Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.

Author: Shara Grohn
Country: Senegal
Language: English (Spanish)
Genre: Marketing
Published (Last): 1 June 2016
Pages: 138
PDF File Size: 7.53 Mb
ePub File Size: 2.39 Mb
ISBN: 861-2-84094-447-9
Downloads: 97303
Price: Free* [*Free Regsitration Required]
Uploader: Moogujas

However, they differ since they modify messages to implement policy enforcement. It is important to note that there is no relationship between a connection and a session, and that Diameter messages for multiple sessions are all multiplexed through a single connection. Application-ID is used to identify for which Diameter application the message is applicable. Translation agents are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at a slower pace.

A Diameter node MAY initiate connections from a source port other than the one that it declares it accepts incoming connections on, and MUST be prepared to diametsr connections on port The definition contains a list of valid values and their interpretation and is described in the Diameter application introducing the AVP.

Duplicate answer proyocol that are to be locally consumed see Section 6. An access device that is diameher to interpret or apply a permit rule MAY apply a more restrictive rule. Approach to Rff The Diameter protocol is designed to be extensible, using several mechanisms, including: Command-Code The Command-Code field is three octets, and is used in order to communicate the command associated with the message.

Session A session is a related progression of events devoted to a particular activity. Integer32 32 bit signed value, in network byte order. This MAY require that new AVP values be assigned to represent the new authentication transform, or any other scheme that produces similar results. The RFC defines an authorization and an accounting state machine. The request’s state is released upon receipt of the answer.


If an AVP with the ” M ” bit set is received by a Diameter client, server, proxy, or translation agent and either the AVP or its value is unrecognized, the message must be rejected. As with proxy agents, redirect agents do not keep state with respect to sessions or NAS resources. Initially, it is expected that Diameter will be deployed within new network devices, as well as within gateways enabling communication between legacy RADIUS devices and Protodol agents.

Since redirect agents do not sit in the forwarding path, they do not alter any AVPs transiting between client and server. Packets may be filtered based on the following information that is associated with it: Accounting requests without corresponding dkameter responses SHOULD be subjected to further scrutiny, dkameter should accounting requests indicating a difference between the requested and provided service.

The Hop-by-Hop Identifier is an unsigned bit integer field in network byte frc that is used to match the requests with their answers as the same value in the request is used in the response. An example of a multi-session would be a Multi-link PPP bundle. The RFC defines a core state machine for maintaining connections between peers and processing messages.

Diameter Base Protocol Support

This AVP would be encoded as follows: Messages with the “E” bit set are commonly referred to as error messages. Creation of a new application should be viewed as a last resort. This requires that proxies maintain the state of their downstream peers e. Retrieved 12 October This scenario is advantageous since it does not require that the consortium provide routing updates to its members when changes are made to a member’s infrastructure.

Likewise, this reduces the configuration load on Diameter servers that would otherwise be necessary when Diaeter are added, changed or deleted. A stateful agent is one that maintains session state information; by keeping track of all authorized active sessions. The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt ciameter ensure that the number is unique diqmeter reboots.


Diameter is an authentication, authorization, and accounting protocol for computer networks. Upon reboot implementations MAY set the high order 12 bits to contain the low order 12 bits of current time, and the low order 20 bits to a random value. If Diameter receives data up from TCP that cannot be parsed or identified as a Diameter error made by the peer, the stream is compromised and cannot be recovered. Each packet is evaluated once. Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it.

Real-time Accounting Real-time accounting involves the processing of information on resource usage within a defined time window.

Information on RFC ยป RFC Editor

Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes. By providing explicit support for inter-domain roaming and message routing Sections diametsr.

If cleared, the message is an answer. Diamster AVP for which the P bit may be set or which may be encrypted may be considered sensitive.

Upstream Upstream is used to identify the direction of a particular Diameter message from the access device towards the home server. Diameter connections and sessions In the example provided in Figure 1peer connection A is established between the Client and its local Relay.

Diameter (protocol)

This routing decision ptotocol performed using a list of supported realms, and known peers. However, just because a new authentication application id is required, does not imply that a new accounting application id is required.

The creation of a new accounting application should be viewed as a last resort and MUST NOT be used unless a new command or additional mechanisms e.

This document specifies the message format, transport, error reporting, accounting and security services to be used by all Diameter applications.