diameter presentation

DiameterBeny Haddad

Agenda• Origin of Diameter

• Main Features of Diametero Diameter Base protocol

o Type of Diameter Nodes

• Main Applications

• Messages Overview

Company Confidential 2

Why did we need Diameter?

• Diameter is an Authentication, Authorization and Accounting protocol (AAA) for computer networks, and an alternative to RADIUS.

• Diameter provides an upgrade path for the “old” RADIUS (Remote Authentication Dial In User Service) and solves several limitations.

In the early 1990s, Radius has

been developed to control

Dial-in access

AAA• Authenticate users or devices before granting them

access to a network

• Authorize those users or devices for certain network

services

• Account for usage of those services


DIAMETER = 2 * RADIUS

RADIUS DIAMETER

Reliable

transport

No (uses UDP) TCP, SCTP

Failover Not defined by

standard

Failover is defined for

network errors and actions

Security Not mandatory and not

end to end

Mandatory and end to end

Agent roles Not defined (other

then client and server)

Defines many (such as

proxy, relay and redirect)

Transactions ID up to 255, other

implicit methods

End to end and node by

node each 2^32 range

Vendor specific Not explicit Through negotiation

Dynamic

configuration

No Defined in the standard

5


Main features of Diameter

Diameter - Basic Functionality

Diameter Tutorial - IETF67

Diameter

Client Application

Diameter

Server Application

Routing Management

Connection

Management

Connection

Management

Diameter Client Node at somerealm.com

Base Protocol Base Protocol

Diameter Server Node at otherrealm.com

Session Management

Routing Management

Session Management

Diameter - Basic Functionality


• Base Protocol

– Connectivity: Peering and Routing

– Application support: Application session management

• Applications

– Purpose specific: Gx, Gy, etc

– Identified by application Id

• Every application MUST have an IANA-assigned application

identifier

• Used also for diameter message routing

- Define the Commands (e.g. CCR/CCA, RAR/RAA)

- Defines the AVP (Attribute/Value Pair) fields (e.g. Origin-Host)

Diameter – Message Format


Diameter Header AVP AVP AVP

• Diameter Message:

AVP Header AVP Data

• Each message must be defined using an ABNF grammar

• Pre-defined AVP data types (Integer32, Float, OctetString etc.)

Version, Length, Flags, Code, AppId, H2H Id, E2E IdDiameter Header =

Code, Flag, Length, Vendor-Id (Opt)AVP Header =

Diameter ABNF Conventions


Symbol Example Meaning Occurrences

<XXX> ::= <X, F> <CER> ::= < Diameter Header: 257, REQ >

Command Code, Flags 1

< AVP > < Session-Id > Required AVPAt this place (first)

1

{ AVP } { Origin-Host } Required AVP 1

1* { AVP } 1* { Host-IP-Address }

Required AVP,Canappear more than once

1+

[ AVP ] [ Origin-State-Id ] Optional AVP 0,1

*[ AVP ] * [ Supported-Vendor-Id ]

Optional AVP, Can appear more than once

0+

Diameter ABNF Example

<CER> ::= < Diameter Header: 257, REQ > /* Command Code, Flags */

< Session-Id > /* Required AVP, Occurrence: 1 At this place (first) */

{ Origin-Host } /* Required AVP, Occurrence: 1 */

{ Origin-Realm }

1* { Host-IP-Address } /* Required AVP, Occurrence: 1+ */

{ Vendor-Id }

{ Product-Name }[ Origin-State-Id ] /* Optional AVP, Occurrence: 0 or 1 */

* [ Supported-Vendor-Id ] /* Optional AVP, Occurrence: 0+ */

* [ Auth-Application-Id ]

* [ Inband-Security-Id ]

* [ Acct-Application-Id ]

* [ Vendor-Specific-Application-Id ]

[ Firmware-Revision ]* [ AVP ]


Note: /* */ is not part of ABNF

Capabilities Exchange


• Capabilities Exchange

– Use of Capabilities-Exchange (CER/CEA) messages

– Message exchange advertises:

• Peer Identity

• Security schemes – Indicates the use of TLS

• SCTP host addresses if used

– CER/CEA may or may not be protected

• Peer Table Creation

– Lists all peers that passes capabilities negotiation

– Indicates the connection status of each peers

– Also used for message routing

Diameter Sessions – definitions

• What is a session? o A session is a related progression of events devoted to a

particular activity

• Applications provide guidelines as to when a session begins and ends

• Sessions are identified by Session-Ido Globally and eternally unique

<DiameterIdentity>;<high 32 bits>;<low 32 bits>[;<optional value>]

• DiameterIdentity: Senders identity in FQDN

• High and Low 32 bits: Decimal representation of a 64-bit value, monotonically increased

• Optional value: Implementation specific, i.e. MAC address, timestamp etc


Types of Diameter Nodes


• Diameter Clients and Servers

– Request and Answer Originators

• Where application normally reside

– Advertises supported applications only

• Diameter Agents

– Request and Answer forwarders

– Adds routing information to the message

– Relay Agents

• Provides basic message forwarding

• Does not inspect content of the message other than Destination-

Host and/or Realm and AppIds

• Advertises support all applications

Types of Diameter Nodes – (cont.)


