Page 1 of 4 Diameter Protocol Explained: DIAMETER at a Glance 4
Transcription
Page 1 of 4 Diameter Protocol Explained: DIAMETER at a Glance 4
Diameter Protocol Explained: DIAMETER at a Glance 2 More Page 1 of 4 Next Blog» Search Topic Followed By Search Diameter at a Glance Telecom Authentication Process with Google Friend C Content DIAMETER at a Glance • New :: RFC-6737 (DIAMETER Capabilities Update) Here we have noted some of the major points in DIAMETER protocol that would help you to walk through the whole protocol in just few minutes. • New :: Capture Diameter Messages without wireshark. • New :: RFC-6733 (Diameter Base Protocol) • Introduction to Diameter 1)Diameter is a AAA (Authorization, Authentication and Accounting ) protocol works at application layer in OSI model, over TCP/SCTP or TLS/DTLS(for security) protocol. Diameter is successor of RADIUS (Remote Remote Authentication Dial In User Service) protocol that run over UDP. Already a member? S • Improvements of Diameter over RADIUS • Diameter Message Structure and Message Flow • Diameter AVP Structure • Diameter Peer Discovery • Capability Negotiation 2)Diameter has following improvements over RADIUS. a) Reliable b) Transport Layer Security c) Fail-over Mechanism d) Server Initiated Messages e) Agent Support f) Audit-ability g) Transition Support h) Capability Negotiation i) Roaming Support j) Peer Discovery & configuration • DIAMETER Connection Establishment • Election Process 3)Diameter Default port is 3868 for TCP/SCTP and 5868 for TLS/DTLS. • Diameter Peer Connection and Disconnection • Realm Based Routing Table • Diameter Message Processing • Message Processing at Redirect Agent • Securing Diameter Messages • IPsec • TLS Transport Layer Security • Transport Failure Detection • Diameter Address Format • Diameter Errors • Result Code and Experimental Result Code. 4)Diameter is a message based protocol,where information is exchanged on the basis of Request and Answer message. Each message contains Header and Data sections. Header section contains following fields a) Version - Diameter version, Remain set to 1. b) Command Code - To uniquely identify a message in application c) Command Flags - R(Request),P (Proxiable), E (Error Response) T(Re-Transmission of Request) d) Application Id - To uniquely identify and Application e) Hop-by-Hop Id - To uniquely identify a message between two nodes and to map response with request. f) End-to-End Id - To detect duplicate message. h) Length - Header length + Data length Data field contains AVPs, AVPs are likely in field-value format. Command Code and Application Ids are decided by a governing bodies such as IANA, 3gpp etc. • List of Result Codes • List of Experimental Result codes • Diameter Sessions and Session States • Authorization Session • Diameter Session establishment and disconnection • Important Session AVPs and their usage in session. Follow by Email Email address Recent Visitors Submit Total Pageviews Recent Posts • Diameter Agents • Peer Table Explained Members (88) Mo 5)AVPs are the actual unit that shall contain the data that is meaning full for application. AVP also has a Header and Data section. AVP Header section contains following. a) AVP Code -To Uniquely Identify an AVP (assigned by IANA,3gpp etc.) b) AVP Flag - M (Mandatory), V(Vendor Specific), P (Protected) c) Vendor Id - Vendor Id assigned by IANA is set if V bit of AVP Flag is set. d) AVP Length - Header Length + Data Length Data section contains actual data. This section can contain another AVP in it. AVP containing another AVP in its data section is called Grouped AVP. 6) As we know that DIAMETER has a great feature Peer Discovery over RADIUS, A DIAMETER Node can be aware of its surrounding DIAMETER Node. It can be of two type Static and Dynamic. In static when a Diameter node is deployed then its surrounding nodes are statically configured by the Operator. While in Dynamic discovery Peer used SRVLOC and DNS to know about surroundings. DIAMETER at a G Telecom Identity Authentication Pro Simultaneous Ope Connections TCP Connection Establishment TCP Message For Diameter Interfaces Applications • RFC-6737 (DIAME Capabilities Updat • RFC-6733 (Diame Protocol) • Bootstrapping Ser Function (BSF) • Diameter Network Server Application • Diameter Interface (EPC) • S6a/S6d • S13/S13' (Equipm Status Check) • Sh Interface • Cx Interface Latest Discussion Sank commented on Daimeter Avp Structu Vitandavadi,RFC-673 following :: AVP num through 255 are…” Team-Diameter com on Transport Failure Detection: “Hi Nasee RahmanDRA shall re reply with result code Unable to…” 7) A