Escolar Documentos
Profissional Documentos
Cultura Documentos
Protocol Details
Connection Management Routing Session Management
Recent Topics
Diameter Tutorial - IETF67
Session Management
Session Management
Routing Management
Routing Management
Connection Management
Base Protocol
Diameter Tutorial - IETF67
Connection Management
Base Protocol
Base Protocol
Connectivity: Peering and Routing Application support: Application session management
Applications
Purpose specific: NASREQ, MIPv4, SIP etc. Identified by application Id
Every application MUST have an IANA-assigned application identifier Used also for diameter message routing
AVP Header
AVP Data
Version, Length, Flags, Code, AppId, H2H Id, E2E Id Code, Flag, Length, Vendor-Id (Opt)
Connection Management
Peer Discovery Transport Capabilities negotiation Peer liveness and disconnection
Peer Discovery
Transport Protocols
Certain nodes MUST support at least SCTP or TCP (i.e. Diameter Client) Others MUST support SCTP and TCP (i.e. Diameter Servers and Agents)
Security
TLS and IPSec
Liveness Test
Use of Device-Watchdog exchange (DWR/DWA) Aid in Failover performance: pro-active detection of failure
Disconnection
Use of Disconnect-Peer exchange (DPR/DPA) Provides hints for future reconnection attempts Routing table updates
Routing
Types of Diameter Nodes Request Routing Realm Routing Table Answer Routing Loop Detection Failover-Failback Procedure Duplicate Detection
Diameter Agents
Request and Answer forwarders Adds routing information to the message Relay Agents
Provides basic message forwarding Does not inspect content of the message other than DestinationHost and/or Realm and AppIds Advertises support all applications
Diameter Tutorial - IETF67
Re-Direct Agents
Does not forward messages but notifies the previous hop of the new next-hop to use Advertises support all applications
Client
Server
5. Answer
realmA.com
realmB.com
Request Routing
Information used for routing:
Application-Id: present is in the header Destination-Host OR Destination-Realm AVP
Routing rules:
1. 2. 3. If local identity == Destination-Host AVP then process locally, otherwise If peer identity == Destination-Host AVP then send that peer, otherwise Lookup realm table with Destination-Realm and AppId
a. b. If found send to the designated next-hop Otherwise, send an UNABLE_TO_DELIVER answer
isStatic: Indication of static or dynamic route ExpireTime: Time before dynamic route are no longer valid
Diameter Tutorial - IETF67
Routing Overview
SomeOtherRealm.com 1. Request (EAP, Server.RealmB.com) 2. Request (EAP, Server.RealmB.com) Diameter Server 3. Answer Server.RealmB.com
Diameter Client
Request Queue
Relay/Proxy Agent
Request Queue
Example Realm Routing Table for Relay/Proxy Agent: 1. RealmB.com a. AppId=EAP, Action=PROXY, Next-Hop=Server.RealmB.com, isStatic=TRUE b. AppId=xxx, Action=RELAY, Next-Hop=Server.RealmB.com, isStatic=TRUE 2. RealmA.com a. AppId=xxx, Action=RELAY, Next-Hop=Client.RealmA.com, isStatic=TRUE 3. SomeOtherRealm.com a. AppId=EAP, Action=REDIRECT, Next-Hop=Server.RealmB.com, isStatic=FALSE, ExpireTime=3600
Diameter Tutorial - IETF67
Answer Routing
Routing Rules:
For answer originators:
Use the same Hop-by-Hop Id found in the request Lookup Hop-by-Hop Id in request queue
a. b. If found, forward answer to appropriate peer and remove request from the queue Otherwise, discard
Diameter Tutorial - IETF67
Detection
Local host identity must not be present in the Route-Record AVP Send LOOP_DETECTED answer
Failover-Failback Procedure
Failover: Attempt to re-route pending request to an alternate peer in case of transport failure
T bit is set for re-routed requests
Failback: Switch back to the original next hop when connection is reestablished Relay
2. Request T-bit set
Request Queue
5. Answer
Server
Client
Request Queue
1. Request
Relay
Request Queue
2. Request 3. Answer
4. Answer
Duplicate Detection
Duplicates can occur
Due to Failover Nodes re-sending un-answered requests: Due to reboot
Detection
End-to-End Id is unique for a node Re-sent request must have T-flag set Therefore, use T-flag as a hint for possible duplication, then
Use End-to-End Id and Origin-Host AVP to detect duplication Duplicate request SHOULD cause the same answer to be sent
Other Considerations
Use of Session-Id for duplicate detection in accounting records Time needed to wait for duplicate messages
Diameter Tutorial - IETF67
Session Management
Diameter Sessions - definitions Session types and statefulness Authentication and Authorization Sessions Accounting Sessions
Applications provide guidelines as to when a session begins and ends Sessions are identified by Session-Id
Globally and eternally unique
<DiameterIdentity>;<high 32 bits>;<low 32 bits>[;<optional value>]
DiameterIdentity: Senders identity in FQDN High and Low 32 bits: Decimal representation of a 64-bit value, monotonically increased Optional value: Implementation specific, i.e. MAC address, timestamp etc
Authentication and Authorization Sessions Auth-Session-State indicates statefulness For stateful session
Session teardown uses Base Protocol messages ASR/ASA and STR/STA Support for Server-Initiated Re-Auth
Uses Base Protocol message RAR/RAA
Accounting Sessions
Accounting-related AVPs
Accounting-Record-Type AVP indicates type of accounting record: Acct-Interim-Interval AVP specifies how and when to generate accounting records Accounting-Record-Number AVP identifies an accounting record Acct-Session-Id AVP is used for RADIUS/Diameter translation Acct-Multi-Session-Id AVP co-relates multiple accounting sessions Acct-Sub-Session-Id sub-divides an accounting session Accounting-Realtime-Required AVP specifies realtime accounting behavior
End of Tutorial
Thank You