IETF RFC 3588 DIAMETER BASE PROTOCOL PDF
Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite. Diameter Applications extend the base protocol by adding new commands The Diameter base protocol is defined by RFC (Obsoletes: RFC ). RFC Diameter Base Protocol, September Canonical URL: Discuss this RFC: Send questions or comments to [email protected] Other actions: View.
|Published (Last):||18 September 2006|
|PDF File Size:||13.22 Mb|
|ePub File Size:||16.62 Mb|
|Price:||Free* [*Free Regsitration Required]|
The application can be an authentication application, an accounting application, or a vendor-specific application. Likewise, this reduces the configuration load on Diameter servers that would otherwise be necessary when NASes are added, changed or deleted. An example is a redirect agent that provides services to all members of a consortium, but does not wish to be burdened with relaying all messages between realms.
The supported IP options are: The circumstances requiring the use of end-to-end security are determined by policy on each of the peers. Packets may be filtered based on the following information that is associated with it: Only this exact IP number will match the rule. A three-letter acronym for both the request and answer is also normally provided.
This field indicates the version of the Diameter Base Protocol. Since redirect agents do not relay messages, and only idtf an answer with the information necessary for Diameter agents to communicate directly, they do not modify messages. The Diameter protocol requires that agents maintain transaction state, which is used for failover purposes. Since enforcing policies requires an understanding of the service being provided, Proxies MUST only advertise the Diameter applications they support.
The ‘P’ bit indicates the need for encryption for end-to-end security. Prior to bringing up a connection, authorization checks are performed at each connection along the path. It is important to note that although proxies MAY provide a value-add function for NASes, they do not allow access devices to use end-to- end security, since modifying messages breaks authentication.
P roxiable – If set, the message MAY be proxied, relayed or redirected. OctetString The data contains arbitrary data of variable length. Accounting requests without corresponding authorization responses SHOULD be subjected to further scrutiny, as should accounting requests siameter a difference between the requested and provided service.
The supported ICMP types are: Upon reboot implementations MAY set the high order 12 ietff to contain the low order 12 bits of current time, and the low order 20 bits to a random value.
It belongs to the application layer protocols in the internet protocol suite. The Hop-by-Hop identifier is normally a monotonically increasing number, whose diametre value was randomly generated. The keyword “assigned” is the address or set of addresses assigned to the terminal. Diameter Header A summary of the Diameter header format is shown below.
Every Diameter message MUST contain a irtf code in its header’s Command-Code field, which is used to determine the action that is to be taken for a particular message.
This is part of the basic protocol functionality and all stacks should support it and as such abstract from the connectivity related operations.
The RFC defines a core state machine for maintaining connections between peers and processing messages. If cleared, the message is an answer. Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a message containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.
The format of the Data field MUST be one of the following base data types or a data type derived from the base data types. If no rule matches, the packet is treated as best effort. The request’s state is released upon receipt of the answer. Hop-by-Hop Identifier The Hop-by-Hop Identifier is an unsigned bit integer field in network byte order and aids in matching requests and replies.
Unsigned64 64 bit unsigned value, in network byte order. The absence of a particular flag may be denoted with a ‘! The combination of the Origin-Host see Section 6. The example provided in Figure 3 depicts a request issued from the access device, NAS, for the user bob example. The identifier MUST remain locally unique for a period of at least 4 minutes, even across reboots.
RFC – part 2 of 5
Match if the TCP header contains the comma separated list of flags specified pdotocol spec. The name is a play on words, derived from the RADIUS protocol, which is the predecessor a diameter is twice the radius.
Retrieved from ” https: This routing decision is performed using a list of supported realms, and known peers. Accounting AVPs may be considered sensitive. A Command Code is used to determine the action that is to be taken for a particular message. Since additional code points are added by amendments to the standard from time to time, prootocol MUST be prepared to prptocol any code point from 0x to 0x7fffffff. Due to space constraints, the short form DiamIdent is used to represent DiameterIdentity.
For IPv4, a typical first rule is often “deny in ip!
Retrieved 12 October A stateless diametr is one that only maintains transaction state. The application can be an authentication application, an accounting application or a vendor specific application. The Diameter protocol requires that relaying and proxying agents maintain transaction state, which is used for failover purposes.
The RFC defines an authorization and an accounting state machine.