This section provides information about establishing a diameter peering session. While wireline access networks are largely based on RADIUS for subscriber authentication, authorization, and accounting, it was decided by 3rd Generation Partnership Project 3GPP that wireless access networks will be largely based on Diameter. Over time, operators are looking to converge both types of networks, and one of the aspects of this is to replace RADIUS in wireline access networks by Diameter. The Diameter base protocol implementation is based on RFC
|Published (Last):||26 November 2004|
|PDF File Size:||10.15 Mb|
|ePub File Size:||2.69 Mb|
|Price:||Free* [*Free Regsitration Required]|
Diameter Base Protocol Overview. Messages Used by Diameter Applications. Configuring the Origin Attributes of the Diameter Instance. Configuring Diameter Peers. Configuring the Diameter Transport. Configuring Diameter Network Elements. Example: Configure S6a Application. The Diameter base protocol provides basic services to one or more applications also called functions that runs in a different Diameter instance. The individual application provides the extended AAA functionality.
Starting in Junos OS Release Diameter peers communicate over a reliable TCP transport layer connection by exchanging Diameter messages that convey status, requests, and acknowledgments by means of standard Diameter AVPs and application-specific AVPs.
Currently only the predefined master Diameter instance is supported, but you can configure alternative values for many of the master Diameter instance values. Each DNE consists of a prioritized list of peers and a set of routes that define how traffic is forwarded.
Each route associates a destination with a function application , a function partition, and a metric. When an application sends a message to a routed destination, all routes within the Diameter protocol instance are examined for a match. When the best route to the destination has been selected, the message is forwarded by means of the DNE that includes that route. In the case of multiple routes that match a request for forwarding, the best route is selected as follows:.
In the case of multiple routes that match a request for forwarding, Diameter selects the best route as follows:. When the state of any DNE changes, the route lookup for all destinations is reevaluated. All outstanding messages to routed destinations are rerouted as needed, or discarded. To configure a Diameter network element, include the network-element statement at the [edit diameter] hierarchy level, then include the route statement at the [edit diameter network-element element-name forwarding] hierarchy level.
To configure a route for the DNE, include the destination optional , function optional , and metric statements at the [edit diameter network-element element-name forwarding route dne-route-name ] hierarchy level. Specify the Diameter peers associated with the DNE by including one or more peer statements at the [edit diameter network-element element-name ] hierarchy level. Set the priority for each peer with the priority statement at the [edit diameter network-element element-name peer peer-name ] hierarchy level.
Diameter requires you to configure information about the origin node; this is the endpoint node that originates Diameter for the Diameter instance. Include the host and realm statements at the [edit diameter] hierarchy level to configure the Diameter origin. You can optionally configure one or more transports to specify the source local address of the transport layer connection. To configure a Diameter transport, include the transport statement at the [edit diameter] hierarchy level.
Then include the address statement at the [edit diameter transport transport-name ] hierarchy level. You can optionally specify a logical system and routing instance for the connection by including the logical-system and routing-instance statements at the [edit diameter transport transport-name ] hierarchy level.
By default, Diameter uses the default logical system and master routing instance. The logical system and routing instance for the transport connection must match that for the peer, or a configuration error is reported.
Each Diameter peer is specified by a name. Peer attributes include address and the destination TCP port used by active connections to this peer. To configure a Diameter peer, include the peer statement at the [edit diameter] hierarchy level, and then include the address and connect-actively statements at the [edit diameter peer peer-name ] hierarchy level.
To configure the active connection, include the port and transport statements at the [edit diameter peer peer-name connect-actively] hierarchy level. The assigned transport identifies the transport layer source address used to establish active connections to the peers.
Diameter enables a lower load on the network and servers by reporting usage information at a much lower frequency compared to RADIUS. Diameter applications such as Gx enable you to set thresholds with correlating pushes of usage statistics from the router to the PCRF. The PCRF can then make appropriate adjustments to services and costs.
Wireless services and charging are typically performed with Diameter applications, but wireline services have generally used a RADIUS-based infrastructure. Customers with both wireline and wireless offerings can reduce the complexity and cost of maintaining separate infrastructures by migrating their wireline operations to their existing Diameter-based wireless infrastructure. It communicates with a PCRF. If the PCRF determines it has insufficient information to make a determination, it may deny the request.
