DIAMETER & 3GPP applications A Tutorial

Oct 27th, 2005

Presented by: Arun Handa CTO

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

www.intellinet-tech.com

What is Diameter

Diameter is an extensible, ASCII based messaging protocol to enable Authorization, Authentication and Accounting (AAA) function in IP and multimedia networks. Diameter supports a modular architecture with the base protocol and application specific extensions Its reliance on secure and reliable transports make it a suitable choice for charging and authorization.

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

The Evolution
Remote Authentication Dial In User Services - DialUp PPP/IP - MobileIP access

Authentication Authorization Accounting (AAA)

-ROAMOPS IETF Working Group -Network Access Servers (NAS) Requirements - Mobile IP Working Group - 3GPP IMS Definition - 3GPP2 Wireless IP definition

RADIUS

DIAMETER

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Improvements over RADIUS

! ! ! ! ! ! !

Increased size of attribute data More Reliable Transport Improved Flow Control Elimination of packet loss Better Proxying mechanisms Enhanced Session Control Tighter Security options

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Architecture
Applications of interest

Applications

NASREQ

Applications

EAP

Mobile IPv4
Applications

Applications

Credit Control

Applications Cx, Dx, Sh Ro, Rf Gq, Gq

3GPP

Diameter Base Protocol

!

The Base protocol provides support for the reliable transport and delivery of messages The Base Protocol must be used along with an Application

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Applications
!

NASREQ Application
!

AAA services for Dial-in PPP users (RADIUS replacement)

Mobile IPv4 Application

!

AAA support for Mobile IP networks as specified in CDMA2000 requirements(rfc3141) and MobileIP AAA(rfc2977)

EAP Application
!

Security support for Extensible Authentication protocol(rfc4072)

Credit Control Application

!

Charging support as specified in rfc4006

3GPP Applications
!

IMS supported applications for AAA functions

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Associations
peer

Server Relay

Client
Realm 11 Realm domain1.com domain1.com

Client
Realm 22 Realm domain2.com domain2.com

Diameter Identity
aaa://host.domain.com:3868;transport=sctp;protocol=diameter

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Types of Diameter Nodes

Client Server Relay Agent Proxy Agent
Network Edge Device Performing Access Control. Eg NAS, Foreign Agent Controlling Entity of AAA functions for a particular domain Eg. HSS Routes Diameter messages within known peers in supported realms. May modify routing information (only) Also routes messages, but can modify message content to enable policy, resource usage, admission and provisioning Enables Routing to other domains within roaming agreements

Redirect Agent by notify the requesting peer with the routing information Translation Agent
Protocol translation function such as RADIUS-Diameter conversion

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Messages
Fixed Length Header Attribute Value ASCII Based Message Protocol

Attribute Value Pairs (AVP)

:
AVP Code Length Flags Data

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Message Format

Octet 1 Octet 2 Octet 3 Octet 4

Version Flags

Message Length Command Code Vendor ID

Header

Hop-by-Hop Identifier End-to-End Identifier AVP Code Flags AVP Length Vendor ID (Vendor specific AVP) AVP Data (Variable Length)

AVP 0 .. n

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Base Commands

Abort-Session-Request Abort-Session-Answer Accounting-Request Accounting-Answer Capabilities-Exchange- Request Capabilities-Exchange- Answer Device-Watchdog-Request Device-Watchdog-Answer Disconnect-Peer-Request Disconnect-Peer-Answer Re-Auth-Request Re-Auth-Answer Session-Termination- Request Session-Termination- Answer ASR ASA ACR ACA CER CEA DWR DWA DPR DPA RAR RAA STR STA

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Typical Diameter Session Behavior

EndPoint1
Peer Discovery Peer Discovery Capabilities Exchange Req Capabilities Exchange Ans Capabilities Exchange Req Capabilities Exchange Ans Device WatchDog Req Device Watchdong Ans Multimedia Auth Req Multimedia Auth Ans Multimedia Auth Ans

Proxy

Server Discovery via DNS or static Configuration Peer Identity, apps supported version info etc. KeepAlive message

Multimedia Auth Req

Establishment of a session, proxy across a peer

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Peer Communication

!

