5. introduction to the diameter protocol
TRANSCRIPT
-
8/9/2019 5. Introduction to the Diameter Protocol
1/30
Introduction to the Diameter Protocol
-
8/9/2019 5. Introduction to the Diameter Protocol
2/30
Outline
AAA protocol in the IMS: Diameter Diameter Application in IMS
-
8/9/2019 5. Introduction to the Diameter Protocol
3/30
Origin and Development of Diameter
AAA refers to authentication, authorization, andaccounting.
The traditional charging protocol, Radius, is idel! used
"ecause of its simplicit!, securit!, ease of management,
and e#cellent scala"ilit!. The introduction of ne access technologies and the fast
e#pansion of access netor$s pose ne re%uirements for
AAA protocols and ma$e the structural shortcomings of the
traditional Radius ever more noticea"le.
This calls for the use of the ne&generation AAA protocol,
Diameter.
-
8/9/2019 5. Introduction to the Diameter Protocol
4/30
Architecture
'ase protocol (r!ptographic Message S!nta# )(MS* Mo"ile IP +etor$ access service )+AS* #tensi"le authentication protocol )AP*
Diameter position in the IETF protocol stack
-
8/9/2019 5. Introduction to the Diameter Protocol
5/30
Securit! Mechanism
(onnection la!er
Maintains the Diameter connection status machine "eteen to peers,
providing a transmission channel for the data from upper la!ers.
Transaction la!er
Deals ith the transaction part of a Diameter message, including
maintenance of the message cache %ueue, the relationship "eteen a
re%uest message and a response message, and maintenance and
management of the hop&"!&hop transaction identifier.
Session la!er
'uilds and maintains session status machines of authentication,
authorization, and accounting. Application la!er
Defines the structure and parameters of the Diameter message "ased
on a session status machine, thus satisf!ing the service re%uirements.
-
8/9/2019 5. Introduction to the Diameter Protocol
6/30
-unctions of the Diameter Protocol
Transmitting AP Information Maintaining and Managing Diameter (onnections
(aching Transactions
+egotiating (apa"ilities Discovering and (onfiguring Peers
-
8/9/2019 5. Introduction to the Diameter Protocol
7/30
-eatures of the Diameter Protocol
-ailure recover!
The Diameter protocol provides a universal failure recover! method,
hich supports failure confirmation at the application la!er, defines the
algorithms a"out failure recover!, and the corresponding status
machines.
T/S
Provides a universal T/S mechanism. The Diameter re%uires that
IPS( is compulsor! and T/S is optional.
Relia"ilit! of the transmission la!er
The Diameter protocol runs a"ove the T(P and S(TP, thus ensuring
the transmission relia"ilit!. The "asic protocol of Diameter runs on port
0121 of T(P and S(TP, hich ill "e compulsor! in the later versions.
-
8/9/2019 5. Introduction to the Diameter Protocol
8/30
-eatures of the Diameter Protocol
Supports pro#ies
RADI3S does not support pro#ies e#plicitl!, such as a pro#! server, a rela!
server, and a redirecting server. 4hereas the Diameter protocol support the
pro#ies mentioned a"ove.
Monitors data securit!
RADI3S does not provide a data&"ased securit! mechanism, so the
modification on data cannot "e found after the data transmission. The
Diameter protocol provides an optional (MS function to protect the data.
Supports transition
Since Diameter and RADI3S do not share an! data protocol units, "othprotocols can "e used in the same netor$ as long as one of them supports
the gatea!s of "oth RADI3S and Diameter.
Supports server&initiated messages
The function of server&initiated messages is re%uired in the Diameter protocol.
-
8/9/2019 5. Introduction to the Diameter Protocol
9/30
Architecture
(lient Server
Rela! Rela!s forard re%uests and responses according to
route&relevant AP and the realm route ta"le.
Rela! can "e used to centralize the +AS re%uests in a
certain geographical range.
Since rela!s do not ma$e decisions on policies, the! donot inspect or change non&route APs.Rela!s need to
maintain transaction status "ut not the session status.
-
8/9/2019 5. Introduction to the Diameter Protocol
10/30
Architecture
Pro#! Routes Diameter messages using the Diameter route ta"le
Modifies messages according to the implemented polic!
The pro#ies that need to limit resources must maintain session
status. All the pro#ies must maintain transaction status.
Redirect server The Redirect Agent guides Diameter clients to the server and
ena"les them to communicate directl!.
Translation server It e#ecutes protocol translation "eteen Diameter and other AAA
protocols )such as RADI3S*.
