Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.

Author: Tygor Mumuro
Country: Gabon
Language: English (Spanish)
Genre: Travel
Published (Last): 15 May 2008
Pages: 393
PDF File Size: 17.87 Mb
ePub File Size: 10.6 Mb
ISBN: 228-9-77453-640-2
Downloads: 63843
Price: Free* [*Free Regsitration Required]
Uploader: Grozragore

Command-Code The Command-Code field is three octets, and is used in order to communicate the command associated with the message. Fragmented packets that have a non-zero offset i.

T Potentially re-transmitted message – This flag is set after a link failover procedure, to aid rff removal of duplicate requests. Therefore, it is imperative that the designers of new applications understand their requirements before using Diameter.

The Hop-by-Hop identifier is normally a monotonically increasing number, whose start value was randomly generated. Views Read Edit View history. While attribute hiding is supported, [ RFC ] does not provide support for per- packet confidentiality. Transaction state The Diameter protocol requires that agents maintain transaction state, which is used for failover purposes.

Relaying and Proxying Answers Peer connection B is established between the Relay and the Server. End-to-End Identifier The End-to-End Identifier is an unsigned bit integer field in network byte order and is used to detect duplicate messages.

OctetString The data contains arbitrary data of variable length. It is important protpcol note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.


RFC – part 1 of 5

Diameter proxies Pprotocol support the base protocol, which includes accounting. This scenario is advantageous since it does not require that the consortium provide routing updates to its members when changes are made to a member’s infrastructure. A Realm Routing Table Entry contains the following fields: Diameter includes support for error handling Section 7capability negotiation Section 5.

This includes fixes to the Diameter extensibility description Section 1. Redirect Agents Redirect agents are useful in scenarios where the Diameter routing configuration needs to be centralized.

Both bsae numeric values and the symbolic values listed below can be used. It belongs to the application layer protocols in the internet protocol suite.

Since additional code points are added by amendments to the standard from time to time, implementations MUST be prepared to encounter any code point from 0x to 0x7fffffff. This section needs expansion. Some common Diameter commands defined in the prootocol base diamrter applications are:.

There are also a myriad of applications documents describing applications that use this base specification for Authentication, Authorization, and Accounting. The request’s state is released upon receipt diameer the answer. This results in a large administrative burden, and creates the temptation to reuse the RADIUS shared secret, which can result in major security vulnerabilities if the Request Authenticator is not globally and temporally unique as required in [ RADIUS ].

Since RADIUS clients and servers are not aware of each other’s capabilities, they may not be able to successfully negotiate a mutually acceptable service or, in some cases, even be aware of what service has been implemented.

  BLFS 6.3 PDF

For Protocl, a typical first rule is often “deny in ip! The bit value is transmitted in network byte order. Session A session is a related progression of events devoted to a particular activity. A mandatory AVP is defined as one which has the “M” bit protocil when sent within an accounting command, regardless of whether it is required or optional within the ABNF for the accounting 3858.

The creation of new AVPs can happen in various ways. Diameter Relay and redirect agents must not reject messages with unrecognized AVPs. For a match to occur, the same IP version must be present in the packet that was used in describing the IP address. Stateful Agent A stateful agent is one that maintains session state information, by keeping track of all authorized active sessions.

This feature was implied in the peer diameterr machine table of RFCbut it was not clearly defined anywhere else in that document. This behavior is handled via the Tc timer, whose recommended value is 30 seconds. Authentication The act of verifying the identity of an entity subject.

Diameter (protocol)

Diameter Agent A Diameter Agent is a Diameter node that provides relay, proxy, redirect, or translation services. Diameter application documents provide guidelines as to when a session begins and ends. Peotocol is known as the Realm Routing Table, as is defined further in Section 2.