Junos OS supports authentication and authorization only. Table 1: Diameter Messages and Diameter Applications. The request can be one of three types: address-authorization, provisioning-request, or synchronization. Request from one peer to another when the peers establish a transport connection; initiates the capability negotiation. Otherwise, the CEA details establish common capabilities between the peers and enable them to further establish communication. The CCR-I message is retried up to 3 times.
An update request CCR-U message is sent when a usage threshold is reached. The CCR-U reports the actual usage for all statistics. When the change in threshold values is less than the minimum, the values are adjusted to the minimums.
For example, the minimum increase for duration is 10 minutes. A CCR-U is also sent to report the status of service activation or deactivation. When a monitored service is deactivated as part of the subscriber logout, the CCR-T message includes monitored usage data for the service, such as bytes used. All other responses are ignored and the CCR-I is retried. All other responses are ignored and the CCR-T is retried.
Reply from router to a JSDR message; describes session information. Request from router to PCRF regarding events that take place on the router. Events reported include cold or warm boots, explicit discovery requests, substantial configuration changes, non-response or error response from PCRF, and exhaustion of fault-tolerant resources. Includes success or failure notification for each of the service activation or deactivation commands in the request.
Audit request from the PCRF to router to determine whether a specific subscriber is still present. Reply from router to a RAR message; indicates whether the subscriber is active. Includes success or failure notification. Specifies the username. Specifies the password of the user to be authenticated or the user's input in a multi-round authentication exchange. Specifies the type of service the user has requested or the type of service to be provided. One such AVP may be present in an authentication or authorization request or response.
A NAS is not required to implement all of these service types. Identifies the IPv4 address configured for the subscriber. Specifies the name of the filter list for a user. It is intended to be human readable. Specifies the maximum transmission unit MTU to be configured for the user, when it is not negotiated by some other means such as PPP.
Specifies the maximum number of seconds of service provided to the user before termination of the session. Specifies the maximum number of consecutive seconds of idle connection allowable to the user before termination of the session or before a prompt is issued.
Specifies the time of the event that triggered the message in which this AVP is included. Time is indicated in seconds since January 1, , UTC. Attribute value is within the acceptable range through 86, seconds —Accounting is updated at the specified interval. Attribute value is less than the minimum acceptable value—Accounting is updated at the minimum interval seconds.
Attribute value is greater than the maximum acceptable value—Accounting is updated at the maximum interval 86, seconds. Identifies the port of the NAS that authenticates the user. Specifies the name of an assigned address pool to use to assign an address for the user. Address pools are usually used for IP addresses but can be used for other protocols if the NAS supports pools for those protocols.
Specifies the name of an assigned pool to use to assign an IPv6 prefix for the user. If the access device does not support multiple prefix pools, it must disregard this AVP. Specifies the subscriber session identifier. The router assigns the value to uniquely identify a subscriber session. Indicates whether a request completed successfully. Provides an error code if the request failed. Unrecognized classes, which begin with numerals 6—9 or 0, are handled as permanent failures.
Gx-Plus supports the following values for errors in a PCRF response; when these values are received or the response is malformed or unrecognizable, the request is retried. The value is always JUNOS unless a different name is configured with the product-name option at the [edit diameter] hierarchy level. If you change the product name, the router disconnects all existing connections to Diameter peers and reconnects using the new name.
Specifies debugging information in cases where a request is rejected or not fully processed due to erroneous information in a specific AVP. The Error-Message AVP is not intended to be useful in real-time; do not expect network entities to parse the message.
Identifies a request within a session. The number is incremented for each request during the course of a session. The number is reset when a router high availability event takes place.
Hi, I have a query. Pls provide your comments. I could not get enuf information from any web searches. Thanks in advance. Regards, Karthik.
A developer’s perspective: Why do I like Diameter protocol?
Diameter is an authentication, authorization, and accounting protocol for computer networks. It belongs to the application layer protocols in the internet protocol suite. The name is a play on words, derived from the RADIUS protocol, which is the predecessor a diameter is twice the radius. Diameter is used for many different interfaces defined by the 3GPP standards, with each interface typically defining new commands and attributes.
Diameter Base Protocol
I knew various protocols and I immediately took on Diameter. A Diameter node knows how to connect to another Diameter node or what to do if another Diameter node wants to connect to it. And then, they speak the Diameter application language. And the beauty of the protocol is that the Diameter message the packet can be extended in many ways. Let me get into the details of this.