– Proxy Agents

• Inspects and possibly modifies contents of the request or answer it is

forwarding.

– Useful in scenarios such policy enforcement, admission control,

provisioning etc

– Can maintain session state

• Examples: Translation agents, RADIUS<->DIAMETER

– Re-Direct Agents

• Does not forward messages but notifies the previous hop of the new

next-hop to use

• Advertises support all applications

Types of Diameter Nodes


Redirect

Agent

Client

1. Request

2. Request 3. Redirect Notification

4. Request

5. Answer6. Answer

Request/Answer Path:

• Normal Relay or Proxy: 1, 4, 5, 6

• Re-directed Agent: 1, 2, 3, 4, 5, 6

realmA.com realmB.com

Relay/Proxy

AgentServer

Main Applications


Main Applications in 3gpp


Policy:

- Gx

- Rx

- S9

- Sd

Charging:

- Gy

- Gz (Rf)

- Sy

Subscriber Info:

- Sh

Gx/Rx Application• Gx:

o Interface between the PCEF (Policy and Charging Enforcement Function)

and the PCRF (Policy Control and Charging Rule Function)

o PCRF provides PCC rules (QoS and Charging rules) to PCEF at session

establishment

o PCRF can push PCC Rules for new bearers creation

• Rx:o Interface between the AF (Application Function) and the PCRF

o Enables 3rd party applications (IMS, SBC, etc) to create dynamically

bearers


Gy/Gz Application• Gy:

o Diameter Credit Control Application (DCCA)

o Online Charging

o OCS (Online Charging) Allocates Quotas to PCEF

• Gz:o Offline Charging

o Also known as Rf

o Report usage to OFCS (Offline Charging)


Messages overview


Message Flow• Transport (TCP/SCTP)

• Capabilities Exchange

• Messages (CCR/CCA, etc)

• Watch Dog

• Disconnect

• Transport Disconnect


MessagesMessage name Abbreviation Command code

Capabilities-Exchanging-Request CER 257

Capabilities-Exchanging-Answer CEA 257

Device-Watchdog-Request DWR 280

Device-Watchdog-Answer DWA 280

Credit-Control-Request CCR 272

Credit-Control-Answer CCA 272

Re-Auth-Request RAR 258

Re-Auth-Answer RAA 258

Session-Termination-Request STR 275

Session-Termination-Answer STA 275

Disconnect-Peer-Request DPR 282

Disconnect-Peer-Answer DPA 282


Gx Interface


GW

Online Charging System (OCS)

Service Data Flow Based

Credit Control

Policy and Charging

Rules Function (PCRF)

CAMEL SCP

Gy

Rx

AF

Gz

Gx

Subscription Profile Repository

(SPR)

Sp

Offline Charging System (OFCS)

PCEF

Gx Messages - CCR• CCR command: sent by the PCEF to PCRF for 2

purposes:o To request from PCRF for PCC rules for a bearer

o To indicate bearer or PCC rule related events or the termination of the IP

CAN bearer and/or session


Gx Messages - CCR<CCR> ::= < Diameter Header: 272, REQ, PXY >

< Session-Id >

{ Auth-Application-Id }

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ CC-Request-Type }

{ CC-Request-Number }

[ Destination-Host ]

[ CC-Subsession-Id ]

[ Origin-State-Id ]

*[ Subscription-Id ]

[ Framed-IP-Address ]

*[ Framed-IPv6-Prefix ]

[ 3GPP-RAT-Type ]

[ Termination-Cause ]

[ User-Equipment-Info ]

{ 3GPP-GPRS-Negotiated-QoS-Profile }

[ 3GPP-SGSN-MCC-MNC ]

[ 3GPP-SGSN-Address ]

[ 3GPP-SGSN-IPv6-Address ]

[ Called-Station-ID ]

[ Bearer-Usage ]

[ TFT-Packet-Filter-Information ]

* [ Proxy-Info ]

* [ Route-Record ]*[ AVP ]


Gx Messages - CCA• The CCA command is sent from the PCRF to PCEF

as a response to a CCR command.

