Your continued donations keep Wikipedia running!
Diameter (protocol)
From Wikipedia, the free encyclopedia
Diameter is a computer networking protocol for AAA (Authentication, Authorization and Accounting). It is a successor to RADIUS.
Contents
1 Upgrade from RADIUS 2 Protocol description 2.1 Packet format 2.2 Commands 2.3 Attribute-Value Pairs (AVP) 2.4 State machines 2.5 Message flows 3 Applications 4 External links
Upgrade from RADIUS
The name is a pun on the RADIUS protocol, which is the predecessor (a diameter is twice the radius). Diameter is not directly backwards compatible, but provides an upgrade path for RADIUS. The main differences are as follows: Reliable transport protocols (TCP or SCTP, not UDP) Network or transport level security (IPsec or TLS) Transition support for RADIUS, although Diameter is not fully compatible with RADIUS Larger address space for attribute-value pairs (AVPs) and identifiers (32 bits instead of 8 bits) Client-server protocol, with exception of supporting some server-initiated messages as well Both stateful and stateless models can be used Dynamic discovery of peers (using DNS SRV and NAPTR) Capability negotiation Supports application layer acknowledgements, defines failover methods and state machines (RFC 3539) Error notification Better roaming support More easily extended; new commands and attributes can be defined Aligned on 32-bit boundaries Basic support for user-sessions and accounting
Protocol description
The Diameter base protocol is defined by RFC 3588, and defines the minimum requirements for an AAA protocol. Diameter Applications can extend the base protocol, by adding new commands and/or attributes. An applicati on is not a program, but a protocol based on Diameter. Diameter security is provided by IPSEC or TLS, both well-regarded protocols.
Packet format
�Commands
Each command is assigned a command code, which is used for both requests and answers. Command-Name Abort-Session-Request Abort-Session-Answer Accounting-Request Accounting-Answer Abbr. Code ASR ASA 274 274
ACR 271 ACA 271 257 257
Capabilities-Exchange-Request CER Capabilities-Exchange-Answer CEA Device-Watchdog-Request Device-Watchdog-Answer Disconnect-Peer-Request Disconnect-Peer-Answer Re-Auth-Request Re-Auth-Answer Session-Termination-Request Session-Termination-Answer
DWR 280 DWA 280 DPR DPA 282 282
RAR 258 RAA 258 STR STA 275 275
Attribute-Value Pairs (AVP)
Attribute-Name Acct-Interim-Interval Acct-Multi-Session-Id Accounting-Record-Number Accounting-Record-Type Accounting-Session-Id Accounting-Sub-Session-Id Acct-Application-Id Auth-Application-Id Auth-Request-Type Authorization-Lifetime Auth-Grace-Period Auth-Session-State Re-Auth-Request-Type Class Destination-Host
Code Data Type 85 50 485 480 44 287 259 258 274 291 276 277 285 25 293 Unsigned32 Enumerated UTF8String Unsigned32 Enumerated OctetString Unsigned64 Unsigned32 Unsigned32 Enumerated Unsigned32 Unsigned32 Enumerated Enumerated OctetString DiamIdent
Accounting-Realtime-Required 483
�Destination-Realm Disconnect-Cause E2E-Sequence Error-Message Error-Reporting-Host Event-Timestamp Experimental-Result Experimental-Result-Code Failed-AVP Firmware-Revision Host-IP-Address Inband-Security-Id Multi-Round-Time-Out Origin-Host Origin-Realm Origin-State-Id Product-Name Proxy-Host Proxy-Info Proxy-State Redirect-Host Redirect-Host-Usage Redirect-Max-Cache-Time Result-Code Route-Record Session-Id Session-Timeout Session-Binding Session-Server-Failover Supported-Vendor-Id Termination-Cause User-Name Vendor-Id
283 273 300 281 294 55 297 298 279 267 257 299 272 264 296 278 269 280 284 33 292 261 262 268 282 263 27 270 271 265 295 1 266
DiamIdent Enumerated Grouped UTF8String DiamIdent Time Grouped Unsigned32 Grouped Unsigned32 Address Unsigned32 Unsigned32 DiamIdent DiamIdent Unsigned32 UTF8String DiamIdent Grouped OctetString DiamURI Enumerated Unsigned32 Unsigned32 DiamIdent UTF8String Unsigned32 Unsigned32 Enumerated Unsigned32 Enumerated UTF8String Unsigned32 Grouped
Vendor-Specific-Application-Id 260
State machines Message flows
Applications
A Diameter Application is not a software application, but a protocol based on the Diameter base protocol (defined in RFC 3588). Each application is defined by an application identifier and can add new command codes and/or new mandatory AVPs. Adding a new optional AVP does not require a new application. Examples of Diameter applications : Diameter Mobile IPv4 Application (MobileIP, RFC 4004) Diameter Network Access Server Application (NASREQ, RFC 4005) Diameter Extensible Authentication Protocol Application (RFC 4072) Diameter Credit-Control Application (DCCA, RFC 4006)
�Diameter Session Initiation Protocol Application (RFC 4740) Various applications in the 3GPP IP Multimedia Subsystem (Generic Bootstrapping Architecture): Bootstrapping Server Function
External links
http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.h tml Cisco page outlining differences between RADIUS and DIAMETER http://sourceforge.net/projects/openblox/ Open Source Java IMS optimised Full Diameter solution http://www.diva-portal.org/diva/getDocument?urn_nbn_se_liu_diva-1195-1__fulltext .pdf Paper about Diameter by Hkan Ventura http://www.csg.uzh.ch/staff/morariu/opendiameter/ OpenDiameter Debian and Ubuntu repository http://www.amazon.com/AAA-Network-Security-Mobile-Access/dp/0470011947/ref=sr_1_1?ie=UTF8&s=books&qid=1203514099&sr=1-1 AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility Retrieved from "http://en.wikipedia.org/wiki/Diameter_%28protocol%29" Categories: Authentication methods | Internet protocols | Internet standards | Software stubs Hidden categories: Articles to be expanded since June 2008 | All articles to be expanded | Articles with sections needing expansion This page was last modified on 5 June 2008, at 17:45. All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.) Wikipedia is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
