Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC
|Published (Last):||1 May 2009|
|PDF File Size:||15.89 Mb|
|ePub File Size:||2.46 Mb|
|Price:||Free* [*Free Regsitration Required]|
The identifier MUST remain locally unique for a period of at least 4 minutes, even across reboots. Diameter is an authentication, efc, and accounting protocol for computer networks. The End-to-End Identifier is not modified by Diameter agents of any kind, and the same value in the corresponding request is used in the answer.
The packet consists of a Diameter header and a variable number of Attribute-Value Pairs, or AVPs, for encapsulating information relevant to the Diameter message. Match if the TCP header contains the comma separated list of flags specified in spec. This is known as the Realm Routing Table, as is defined rfv in Section 2.
Since redirect agents do not receive answer messages, they cannot maintain session state. A home realm may also wish to check that each accounting request message corresponds to a Diameter response authorizing the session.
It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
By authorizing a request, the home Diameter server is implicitly indicating diametet willingness to engage in the business transaction as specified by the contractual relationship between the server and the previous hop. Transaction state implies that upon forwarding a request, its Hop-by-Hop Identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received.
Since Relays do not perform any application level processing, they provide relaying services for all Diameter applications, and therefore MUST advertise the Relay Application Identifier.
The values are for permanent, standard commands allocated by IANA. However, the protocol’s diiameter procedures require that agents maintain a copy of pending requests. Integer64 64 bit signed value, in network byte order. This page was last edited on 19 Octoberat Given that the Diameter protocol introduces the concept of long-lived authorized sessions, translation agents MUST be session stateful and MUST maintain transaction state.
Diameter (protocol) – Wikipedia
There is one kind of packet that the access device MUST always discard, that is an IP fragment with a fragment offset of one. The AVP can ; appear anywhere in the message.
This allows a single server to handle policies for many services. The use of Relays is advantageous since it diamerer the need for NASes to be configured with the necessary security information they would otherwise require to communicate with Diameter servers in other realms. Diameter implementations are required to support all Mandatory AVPs which are allowed by the message’s formal syntax and defined either in the base Diameter standard or in one of the Diameter Application specifications governing the diamefer.
If no rule matches, the packet is treated as best effort.
Security policies, which are not the subject of standardization, diameyer be applied diaameter next hop Diameter peer or by destination realm. In this case, all IP numbers from 1. Diameter Command Naming Conventions Diameter command names typically includes one or more English words followed by the verb Request or Answer. Every Diameter message MUST contain a command code in its header’s Command-Code field, which is used to determine the action that is to be taken for a particular message.
Information on RFC » RFC Editor
The Diameter protocol defines a policy protocol used by clients to perform policy, AAA, and resource control. On 6h 28m 16s UTC, 7 February the time value will overflow. This section needs expansion.
The format of the Data field MUST be one of the following base data types or a data type derived ffc the base data types. Each packet is evaluated once. An example is a redirect agent that provides services to all members of a consortium, but does not wish to be burdened with relaying all messages between realms.
Fragmented packets that have a non-zero offset i. Prior to issuing the request, NAS performs a Diameter route lookup, using “example. The application can be an authentication application, an accounting application or a vendor specific application.