• It provides the PCEF witho PCC rules and event triggers for the bearer/session

o Selected bearer control mode for the IP-CAN session


Gx Messages – CCA (cont)<CCA> ::= < Diameter Header: 272, PXY >

< Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } [ Result-Code ] [ Experimental-Result ] [ CC-Request-Type ] [ CC-Request-Number ][ CC-Sub-Session-Id ]

*[ Event-Trigger ] [ Origin-State-Id ]

*[ Charging-Rule-Remove ] *[ Charging-Rule-Install ] [ Primary-CCF-Address ] [ Secondary-CCF-Address ] [ Primary-OCS-Address ] [ Secondary-OCS-Address ] [ Error-Message] [ Error-Reporting-Host ]

*[ Failed-AVP ]*[ Proxy-Info ] *[ Route-Record ] *[ AVP ]


Charging-Rule-Install ::= < AVP Header: 1001 >

*[ Charging-Rule-Definition ]

*[ Charging-Rule-Name ]

*[ Charging-Rule-Base-Name ]

[ Bearer-Identifier ]

[ Rule-Activation-Time ]

[ Rule-Deactivation-Time ]

[ Resource-Allocation-Notification ]

[ Charging-Correlation-Indicator ]

*[ AVP ]

Gx Messages – CCA (cont)


Flow-Information ::= < AVP Header: 1058 >

[ Flow-Description ]

[ Packet-Filter-Identifier ]

[ Packet-Filter-Usage ]

[ ToS-Traffic-Class ]

[ Security-Parameter-Index ]

[ Flow-Label ]

[ Flow-Direction ]

*[ AVP ]

QoS-Information ::= < AVP Header: 1016 >

[ QoS-Class-Identifier ]

[ Max-Requested-Bandwidth-UL ]

[ Max-Requested-Bandwidth-DL ]

[ Guaranteed-Bitrate-UL ]

[ Guaranteed-Bitrate-DL ]


[ Allocation-Retention-Priority]

[ APN-Aggregate-Max-Bitrate-UL]

[ APN-Aggregate-Max-Bitrate-DL]

* [AVP]

Charging-Rule-Definition ::= < AVP Header: 1003 >

{ Charging-Rule-Name }

[ Service-Identifier ]

[ Rating-Group ]

* [ Flow-Information ]

[ Flow-Status ]

[ QoS-Information ]

[ Reporting-Level ]

[ Online ]

[ Offline ]

[ Metering-Method ]

[ Precedence ]

[ AF-Charging-Identifier ]

* [ Flows ]

[ Monitoring-Key]

[ AF-Signalling-Protocol ]

* [ AVP ]

Gx Messages - RAR• The RAR command: sent by the PCRF to the PCEF in

order to provision PCC rules and event triggers using

the PUSH procedure to initiate the provision of

unsolicited PCC rules. o NOTE: If the RAR command is received by the PCEF without providing any

operation on PCC rules or any QoS information, the PCEF will respond with a CCR command requesting PCC rules.


Gx Message - RAR

<RA-Request> ::= < Diameter Header: 258, REQ, PXY >

< Session-Id >

{ Auth-Application-Id }

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Destination-Host }

{ Re-Auth-Request-Type }

[ Origin-State-Id ]

*[ Event-Trigger ]

*[ Charging-Rule-Remove ]

*[ Charging-Rule-Install ]

*[ QoS-Information ]

*[ Proxy-Info ]

*[ Route-Record ]

*[ AVP]


Gx Messages - RAA• The RAA command: sent by the PCEF to the PCRF in

response to the RAR command.

<RA-Answer> ::= < Diameter Header: 258, PXY >

< Session-Id >

{ Origin-Host }

{ Origin-Realm }

[ Result-Code ]

[ Experimental-Result ]

[ Origin-State-Id ]

[ Event-Trigger ]

*[ Charging-Rule-Report]

[ Access-Network-Charging-Address ]

*[ Access-Network-Charging-Identifier-Gx ]


[ Error-Message ]

[ Error-Reporting-Host ]

*[ Failed-AVP ]

*[ Proxy-Info ]

*[ AVP ]


Rx Interface


GW

Online Charging System (OCS)

Service Data Flow Based

Credit Control

Policy and Charging

Rules Function (PCRF)

CAMEL SCP

Gy

Rx

AF

Gz

Gx

Subscription Profile Repository

(SPR)

Sp

Offline Charging System (OFCS)

PCEF

Event Triggers (examples) • SGSN_CHANGE (0)

• QOS_CHANGE (1)

• RAT_CHANGE (2)

• TFT_CHANGE (3)

• PLMN_CHANGE (4)

• LOSS_OF_BEARER (5)

• RECOVERY_OF_BEARER (6)

• IP-CAN_CHANGE (7)

• QOS_CHANGE_EXCEEDING_AUTHORIZATION (11)

• RAI_CHANGE (12)

• USER_LOCATION_CHANGE (13)