-
8/9/2019 5. Introduction to the Diameter Protocol
11/30
Architecture
-
8/9/2019 5. Introduction to the Diameter Protocol
12/30
Architecture
-
8/9/2019 5. Introduction to the Diameter Protocol
13/30
Message -ormat
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Version Message Length
Command flags Command-Code
Application-ID
Hop-b-Hop Identifier
End-to-End Identifier
AV!"##
Message Header Format
-
8/9/2019 5. Introduction to the Diameter Protocol
14/30
Message 5eader -ormat
The length of the Diameter message header is 67 "!tes.
ersion8 Diameter version num"er. It is set to 9.
Message /ength8 includes the length of the message header.
(ommand -lags8 1 "its
7 9 6 0 : ; 2 R P T r r r r>
=&=&=&=&=&=&=&=&=
R)e%uest*8 if it is set, this message is a re%uest? if it is cleared, this
message is a response.
P)ro#ia"le*8 if it is set, this message can "e sent "! pro#!, rela!, or theredirect server? if it is cleared, this message must "e processed locall!.
)rror*8 it indicates that the message contains a protocol error and cannot
e#ist in a re%uest.
-
8/9/2019 5. Introduction to the Diameter Protocol
15/30
Message 5eader -ormat
T)Potentiall! re&transmitted message*
This flag avoids repeated re%uests after changeover. It needs to "e set onl!
hen no response is received and a re%uest needs to "e retransmited. It can
"e set onl! in a re%uest. 4hen retransmitting a received message that
contains T"it, the diameter agent must $eep T"it.
r)eserved*8 it must "e set to 7. Receivers can ignore these reserved "its. (ommand&(ode8 three octets.
The space address of 6:"it command code is managed "! IA+A in a universal a!.
The command codes 92,
-
8/9/2019 5. Introduction to the Diameter Protocol
16/30
Message 5eader -ormat
(urrentl! the defined applications include8 Diameter (ommon Messages 7
+ASR@ 9 +ASR@B
Mo"ile&IP 6DIAMMIPB
Diameter 'ase Accounting 0
Rela! 7#ffffffff Rela!s and redirect servers must "roadcast the application ID of rela!s,
hile other nodes must "roadcast the locall! supported applications. 5op&"!&5op Identifier It is used to correspond a re%uest to a response. nd&to&nd Identifier It is used to chec$ repeated messages. It cannot "e modified "! an!
agent. 3sed together ith Origin&5ost, it can chec$ repeated messages. APs (ontain certain data
-
8/9/2019 5. Introduction to the Diameter Protocol
17/30
Message -ormat of Diameter&Structure of
AP Message 5eader
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
AV! Code
V M ! r r r r r AV! Length
Vendor-ID $opt%
Data##
-
8/9/2019 5. Introduction to the Diameter Protocol
18/30
Message -ormat of Diameter&Structure of AP
Message 5eader
The AP message header contains eight to 96 "!tes. AP (ode8 AP code and endor&Id determines the AP properties.
APs )9 to 6;;* are reserved to "e "ac$ard compati"le ith RADI3S
)ithout endor&Id*. 6;2 and APs greater than 6;2 are used for
Diameter and are assigned "! IA+A.
AP -lags8 r "it is reserved and set to 7.
P "it indicates encr!ption for end&to&end securit!.
M "it indicates that the support for this AP is necessar!. If APs ithout
M"it cannot "e identified or supported, the! ill "e ignored.
"it indicates that the optional vendor ID e#ists in the AP header. If "it isset, it indicates that the AP code "elongs to the specified vendor.
AP /ength Three "!tes. Indicates AP code, AP flag "it, vendor ID and AP&DATA. If
the length is not correct, the message ill "e refused.
-
8/9/2019 5. Introduction to the Diameter Protocol
19/30
Ce! Technologies )9*
(apa"ilit! e#change (apa"ilitieschange&Re%uest )(R*
(apa"ilitieschange&Anser )(A*
Interruption of Diameter peer connection 4hen the connection "eteen a Diameter node and its peer is
interrupted, the peer cannot $no the interruption reason. In this case, the peer might udge that the connection is interrupted
or its peer is restarted. Therefore, it tries to reconnect periodicall!.
This action is controlled "! the T( timer. +ormall! it is
recommended to set to 07 seconds.
If the reason is that internal resources are insufficient or the peer
does not ant to $eep connection, the peer must inform the other
one of the reason, and thus to avoid unnecessar! periodical retries.
