Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
|Published (Last):||17 May 2010|
|PDF File Size:||14.7 Mb|
|ePub File Size:||3.21 Mb|
|Price:||Free* [*Free Regsitration Required]|
An administrative domain MAY act as a local realm for certain users, while being a home realm for vase. Since enforcing policies requires an understanding of the service being provided, Proxies MUST only advertise the Diameter applications they support. The creation of new AVPs can happen in various ways.
Command Flags The Command Flags field is eight bits.
The Diameter protocol also supports server-initiated messages, such as a request to abort service to a particular user. Since relays do not make policy decisions, they do not examine or alter non-routing AVPs.
Please refer to Section In addition to addressing the above bsae, Diameter also provides support for the following: Integer64 64 bit signed value, in network byte order.
Role of Diameter Agents The use of a secured transport for exchanging Diameter messages remains mandatory. Please refer to Section The keyword “any” is 0. Sub-session A sub-session represents a distinct service e. From Wikipedia, the free encyclopedia.
P roxiable – If set, the message MAY be proxied, relayed or redirected. Once the receiver has completed the request it issues the corresponding answer, which includes a result code that communicates one of the following: The keyword “assigned” is the address or set of addresses assigned to the terminal. Real-time Accounting Real-time accounting involves the processing of information on resource usage within a defined time window.
In the event that a logical grouping of AVPs is necessary, and multiple “groups” are possible in a given command, it is recommended that a Grouped AVP be used see Section 4. When relays or proxy are involved, this hop-by-hop security does not protect the entire Diameter user session.
On 6h 28m 16s UTC, 7 February the time value will overflow. This allows a single server to handle policies for many services. Note that some implementations perform their lookups based on longest-match-from-the-right on the realm rather than requiring an exact match. Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.
The following Application Identifier values are defined: It belongs to the application layer protocols in the internet protocol suite. A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter. If an AVP with the ” M ” bit set is received by a Diameter client, server, proxy, or translation agent and either the AVP or its value is unrecognized, the message must be rejected.
RFC – Diameter Base Protocol
The End-to-End Identifier is not modified by Diameter agents of any kind, and the same value in the corresponding request is used in the answer. Authorization The act of determining whether a requesting entity subject will be allowed access to a resource object.
A metalanguage with its own formal syntax and rules. In the event that a logical grouping of AVPs is necessary, and multiple “groups” are possible in a given command, it is recommended that a Grouped AVP be used see Section 4.
This AVP would be encoded as follows: Peer connection B is established between the Relay and the Server. Initially, it is expected that Diameter will be deployed within new network devices, as well as within gateways enabling communication between legacy RADIUS devices and Diameter agents. This document also defines the Diameter failover algorithm and state machine. This new approach lrotocol the existing in-band security negotiation, but it does not completely replace it.
It is also possible for the base protocol to be extended for use in new applications, via the addition of diameer commands or AVPs.
Distribution of this memo baze unlimited. By its very nature, a Diameter server must support Diameter server applications in addition to the base protocol. This is typically accomplished by tracking the state of NAS devices. Messages with the “E” bit set are commonly referred to as error messages.
The supported IP options are: