Diameter Protocol

Diameter protocol :

What is Diameter protocol:

Diameter protocol is an application layer protocol uses services of IP network via TCP or SCTP. It provides support for Authentication, Authorization and Accounting or AAA. Earlier to Diameter, radius was the protocol which was providing AAA. Diameter base protocol defined in RFC 6733 earlier it was in RFC 3588.  The telecom networks, 3G, LTE, 4G and IMS are using the diameter protocol for AAA. In new deployment for LTE or 4G , all using diameter signaling. 3GPP is defining new applications or interfaces for supporting roaming and charging over IP network using diameter. E.g In 4G a new node MME, is added , in 3G this was MSC/VLR. The VLR was using SS7/Sigtran protocol with HLR in home network. in 4G the MME is using Diameter protocol with HSS in home network. It is a flexible protocol new ,applications can be added over base protocol. The base version provides framework , for message format, AVP format, connection setup , diameter addressing, error codes etc.

Diameter protocol stack:

As an application layer protocol in OSI model. Diameter uses TCP or SCTP for network transport services.
In Following Example, diameter is running a diameter credit control application. Before sending any credit control request diameter client sever setup  SCTP association by doing a four way handshake and diameter protocol stack exchanges CER and CEA.

Diameter protocol call flow over SCTP
Diameter protocol call flow.

Diameter Vs Radius:

  • Radius uses UDP which is not reliable protocol while Diameter uses reliable TCP or SCTP.

    When UDP sends the message to the destination , no connection setup and no acknowledgement from the peer node. If a message is lost, sender will never come to know. In SCTP, there is a connection setup before sending any message to peer. Receiver acknowledges the message. If message is lost, the sender retransmits message again.  SCTP do continuations monitoring of link status by sending hearbeat and reeving heatbeat ACK at regular interval. If Link is not active,  SCTP user (e.g diameter application), gets communication lost indication.

  • Server Initiated Messages

    In radius server initiated messages are optional, while this is mandatory in diameter. There are situations when server detects that a session is not in use or inactive from long time. Server will not keep waiting for all the time for any event from client. It can verify by sending a message if a client is active or not by doing ReAuth. In 3GPP there is Gx interface. Gx provides capabilities for data throttling for a device. When a data is accesses the Gx server received Auth request and server response with Auth Answer with Qos Values for a IMSI. If QoS on server changes, server can intiates ReAuth request with new QoS for immediately apply new values. Else server has to wait for next Auth Request from client.

  • Capability Negotiations,

    Before starting any communication both diameter peers does capability negotiations. This makes both nodes communicate to each other without any mismatch. Capability Exchange Request (CER) and Capability Exchange Answer (CEA) messages provides capability handling.  This enables to know protocol version, supported applications etc.

  • Diameter provides fail-over handling

    This is at two level one at SCTP level, it is possible because of multi-homing feature of SCTP. Other is diameter level, diameter uses watchdog message to monitor heath of peer host. If watchdog fails, the peer is marked inactive and messages are sent to other peer.

  • Error Reporting

    Radius drops message silently if there is any error. While diameter reports an error to the client.  There are two type of error in diameter protocol. Application level error, these are permanent error, server responds with error in ResultCodeAVP.  Protocol level error, this is because of wrong message according to protocol, e.g missing a mandatory AVP.

    Base protocol provides following types of diameter result code ,
  • Informational (1xxx), 1xxx is an integer value, starts with 1, this is to inform client from server that , request do not have sufficient action to complete, more action is required to complete.
  • Informational (2xxx), starts with 2, this set of error codes are for success.
  • Informational (3xxx), starts with 3, this set of error codes are for protocol level failures.
  • Informational (4xxx), starts with 4, this set of error codes are for transit failure, these are temporary failure.
  • Informational (5xxx), starts with 5, this set of error codes are for permanent failure.

Compatibility with Radius:

It is important for a new system to be compatible with older or legacy system. Diameter specification have backward compatibly with RADIUS. Diameter AVPs with values 1 to 255 are reserve for radius and 0 to 255 command codes are reserved for Radius. Diameter specification provides translation node for conversation of messages.