Peers can be statically configured or dynamically discovered Initial Handshake is established via Capabilities Exchange Message Heartbeats are exchanged for transport failure detection Failover/Failback mechanisms are invoked when transport failures are detected. An alternate peer is selected for all pending and new requests.

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Typical Diameter Stack

Applications (AVP Extensions) Session Subsystem (FSMs)

Application Programmning Interface Peer Subsystem (FSMs) AVP Parser Routing Peer & Realm

XML

Config DB

AVP Data Dict

I/O Subsystem Security IPSEC/TLS Transport TCP/SCTP IP Link

Peer Peer

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Summary of Diameter Features

Diameter
A three-octet Attribute length allows 16M octets of data for a given attribute Support for Vendor Specific commands and attributes Utilization of TCP/SCTP enables flow control and congestion avoidance Support for KeepAlive messages on a connection oriented transport allow peer failure detection Removes limitation of Silent discarding of packets on all error conditions Efficient failover on detection of a peer failure

Radius
Limited to 255 octets for an attribute data Only vendor specific attributes UDP lacks any mechanism to regulate data flow Unable to distinguish Silent discarding of packets Inability for proper detection results in ineffective failover

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Summary of Diameter Features

Diameter
Better utilization of proxy and agents for failure detection and failover for next-hop peers Allows Server initiated messages. Capability to terminate and reauthenticate user sessions. Allows replay attack prevention. Better security for malicious attack Offers End-to-End security, with digital signatures and encryption for selected AVPs All atributes are aligned to 32-bit boundaries. Secure communications with IPsec or TLS

Radius
No proxy servers. Reliance on NAS Not present Not present Only Hop-to-Hop security. No securing of AVPs No alignment requirements Mandates a shared secret even if IPsec or TLS is used

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

3GPP Motivation for Diameter

!

An All-IP Network vision. Diameter is an IETF recommended protocol Ability to support accounting for multiple sessions, with multi-media in a single PDP context Lessons from current set of diverse standards and proprietary interfaces ISUP, CAMEL,WIN,Parlay Harmonized AAA function across all access networks

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter in 3GPP

Subscription Subscription Cx,Dx,Sh Cx,Dx,Sh

Charging Charging Ro,Rf Ro,Rf

Policy Gq,Gq

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Major Interfaces in the 3GPP Architecture

Interface Cx Dx Sh Rf Ro Gq Gq Between CSCF-HSS CSCF-SLF AS-HSS CCF ECF PCSCF-GGSN AF-RACS Defined in TS 29.228 TS 29.229 TS 29.228 TS 29.229 TS 29.328 TS 29.329 TS 32.260 RFC 4006 TS 32.260 RFC 4006 TS 29.207 TS 29.209 Functions
Obtain Subscriber Profile, location Authorize User Access, Exchange Authentication information Obtain Subscriber Profile, location Authorize User Access, Exchange Authentication information Subscriber Data Access or Update In the HSS by an AS or notifications To AS for updates/changes Offline Charging Services Online Charging Services

Policy Control in IMS

Policy Control in NGN

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Authorization and Authentication support

Application Application Server Server
Sh Cx

I-CSCF I-CSCF

HSS

S-CSCF S-CSCF
Dx

SLF

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Policy support

P-CSCF P-CSCF

Gq
Diameter

Policy Policy Decision Decision Function Function

Go

RACS RACS

Gq
Diameter

AF AF

GGSN GGSN

IMS

TISPAN-NGN

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

Diameter Charging Support

Diameter

Diameter

Offline Charging

Online Charging

CONVERGENCE FUEL FOR TELECOM NETWORKS

www.intellinet-tech.com

3GPP Specific
! !

Recommendation for SCTP as a reliable transport Support for NASreq, EAP and other IP applications not required Most Diameter communication falls within the same realm.(SCSF-HSS) Diameter does not need a compression function unlike SIP

CONVERGENCE FUEL FOR TELECOM NETWORKS