5. introduction to the diameter protocol

8/9/2019 5. Introduction to the Diameter Protocol

1/30

Introduction to the Diameter Protocol


2/30

Outline

AAA protocol in the IMS: Diameter Diameter Application in IMS


3/30

Origin and Development of Diameter

AAA refers to authentication, authorization, andaccounting.

The traditional charging protocol, Radius, is idel! used

"ecause of its simplicit!, securit!, ease of management,

and e#cellent scala"ilit!. The introduction of ne access technologies and the fast

e#pansion of access netor$s pose ne re%uirements for

AAA protocols and ma$e the structural shortcomings of the

traditional Radius ever more noticea"le.

This calls for the use of the ne&generation AAA protocol,

Diameter.


4/30

Architecture

'ase protocol (r!ptographic Message S!nta# )(MS* Mo"ile IP +etor$ access service )+AS* #tensi"le authentication protocol )AP*

Diameter position in the IETF protocol stack


5/30

Securit! Mechanism

(onnection la!er

Maintains the Diameter connection status machine "eteen to peers,

providing a transmission channel for the data from upper la!ers.

Transaction la!er

Deals ith the transaction part of a Diameter message, including

maintenance of the message cache %ueue, the relationship "eteen a

re%uest message and a response message, and maintenance and

management of the hop&"!&hop transaction identifier.

Session la!er

'uilds and maintains session status machines of authentication,

authorization, and accounting. Application la!er

Defines the structure and parameters of the Diameter message "ased

on a session status machine, thus satisf!ing the service re%uirements.


6/30

-unctions of the Diameter Protocol

Transmitting AP Information Maintaining and Managing Diameter (onnections

(aching Transactions

+egotiating (apa"ilities Discovering and (onfiguring Peers


7/30

-eatures of the Diameter Protocol

-ailure recover!

The Diameter protocol provides a universal failure recover! method,

hich supports failure confirmation at the application la!er, defines the

algorithms a"out failure recover!, and the corresponding status

machines.

T/S

Provides a universal T/S mechanism. The Diameter re%uires that

IPS( is compulsor! and T/S is optional.

Relia"ilit! of the transmission la!er

The Diameter protocol runs a"ove the T(P and S(TP, thus ensuring

the transmission relia"ilit!. The "asic protocol of Diameter runs on port

0121 of T(P and S(TP, hich ill "e compulsor! in the later versions.


8/30

-eatures of the Diameter Protocol

Supports pro#ies

RADI3S does not support pro#ies e#plicitl!, such as a pro#! server, a rela!

server, and a redirecting server. 4hereas the Diameter protocol support the

pro#ies mentioned a"ove.

Monitors data securit!

RADI3S does not provide a data&"ased securit! mechanism, so the

modification on data cannot "e found after the data transmission. The

Diameter protocol provides an optional (MS function to protect the data.

Supports transition

Since Diameter and RADI3S do not share an! data protocol units, "othprotocols can "e used in the same netor$ as long as one of them supports

the gatea!s of "oth RADI3S and Diameter.

Supports server&initiated messages

The function of server&initiated messages is re%uired in the Diameter protocol.


9/30

Architecture

(lient Server

Rela! Rela!s forard re%uests and responses according to

route&relevant AP and the realm route ta"le.

Rela! can "e used to centralize the +AS re%uests in a

certain geographical range.

Since rela!s do not ma$e decisions on policies, the! donot inspect or change non&route APs.Rela!s need to

maintain transaction status "ut not the session status.


10/30

Architecture

Pro#! Routes Diameter messages using the Diameter route ta"le

Modifies messages according to the implemented polic!

The pro#ies that need to limit resources must maintain session

status. All the pro#ies must maintain transaction status.

Redirect server The Redirect Agent guides Diameter clients to the server and

ena"les them to communicate directl!.

Translation server It e#ecutes protocol translation "eteen Diameter and other AAA

protocols )such as RADI3S*.


11/30

Architecture


12/30

Architecture


13/30

Message -ormat

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Version Message Length

Command flags Command-Code

Application-ID

Hop-b-Hop Identifier

End-to-End Identifier

AV!"##

Message Header Format


14/30

Message 5eader -ormat

The length of the Diameter message header is 67 "!tes.

ersion8 Diameter version num"er. It is set to 9.

Message /ength8 includes the length of the message header.

(ommand -lags8 1 "its

7 9 6 0 : ; 2 R P T r r r r>

=&=&=&=&=&=&=&=&=

R)e%uest*8 if it is set, this message is a re%uest? if it is cleared, this

message is a response.

P)ro#ia"le*8 if it is set, this message can "e sent "! pro#!, rela!, or theredirect server? if it is cleared, this message must "e processed locall!.

)rror*8 it indicates that the message contains a protocol error and cannot

e#ist in a re%uest.


15/30


T)Potentiall! re&transmitted message*

This flag avoids repeated re%uests after changeover. It needs to "e set onl!

hen no response is received and a re%uest needs to "e retransmited. It can

"e set onl! in a re%uest. 4hen retransmitting a received message that

contains T"it, the diameter agent must $eep T"it.

r)eserved*8 it must "e set to 7. Receivers can ignore these reserved "its. (ommand&(ode8 three octets.

The space address of 6:"it command code is managed "! IA+A in a universal a!.

