Diameter protocol :
What is Diameter protocol:
Diameter protocol is an application layer protocol uses services of IP network via TCP or SCTP. It provides support for Authentication, Authorization and Accounting or AAA. Earlier to Diameter, radius was the protocol which was providing AAA. Diameter base protocol defined in RFC 6733 earlier it was in RFC 3588. The telecom networks, 3G, LTE, 4G and IMS are using the diameter protocol for AAA. In new deployment for LTE or 4G , all using diameter signaling. 3GPP is defining new applications or interfaces for supporting roaming and charging over IP network using diameter. E.g In 4G a new node MME, is added , in 3G this was MSC/VLR. The VLR was using SS7/Sigtran protocol with HLR in home network. in 4G the MME is using Diameter protocol with HSS in home network. It is a flexible protocol new ,applications can be added over base protocol. The base version provides framework , for message format, AVP format, connection setup , diameter addressing, error codes etc.
Diameter protocol stack:
Diameter Vs Radius:
Radius uses UDP which is not reliable protocol while Diameter uses reliable TCP or SCTP.
When UDP sends the message to the destination , no connection setup and no acknowledgement from the peer node. If a message is lost, sender will never come to know. In SCTP, there is a connection setup before sending any message to peer. Receiver acknowledges the message. If message is lost, the sender retransmits message again. SCTP do continuations monitoring of link status by sending hearbeat and reeving heatbeat ACK at regular interval. If Link is not active, SCTP user (e.g diameter application), gets communication lost indication.
Server Initiated Messages
In radius server initiated messages are optional, while this is mandatory in diameter. There are situations when server detects that a session is not in use or inactive from long time. Server will not keep waiting for all the time for any event from client. It can verify by sending a message if a client is active or not by doing ReAuth. In 3GPP there is Gx interface. Gx provides capabilities for data throttling for a device. When a data is accesses the Gx server received Auth request and server response with Auth Answer with Qos Values for a IMSI. If QoS on server changes, server can intiates ReAuth request with new QoS for immediately apply new values. Else server has to wait for next Auth Request from client.
Before starting any communication both diameter peers does capability negotiations. This makes both nodes communicate to each other without any mismatch. Capability Exchange Request (CER) and Capability Exchange Answer (CEA) messages provides capability handling. This enables to know protocol version, supported applications etc.
Diameter provides fail-over handling
This is at two level one at SCTP level, it is possible because of multi-homing feature of SCTP. Other is diameter level, diameter uses watchdog message to monitor heath of peer host. If watchdog fails, the peer is marked inactive and messages are sent to other peer.
Radius drops message silently if there is any error. While diameter reports an error to the client. There are two type of error in diameter protocol. Application level error, these are permanent error, server responds with error in ResultCodeAVP. Protocol level error, this is because of wrong message according to protocol, e.g missing a mandatory AVP.
Base protocol provides following types of diameter result code ,
- Informational (1xxx), 1xxx is an integer value, starts with 1, this is to inform client from server that , request do not have sufficient action to complete, more action is required to complete.
- Informational (2xxx), starts with 2, this set of error codes are for success.
- Informational (3xxx), starts with 3, this set of error codes are for protocol level failures.
- Informational (4xxx), starts with 4, this set of error codes are for transit failure, these are temporary failure.
- Informational (5xxx), starts with 5, this set of error codes are for permanent failure.
Compatibility with Radius:
It is important for a new system to be compatible with older or legacy system. Diameter specification have backward compatibly with RADIUS. Diameter AVPs with values 1 to 255 are reserve for radius and 0 to 255 command codes are reserved for Radius. Diameter specification provides translation node for conversation of messages.
Base Diameter protocol Functionalities:
- Delivery of AVPs, an AVP carries a parameters. To make AAA work the client application sends parameters (user, pass etc.) to the server, the place holder for these values is called AVP.
- Capability Negotiation.
- Support for addition of new AVPs.
- Handling of sessions.
Diameter Network, Nodes (Relay Agent, Proxy and Redirect):
Diameter base protocol defines the network nodes to support big network based on diameter protocol. As diameter supports roaming, there are nodes in roaming network those needs to talk servers or nodes in home network.
Relay Agents forwards messages from source to destination without inspecting the message. Does routing based on destination realm in the message. A relay agent is important for routing for large number of diameter peers in an area to the peers in a remote area. No state is maintained.
Proxy Agents routes the message based on destination realm. Message is inspected and policy control may be enforced. The state is maintained.
Redirect Agents :
These nodes have centralized routing information. This is like a DNS server, when a clients want to send the request to the server and doesn't know the target address, then sends requests to the redirect agent. After successful response from redirect node, client and server communicates each other directly.
Diameter Message Format :
Diameter have a header and the list of AVPs. Diameter have following parameters:
Flags : This is 8 bits in length, every bit represents information about the message. bit 0 is Request bit, if this bit is set then message is a request else it is a response message. bit 1 is Proxiable bit, if this bit is set message should not processes locally. The diameter should send this to next hope. bit 2 is Error bit, if this bit is set , message have protocol errors. bit 3 is Re-transmitted Message, if this bit is set message is retranmitted. This is beacause a client did not receive a response for a previously sent request. To avoid duplicate processing this bit is set. bit 4 to 7 are reserved.
- Capability Exchange Request (CER) /Capability Exchange Answer (CEA) - 257
- Device Watch Dog Request (DWR) / Device Watch Dog Answer (DWA) - 280
- Disconnect Peer Request (DPR) /Disconnect Peer Answer (DPA) - 282
- ReAuth Request (RAR) /ReAuth Answer (RAA) - 258
- Session Abort Request (SAR)/Session Abort Answer (SAA)- 274
- Session Termination Request (STR)/Session Termination Answer (STA) - 275
- Accounting Request(ACR)/Accounting Answer(ACA) 271
Diameter AVP :
Basic Diameter AVP :
These AVP contains basic data types. Basic data types are , Integer , Boolean, String.
This type of AVP have more grouped or grouped and basic diameter AVPs.