diameter protocol overview maheshwar haldar pgdipsci telecommunication tele 411 presentation 1
Post on 16-Dec-2015
222 Views
Preview:
TRANSCRIPT
IntroductionAAA protocol providing authentication,
authorization and accounting [2].
Initially developed by Pat R. Calhoun, Glen Zorn and Ping Pan in 1998.
Advantages over previous protocol RADIUS in terms of: reliability,security ,scalability and flexibility.
Successor to Radius.
What is Radius Protocol?Remote Authentication Dial in User Service
(RADIUS ) is a networking protocol.Provides AAA management for computers
to connect and use a network service.Developed by Livingston Enterprises, Inc.,
in 1991. An access server authentication and
accounting protocol.It is a client / server Protocol.Limited AAA functionality.
How did Diameter Protocol came into picture?Number of working groups: ROAMOPS NASREQ MOBILE IP of IETF specified their AAA
requirements Not satisfied by the Radius ProtocolThese requirements drove the design of
the Diameter Protocol.
Continuation…….
Designed to meet the requirements indicated by these various groups.
Improved version of the RADIUS protocol.Maximize compatibility .Migration from the RADIUS to Diameter
Server.
HistoryDeveloped to overcome Limitations of Radius
Protocol.Limitations of Radius Protocol in terms of: Transport Failure Confidentiality Reliability Agent Support Server Initiated Message Auitability Capability Negotiation Session Control Peer Configuration and Discovery
Proxy Server Communication Server-Server
Communication
Server-Server
Communication
Policy Server 1
Proxy Server 2
Policy Server 3
Diameter Protocol ArchitectureDefined in terms of: Base protocol and a set of applications.Provides extensions to new access
technologies. Used in conjuction with Diameter
Application.Three major Diameter applications: CMS Security application Mobile IPV4 application NASREQ application [8].
Diameter in IMS
IMS (IP Multimedia Subsystem ) is the service delivery environment for real - time multimedia services for the 3rd Generaton wireless networks.
3GPP standards has adopted Diameter as Primary signalling control for AAA and mobility management in IMS [3].
Diameter Interfaces:
Diameter Cx interface used by S-CSCF. Diameter Dx interface used by the CSCF.Diameter Sh interface is used by the
Application Servers or OSA/Parlay Gateway.Diameter Ro and Rf interfaces forwards
Call Detail Records using Diameter protocol interface [2 – 6] .
Diameter Messages
Base unit to send a command or deliver a notification to other Diameter Nodes.
Message pairs shares the same command code.
Command code is to identify the intention of the message.
Actual data is carried by a set of Attribute Value Pairs( AVPs ).
Supports server initiated messages [7].
Messages in Diameter Base Protocol:
Message Name Abbreviation
Command Code
Abort - Session - Request ASR 274
Abort - Session - Answer ASA 274
Accounting - Request ACR 271
Accounting - Answer ACA 271
Capabilities - Exchanging - Request
CER 257
Capabilities - Exchanging - Answer
CEA 257
Device - Watchdog - Request DWR 280
Device - Watchdog - Answer DWA 280
Disconnect - Peer - Request DPR 282
Disconnect - Peer - Answer DPA 282
Re - Auth - Request RAR 258
Re - Auth - Answer RAA 258
Session - Termination - Request STR 275
Session - Termination - Answer STA 275
Is transportation of Diameter messages robust to Failure? If yes,then HOW?
Supports Transport Failure Detection Feature.Supports Transport Failure Algorithm.Device-Watchdog-Request and Device-
Watchdog-Answer messages pro-actively detect transport failures.
Performs Failover Procedure.
Diameter Nodes
Diameter node is used to refer to a diameter client, diameter server or a diameter agent.
Network Access server is the Diameter Client in most of the cases.
Diameter Agent is a special Diameter Node.Diameter Server authenticates the user based
on the User’s credentials i . e . Username, password.
There are four kinds of Diameter agents:
Relay AgentProxy AgentRedirect Agent Translation Agent
AAA in DiameterAuthentication and Authorization:Not bound to a specific application running
on top of it. It focuses on general message exchanging
features. Base protocol doesn't define command
codes and AVPs specific to authentication and authorization.
