Diameter explained

Awesome website about Diameter protocol with loads of examples

http://diameter-protocol.blogspot.cz/2014/04/diameter-at-glance.html

DIAMETER at a Glance

Here we have noted some of the major points in DIAMETER protocol that would help you to walk through the whole protocol in just few minutes.
1)Diameter is a AAA (Authorization, Authentication and Accounting ) protocol works at application layer in OSI model, over TCP/SCTP or TLS/DTLS(for security) protocol. Diameter is successor of RADIUS (Remote Remote Authentication Dial In User Service) protocol that run over UDP.
2)Diameter has following improvements over RADIUS.
    a) Reliable                 b) Transport Layer Security
    c) Fail-over Mechanism      d) Server Initiated Messages
    e) Agent Support            f) Audit-ability
    g) Transition Support       h) Capability Negotiation
    i) Roaming Support          j) Peer Discovery & configuration

3)Diameter Default port is 3868 for TCP/SCTP and 5868 for TLS/DTLS.

4)Diameter is a message based protocol,where information is exchanged on the basis of Request and Answer message. Each message contains Header and Data sections. Header section contains following fields
a) Version – Diameter version, Remain set to 1.
b) Command Code – To uniquely identify a message in application
c) Command Flags – R(Request),P (Proxiable), E (Error Response)
T(Re-Transmission of Request)
d) Application Id – To uniquely identify and Application
e) Hop-by-Hop Id – To uniquely identify a message between two                         nodes and to map response with request.
f) End-to-End Id – To detect duplicate message.
h) Length – Header length + Data length

Data field contains AVPs, AVPs are likely in field-value format.
Command Code and Application Ids are decided by a governing bodies such as IANA, 3gpp etc.

5)AVPs are the actual unit that shall contain the data that is meaning full for application. AVP also has a Header and Data section. AVP Header section contains following.
a) AVP Code -To Uniquely Identify an AVP (assigned by IANA,3gpp                 etc.)
b) AVP Flag – M (Mandatory), V(Vendor Specific), P (Protected)
c) Vendor Id – Vendor Id assigned by IANA is set if V bit of                    AVP Flag is set.
d) AVP Length – Header Length + Data Length

Data section contains actual data. This section can contain another AVP in it. AVP containing another AVP in its data section is called Grouped AVP.

6) As we know that DIAMETER has a great feature Peer Discovery over RADIUS, A DIAMETER Node can be aware of its surrounding DIAMETER Node. It can be of two type Static and Dynamic. In static when a Diameter node is deployed then its surrounding nodes are statically configured by the Operator. While in Dynamic discovery Peer used SRVLOC and DNS to know about surroundings.

7) A DIAMETER Node that wants to make connection with other DIAMETER node shall first make transport connection over TLS/SCTP then DIAMETER Connection by performing Capability negotiation between nodes. Capability negotiation is a process where to nodes decide whether they have any thing common (Application) topic to talk or not. CER/CEA message is used for this process, CER-CEA is the first DIAMETER message exchanged between two nodes. If protection is to be maintain then TLS/DTLS is used as transport and even CER-CEA is exchanged over secured channel.

8)Capability Exchange is the process where two nodes shares what all applications they support with the help of CER-CEA messages. Applications are identified with the help of application IDs assigned by IANA. Two nodes that are supposed to make DIAMETER connection, then any node can trigger CER message and other node shall respond with CEA message. If both nodes initiates CER at simultaneously then ELECTION occurs to chose one DIAMETER connection out of two. Node whose Origin-Host AVP value is higher in Dictionary Order shall win election and Must drop connection initiated by it.

9) Diameter standard advises to make two DIAMETER connection with a peer one as PRIMARY and other is called as SECONDARY. If in-case Primary connection breaks down then application has secondary connection to provide services.

10)Device-Watchdog-Request/Answer are exchanged between two nodes as soon as DIAMETER connection is established. DWR-DWA act as health check messages to check DIAMETER connection status.

11) A DIAMETER node can close a diameter connection with another node by sending Disconnect-Peer-Request (DPR) with one of the following reasons 1) Reboot 2) Busy 3) Do not want to talk to you.

12)DIAMETER defines agents by providing specific role to each. namely
a)RELAY (Route a message without changing message),
b)Proxy (Route a message and can change message),
c)Redirect (Doesn’t Route a message but provides Routing Info),
d)Translator (Converts DIAMETER message to RADIUS message and                  vice-versa)

Agent is nothing but an application.

13)On established DIAMETER connection to send/receive a request message every diameter node shall contain two tables namely
a) Peer Table – Identity Information of nodes that are                            directly connected with considered node.
b) Realm Table – Contains routing and processing information                     of the nodes that are present in peer table.

Both tables are used in message processing,initiating a message or forwarding a message etc.

14)Every DIAMETER message shall be responded with an Answer message. Answer message shall follow the same path that was followed by request. Answer message can contain either Success  or Failure/Error. Failure/Error is also accepted as an Answer.

15)Diameter also have the concept of session, Session is different than connection. Connection is a transport layer entity while Session is Application layer. Ideally in a session resources assigned to a session shall remain associated with the session until session terminates. Two nodes can have multiple, nested sessions. State of node is maintained during session. Diameter provides various messages and AVPs to manipulate or control a session.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s