DIAMETER PROTOCOL RFC 3588 PDF
Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.
|Published (Last):||14 July 2013|
|PDF File Size:||10.47 Mb|
|ePub File Size:||15.32 Mb|
|Price:||Free* [*Free Regsitration Required]|
A truly generic AAA protocol used by many applications might provide functionality not provided by Diameter. In addition, they MUST fully support each Diameter application that is needed to implement the client’s service, e. Relaying and Proxying Requests A Diameter client generates Diameter messages to request authentication, authorization, and accounting services for the user. Furthermore, all Diameter messages contain an Application Identifier, which is used in the message forwarding process.
Diameter Relays and redirect agents are, by definition, protocol transparent, and MUST transparently support the Diameter base protocol, which includes accounting, and all Diameter applications. The originator of an Answer message MUST ensure that the End-to-End Identifier field contains protpcol same value that was found in the corresponding request. The absence of a particular flag may be denoted with a ‘! The values are for permanent, standard commands allocated by IANA.
The following Command Codes are defined in diametre Diameter base protocol: A broker is either a relay, proxy or redirect agent, and MAY be operated by roaming consortiums.
Redirect Agent Rather than forwarding requests and responses between clients and servers, redirect agents refer clients to servers and allow them to communicate directly.
The Diameter protocol requires that relaying and proxying agents maintain transaction state, which is used for failover purposes. For AVPs of type Enumerated, an application may require a new value to communicate some service-specific information. This results in a large administrative burden, and creates the temptation to reuse the RADIUS shared secret, which can result in major security vulnerabilities if the Request Authenticator is not globally and temporally unique as required in [ RADIUS ].
Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.
For IPv4, a typical first rule is often “deny in ip! Local Action The Local Action field is used to identify how a message should be treated.
RFC – Diameter Base Protocol
The default value is zero. Retrieved from ” https: Relaying and Proxying Answers Through DNS, Diameter enables dynamic discovery of peers. Retrieved 30 April The diameer actions are supported: Match if the TCP header contains the comma separated list of flags specified in spec. This does not affect the selection of port numbers. Network Working Group P.
Translation Agents A translation agent is a device that provides translation between two protocols e. Diameter implementations are required to support all Mandatory AVPs which are allowed by the message’s formal syntax and defined either in the base Diameter standard or in one of the Diameter Application specifications governing the message.
At this time the focus of Diameter is network access and accounting applications. This is part of the basic protocol functionality and all stacks should support it and as such abstract from the connectivity related operations. Diameter is an authentication, authorization, and accounting protocol for computer networks.
Which AVPs are sensitive 35888 determined by service provider policy. A route entry can protoccol a different destination based on the application identification AVP of the message. End-to-End Security Framework End-to-end security services include confidentiality and message origin authentication. This document also defines the Diameter failover algorithm and state machine.
Additionally, application specific state machines can be introduced either later or at a higher abstraction layer.
The base Diameter protocol concerns itself with capabilities negotiation, how messages are sent and how peers may eventually be abandoned.