that command without needing to define a new application.