Disconnect&Peer&Re%uest )DPR* E Disconnect&Peer&Anser )DPA*
-
8/9/2019 5. Introduction to the Diameter Protocol
20/30
Ce! Technologies )6*
(hec$ of transmission failure
-inding out errors %uic$l! can prevent the messages from "eing sent to
invalid agents, thus reducing unnecessar! dela!s and providing "etter
failover performance.
Device&4atchdog&Re%uest )D4R* Device&4atchdog&Anser )D4A*
-ailover and -ail"ac$
4hen finding that the transmission to a peer failed, the s!stem must send
the re%uest messages to "e processed to an agent.
The Diameter node must maintain the message aiting %ueue of the
specified peer.
The diameter node need to reconnect the failure peers periodicall! in order
to reesta"lish the connection. 4hen the transmission resumes normal, the
messages can "e resent to the peer. This is called fail"ac$.
-
8/9/2019 5. Introduction to the Diameter Protocol
21/30
Ce! Technologies )0*
(hec$ of repeated messages
3sing this function, an application server chec$s hether a
received message is repeated.
T "it in the Diameter message is used to indicate the
retransmission event at the application la!er.
nd&to&nd Identifier and Origin&5ost AP in the Diameter
message header are used to identif! repeated messages.
-
8/9/2019 5. Introduction to the Diameter Protocol
22/30
-
8/9/2019 5. Introduction to the Diameter Protocol
23/30
Diameter Applications in IMS&(FGDFGS5
IM CN subsystem
CxC ShGr GcD
MSC / VLRGMSC
CS Domain
SGSN GGSN
PS Domain
SIP ApplicationSerer
CSC!
H""
Si
IM"SS!#SA"
SCS
$smSC!
-
8/9/2019 5. Introduction to the Diameter Protocol
24/30
Diameter Application in IMS
0HPP is the vendor of the Diameter protocol. The vendorID assigned to 0HPP "! IA+A is 97:9;.
The Diameter application ID assigned to (FGDF interface
"! IA+A is 92
-
8/9/2019 5. Introduction to the Diameter Protocol
25/30
Definition of (F and DF Interfaces
The (F interface is defined "eteen I&(S(- and 5SS, or"eteen S&(S(- and 5SS.
The DF interface is defined "eteen I&(S(- and S/-, or
"eteen S&(S(- and S/-. S/- is the Diameter redirect agent. 5SS is the Diameter
server, and IGS&(S(- is the Diameter client.
-
8/9/2019 5. Introduction to the Diameter Protocol
26/30
Diameter Applications in IMS&(FGDFGS5 Interface
MessageCommand-&ame Abbre'iation Code
User-Authorization-Request UAR 300
User-Authorization-Answer UAA 300
Server-Assignment-Request SAR 301
Server-Assignment-Answer SAA 301
o!ation-"n#o-Request "R 302
o!ation-"n#o-Answer "A 302
$u%time&ia-Auth-Request $AR 303
$u%time&ia-Auth-Answer $AA 303
Registration-'ermination-Request R'R 304
Registration-'ermination-Answer R'A 304
(ush-(ro#i%e-Request ((R 305
(ush-(ro#i%e-Answer ((A 305
-
8/9/2019 5. Introduction to the Diameter Protocol
27/30
Diameter (ommand (odes of (FGDF
Interface
3ser authorization re%uest )3AR*, user authorizationanser )3AA* After receiving an SIP registration re%uest from the IMS terminal,
the I&(S(- sends the 3AR message.
Multimedia authentication re%uest )MAR*, multimediaauthentication anser )MAA* 4hen the S&(S(- receives an initial SIP registration re%uest, it
needs to authenticate the IMS user.
Server assignment re%uest )SAR*, server assignmentanser )SAA* After the S&(S(- authenticates the user, it sends SAR to 5SS for
the user archive.
-
8/9/2019 5. Introduction to the Diameter Protocol
28/30
-
8/9/2019 5. Introduction to the Diameter Protocol
29/30
Diameter Applications in IMS&S5 Interface
Message
Command-&ame Abbre'iation Code
User-)ata-Request U)R 306
User-)ata-Answer U)A 306
(ro#i%e-U*&ate-Request (UR 307
(ro#i%e-U*&ate-Answer (UA 307
Su+s!ri+e-,oti#i!ations-Request S,R 308
Su+s!ri+e-,oti#i!ations-Answer S,A 308
(ush-,oti#i!ation-Request (,R 309
(ush-,oti#i!ation-Answer (,A 309
-
8/9/2019 5. Introduction to the Diameter Protocol
30/30