Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||17 December 2004|
|PDF File Size:||4.91 Mb|
|ePub File Size:||6.29 Mb|
|Price:||Free* [*Free Regsitration Required]|
End-to-End Identifier The End-to-End Identifier is an unsigned bit integer field in network byte order and is used to detect duplicate messages. Packets may be marked or metered based on the following information that is associated with it: The supported ICMP types are: To test for a particular IP version, the bits part can be set to zero.
Relays modify Diameter messages by inserting and removing routing information, but do not modify any other portion of a message. The example provided in Figure 3 depicts a request issued from the access device, NAS, for the user bob example. The ” T ” Potentially re-transmitted message bit — This flag is set after a link failover procedure, to aid the removal of duplicate requests. Proxies MAY be used in eiameter control centers or access ISPs that provide diametre connections, they can monitor the number and types of ports in use, and make allocation and admission decisions according to their configuration.
As ofthe only value supported is 1.
Accounting AVPs may be considered diametfr. The encoding example illustrates how padding is used and how length fields are calculated. Additionally, application specific state machines can be introduced either later or at a higher abstraction layer. See the frag option for details on matching fragmented packets.
This AVP would be encoded as follows: Archived from the original on 4 July Relay Agents Relay Agents are Diameter agents that accept requests and route messages to other Diameter nodes based on information found in the messages e. Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis. Received answers that do not match a known Hop-by-Hop Identifier are ignored by the Diameter agent.
A number of zero- valued bytes are added to the end of the AVP Data field till a word boundary is reached. On 6h 28m 16s UTC, 7 February the time value will overflow. Application-ID Application-ID is four octets and is used to identify to which application the message is applicable for. Diameter agents only need to be concerned about the number of requests they send based on a single received request; retransmissions by other entities need ddiameter be tracked.
The Diameter protocol was initially developed by Pat R. These Diameter agents are useful for several reasons: If no rule matches, the packet is dropped if the last rule evaluated was a permit, and passed if the last rule was a deny.
This routing decision is performed using a list of supported realms, and known peers.
The circumstances requiring the use of end-to-end security are determined by policy on each of the peers. A local realm may wish to limit this exposure, for example, by establishing credit limits for intermediate realms and refusing to accept responses which would violate those limits.
The RFC defines an authorization and an accounting state machine. It is set when resending requests not yet acknowledged as an indication of a possible duplicate due to a link failure. Direction in or out Source and destination IP address possibly masked Protocol Source and destination port lists or ranges DSCP values no mask or range Rules for the appropriate direction are evaluated in order, with the first matched rule terminating the evaluation.
In addition to authenticating each connection, each connection as well as the entire session MUST also be authorized. E rror – If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command. diameteg
Information on RFC » RFC Editor
Retrieved from ” https: Only this exact IP number will match the rule. The format of the header is: The RFC defines a core state machine for maintaining connections between peers and processing messages.
Since redirect agents do not relay messages, and only return an answer with the information necessary for Diameter agents to communicate directly, they do not modify messages. Duplicate answer messages that are to be locally consumed see Section diiameter.
You can help by adding to it. Match if the ICMP type is in the list types. The Diameter protocol requires that relaying and proxying agents maintain transaction state, which is used for failover purposes.
DIAMETER – The Wireshark Wiki
The ” E ” Error bit — If set, the message contains eiameter protocol error, and the message will not conform to the CCF described for this command. The keyword “assigned” is the address or set of addresses assigned to the terminal.
If cleared, the message MUST be locally processed. The ” R ” Request bit — If set, the message is a request. Which AVPs are sensitive is determined by service provider policy. The use of Relays is advantageous since it eliminates the need for NASes to be configured with the necessary security information they would otherwise require to communicate with Diameter servers in other realms.
Both the numeric values and the symbolic values listed diamster can be used. Thus an administrator could change the configuration to avoid interoperability problems. It can be set only diametee cases where no answer has been received from the server for a request and the request is sent again.