Diameter

For the geometric term, see diameter.

**Internet protocol suite**
Layer	Protocols
Application	DNS, TLS/SSL, TFTP, FTP, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, TELNET, BitTorrent, RTP, rlogin, …
Transport	TCP, UDP, DCCP, SCTP, IL, RUDP,
Network	IP (IPv4, IPv6), ICMP, IGMP, ARP, RARP, …
Link	Ethernet, Wi-Fi, Token ring, Point-to-Point Protocol>PPP, SLIP, FDDI, ATM, DTM, Frame Relay, SMDS, …

Diameter is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. The basic concept is to provide a base protocol that can be extended in order to provide AAA services to new access technologies. Diameter is intended to work in both local and roaming AAA situations.

Contents

1 Upgrade from RADIUS
2 Protocol description

2.1 Packet format
2.2 Commands
2.3 Attribute-Value Pairs (AVP)
2.4 State machines
2.5 Message flows

3 Applications
4 External links

Upgrade from RADIUS

The name is a pun on the RADIUS protocol, which is the predecessor (a diameter is twice the radius). Diameter is not directly backwards compatible, but provides an upgrade path for RADIUS. The main differences are :

it uses reliable transport protocols (TCP or SCTP, not UDP)
it uses transport level security (IPsec or TLS)
it has transition support for RADIUS
it has larger address space for AVPs (Attribute Value Pairs) and identifiers (32-bit instead of 8-bit)
it is a peer-to-peer protocol, not client-server : supports server-initiated messages
both stateful and stateless models can be used
it has dynamic discovery of peers (using DNS SRV and NAPTR)
it has capability negotiation
it supports application layer acknowledgements, defines failover methods and statemachines (RFC 3539)
it has error notification
it has better roaming support
it is easier extended, new commands and attributes can be defined
is aligned on 32 bit boundaries
basic support for user-sessions and accounting is built in

Protocol description

The Diameter Base Protocol is defined by RFC 3588, and defines the minimum requirements for an AAA protocol. Diameter Applications can extend the base protocol, by adding new commands and/or attributes. An application is not a program, but a protocol based on Diameter. Diameter security is provided by IPSEC or TLS, both well-regarded protocols.

Packet format

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Version    |                 Message Length                |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| command flags |                  Command-Code                 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                         Application-ID                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Hop-by-Hop Identifier                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      End-to-End Identifier                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  AVPs ...
+-+-+-+-+-+-+-+-+-+-+-+-+-

Commands

Each command is assigned a command code, which is used for both requests and answers.

Attribute-Value Pairs (AVP)
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AVP Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V M P r r r r r| AVP Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-ID (opt) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data ... +-+-+-+-+-+-+-+-+

State machines

Message flows

Applications
A Diameter Application isn't a software application, but a protocol based on the DIAMETER Base protocol (defined in RFC 3588). Each application is defined by an application identifier, and can add new command codes and/or new mandatory AVPs. Adding a new optional AVP doesn't require a new application.
Examples of Diameter applications :
Diameter Mobile IPv4 Application (MobileIP, RFC 4004)
Diameter Network Access Server Application (NASREQ, RFC 4005)
Diameter Extensible Authentication Protocol Application (RFC 4072)
Diameter Credit-Control Application (DCCA, RFC 4006)
Diameter Session Initiation Protocol Application ([current draft])
various applications in the 3GPP IP Multimedia Subsystem
External links
http://www.diameter.org/
http://www.opendiameter.org/
http://gull.sourceforge.net/ Open Source / GPL Seagull test tool - with Diameter support
http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.html Cisco page outlining differences between RADIUS and DIAMETER

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0 1 2 3 4 5 6 7 8 9
A B C D E F G H I J
K L M N O P Q R S T
U V W X Y Z ?