intellinet ims diameter tut

7/31/2019 IntelliNet IMS Diameter Tut

1/23

www.intellinet-tech.com

C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S

DIAMETER & 3GPP applicationsA Tutorial

Oct 27th, 2005

Presented by:

Arun Handa

CTO


2/23



What is Diameter

Diameter is an extensible, ASCII based messagingprotocol to enable Authorization, Authentication andAccounting (AAA) function in IP and multimedianetworks.

Diameter supports a modular architecture with thebase protocol and application specific extensions

Its reliance on secure and reliable transports make it asuitable choice for charging and authorization.


3/23



The Evolution

-ROAMOPS I ETFWorking Group

-Netw ork Access Servers(NAS) Requirement s

- Mobile I P Working Group- 3GPP I MS Definit ion- 3GPP2 Wir eless I P definit ion

Authentication

AuthorizationAccounting

(AAA)

RADI US

DI AMETER

Remote Authenticat ionDial I n User Services

- DialUp PPP/ I P- MobileI P access


4/23



Improvements over RADIUS

! Increased size of attribute data

! More Reliable Transport

! Improved Flow Control

! Elimination of packet loss

! Better Proxying mechanisms

! Enhanced Session Control

! Tighter Security options


5/23



Diameter Architecture

Diameter Base Protocol

NASREQApplications

EAPApplications

Mobile IPv4Applications

3GPPApplications

Cx, Dx, ShRo, Rf

Gq, Gq

! The Base protocol provides support for the reliable

transport and delivery of messages

! The Base Protocol must be used along with anApplication

Credit

ControlApplications

Applications of interest


6/23



Diameter Applications

! NASREQ Application

! AAA services for Dial-in PPP users (RADIUS replacement)

! Mobile IPv4 Application! AAA support for Mobile IP networks as specified in CDMA2000

requirements(rfc3141) and MobileIP AAA(rfc2977)

!

EAP Application! Security support for Extensible Authentication protocol(rfc4072)

! Credit Control Application

! Charging support as specified in rfc4006

! 3GPP Applications

! IMS supported applications for AAA functions


7/23



Diameter Associations

Realm 1domain1.com

Realm 1domain1.com

Realm 2domain2.com

Realm 2

domain2.com

Server

Client

peer

Relay

Client

Diameter I dent i ty

aaa://host.domain.com:3868;transport=sctp;protocol=diameter


8/23



Types of Diameter Nodes

Server

Relay Agent

Proxy Agent

Client

Redirect Agent

Network Edge Device Performing Access Cont rol.Eg NAS, Foreign Agent

TranslationAgent

Controlling Ent it y of AAA functions for a part icular domainEg. HSS

Routes Diameter messages within known peers in supportedrealms. May modif y routing informat ion (only)

Also routes messages, but can modify message content toenable policy, resource usage, admission and provisioning

Enables Routing to other domains wi thin roaming agreements

by not if y the request ing peer wi th the routing informat ion

Protocol t ranslat ion funct ion such as RADIUS-Diameterconversion


9/23



Diameter Messages

:

Fixed Length Header

Attribute Value

Attribute Value Pairs (AVP)

ASCII Based Message Protocol

AVP Code Length Flags Data


10/23



Diameter Message Format

Version Message Lengt h

Flags Command Code

Vendor I D

Hop-by-Hop I dentif ier

End-t o-End I dentif ier

AVP Code

Flags AVP Lengt h

Vendor I D (Vendor specific AVP)

AVP Data (Variable Lengt h)

Octet 1 Oct et 2 Octet 3 Octet 4

Header

AVP0 .. n


11/23



Diameter Base Commands

Abort-Session-Request ASRAbort-Session-Answer ASA

Accounting-Request ACRAccounting-Answer ACACapabili t ies-Exchange- Request CERCapabili t ies-Exchange- Answ er CEA

Device-Watchdog-Request DWRDevice-Watchdog-Answer DWADisconnect-Peer-Request DPRDisconnect-Peer-Answer DPARe-Auth-Request RARRe-Auth-Answer RAASession-Terminat ion- Request STRSession-Terminat ion- Answ er STA


12/23



Typical Diameter Session Behavior

Peer Discovery

Peer Discovery

Capabilities Exchange Req

Capabilities Exchange Ans

Capabilities Exchange Req

Capabilities Exchange Ans

Device WatchDog Req

Device Watchdong AnsMultimedia Auth Req

Multimedia Auth Ans

Multimedia Auth Req

Multimedia Auth Ans

Discovery via DNS or staticConfiguration

Peer Identity, apps supportedversion info etc.

