1 © NOKIA 2003 diameter.ppt / John A. Loghney

Diameter overviewTWG joint meeting

Xiamen, China

June 29, 2004

John Loughney

Research Manager

Nokia Research Center

john.loughney@nokia.com

2 © NOKIA 2003 diameter.ppt / John A. Loghney

AAA & Diameter

• Next generation Authentication, Authorization & Accounting protocol

• Consists of base specification and applications• MIP

• Network Access Server (Dial-up / PPP / SLIP environment)

• SIP Services

• Accounting Extensions

3 © NOKIA 2003 diameter.ppt / John A. Loghney

RADIUS Standard Model

Diameter Roaming

4 © NOKIA 2003 diameter.ppt / John A. Loghney

Short comings of RADIUS

• Backoff unspecified

• Failover unspecified

• Application layer acknowledgement missing

• Undefined proxy behavior

• No error messages prevent intelligent failure response

• Transport security has no confidentiality, known attacks

• Replay protection only in post-processing

• No object security, subject to man-in-the-middle attacks.

5 © NOKIA 2003 diameter.ppt / John A. Loghney

Diameter Examples

Server Serverrelay

Peer connection A Peer connection B

User session X

NAS Home Server

Translation Agent

RADIUS Req Diameter Req

RADIUS Ans Diameter Ans

Diameter Connections and Sessions

Translation of RADIUS to Diameter

6 © NOKIA 2003 diameter.ppt / John A. Loghney

Diameter Proxy Example

NetworkAccessServer

Primary Proxy Server

Backup Proxy Server

Primary Home Server

Backup Home Server

local service provider

home service provider

7 © NOKIA 2003 diameter.ppt / John A. Loghney

AAA-SIP in 3GPP Rel. 5

SGW

UE P-CSCF I-CSCF

MGCF

Gm Mw Mw

SLF

Dx Cx

HSS AS

Cx

MGW

Mc

Mj

Mi

SIP

Diameter

SIP

Megaco

Mr

MRFC

GGSN

Go COPS forPolicy Control

Sh

Visited Domain

Home Domain

ISC

MRFP

Megaco

SIP-ISUP

Compression

S-CSCF

BGCF

Diameter

Diameter

8 © NOKIA 2003 diameter.ppt / John A. Loghney

Stardards Work to Do• Diameter Base Specification just submitted.• Diameter Mobile IPv4 Application nearly ready (needed

by 3GPP2).• Diameter NASREQ Application nearly ready.• CMS Security Application, needed for e2e security• AAA Key Distribution• SIP-AAA Requirements• Diameter Mobile IPv6 Application• Diameter Multimedia Application (3GPP rel. 6)• Diameter Credit Control Application (3GPP rel. 6)• May need extensions to support session mobility.

9 © NOKIA 2003 diameter.ppt / John A. Loghney

Vision

WLAN

For phones, laptops and PDAsSame authentication

Same end-to-end securitySame applications

Same service providerSame bill

Multi-radio mobile access

Sessionmobility

Access to SIP servicesWCDMA

GSM/GPRS

DSL

10 © NOKIA 2003 diameter.ppt / John A. Loghney

Corporateintranet

VPN Gateway

Operator ServicesGSM

roaming

Operator site

SS7

SMSC

AAA Server

Router/firewall

Billing system

ChargingGateway

Diameter and DNS servers

Access Controller

Any WLAN card

Internet

11 © NOKIA 2003 diameter.ppt / John A. Loghney

Operator IP

Auth. Server

AC(opt.)

GPRS-WLAN Service Mobility

Home AC

Operatorservices incl.

intelligent content

Corporate

Diameter ServerDHCP

GPRS-WLANcommonsubscriber data

Service/Access selection based on common:• Subscription (GPRS ”access points”)• Terminal configuration (opt.)

IP tunnel with IETF protocol

Common service awareness:• Differentiated and pre-paid charging

for corporate and intelligent Web content

Common connectivity to corporate:• Existing L2/L3 connections • Corporate IP address (security)• Optional authentication

AP Access Zone

Internet

Managed IP flow enables common: • Control of direct Internet access• Support of existing terminals• Service guarantee and QoS• Roaming through GRX

LAN, VLAN,or IP tunnel

12 © NOKIA 2003 diameter.ppt / John A. Loghney

Wireless PDA

PC

Laptop withWLAN

Mobile

(SIP) phone

SIP enables service convergence

MobileTelephone

SIP conversational connectivityplus more:

Presence, instant messaging, file sharing,

video …

Telephony conversationalconnectivity

Separate,telecom-driven

standards

Common,IP-driven

call/session set-up

13 © NOKIA 2003 diameter.ppt / John A. Loghney

Multi-Access to IP Multimedia CoreCPSsession control

Operator WLANpublic access zones DSL Broadband

offices, homes

IP MultimediaCore & Services

local servicessupplemented by operator services

Cellularwide-area network

voice

Device mobility (Mobile IP)Service mobility (SIP + presence)

Internet

messaging,video

allmultimedia

services

presence, messaging, group services

end-usercontrol

rich callstreamingetc.

browsing,downloading,

VPN remote access

14 © NOKIA 2003 diameter.ppt / John A. Loghney

Operator Services

• Provide Authorization Services.

• Provide Authentication Services.

• Sell branded content networks.

• Provide roaming brokers.

• PKI services.

15 © NOKIA 2003 diameter.ppt / John A. Loghney

Summary

• Integrating different access technologies (3G, WLAN, DSL, Dial-up):

• increases the potential for increasing subscribers.

• increases accesses to services.

• Integrating/harmonizing signaling:• harmonizes network infrastructure.

• simplifies network management.

• simplifies charging/billing.

• simplifies the user experience.