• OUT_OF_CREDIT (15)

• REALLOCATION_OF_CREDIT (16)


• UE_IP_ADDRESS_ALLOCATE (18)

• UE_IP_ADDRESS_RELEASE (19)

• UE_TIME_ZONE_CHANGE (25)

• USAGE_REPORT (26)

Rx Messages• AAR: sent by an AF to the PCRF in order to provide it

with the Session Information

• AAA: sent by the PCRF to the AF in response to the AAR command

• RAR: (Re Authentication Request): sent by the PCRF to

the AF in order to indicate an Rx specific action

• RAA: sent by the AF to the PCRF in response to the RAR

command

• STR (Session Termination Req): sent by the AF to inform

the PCRF that an established session shall be terminated

• STA: sent by the PCRF to the AF in response to the STR

command.


Rx Messages - AAR• <AA-Request> ::= < Diameter Header: 265, REQ, PXY >

• < Session-Id >

• { Auth-Application-Id }

• { Origin-Host }

• { Origin-Realm }

• { Destination-Realm }

• [ Destination-Host ]

• [ AF-Application-Identifier ]

• *[ Media-Component-Description ]

• [Service-Info-Status ]

• [ AF-Charging-Identifier ]

• [ SIP-Forking-Indication ]

• *[ Specific-Action ]

• *[ Subscription-ID ]

• [ Reservation-Priority ]

• [ Framed-IP-Address ]

• [ Framed-IPv6-Prefix ]

• [ Service-URN ]

• [ Origin-State-Id ]

• *[ Proxy-Info ]

• *[ Route-Record ]

• *[ AVP ]


Rx Messages – Media Component AVP

• Media-Component-Description ::= < AVP Header: 517 >

• { Media-Component-Number } ; Ordinal number of the media comp.

• *[ Media-Sub-Component ] ; Set of flows for one flow identifier

• [ AF-Application-Identifier ]

• [ Media-Type ] ; Video, Audio, Data , applucation, Control, text, message, other

• [ Max-Requested-Bandwidth-UL ]

• [ Max-Requested-Bandwidth-DL ]

• [ Flow-Status ] ; enable DL, enable UL, enable All, Remove All

• [ Reservation-priority ]

• [ RS-Bandwidth ]

• [ RR-Bandwidth ]

• *[ Codec-Data ]


Rx Messages - AAA• <AA-Answer> ::= < Diameter Header: 265, PXY >

• < Session-Id >


• { Origin-Host }


• [ Result-Code ]

• [ Experimental-Result ]

• *[ Access-Network-Charging-Identifier ]

• [ Access-Network-Charging-Address ]

• [Acceptable-Service-Info ]

• [ IP-CAN-Type ]

• [ 3GPP-RAT-Type ]

• [ Error-Message ]

• [ Error-Reporting-Host ]

• *[ Failed-AVP ]


• *[ Redirect-Host ]

• [ Redirect-Host-Usage ]

• [ Redirect-Max-Cache-Time ]

• *[ Proxy-Info ]

• *[ AVP ]


Rx Messages - RAR• <RA-Request> ::= < Diameter Header: 258, REQ, PXY >

• < Session-Id >

• { Origin-Host }


• { Destination-Realm }

• { Destination-Host }


• { Specific-Action }

• *[ Access-Network-Charging-Identifier ]

• [ Access-Network-Charging-Address ]

• *[ Flows ]

• *[ Subscription-ID ]

• [ Abort-Cause ]

• [ IP-CAN-Type ]

• [ 3GPP-RAT-Type ]


• *[ Proxy-Info ]

• *[ Route-Record ]

• *[ AVP ]


Rx Messages - RAA• <RA-Answer> ::= < Diameter Header: 258, PXY >

• < Session-Id >

• { Origin-Host }


• [ Result-Code ]

• [ Experimental-Result ]

• *[ Media-Component-Description ]

• [ Service-URN ]


• [ Error-Message ]

• [ Error-Reporting-Host ]

• *[ Failed-AVP ]

• *[ Proxy-Info ]

• *[ AVP ]

40

Specs• Diameter Base Protocol: RFC 3588

• 3GPP TS 23.203: "Policy and charging control

architecture": o http://www.3gpp.org/ftp/Specs/html-info/23203.htm

• 3GPP TS 29.212: “Gx Interface”:o http://www.3gpp.org/ftp/Specs/html-info/29212.htm

• 3GPP TS 29.211: “Rx Interface”:o http://www.3gpp.org/ftp/Specs/html-info/29211.htm

• 3GPP TS 32.29: “Gy interface”

41

http://tools.ietf.org/html/rfc3588

http://www.3gpp.org/ftp/Specs/html-info/23203.htm



Questions?

42

Thank You

43

diameter presentation

Technology