Base Diameter protocol Functionalities:

  • Delivery of AVPs, an AVP carries a parameters. To make AAA work the client application sends parameters (user, pass etc.) to the server, the place holder for these values is called AVP.
  • Capability Negotiation.
  • Support for addition of new AVPs.
  • Handling of sessions.

Diameter Network,   Nodes (Relay Agent, Proxy and Redirect):

Diameter base protocol defines the network nodes to support big network based on diameter protocol. As diameter supports roaming, there are nodes in roaming network those needs to talk servers or nodes in home network.

Relay Agents:

Relay Agents forwards messages from source to destination without inspecting the message.  Does routing based on destination realm in the message.  A relay agent is important for routing for large number of diameter peers in an area to the peers in a remote area. No state is maintained.

Proxy Agents:

Proxy Agents routes the message based on destination realm. Message is inspected and policy control may be enforced.  The state is maintained.

Redirect Agents :

These nodes have centralized routing information. This is like a DNS server, when a clients want to send the request to the server and doesn't know the target address, then sends requests to the redirect agent. After successful response from redirect node, client and server communicates each other directly.

Diameter Message Format :

Diameter have a header and the list of AVPs. Diameter have following parameters:

Diameter Message
Diameter Protocol Message

Version: This is a one byte field. This specifies the version number of diameter protocol. Currently only version number is 1.
Message Length: This three 3 bytes field. Represents the total message length, which is diameter header and all AVPs.
Flags : This is 8 bits in length, every bit represents information about the message.

bit 0 is Request bit, if this bit is set then message is a request else it is a response message.
bit 1 is Proxiable bit, if this bit is set message should not processes locally. The diameter should send this to next hope.
bit 2 is Error bit, if this bit is set , message have protocol errors.
bit 3 is Re-transmitted Message,  if this bit is set message is retranmitted. This is beacause a client did not receive a response for a previously sent request. To avoid duplicate processing this bit is set.
bit 4 to 7 are reserved.
Command Code : It is a three bytes parameter. This represents the diameter Request or Response command based on Request bit set in Flags.  Each message should carry command according to the application id, to make correct message processing on peer. Following is list of command codes provided by base diameter protocol
  •  Capability Exchange Request (CER) /Capability Exchange Answer (CEA) - 257 
  • Device Watch Dog Request (DWR) / Device Watch Dog Answer (DWA) - 280
  • Disconnect Peer Request (DPR) /Disconnect Peer Answer (DPA) - 282
  • ReAuth Request (RAR) /ReAuth Answer (RAA)  - 258
  • Session Abort Request (SAR)/Session Abort Answer (SAA)- 274
  • Session Termination Request (STR)/Session Termination Answer (STA) - 275
  • Accounting Request(ACR)/Accounting Answer(ACA)  271
 Application Id: It is 4 bytes in length a integer value. This carries the numeric id used by the application. The application can be base Accounting , Authorization or a Vendor specific application.
Hope By Hope Identifier: Four bytes in length.  A peer uses this values to mach a response with the request. If peer gets the response with unknown value of hop-by-hope identifier, peer drops the response.  Value assigned locally in increasing order. If a peer reboots the value should be unique after reboot too.
End to End Identifier : Four bytes in length. To check duplicate of a diameter message. The server should send same value in Diameter Answer message.

Diameter AVP :

Diameter AVP is basic place holder for user data. The user data can be for Authentication, Authorization or Accounting. Example,  If a mobile device want to get credit to access data, Credit Control Request , it includes IMSI, in use name AVP and  Request amount of data in requested octets.

Basic Diameter AVP :

These AVP contains basic data types. Basic data types are , Integer , Boolean, String.

Grouped AVP:

This  type of AVP have more grouped or grouped and basic diameter AVPs.

 

1 thought on “Diameter Protocol”

Leave a Comment

Your email address will not be published. Required fields are marked *