Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||12 April 2014|
|PDF File Size:||20.35 Mb|
|ePub File Size:||5.70 Mb|
|Price:||Free* [*Free Regsitration Required]|
The supported Tfc types are: The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order that is used to match the requests with their answers as the same value in the request is used in the response.
Role of Diameter Agents In addition to client and servers, the Diameter protocol introduces relay, proxy, redirect, and translation agents, each of which is defined in Section 1. Diameter AVPs Diameter AVPs carry specific authentication, efc, authorization, routing and security information as well as configuration details for the request and reply.
Maintaining session state MAY be useful in certain applications, such as: Packets may be filtered based on the following information that is associated with it: The default value is infinity.
The use of Relays is advantageous since it eliminates the need for NASes to be configured with the necessary security information they would otherwise require to communicate with Diameter servers in other realms. In addition to authenticating each connection, each connection as well as the entire session MUST also be authorized.
AVPs containing keys and passwords should be considered sensitive. By authorizing a request, the home Diameter server is implicitly indicating its dia,eter to engage in the business transaction as specified by the contractual relationship between the server and the previous hop. The definition contains a list of valid values and their interpretation and is described in the Diameter application introducing the AVP.
It MAY rgc this in one of the following ways: Adding a new optional AVP does not require a new application. It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
Transaction state implies that upon forwarding a request, its Hop-by-Hop Identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received.
Any AVP for which the P bit may be set or 388 may be encrypted may be considered sensitive. A home realm may also wish to check that each accounting request message corresponds to a Diameter response authorizing the session.
However, they differ since they modify messages diameteg implement policy enforcement. Unsigned32 32 bit unsigned value, in network byte order.
RFC – part 2 of 5
The End-to-End Identifier is not modified by Diameter agents of any kind, and the same value in the corresponding request is used in the answer. The metering options MUST be included.
A Diameter implementation MAY act as one type of agent for some requests, and as another type of agent for others. The RFC defines an authorization and an accounting state machine. Diameter is an authentication, authorization, and accounting protocol for computer networks. When set the AVP Code belongs to the specific vendor code address space.
Relaying of Diameter messages The example provided in Figure 2 depicts a request issued from NAS, which is an access device, for the user bob example. Both the request and the answer for a given command share the same command code. The AVP contains the identity of the peer the request was received from.
Application-ID Application-ID is four octets and is used dimeter identify to which application the message is applicable for.
The Proxy-Info AVP allows stateless agents to add local state to a Diameter request, with the guarantee rcc the same state will be present in the answer. Retrieved from ” https: A stateless agent is one that only maintains transaction state.
The bit value is transmitted in network byte order. Match if the TCP header contains the comma separated list gfc flags specified in spec. Likewise, this reduces the configuration load on Diameter servers that would otherwise be necessary when NASes are added, changed or deleted. Internet Standards Application layer protocols Computer access control protocols Authentication protocols. Senders of request messages MUST insert a unique diamster on each message.
The following Command Codes are defined in the Diameter base protocol: