Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. The Diameter base protocol is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or. Diameter is specified primarily as a base protocol by the IETF in RFC and then DIAMETER base protocol must be used in conjunction with DIAMETER.

Author: Akikinos Tutaxe
Country: Great Britain
Language: English (Spanish)
Genre: Video
Published (Last): 19 August 2017
Pages: 36
PDF File Size: 19.5 Mb
ePub File Size: 6.67 Mb
ISBN: 514-1-48342-760-8
Downloads: 6320
Price: Free* [*Free Regsitration Required]
Uploader: Akinogore

This results in a large administrative burden, and creates the temptation to reuse the Rrfc shared secret, which can result in major security vulnerabilities if the Request Authenticator is not globally and temporally unique as required in [ RADIUS ].

Each “user” of a service causes an auth request to be sent, with a unique session identifier. Since RADIUS clients and servers are not aware of each other’s capabilities, they may not be able to successfully negotiate a mutually acceptable service, or in some cases, even be aware of what service has diameter base protocol rfc 3588 implemented.

In this case, all IP numbers from 1. Diameteg defines agent behavior explicitly; this is described in Section 2. A Diameter node MAY act as an agent for certain requests while acting as a server for others.

End-to-end security is security between two Diameter nodes, possibly communicating through Diameter Agents. Fragmented packets that have a non-zero offset i. The example provided in Figure 3 depicts a request issued from the access device, NAS, for the user bob example.

There is one kind of packet that the access device MUST always discard, that is an IP fragment with a fragment offset of one. The communicating party may accept the request, or reject it by returning an answer message with the Result-Code AVP. However, they differ diameter base protocol rfc 3588 they modify messages to implement policy enforcement.


Diameter Protocol Related Configurable Parameters Given that the Diameter protocol introduces the concept of long-lived authorized sessions, translation agents MUST be session stateful and MUST maintain transaction state. Server Identifier One or more servers the message is to be routed to. Two Diameter applications are defined by companion documents: Since the expected behavior is not defined, it varies between implementations.

Accounting servers creating the accounting record may do so by processing interim accounting events or accounting diameter base protocol rfc 3588 from several devices serving the same user.

Diameter Base Protocol

Security is discussed in Section Newer Post Older Post Diameter base protocol rfc 3588. Communication between Diameter peers begins with one peer sending a message to another Diameter peer. Application-ID is used to identify diameeter which Diameter application the message is applicable. An example is a message set used to terminate a session. Since a new EAP authentication method can be supported within Diameter without requiring new AVPs, diameter base protocol rfc 3588 of EAP methods does not require the creation of a new authentication application.

Hi Dinesh, Many thanks for the info. Every Diameter message MUST contain a diameter base protocol rfc 3588 code in its header’s Command-Code field, which is used to determine the action that is to be taken for a particular message.

For more information please refer https: Since redirect agents do not relay messages, and only return an answer with the information necessary for Diameter agents to communicate directly, they do not modify messages. At this time the focus of Diameter is network access and accounting applications.


Team-Diameter March 2, at Each new definition must be either defined or listed with a reference to 358 RFC that defines the format. Realm The string in the NAI that immediately follows the ‘ ‘ character.

Multi-sessions are tracked by using the Acct-Multi-Session-Id. In RAR Re-Auth-Requset server is asking the client to authenticate himself again as a time of authenticated session is elapse; this time value ;rotocol exchanged between them in earlier messages.

Diameter Protocol Explained: New RFC (Diameter Base Protocol)

There are certain exceptions to this rule, such as when a peer has terminated the transport connection stating that it does not wish to communicate. Through DNS, Diameter enables dynamic discovery of peers.

Within an accounting command, setting the “M” bit implies that a backend server e.

Obsolete RFCs are indicated with strikethrough text. Redirect agents do not originate diameter base protocol rfc 3588 and are capable of handling any message type, although they may be configured only to redirect messages of certain types, while acting as relay or proxy agents for other types.

I hope the above information will help you.

Command-Code The Command-Code field is three octets, and is used in order to communicate the command associated with the message. This routing decision is performed using a list of supported diamter, and known peers. Diameter Client A Diameter Client is a device at the edge of the network that performs access control.