Diameter Protocol

By -
 
 
Diameter is AAA (authentication, Authorization, and Accounting protocol) such as RADIUS protocol. As name suggest, DIAMETER is double of RADIUS protocol. while there are many difference between two protocols but one of the main difference is diameter provides the security and reliability because diameter uses TCP/SCTP on transport level, it uses TLS and DTLS. whereas RADIUS runs over the UDP.
 
Diameter protocol is peer to peer protocol so that any node can initiates a request, all data delivered in form of AVPs and provides following facilities:
 
- Ability to exchange messages and deliver AVPs.
- Capability Negotiation
- Error Notification
- Application specific services.
 
 
Diameter base protocol is run on port 3868 for both TCP and SCTP. TLS and Datagram Transport Layer Security (DTLS) uses port 5658. It is assumed TLS run on top of TCP and DTLS is run on top of SCTP. When no transport connection available with peer node, peer should try to connect it periodically with in Tc timer(default 30sec).
 
When connecting to a peer node and more than one connection are available, TLS should be tried first, and followed by DTLS, and then TCP and finnaly by SCTP. So the connection priority should be TLS -> DTLS -> TCP -> SCTP.
 
Diameter over SCTP: While Diameter runs over SCTP, diameter message should be mapped into SCTP streams in a way to avoid head-of-line blocking. To make sure above requirement diameter message should be sent with enabling out-of-order delivery. But out-of-order delivery have special concerns during connection establishment and termination. During connection establishment with out-of-delivery, while diameter exchanging capability message (CER/CEA) it could be possible application specific message come first before connection established. So to avoid this race condition, the receiver should not start out-of-delivery until connection established (CEA-CAR and first DWR-DWA). 
 
Connection Vs Session::
 
Connection refers to transport level connection between two peers that used to send and receives diameter message. A session is logical concept at application level that exist between diameter client and server and it is identified via the session-id AVP.
 
 
 
     P1 <--- Connection1 ---> P2 <---- Connection2 -----> P3
 
      <------------------ Session ------------------------>  
 
Diameter Peer Table:
 
This table is used in message forwarding and is referred by the routing table. It contains following entries:
 
- Host Identity: This field contains the content of Origin-Host AVP found in CER and CEA messages.
- StatusT: This is used for status of peer node.
- Static or Dynamic: Specify whether entity was statically configured or dynamically discovered.
- Expiration Time: Specify the expiration time for dynamically discovered entity.
- TLS/TCP or DTLS/SCTP Enabled: specify type of transport either TCP/TLS or DTLS/SCTP
 
Diameter Routing Table:
 
This table is used for all realm based routing lookup. It contains following entries:
 
- Realm Name: Store realm name, used as primary key for lookup.
- Application ID: Stores Application ID, used as secondary key.
- Local Action: specify how message should be treated and following actions are supported:
    1. LOCAL: Diameter message processed locally.
    2. RELAY: Message routed next hop and routing done without modifying any non routing entity.
    3. PROXY: Message routed to next Diameter entity based on routing lookup and message modified before forwarding based on local policy.
    4. REDIRECT: Message returned to sender with redirection information.
- Server ID: Identity of servers to which message has to routed and it should be present in host ID of peer table.
- Static or Dynamic: Specify whether entity was statically configured or dynamically discovered.
- Expiration Time: Specify the expiration time for dynamically discovered entity.
 
Diameter Agents:
 
1- RELAY AGENT: Relay Agents accepts request and route message to other diameter node based on information in message based on routing table. Relay agent inserts or remove routing information but do change in other portion of message.
 
2- PROXY AGENTS: routes message based routing table and it can enforce local policy before forwarding message to next entity.
 
3- REDIRECT AGENT: Redirect agents does not relay message but sent answer to originator with required information to redirect request.
 
4- TRANSLATION AGENT: used to translated message between two protocols like diameter <-> radius, TACACS <-> diameter.
 
 
Diameter Message Header: 
 
 1                                                                           4
 -------------------------------------------------
| Version=1 (L=1)     | Message Length  (L=3)    |
--------------------------------------------------
| Command Flags (L=1) |    Command Code (L=3)    |
|  RPETrrrr                 |                                          |
--------------------------------------------------
|             Application-ID                     |
--------------------------------------------------
|             Hop-by-Hop Identifier              |
--------------------------------------------------
|             End-to-End Identifier              |
--------------------------------------------------
| AVPs....
-------------
 
Command Flags:
 
R- Request - Set for request
P- Proxiable - If set, Message is proxied
E- Error - If set, referred to as error message.
T- Potentially retransmitted Message - If set, retransmitted message.
rrrr - Reserved.
 
Application-ID: Used to identify the application, application can be authentication, accounting or vender-specific application.
 
Hop-by-Hop Identifier: Used to match request and answer.
 
End-to-End Identifier: used to detect duplicated message.
 
Command Codes:
 
ASR - Abort Session Request - Code 274
ASA - Abort Session Answer  - Code 274
ACR - Accounting Request    - Code 271
ACA - Accounting Answer     - Code 271
CER - Capability-Exchange-Request - Code 257
CEA - Capability-Exchange-Answer  - Code 257
DWR - Device-Watchdog-Request - Code 280
DWA - Device-Watchdog-Answer - Code 280
DPR - Disconnect-Peer-Request - Code 282
DPR - Disconnect-Peer-Answer - Code 282
RAR - Re-Auth-Request - Code 258
RAA - Re-Auth-Answer - Code 258
STR - Session-Termination-Request - Code 275
STA - Session-Termination-Answer - Code 275
 
 
Diameter AVPs:
 
Diameter AVPs carry accounting, authorization, and routing information as well configuration.
 
