Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter.

Author: Vudolabar Vukinos
Country: Fiji
Language: English (Spanish)
Genre: Automotive
Published (Last): 3 December 2013
Pages: 415
PDF File Size: 20.47 Mb
ePub File Size: 5.16 Mb
ISBN: 782-3-38727-884-6
Downloads: 36601
Price: Free* [*Free Regsitration Required]
Uploader: Tezilkree

However, since RADIUS does not provide explicit support for proxies, and lacks auditability and transmission-level security features, RADIUS- based roaming is vulnerable to attack from external parties as well as susceptible to fraud perpetrated by the roaming partners themselves.

Diameter Riameter A Diameter Agent is a Diameter node that provides either relay, proxy, redirect or translation services. Additionally, application specific state machines can be introduced either later or at a higher abstraction layer.

Diameter (protocol)

Derivation of dynamic session keys is enabled via transmission-level security. An administrative domain MAY act as a local realm for certain users, while being a home realm for others.

Since additional code points are added by amendments to the standard from time to time, implementations MUST be prepared to encounter any code point from 0x to 0x7fffffff. Calhoun Request for Comments: Received answers that do not match a known Hop-by-Hop Identifier are ignored by the Diameter agent.

Information on RFC ยป RFC Editor

There are certain exceptions to this rule, such as when a peer has terminated the transport connection stating that it does not wish to communicate.


Static or Dynamic Pprotocol whether a route entry was statically configured, or dynamically discovered.

An example is a message set used to terminate a session. By providing explicit support for inter-domain roaming and message routing Sections 2. Therefore, it is imperative that the designers of new applications understand their requirements before using Diameter.

For example, where TLS or IPsec transmission- level security is sufficient, there may be no need for end-to-end security. A Realm Routing Table Entry contains the following daimeter For a given application, advertising support of an application implies that the sender supports all command codes, and the AVPs specified in the associated ABNFs, described in the specification.

Since the expected behavior is not protool, it varies between implementations. Given that the Diameter protocol introduces the concept of long-lived authorized sessions, translation agents MUST be session stateful and MUST maintain transaction state. The following bits are assigned: Similarly, for the originator of a Diameter message, a “P” in the “MAY” column means that if a viameter containing that AVP is to be sent via a Diameter agent proxy, redirect or relay then the message MUST NOT be sent unless there is end-to-end security between the originator and the recipient or the originator has locally trusted configuration that indicates that end-to-end security is not needed.

Peotocol A sub-session represents a distinct service e. Since redirect agents do not receive answer messages, they cannot maintain session state. Diameter defines agent behavior explicitly; this is described in Section 2.


Realm Name This is dimaeter field that is typically used as a primary key in the routing table lookups. It MAY do this in one of the following 3588 Accounting requests without corresponding authorization responses SHOULD be subjected to further scrutiny, as should accounting requests indicating a difference between the requested and provided service.

The metering options MUST be included. Once the receiver has completed the request it issues the corresponding answer, which includes a result code that communicates one of the following: A broker is either a relay, proxy or redirect agent, and MAY be operated by prtoocol consortiums.

Accounting Session State Machine Redirect Agents Redirect agents are useful in scenarios where the Diameter routing configuration needs to be centralized. At this time the focus of Diameter is network access and accounting applications.

Here there are two: Retrieved 30 April This is typically accomplished by tracking the state rffc NAS devices. Approach to Extensibility Dianeter Diameter protocol is designed to be extensible, using several mechanisms, including: Since redirect agents do not sit in the forwarding path, they do not alter any AVPs transiting between client and server.

Some of these AVP values are used by the Diameter protocol itself, while others deliver data associated with particular applications that employ Diameter.