DIAMETER Node that wants to make connection with other DIAMETER node shall http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html 4/4/2015 Diameter Protocol Explained: DIAMETER at a Glance first make transport connection over TLS/SCTP then DIAMETER Connection by Live Traffic Feed A visitor from Nashville, performing Capability negotiation between nodes. Capability negotiation is a Tennessee viewed "Diameter process where to nodes decide whether they have any thing common (Application) Protocol Explained: topic to talk or not. CER/CEA message is used for this process, CER-CEA is the DIAMETER is at a Glance" first DIAMETER message exchanged between two nodes. If protection to be 13 A visitor from Nashville, secs maintain then TLS/DTLS is used as transport and even CER-CEA isago exchanged over Tennessee viewed "Diameter secured channel. Protocol Explained: Realm Based Routing Table" 33 secs A visitor from Nashville, ago 8)Capability Exchange is the process where two nodes shares what all applications Tennessee viewed "Diameter they support with the help of CER-CEA messages. Applications Protocol are identified Explained: with Realm the help of application IDs assigned by IANA. Two nodes that are to make Basedsupposed Routing Table" 37 secs DIAMETER connection, then any node can trigger CER message and other node shall A visitor from Nashville, ago respond with CEA message. If both nodes initiates CER at Tennessee simultaneously then viewed "Diameter ELECTION occurs to chose one DIAMETER connection out of two.Protocol Node whose OriginExplained: Realm Host AVP value is higher in Dictionary Order shall win election and Must drop Based Routing Table" 50 secs A visitor from Tel Aviv ago connection initiated by it. viewed "Diameter Protocol Explained: Diameter Message 20Bangalore, mins 9) Diameter standard advises to make two DIAMETER connectionProcessing" peer one ago as Awith visitora from Karnataka viewedbreaks "Diameter PRIMARY and other is called as SECONDARY. If in-case Primary connection Protocol Explained: S6a/S6d down then application has secondary connection to provide services. [MME/SGSN HSS]" 1 hr 20 A visitor mins ago from India viewed Protocol 10)Device-Watchdog-Request/Answer are exchanged between two"Diameter nodes as soon as Explained: Diameter Message DIAMETER connection is established. DWR-DWA act as health check messages to check Structure and Message Flow" DIAMETER connection status. A visitor fromago Central District 1 hr 21 mins viewed "Diameter Protocol Explained: [UMTS - 3G] 11) A DIAMETER node can close a diameter connection with another node by sending UTRAN Authentication Disconnect-Peer-Request (DPR) with one of the following reasons 1) Reboot 2) Busyago A visitor from Procedure" 1 hrBangalore, 31 mins 3) Do not want to talk to you. Karnataka viewed "Diameter Protocol Explained: List of Result Codes" 1 hr 36 mins visitor from Lidingö, 12)DIAMETER defines agents by providing specific role to each.A namely ago Stockholms Lan viewed a)RELAY (Route a message without changing message), "Diameter Protocol b)Proxy (Route a message and can change message), E l i d" 3 h 17 i c)Redirect (Doesn't Route a message but provides Routing Info), Real-time view · Get Feedjit d)Translator (Converts DIAMETER message to RADIUS message and vice-versa) Agent is nothing but an application. 13)On established DIAMETER connection to send/receive a request message every diameter node shall contain two tables namely a) Peer Table - Identity Information of nodes that are directly connected with considered node. b) Realm Table - Contains routing and processing information of the nodes that are present in peer table. Both tables are used in message processing,initiating a message or forwarding a message etc. 14)Every DIAMETER message shall be responded with an Answer message. Answer message shall follow the same path that was followed by request. Answer message can contain either Success or Failure/Error. Failure/Error is also accepted as an Answer. Page 2 of 4 Naseem Rahman co on Transport Failure Detection: “HI, What when you have a DR place? because NOD sends message to… Naseem Rahman co on Transport Failure Detection: “HI, What when you have a DR place? because NOD sends message to… Vitandavadi commen Daimeter Avp Structu “Thanks for your repl understand we will us AVP code and follow Popular Posts List of Result Cod List of Result-Cod Kindly take printou shall help you duri development or te exercise. Result-C S6a/S6d [MME/SG <-->HSS] Some times S6a/S interfaces are trea two separate inter here we treat them single because bo same application.. Dia Me Str an Me Flo Diameter is Messa (Packet) based pro There are two type messages Reques Messages and An Messages . And th Message st... Dia AV Str Dia AV the unit inside the Dia message that carr Data(Authenticatio Security Data , Da pertaining t... Capability Negotia The basic motive o process is to KNO the other node to w node intended to communicate befo establishing the connectio... 