Message Definition and corresponding attributes based on the application's characteristics [3 -7] .
Example:
AA-Request message is used to carry authentication and authorization information in the NAS application, while in the SIP application the message is called User-Authorization-Request.
Accounting:
Accounting behaviour is clearly defined.
Follows a server directed model.
Expected accounting behaviour is requested [3 -7].
Prevent Duplication of Accounting Records
Errors in Diameter ProtocolThere are two categories of Diameter
Errors: ( 1 ). Protocol error ( 2 ). Application Error
(1). Protocol Error: Indicates something being wrong with the underlying protocol used to carry Diameter messages.
(2). Application Error: Results from the failure of the Diameter protocol itself.
How Diameter provides effective Error Handling?
Uses Return Code AVP.
Easy Identification of Return Status of messages.
Use of Error-Message AVP.
Use of Error-Reporting Host AVP.
Implementation
Circumference is an open-source implementation to showcase the Diameter WebAuth subprotocol, also called a Diameter application [2].
Open BiOX: An open source Java implementation of Diameter Protocol Stack [4].
ConclusionThe purpose of developing Diameter Protocol
has proved to be successful in overcoming the limitations of Radius Protocol.
In addition to SIP, Diameter is the other core protocol used in the IP Multimedia Subsystem (IMS) architecture, both in the service plane and the control plane.
As IMS continues to evolve, we believe there will be more Diameter applications to come, as well as Diameter-related implementations.
References and Links[1]. Network Convergence – Services, Applications, Transport and
Operations Support..By Hu Hanrahan
[2]. http: // en . Wikipedia. org / wiki / Diameter _ Protocol)
[3]. http: // www.ibm. com / developerworks / wireless / library /wi-diameter
[4]. http:// diameterprotocol.blogspot.com / search / label / Diameter%20protocol
[5]. http:// images.google.co.in
[6]. http:// www.rfc-editor.org / rfc / rfc 3588.txt
[7]. http: // docs.hp.com / en / T1428-90011 /
[8]. http: // tools.ietf.org / html /draft – calhoun – diameter –framework – 01
[9]. Aboba, Zorn, "Roaming Requirements", draft-ietf-roamops-roamreq-08.txt, March 1998.
Diameter ApplicationsNot a software Applicaton.Application based on Diameter Base
Protocol ( defined in RFC 3588 ).Each Application is defined by an
Application Finder .Can add new command codes and / or new
mandatory AVPs.Adding new optional AVP does not require a
new application [9].
Why not LDAP provides functionality required by AAA protocol?A Server may wish to access policies using
LDAP, but the use of LDAP between the client and the server is not possible.
The use of LDAP in this case would require that all routers have write access to the directory.
In the case of roaming, customers would have to open up their directory so outside routers have writeable access.
Finally, LDAP does not provide server initiated messages which is a requirement for an AAA protocol.
Home subscriber Server ( HSS ) : Master database within the IMS. Maintains subscriber information including user
identification, control information for user authentication and authorization, location information, and user profile data.
Call Session Control Functon ( CSCF ) :performs SIP session management for a user (or SIP client) requesting access to IMS services.SIP signaling is used to register with the Serving
CSCF in the home network of the user.
Relay AgentUsed to forward a message to the
appropriate destination depending on information contained in the message.
Aggregates requests from different regions to a specific region.
Eliminates burdensome configurations of network access servers for every diameter server exchange [3].
Proxy AgentModifies the message content. Provides Value added services. Enforce rules on different messages or
perform administrative tasks .Figure [5] below shows how a Proxy Agent
is used to forward a message to another domain.
Redirect AgentActs as Centralized configuration
Repository for other Diameter Nodes. On receiving a message, it checks its
routing table, and returns a response message along with redirection information to its original sender.
Determine address of Contacting Node. Figure [5] below illustrates how a Redirect
Agent works.
Translation AgentConverts message from one AAA protocol
to another.Useful for company or service provider.Figure [5] below illustrates how one agent
translates the RADIUS protocol into the Diameter protocol
Other kinds of protocol translation (for example, Diameter to RADIUS, Diameter to TACACS+) are also possible [3].
top related