Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.
|Published (Last):||22 January 2006|
|PDF File Size:||9.98 Mb|
|ePub File Size:||13.87 Mb|
|Price:||Free* [*Free Regsitration Required]|
As ofthe only value supported is 1. Hop-by-Hop Identifier The Riameter Identifier is an unsigned bit integer field in network byte order and aids in matching requests and replies.
In order to provide universal support for transmission-level security, and enable both intra- and inter-domain AAA deployments, IPsec support prorocol mandatory in Diameter, and TLS support is optional.
In the event that a logical grouping of AVPs is necessary, and multiple “groups” are possible in a given command, it is recommended that a Grouped AVP be used see Section 4.
A route entry can have a different destination based on the application identification AVP of the message. This scenario is advantageous since it does not require that the consortium provide routing updates to its members when changes are made to a member’s infrastructure. Diameter connections and sessions In the example provided in Figure 1peer connection A is established between the Prktocol and its local Relay. Received answers that do not match a known Hop-by-Hop Identifier are ignored by the Diameter agent.
It is also possible for the base protocol to be extended for use in new applications, via the addition of new commands or AVPs. Please refer to Section Table of Contents 1.
Home Realm A Home Realm is the administrative domain with which the user maintains an account relationship.
When set the AVP Code belongs to the specific vendor code address space.
E rror – If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command. This allows a single server to handle policies for many services. Creating New Accounting Applications This feature was implied in the peer state machine table of RFCbut it was not clearly defined anywhere else in that document. Retrieved from ” https: Since RADIUS clients and servers are not aware of each other’s capabilities, they may not be able to successfully negotiate a mutually acceptable service, or in some cases, even be aware of what service has been implemented.
Changes from RFC Proxy Agent or Proxy In addition to forwarding requests and responses, proxies make policy decisions relating to resource usage and provisioning. Furthermore, if the transport characteristics of a command are changed for example, with respect to the number of round trips requireda new Command Code MUST be registered.
Accounting Record An accounting record represents a summary of the resource consumption of a user over the entire session. Description of the Document Set The Diameter specification consists of an updated version of the base protocol specification this document and the Transport Profile [ RFC ].
A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter.
In addition to authenticating each connection, each connection as well as the entire session MUST also be authorized. Message Length The Message Length field is three octets and indicates the length of the Diameter message including the header fields. For example, a Diameter peer may be authentic, but that does not mean that it is authorized to act as a Diameter Server advertising a set of Diameter applications.
Each authorized session is bound to a particular service, and its state is considered active either until it is notified otherwise or until expiration. Protofol of Accounting Records Auditability RADIUS does not define data-object security mechanisms, and as a result, untrusted proxies may modify attributes or even packet headers without being detected.
RFC – Diameter Base Protocol
The rule syntax is diametet modified subset of ipfw 8 from FreeBSD, and the ipfw. Diameter Command Naming Conventions A given Diameter instance of the peer state machine MUST NOT use more than one transport connection to communicate with a given peer, unless multiple instances exist on the peer in which case a separate connection per process is allowed.
Local Realm A local realm is the administrative domain providing services to a user. AVPs containing keys and passwords should be considered sensitive.