15)Diameter also have the concept of session, Session is different than connection. Connection is a transport layer entity while Session is Application layer. Ideally in a session resources assigned to a session shall remain associated with the session until session terminates. Two nodes can have multiple, nested sessions. State of node is maintained during session. Diameter provides various messages and AVPs to manipulate or control a session. Your Comments /Suggestions and Questions are always welcome. We would try to clarify doubts with best of our knowledge. So feel free to put Questions. +2 Recommend this on Google Reactions: 10 comments: jyoti soni April 25, 2014 at 3:38 AM http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html 4/4/2015 Diameter Protocol Explained: DIAMETER at a Glance Page 3 of 4 Great post! I am impresed to read your blog It takes me almost half an hour to read the whole post. Definitely this one of the informative and useful post to me. Thanks for the share. you also visit my site SInvestment Property AccountingThere is great satisfaction in knowing we've done our job well and served our clients' interests. Reply zubair ali May 14, 2014 at 11:58 PM Best explained. Very useful and informative... Reply Dattu Jadhav June 8, 2014 at 9:36 AM Hi Friend , Can any one explain Diameter error code 5013 Diameter_Invalid_Bit_in_Header. If the CCA result code is 5013 means from where this is missing either client end or server end. AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_INVALID_BIT_IN_HEADER (5013) Reply Replies Team-Diameter June 8, 2014 at 9:28 PM Hi Jadhav, As far as our understanding of you issue, we have observed that CCR Header bits are not proper. So the entity originating CCR shall be checked, Wireshark trace shall help you people to understand it better According to RFC-6733, DIAMETER_INVALID_BIT_IN_HEADER 5013 This error is returned when a reserved bit in the Diameter header is set to one (1) or the bits in the Diameter header are set incorrectly. Therefore this issue could be one of the following reasons 1) R -Reserve Bit :: Any of the reserve bit is set to one, and receiver of CCR message is developed in such a way that it is not ignoring reserve bit, It is up to the receiver that it may Ignore reserve bits or Return error to highlight that header format is incorrect 2)Bit combination in Command Flag is invalid, Such as setting error bit in Request message or ReTransmitting (T-Bit is set but R-bit is not set) message with invalid command flag etc. This could be easily observed with the help of Wireshark trace. Thanks for your query. Happy to help you again. Team-Diameter Reply Dattu Jadhav June 8, 2014 at 10:04 AM Please give complete error description . this i faced in live environment....... Reply sayan3110 July 1, 2014 at 3:42 AM Excellent Article !!! Reply Unknown August 5, 2014 at 10:30 AM I have an query related to application-id, why application-id is used in two place in diameter messages for example in CCR message in gx interface. 1. Application-ID in message header. 2. Auth-Application-Id in message data. Reply Sergej Šrepfler December 17, 2014 at 11:32 PM Can you also explain diameter dictionary? Especially WHY there are commented AVPs in wireshark dictionary. Reply Replies Ajay kumar Priyadarshi January 12, 2015 at 9:23 PM http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html 4/4/2015 Diameter Protocol Explained: DIAMETER at a Glance Page 4 of 4 Diameter dictionary means definition of AVPs and messages as per diameter standards. e.g. each interface defines its AVPs with following parameters AVP Flag rules Attribute Name AVP Code Value Type Must May Should not Must not As you have seen wireshark uses dictionary in xml format. It is upto the tool how it wants to read above values. Commented AVPs means either they are obsoleted or not required. I think you have got your answers. Reply sayan3110 January 7, 2015 at 1:23 AM Reply Enter your comment... Comment as: Publish Select profile... Preview Links to this post Create a Link Home Older Post Subscribe to: Post Comments (Atom) Simple template. Powered by Blogger. http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html 4/4/2015