The command codes 92,


16/30


(urrentl! the defined applications include8 Diameter (ommon Messages 7

+ASR@ 9 +ASR@B

Mo"ile&IP 6DIAMMIPB

Diameter 'ase Accounting 0

Rela! 7#ffffffff Rela!s and redirect servers must "roadcast the application ID of rela!s,

hile other nodes must "roadcast the locall! supported applications. 5op&"!&5op Identifier It is used to correspond a re%uest to a response. nd&to&nd Identifier It is used to chec$ repeated messages. It cannot "e modified "! an!

agent. 3sed together ith Origin&5ost, it can chec$ repeated messages. APs (ontain certain data


17/30

Message -ormat of Diameter&Structure of

AP Message 5eader

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

AV! Code

V M ! r r r r r AV! Length

Vendor-ID $opt%

Data##


18/30

Message -ormat of Diameter&Structure of AP

Message 5eader

The AP message header contains eight to 96 "!tes. AP (ode8 AP code and endor&Id determines the AP properties.

APs )9 to 6;;* are reserved to "e "ac$ard compati"le ith RADI3S

)ithout endor&Id*. 6;2 and APs greater than 6;2 are used for

Diameter and are assigned "! IA+A.

AP -lags8 r "it is reserved and set to 7.

P "it indicates encr!ption for end&to&end securit!.

M "it indicates that the support for this AP is necessar!. If APs ithout

M"it cannot "e identified or supported, the! ill "e ignored.

"it indicates that the optional vendor ID e#ists in the AP header. If "it isset, it indicates that the AP code "elongs to the specified vendor.

AP /ength Three "!tes. Indicates AP code, AP flag "it, vendor ID and AP&DATA. If

the length is not correct, the message ill "e refused.


19/30

Ce! Technologies )9*

(apa"ilit! e#change (apa"ilitieschange&Re%uest )(R*

(apa"ilitieschange&Anser )(A*

Interruption of Diameter peer connection 4hen the connection "eteen a Diameter node and its peer is

interrupted, the peer cannot $no the interruption reason. In this case, the peer might udge that the connection is interrupted

or its peer is restarted. Therefore, it tries to reconnect periodicall!.

This action is controlled "! the T( timer. +ormall! it is

recommended to set to 07 seconds.

If the reason is that internal resources are insufficient or the peer

does not ant to $eep connection, the peer must inform the other

one of the reason, and thus to avoid unnecessar! periodical retries.

Disconnect&Peer&Re%uest )DPR* E Disconnect&Peer&Anser )DPA*


20/30


(hec$ of transmission failure

-inding out errors %uic$l! can prevent the messages from "eing sent to

invalid agents, thus reducing unnecessar! dela!s and providing "etter

failover performance.

Device&4atchdog&Re%uest )D4R* Device&4atchdog&Anser )D4A*

-ailover and -ail"ac$

4hen finding that the transmission to a peer failed, the s!stem must send

the re%uest messages to "e processed to an agent.

The Diameter node must maintain the message aiting %ueue of the

specified peer.

The diameter node need to reconnect the failure peers periodicall! in order

to reesta"lish the connection. 4hen the transmission resumes normal, the

messages can "e resent to the peer. This is called fail"ac$.


21/30


(hec$ of repeated messages

3sing this function, an application server chec$s hether a

received message is repeated.

T "it in the Diameter message is used to indicate the

retransmission event at the application la!er.

nd&to&nd Identifier and Origin&5ost AP in the Diameter

message header are used to identif! repeated messages.


22/30


23/30

Diameter Applications in IMS&(FGDFGS5

IM CN subsystem

CxC ShGr GcD

MSC / VLRGMSC

CS Domain

SGSN GGSN

PS Domain

SIP ApplicationSerer

CSC!

H""

Si

IM"SS!#SA"

SCS

$smSC!


24/30

Diameter Application in IMS

0HPP is the vendor of the Diameter protocol. The vendorID assigned to 0HPP "! IA+A is 97:9;.

The Diameter application ID assigned to (FGDF interface

"! IA+A is 92


25/30

Definition of (F and DF Interfaces

The (F interface is defined "eteen I&(S(- and 5SS, or"eteen S&(S(- and 5SS.

The DF interface is defined "eteen I&(S(- and S/-, or

"eteen S&(S(- and S/-. S/- is the Diameter redirect agent. 5SS is the Diameter

server, and IGS&(S(- is the Diameter client.


26/30

Diameter Applications in IMS&(FGDFGS5 Interface

MessageCommand-&ame Abbre'iation Code

User-Authorization-Request UAR 300

User-Authorization-Answer UAA 300

Server-Assignment-Request SAR 301

Server-Assignment-Answer SAA 301

o!ation-"n#o-Request "R 302

o!ation-"n#o-Answer "A 302

$u%time&ia-Auth-Request $AR 303

$u%time&ia-Auth-Answer $AA 303

Registration-'ermination-Request R'R 304

Registration-'ermination-Answer R'A 304

(ush-(ro#i%e-Request ((R 305

(ush-(ro#i%e-Answer ((A 305


27/30

Diameter (ommand (odes of (FGDF

Interface

3ser authorization re%uest )3AR*, user authorizationanser )3AA* After receiving an SIP registration re%uest from the IMS terminal,

the I&(S(- sends the 3AR message.

Multimedia authentication re%uest )MAR*, multimediaauthentication anser )MAA* 4hen the S&(S(- receives an initial SIP registration re%uest, it

needs to authenticate the IMS user.

Server assignment re%uest )SAR*, server assignmentanser )SAA* After the S&(S(- authenticates the user, it sends SAR to 5SS for

the user archive.


28/30


29/30

Diameter Applications in IMS&S5 Interface

Message

Command-&ame Abbre'iation Code

User-)ata-Request U)R 306

User-)ata-Answer U)A 306

(ro#i%e-U*&ate-Request (UR 307

(ro#i%e-U*&ate-Answer (UA 307

Su+s!ri+e-,oti#i!ations-Request S,R 308

Su+s!ri+e-,oti#i!ations-Answer S,A 308

(ush-,oti#i!ation-Request (,R 309

(ush-,oti#i!ation-Answer (,A 309


30/30

5. introduction to the diameter protocol

Documents