Canonical URL: ; File formats: Plain Text PDF; Status: PROPOSED STANDARD; Obsoleted by: RFC ; Updated by. Diameter is an authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC ( Obsoletes: RFC ) and defines the minimum requirements for an AAA protocol. Diameter. Diameter is the protocol used within EPS/IMS architectures for AAA ( Authentication, Diameter is specified primarily as a base protocol by the IETF in RFC

Author: Molkree Zulujinn
Country: Norway
Language: English (Spanish)
Genre: Career
Published (Last): 28 June 2005
Pages: 101
PDF File Size: 19.93 Mb
ePub File Size: 16.51 Mb
ISBN: 760-3-62504-284-6
Downloads: 13010
Price: Free* [*Free Regsitration Required]
Uploader: Bralabar

Since enforcing diamter requires an understanding of the service being provided, Proxies MUST only advertise the Diameter applications they support. The default value is infinity. The following format is used in the definition: Diameter AVPs Diameter AVPs carry specific authentication, accounting, authorization, routing and security information as well as configuration details for the request and reply.

The “ip” keyword means any protocol will match. This page was last edited on 19 Octoberat It is set when resending requests not yet diamteer as an indication of a possible duplicate due to a link failure. Translation agents are likely to be used as aggregation servers to communicate with a Diameter infrastructure, while allowing for the embedded systems to be migrated at a slower pace.

In rcc to authenticating each connection, each connection as well as the entire session MUST also be authorized. The name is a play on words, derived from the RADIUS protocol, which is the predecessor a diameter is twice the radius.


Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis. Archived from the original on 4 July Senders of request messages MUST insert a unique identifier on each message.

By issuing an accounting request corresponding to the authorization response, the local realm implicitly indicates its agreement to provide the service indicated in the authorization response.

Messages with the ‘E’. Proxies that wish to limit resources MUST maintain 3588 state. A stateless agent is one that only maintains transaction state.

Diameter Path Authorization As noted in Section 2. The keyword “any” is 0. There is one kind of packet that the access device MUST always discard, that is an IP fragment with a fragment offset of one.

Diameter (protocol)

Duplicate answer messages that are to be locally consumed see Section 6. The ” R ” Diiameter bit — If set, the message is a request. Thus an administrator could change riameter configuration to avoid interoperability problems. Additionally, application specific state machines can be introduced either later or at a higher abstraction layer.

Adding a new optional AVP does not require a new application. These services are provided by supporting AVP integrity and confidentiality between two peers, communicating through agents.

Diameter Base Protocol Support

The list may be specified as any combination of ranges or individual types separated by commas. Transaction state implies that upon forwarding a request, its Hop-by-Hop identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received. The definition contains a list of valid values and their interpretation and is described in the Diameter application introducing the AVP.


An access device MAY apply deny rules of its own before the supplied rules, for example to protect the access device owner’s infrastructure. Upon receipt of the redirect notification, DRL establishes a transport connection with HMS, if one doesn’t already exist, and forwards the request to it.

An access device that is unable to interpret or apply a deny rule MUST terminate the session. After that the transport connection can be disconnected.

The End-to-End Identifier is an unsigned bit integer field in network byte order that is used to detect duplicate messages along with the combination of the Origin-Host AVP. The request’s state is tfc upon receipt of the answer.

A home realm may also wish to check that each accounting request message corresponds to a Diameter response authorizing the session. Security policies, which are not the subject of standardization, may be applied by next hop Diameter peer or by destination realm.