Page 1 of 4 Diameter Protocol Explained: DIAMETER at a Glance 4

Transcription

Page 1 of 4 Diameter Protocol Explained: DIAMETER at a Glance 4
Diameter Protocol Explained: DIAMETER at a Glance
2
More
Page 1 of 4
Next Blog»
Search Topic
Followed By
Search
Diameter at a Glance
Telecom Authentication Process
with Google Friend C
Content
DIAMETER at a Glance
• New :: RFC-6737
(DIAMETER Capabilities
Update)
Here we have noted some of the major points in DIAMETER protocol that would help
you to walk through the whole protocol in just few minutes.
• New :: Capture Diameter
Messages without wireshark.
• New :: RFC-6733
(Diameter Base Protocol)
• Introduction to Diameter
1)Diameter is a AAA (Authorization, Authentication and Accounting ) protocol works
at application layer in OSI model, over TCP/SCTP or TLS/DTLS(for security)
protocol. Diameter is successor of RADIUS (Remote Remote Authentication Dial In
User Service) protocol that run over UDP.
Already a member? S
• Improvements of Diameter
over RADIUS
• Diameter Message
Structure and Message
Flow
• Diameter AVP Structure
• Diameter Peer Discovery
• Capability Negotiation
2)Diameter has following improvements over RADIUS.
a) Reliable
b) Transport Layer Security
c) Fail-over Mechanism
d) Server Initiated Messages
e) Agent Support
f) Audit-ability
g) Transition Support
h) Capability Negotiation
i) Roaming Support
j) Peer Discovery & configuration
• DIAMETER Connection
Establishment
• Election Process
3)Diameter Default port is 3868 for TCP/SCTP and 5868 for TLS/DTLS.
• Diameter Peer Connection
and Disconnection
• Realm Based Routing
Table
• Diameter Message
Processing
• Message Processing at
Redirect Agent
• Securing Diameter
Messages
• IPsec
• TLS Transport Layer
Security
• Transport Failure
Detection
• Diameter Address Format
• Diameter Errors
• Result Code and
Experimental Result Code.
4)Diameter is a message based protocol,where information is exchanged on the basis
of Request and Answer message. Each message contains Header and Data sections.
Header section contains following fields
a) Version - Diameter version, Remain set to 1.
b) Command Code - To uniquely identify a message in application
c) Command Flags - R(Request),P (Proxiable), E (Error Response)
T(Re-Transmission of Request)
d) Application Id - To uniquely identify and Application
e) Hop-by-Hop Id - To uniquely identify a message between two
nodes and to map response with request.
f) End-to-End Id - To detect duplicate message.
h) Length - Header length + Data length
Data field contains AVPs, AVPs are likely in field-value format.
Command Code and Application Ids are decided by a governing bodies such as IANA,
3gpp etc.
• List of Result Codes
• List of Experimental Result
codes
• Diameter Sessions and
Session States
• Authorization Session
• Diameter Session
establishment and
disconnection
• Important Session AVPs
and their usage in session.
Follow by Email
Email address
Recent Visitors
Submit
Total Pageviews
Recent Posts
• Diameter Agents
• Peer Table Explained
Members (88) Mo
5)AVPs are the actual unit that shall contain the data that is meaning full for
application. AVP also has a Header and Data section. AVP Header section contains
following.
a) AVP Code -To Uniquely Identify an AVP (assigned by IANA,3gpp
etc.)
b) AVP Flag - M (Mandatory), V(Vendor Specific), P (Protected)
c) Vendor Id - Vendor Id assigned by IANA is set if V bit of
AVP Flag is set.
d) AVP Length - Header Length + Data Length
Data section contains actual data. This section can contain another AVP in it. AVP
containing another AVP in its data section is called Grouped AVP.
6) As we know that DIAMETER has a great feature Peer Discovery over RADIUS, A
DIAMETER Node can be aware of its surrounding DIAMETER Node. It can be of two type
Static and Dynamic. In static when a Diameter node is deployed then its
surrounding
nodes
are
statically
configured
by
the
Operator.
While
in Dynamic discovery Peer used SRVLOC and DNS to know about surroundings.