KeepAlive message

Establishment of a session, proxyacross a peer

EndPoint1 Proxy Server


13/23



Diameter Peer Communication

! Peers can be statically configured or dynamicallydiscovered

! Initial Handshake is established via CapabilitiesExchange Message

!

Heartbeats are exchanged for transport failuredetection

! Failover/Failback mechanisms are invoked when

transport failures are detected. An alternate peer isselected for all pending and new requests.


14/23



Typical Diameter Stack

PeerPeerXML

Config

DB

AVPData

Dict

RoutingPeer &

Realm

I/O Subsystem

AVP Parser

SessionSubsystem

(FSMs)

PeerSubsystem

(FSMs)

Applicat ion Programmning Interface

Applications

(AVP

Extensions)

Secur ity IPSEC/TLS

Transpor t TCP/SCTP

IP Link


15/23



Summary of Diameter Features

Inabili t y for properdetect ion result s inineffect ive failover

Eff icient failover on detect ion of a peer failur e

Silent discarding of

packets

Removes limitation of Silent discarding of packets

on all error condit ions

Unable to dist inguishSupport for KeepAlive messages on a connect ionoriented transport allow peer failure detect ion

UDP lacks any mechanism

to regulate data f low

Utilization of TCP/SCTP enables flow control and

congestion avoidance

Only vendor specific

attributes

Support for Vendor Specific commands and

attributes

Limited to 255 octets for

an at t ribute data

A three-octet At t r ibute length allows 16M octets

of data for a given at t r ibute

Diameter Radius


16/23



Summary of Diameter Features

Mandates a shared secreteven if IPsec or TLS isused

Secure communicat ions wi th IPsec or TLS

No alignment

requirements

All at r ibut es are aligned to 32-bit boundaries.

Only Hop-to-Hop securit y.No securing of AVPs

Offers End-to-End securi ty, wi th digit al signaturesand encryption for selected AVPs

Not presentAllows replay at tack prevent ion. Better secur it y

for malicious attack

Not presentAllows Server ini t iated messages. Capabili t y t o

terminate and reauthenticate user sessions.

No proxy servers.

Reliance on NAS

Better ut il izat ion of proxy and agents for failure

detection and failover for next-hop peers

Diameter Radius


17/23



3GPP Motivation for Diameter

! An All-IP Network vision. Diameter is an IETFrecommended protocol

! Ability to support accounting for multiple sessions,with multi-media in a single PDP context

!

Lessons from current set of diverse standards andproprietary interfaces ISUP, CAMEL,WIN,Parlay

! Harmonized AAA function across all access

networks


18/23



Diameter in 3GPP

Subscription

Cx,Dx,Sh

Subscription

Cx,Dx,Sh

ChargingRo,Rf

ChargingRo,Rf

PolicyGq,Gq

i lli h


19/23



Major Interfaces in the 3GPP Architecture

Cx

Dx

Rf

Ro

Sh

CSCF-HSS

CSCF-SLF

AS-HSS

CCF

ECF

TS 29.228TS 29.229

Obt ain Subscriber Profi le, locat ionAuthor ize User Access, ExchangeAuthent ication informat ion

I nt er face Betw een Defined in Funct ions

TS 29.228TS 29.229

Obt ain Subscriber Profi le, locat ionAuthor ize User Access, ExchangeAuthent icat ion informat ion

TS 29.328

TS 29.329

Subscr iber Data Access or UpdateI n t he HSS by an AS or not ifi cat ionsTo AS for updates/ changes

Gq PCSCF-GGSN TS 29.207Policy Cont rol in I MS

Gq AF-RACS TS 29.209 Policy Cont rol in NGN

TS 32.260RFC 4006

TS 32.260RFC 4006

Off line Charg ing Services

Onl ine Charging Serv ices

i t lli t t h


20/23



Diameter Authorization and

Authentication support

HSS

SLF

I-CSCFI-CSCF

S-CSCFS-CSCF

Dx

Cx

ApplicationServer

ApplicationServer

Sh

www intellinet tech com


21/23



Diameter Policy support

P-CSCFP-CSCF

GGSNGGSN

Go

Gq PolicyDecisionFunction

PolicyDecisionFunction

RACSRACSGq

AFAF

IMS TISPAN-NGN

Diameter Diameter

www intellinet-tech com


22/23



Diameter Charging Support

DiameterDiameter

Offline Charging Online Charging

www intellinet-tech com


23/23

www.intellinet tech.com


3GPP Specific

! Recommendation for SCTP as a reliable transport

! Support for NASreq, EAP and other IP applications

not required

! Most Diameter communication falls within the samerealm.(SCSF-HSS)

! Diameter does not need a compression functionunlike SIP

intellinet ims diameter tut

Documents