AVP Header:
 
-------------------------------------------------
|                      AVP Code                  |
-------------------------------------------------
|Flags VMPrrrrr |       AVP Length               |
--------------------------------------------------
|              vender-ID                         |
--------------------------------------------------
| Data ....
-----------------------------------
 
Flags: P - reserved - set to 0
M - Mandatory - receiver must understand and parse AVP and return error if unable to understand it.
V - Vender ID - If set, specify optional Vender specific field is present.
        
 
 
 
 
 
 
 
 
||

Comments

  1. ademarr1April 24, 2018 at 4:07 AM

    Are you looking for a perfect PC control USB headset for home or business use? Then this Sennheiser 2-ear-control-pc-usb-headset is exactly what you are looking for. Whether you run a small or big business, this device will add more value to what you do.

    ReplyDelete
  2. ComCode TechnologyFebruary 27, 2019 at 12:39 PM

    Nice blog, thanks for sharing diameter protocol tutorial

    ReplyDelete
  3. Quickbooks Customer ServiceMay 16, 2022 at 10:29 AM

    If you're looking for help in using it, just dial Quickbooks Customer Service +1 888-210-4052 to speak with a live representative.

    ReplyDelete
  4. cakes shop in mohaliMay 25, 2022 at 6:02 PM

    Thank you for sharing such a great article.
    , cakes in 199rs mohali.

    ReplyDelete
  5. dell service center locationsJune 25, 2022 at 1:25 PM

    If you are looking for a Dell laptop repair center in Noida Sector 18, then you are in luck. Dell offers door-to-door service to its clients at affordable rates. If your computer is beyond repair, you can also get a free estimate from the service center before you make your appointment. You can even fix an appointment at your convenience. To schedule an appointment, you can visit the our Dell service center's website.
    Dell service center in sector 18 Noida

    ReplyDelete
  6. Supreme HospitalAugust 26, 2022 at 1:54 PM

    What a wonderful information it really helps me a lot to understand new things also have a look on this Best Bariatric surgeon in Delhi NCR

    ReplyDelete
  7. Supreme HospitalAugust 26, 2022 at 1:58 PM

    Thank you for this important information it contains very good knowledge and helps me a lot Best hernia Surgeon in Delhi NCR

    ReplyDelete
  8. ESD FactorySeptember 6, 2022 at 10:26 PM

    Awesome Blog! Thanks for sharing this post. It is an interesting post for everyone. When i read about this post then got more information. I like it.

    ESD Gloves

    Nitrile Gloves

    ESD Table Mat

    ReplyDelete
  9. Supreme HospitalDecember 23, 2022 at 12:57 PM

    Thank you for this informative post it really helps me a lot to undestand new things keep doing this work also have a look on this Best oesophagus Surgeon in Delhi NCR

    ReplyDelete
  10. Top Computer CoachingAugust 7, 2023 at 3:10 PM

    If you're looking for a reliable Best Computer Course in Laxmi Nagarthat offers excellent educational programs along with placement assistance then look no further than BIIT Technology (Brahmanand Institute of Information & Technology).

    Call For Enquiry- 9318356685

    ReplyDelete

Post a Comment

Popular posts from this blog

Intelligent Networks (IN) and CAMEL

By -
Image
Intelligent Networks (IN) :-  Intelligent Networks is a concept service intelligence resides in a central node called an SCP and SSPs (residing on Switches) relinquish control to this node at particular stages in a call so that appropriate service logic can be applied. Objectives of IN: - Increased Service Velocity / Speed of Deployment - Increased Range of Services - Evolvability from Existing Networks - Service & Vendor Independent Implementation - MSC just focuses on core job of call processing Network Before IN:   Before IN application, there was messed network for every node: Network with IN : After IN implementation, Network is organised. Basic Concepts  – PIC and DPs & BCSM: Point In Call (PIC)  :  A state in a basic call state model. Detection Point (DP)  :  A point in basic call processing at which specific event is detected. Detection Points represent  transitions  between points in call processing
Read more

Diameter Messages

By -
Capability Exchange: When two peers established transport connection, they must exchange the capability exchange message. this message allows the discovery of peer's identity and its capabilities. Once transport layer is established, CER and CEA exchanged to determine the capability of peer endpoint followed by DWR/DWA. In below example DiameterNodeA start diameter connection with DiameterNodeB after transport layer connection established. In case of TCP (Syn/Syn-Ack) and  SCTP (Init/Init-Ack/Coockie Echo) exchanged. In case of SCTP Connection establishment(CER, CEA, DWR, and DWA) are exchanged with setting out-of-order delivery false to avoid race-condition and for connection termination (DPR/DPA) set the timer to receive out-of-order message before terminating the connection.               DiameterNodeA                     DiameterNodeB                                     <------Transport Layer Established--------->                ---------------------- CER -------
Read more

SRVCC - Single Radio Voice Call Continuity

By -
SRVCC enables continuity of voice call anchored in IMS network, when UE changes its access network from packet based in eUTRAN to circuit based GERAN or UTRAN, without requiring the UE to have simultaneous access to both the radio network.   It accomplishes this by enhancing the MMEs, serving E-UTRAN and the 3GPP CS MSC serving GERAN/UTRAN such that when the UE is still anchored within the E-UTRAN network and triggers a measurement report indicating a need for handover (HO) to GERAN/UTRAN, the MSC can initiate IMS service continuity procedure towards the IMS domain in addition to preparing for a handover into its GERAN/UTRAN access, before the UE is directed to change its access network to GERAN/UTRAN.     The SRVCC feature requires the new Sv interface between MSC and MME. Sv Interface runs over UDP. Following messages are exchanged over Sv Interface:   - PS to CS Request - PS to CS Response - PS to CS Complete Notification - PS to CS Complete Acknowledge - PS t
Read more