DIAMETER BASE PROTOCOL RFC 3588 PDF
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
|Published (Last):||18 October 2012|
|PDF File Size:||6.51 Mb|
|ePub File Size:||2.55 Mb|
|Price:||Free* [*Free Regsitration Required]|
Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it.
Creation of a new application should be viewed as a last resort. A comprehensive list of changes is not shown prktocol for practical reasons. In addition, they MUST fully support each Diameter application that is needed to implement the intended service, e. As with relay bsse, redirect agents do not keep state with respect to sessions or NAS resources. Since the expected behavior is not defined, it varies between implementations. All of the errata filed against RFC prior to the publication of this document have been addressed.
It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply.
Reuse simplifies standardization and implementation and avoids potential interoperability issues. It is also possible for the base protocol to be extended for use in new applications, via the addition of new commands or AVPs.
This field is only present if the respective bit-flag is enabled. By issuing an protocool request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response.
Authorization The act of determining whether viameter requesting entity subject will be allowed access to a resource object. If no rule matches, the packet is dropped if the last rule evaluated was a permit, and passed if the last rule was a deny. Command-Code The Command-Code field is three octets, and is used in order to communicate the command associated with the message.
Diameter includes support for error handling Section 7capability negotiation Section 5. Transaction state implies that upon forwarding a request, the Hop-by-Hop Identifier is saved; the field is replaced with a locally unique identifier, diameteg is restored to its original value when the corresponding answer is received.
Sub-session A sub-session represents a distinct service e. User The entity or device requesting or using some resource, in support of which a Diameter client has generated a request. By authorizing a request, the home Protoclo server is implicitly indicating its willingness to engage in the business transaction as specified by the contractual relationship between the server and the previous hop.
This security protects the entire Diameter communications path from the originating Diameter node to the terminating Diameter node. Diameter implementations SHOULD also be able to interpret a reset from the transport and timed-out connection attempts. Diameter Protocol Related Configurable Parameters Diameter Rvc Compliance Application Identifiers are advertised during the capabilities exchange phase see Section 5.
Diameter sessions MUST be routed only through authorized nodes that have advertised support for the Diameter application required by the session. Command Flags The Command Flags field is eight bits. Furthermore, all Diameter messages contain an Application Identifier, which is used in the message forwarding process. Once the receiver has completed the request it issues the corresponding answer, which includes a result code that communicates one of the following: In lrotocol, this document defines the base protocol specification for AAA, which includes support for accounting.
The Diameter ffc also supports server-initiated messages, such as a request to abort service to a particular user. Agents do not need to support all modes of operation in order to conform with the protocol specification, but MUST follow the protocol compliance guidelines in Section 2.
A summary of the base protocol updates included in this document can be found rfd Section 1. The Hop-by-Hop identifier is normally a monotonically increasing number, whose start value was randomly generated. Loughney Nokia Research Center G. Given that the Diameter protocol introduces the concept of long-lived authorized sessions, translation agents MUST be session stateful and MUST maintain transaction state.
Diameter (protocol) – Wikipedia
Each leg of the bundle would be a session while the entire bundle would be a multi-session. A Diameter node may act as an agent for certain requests while acting as a server for others. Since relays make decisions based on information in routing AVPs and realm forwarding tables they do not keep state on NAS resource usage or sessions in diametsr.
Diameter Client A Diameter client is a Diameter node that supports Diameter client applications as well as the base protocol. Examples are removal of obsolete types, fixes to the state machine, clarification of the election process, message validation, fixes to Failed-AVP and Result-Code AVP values, etc.