DIAMETER at a G
Telecom Identity
Authentication Pro
Simultaneous Ope
Connections
TCP Connection
Establishment
TCP Message For
Diameter Interfaces
Applications
• RFC-6737 (DIAME
Capabilities Updat
• RFC-6733 (Diame
Protocol)
• Bootstrapping Ser
Function (BSF)
• Diameter Network
Server Application
• Diameter Interface
(EPC)
• S6a/S6d
• S13/S13' (Equipm
Status Check)
• Sh Interface
• Cx Interface
Latest Discussion
Sank commented on
Daimeter Avp Structu
Vitandavadi,RFC-673
following :: AVP num
through 255 are…”
Team-Diameter com
on Transport Failure
Detection: “Hi Nasee
RahmanDRA shall re
reply with result code
Unable to…”
7) A DIAMETER Node that wants to make connection with other DIAMETER node shall
http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html
4/4/2015
Diameter Protocol Explained: DIAMETER at a Glance
first make transport connection over TLS/SCTP then DIAMETER
Connection
by
Live Traffic
Feed
A visitor
from Nashville,
performing Capability negotiation between nodes. Capability
negotiation
is a
Tennessee
viewed "Diameter
process where to nodes decide whether they have any thing common
(Application)
Protocol
Explained:
topic to talk or not. CER/CEA message is used for this process,
CER-CEA
is the
DIAMETER is
at a Glance"
first DIAMETER message exchanged between two nodes. If protection
to be 13
A
visitor
from Nashville,
secs
maintain then TLS/DTLS is used as transport and even CER-CEA
isago
exchanged
over
Tennessee viewed "Diameter
secured channel.
Protocol Explained: Realm
Based Routing Table" 33 secs
A visitor from Nashville,
ago
8)Capability Exchange is the process where two nodes shares what all applications
Tennessee viewed "Diameter
they support with the help of CER-CEA messages. Applications Protocol
are identified
Explained: with
Realm
the help of application IDs assigned by IANA. Two nodes that are
to make
Basedsupposed
Routing Table"
37 secs
DIAMETER connection, then any node can trigger CER message and
other
node
shall
A visitor
from
Nashville,
ago
respond with CEA message. If both nodes initiates CER at Tennessee
simultaneously
then
viewed "Diameter
ELECTION occurs to chose one DIAMETER connection out of two.Protocol
Node whose
OriginExplained:
Realm
Host AVP value is higher in Dictionary Order shall win election
and Must
drop
Based Routing
Table"
50 secs
A visitor from Tel Aviv
ago
connection initiated by it.
viewed "Diameter Protocol
Explained: Diameter Message
20Bangalore,
mins
9) Diameter standard advises to make two DIAMETER connectionProcessing"
peer
one ago
as
Awith
visitora from
Karnataka
viewedbreaks
"Diameter
PRIMARY and other is called as SECONDARY. If in-case Primary
connection
Protocol Explained: S6a/S6d
down then application has secondary connection to provide services.
[MME/SGSN HSS]" 1 hr 20
A
visitor
mins
ago from India viewed
Protocol
10)Device-Watchdog-Request/Answer are exchanged between two"Diameter
nodes as
soon as
Explained:
Diameter
Message
DIAMETER connection is established. DWR-DWA act as health check
messages
to check
Structure
and
Message
Flow"
DIAMETER connection status.
A
visitor
fromago
Central District
1 hr
21 mins
viewed "Diameter Protocol
Explained: [UMTS - 3G]
11) A DIAMETER node can close a diameter connection with another node by sending
UTRAN Authentication
Disconnect-Peer-Request (DPR) with one of the following reasons
1) Reboot
2)
Busyago
A
visitor
from
Procedure"
1 hrBangalore,
31 mins
3) Do not want to talk to you.
Karnataka viewed "Diameter
Protocol Explained: List of
Result Codes" 1 hr 36 mins
visitor from Lidingö,
12)DIAMETER defines agents by providing specific role to each.A
namely
ago
Stockholms Lan viewed
a)RELAY (Route a message without changing message),
"Diameter Protocol
b)Proxy (Route a message and can change message),
E l i d" 3 h 17 i
c)Redirect (Doesn't Route a message but provides Routing Info),
Real-time view · Get Feedjit
d)Translator (Converts DIAMETER message to RADIUS message and
vice-versa)
Agent is nothing but an application.
13)On established DIAMETER connection to send/receive a request message every
diameter node shall contain two tables namely
a) Peer Table - Identity Information of nodes that are
directly connected with considered node.
b) Realm Table - Contains routing and processing information
of the nodes that are present in peer table.
Both tables are used in message processing,initiating a message or forwarding a
message etc.
14)Every DIAMETER message shall be responded with an Answer message. Answer
message shall follow the same path that was followed by request. Answer message
can contain either Success or Failure/Error. Failure/Error is also accepted as an
Answer.
Page 2 of 4
Naseem Rahman co
on Transport Failure
Detection: “HI, What
when you have a DR
place? because NOD
sends message to…
Naseem Rahman co
on Transport Failure
Detection: “HI, What
when you have a DR
place? because NOD
sends message to…
Vitandavadi commen
Daimeter Avp Structu
“Thanks for your repl
understand we will us
AVP code and follow
Popular Posts
List of Result Cod
List of Result-Cod
Kindly take printou
shall help you duri
development or te
exercise. Result-C
S6a/S6d [MME/SG
<-->HSS]
Some times S6a/S
interfaces are trea
two separate inter
here we treat them
single because bo
same application..
Dia
Me
Str
an
Me
Flo
Diameter is Messa
(Packet) based pro
There are two type
messages Reques
Messages and An
Messages . And th
Message st...
Dia
AV
Str
Dia
AV
the
unit inside the Dia
message that carr
Data(Authenticatio
Security Data , Da
pertaining t...
Capability Negotia
The basic motive o
process is to KNO
the other node to w
node intended to
communicate befo
establishing the
connectio...
15)Diameter also have the concept of session, Session is different than
connection. Connection is a transport layer entity while Session is Application
layer. Ideally in a session resources assigned to a session shall remain
associated with the session until session terminates. Two nodes can have multiple,
nested sessions. State of node is maintained during session. Diameter provides
various messages and AVPs to manipulate or control a session.
Your Comments /Suggestions and Questions are always welcome. We would try to clarify doubts with
best of our knowledge. So feel free to put Questions.
+2 Recommend this on Google
Reactions:
10 comments:
jyoti soni April 25, 2014 at 3:38 AM
http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html
4/4/2015
Diameter Protocol Explained: DIAMETER at a Glance
Page 3 of 4
Great post! I am impresed to read your blog It takes me almost half an hour to read the whole post. Definitely this
one of the informative and useful post to me. Thanks for the share. you also visit my site SInvestment Property
AccountingThere is great satisfaction in knowing we've done our job well and served our clients' interests.
Reply
zubair ali May 14, 2014 at 11:58 PM
Best explained. Very useful and informative...
Reply
Dattu Jadhav June 8, 2014 at 9:36 AM
Hi Friend ,
Can any one explain Diameter error code 5013 Diameter_Invalid_Bit_in_Header.
If the CCA result code is 5013 means from where this is missing either client end or server end.
AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_INVALID_BIT_IN_HEADER (5013)
Reply
Replies
Team-Diameter June 8, 2014 at 9:28 PM
Hi Jadhav,
As far as our understanding of you issue, we have observed that CCR Header bits are not proper. So
the entity originating CCR shall be checked, Wireshark trace shall help you people to understand it
better
According to RFC-6733,
DIAMETER_INVALID_BIT_IN_HEADER 5013
This error is returned when a reserved bit in the Diameter header
is set to one (1) or the bits in the Diameter header are set
incorrectly.
Therefore this issue could be one of the following reasons
1) R -Reserve Bit :: Any of the reserve bit is set to one, and receiver of CCR message is developed in
such a way that it is not ignoring reserve bit, It is up to the receiver that it may Ignore reserve bits or
Return error to highlight that header format is incorrect
2)Bit combination in Command Flag is invalid, Such as setting error bit in Request message or ReTransmitting (T-Bit is set but R-bit is not set) message with invalid command flag etc. This could be
easily observed with the help of Wireshark trace.
Thanks for your query.
Happy to help you again.
Team-Diameter
Reply
Dattu Jadhav June 8, 2014 at 10:04 AM
Please give complete error description . this i faced in live environment.......
Reply
sayan3110 July 1, 2014 at 3:42 AM
Excellent Article !!!
Reply
Unknown August 5, 2014 at 10:30 AM
I have an query related to application-id, why application-id is used in two place in diameter messages for
example in CCR message in gx interface.
1. Application-ID in message header.
2. Auth-Application-Id in message data.
Reply
Sergej Šrepfler December 17, 2014 at 11:32 PM
Can you also explain diameter dictionary?
Especially WHY there are commented AVPs in wireshark dictionary.
Reply
Replies
Ajay kumar Priyadarshi January 12, 2015 at 9:23 PM
http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html
4/4/2015
Diameter Protocol Explained: DIAMETER at a Glance
Page 4 of 4
Diameter dictionary means definition of AVPs and messages as per diameter standards.
e.g. each interface defines its AVPs with following parameters
AVP Flag rules
Attribute Name
AVP Code
Value Type
Must
May
Should not
Must not
As you have seen wireshark uses dictionary in xml format. It is upto the tool how it wants to read
above values.
Commented AVPs means either they are obsoleted or not required.
I think you have got your answers.
Reply
sayan3110 January 7, 2015 at 1:23 AM
Reply


Enter your comment...
Comment as:
Publish
Select profile...

Preview
Links to this post
Create a Link
Home
Older Post
Subscribe to: Post Comments (Atom)
Simple template. Powered by Blogger.
http://diameter-protocol.blogspot.in/2014/04/diameter-at-glance.html
4/4/2015