intellinet ims diameter tut
TRANSCRIPT
-
7/31/2019 IntelliNet IMS Diameter Tut
1/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
DIAMETER & 3GPP applicationsA Tutorial
Oct 27th, 2005
Presented by:
Arun Handa
CTO
-
7/31/2019 IntelliNet IMS Diameter Tut
2/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
What is Diameter
Diameter is an extensible, ASCII based messagingprotocol to enable Authorization, Authentication andAccounting (AAA) function in IP and multimedianetworks.
Diameter supports a modular architecture with thebase protocol and application specific extensions
Its reliance on secure and reliable transports make it asuitable choice for charging and authorization.
-
7/31/2019 IntelliNet IMS Diameter Tut
3/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
The Evolution
-ROAMOPS I ETFWorking Group
-Netw ork Access Servers(NAS) Requirement s
- Mobile I P Working Group- 3GPP I MS Definit ion- 3GPP2 Wir eless I P definit ion
Authentication
AuthorizationAccounting
(AAA)
RADI US
DI AMETER
Remote Authenticat ionDial I n User Services
- DialUp PPP/ I P- MobileI P access
-
7/31/2019 IntelliNet IMS Diameter Tut
4/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Improvements over RADIUS
! Increased size of attribute data
! More Reliable Transport
! Improved Flow Control
! Elimination of packet loss
! Better Proxying mechanisms
! Enhanced Session Control
! Tighter Security options
-
7/31/2019 IntelliNet IMS Diameter Tut
5/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Architecture
Diameter Base Protocol
NASREQApplications
EAPApplications
Mobile IPv4Applications
3GPPApplications
Cx, Dx, ShRo, Rf
Gq, Gq
! The Base protocol provides support for the reliable
transport and delivery of messages
! The Base Protocol must be used along with anApplication
Credit
ControlApplications
Applications of interest
-
7/31/2019 IntelliNet IMS Diameter Tut
6/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Applications
! NASREQ Application
! AAA services for Dial-in PPP users (RADIUS replacement)
! Mobile IPv4 Application! AAA support for Mobile IP networks as specified in CDMA2000
requirements(rfc3141) and MobileIP AAA(rfc2977)
!
EAP Application! Security support for Extensible Authentication protocol(rfc4072)
! Credit Control Application
! Charging support as specified in rfc4006
! 3GPP Applications
! IMS supported applications for AAA functions
-
7/31/2019 IntelliNet IMS Diameter Tut
7/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Associations
Realm 1domain1.com
Realm 1domain1.com
Realm 2domain2.com
Realm 2
domain2.com
Server
Client
peer
Relay
Client
Diameter I dent i ty
aaa://host.domain.com:3868;transport=sctp;protocol=diameter
-
7/31/2019 IntelliNet IMS Diameter Tut
8/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Types of Diameter Nodes
Server
Relay Agent
Proxy Agent
Client
Redirect Agent
Network Edge Device Performing Access Cont rol.Eg NAS, Foreign Agent
TranslationAgent
Controlling Ent it y of AAA functions for a part icular domainEg. HSS
Routes Diameter messages within known peers in supportedrealms. May modif y routing informat ion (only)
Also routes messages, but can modify message content toenable policy, resource usage, admission and provisioning
Enables Routing to other domains wi thin roaming agreements
by not if y the request ing peer wi th the routing informat ion
Protocol t ranslat ion funct ion such as RADIUS-Diameterconversion
-
7/31/2019 IntelliNet IMS Diameter Tut
9/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Messages
:
Fixed Length Header
Attribute Value
Attribute Value Pairs (AVP)
ASCII Based Message Protocol
AVP Code Length Flags Data
-
7/31/2019 IntelliNet IMS Diameter Tut
10/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Message Format
Version Message Lengt h
Flags Command Code
Vendor I D
Hop-by-Hop I dentif ier
End-t o-End I dentif ier
AVP Code
Flags AVP Lengt h
Vendor I D (Vendor specific AVP)
AVP Data (Variable Lengt h)
Octet 1 Oct et 2 Octet 3 Octet 4
Header
AVP0 .. n
-
7/31/2019 IntelliNet IMS Diameter Tut
11/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Base Commands
Abort-Session-Request ASRAbort-Session-Answer ASA
Accounting-Request ACRAccounting-Answer ACACapabili t ies-Exchange- Request CERCapabili t ies-Exchange- Answ er CEA
Device-Watchdog-Request DWRDevice-Watchdog-Answer DWADisconnect-Peer-Request DPRDisconnect-Peer-Answer DPARe-Auth-Request RARRe-Auth-Answer RAASession-Terminat ion- Request STRSession-Terminat ion- Answ er STA
-
7/31/2019 IntelliNet IMS Diameter Tut
12/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Typical Diameter Session Behavior
Peer Discovery
Peer Discovery
Capabilities Exchange Req
Capabilities Exchange Ans
Capabilities Exchange Req
Capabilities Exchange Ans
Device WatchDog Req
Device Watchdong AnsMultimedia Auth Req
Multimedia Auth Ans
Multimedia Auth Req
Multimedia Auth Ans
Discovery via DNS or staticConfiguration
Peer Identity, apps supportedversion info etc.
KeepAlive message
Establishment of a session, proxyacross a peer
EndPoint1 Proxy Server
-
7/31/2019 IntelliNet IMS Diameter Tut
13/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Peer Communication
! Peers can be statically configured or dynamicallydiscovered
! Initial Handshake is established via CapabilitiesExchange Message
!
Heartbeats are exchanged for transport failuredetection
! Failover/Failback mechanisms are invoked when
transport failures are detected. An alternate peer isselected for all pending and new requests.
-
7/31/2019 IntelliNet IMS Diameter Tut
14/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Typical Diameter Stack
PeerPeerXML
Config
DB
AVPData
Dict
RoutingPeer &
Realm
I/O Subsystem
AVP Parser
SessionSubsystem
(FSMs)
PeerSubsystem
(FSMs)
Applicat ion Programmning Interface
Applications
(AVP
Extensions)
Secur ity IPSEC/TLS
Transpor t TCP/SCTP
IP Link
-
7/31/2019 IntelliNet IMS Diameter Tut
15/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Summary of Diameter Features
Inabili t y for properdetect ion result s inineffect ive failover
Eff icient failover on detect ion of a peer failur e
Silent discarding of
packets
Removes limitation of Silent discarding of packets
on all error condit ions
Unable to dist inguishSupport for KeepAlive messages on a connect ionoriented transport allow peer failure detect ion
UDP lacks any mechanism
to regulate data f low
Utilization of TCP/SCTP enables flow control and
congestion avoidance
Only vendor specific
attributes
Support for Vendor Specific commands and
attributes
Limited to 255 octets for
an at t ribute data
A three-octet At t r ibute length allows 16M octets
of data for a given at t r ibute
Diameter Radius
-
7/31/2019 IntelliNet IMS Diameter Tut
16/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Summary of Diameter Features
Mandates a shared secreteven if IPsec or TLS isused
Secure communicat ions wi th IPsec or TLS
No alignment
requirements
All at r ibut es are aligned to 32-bit boundaries.
Only Hop-to-Hop securit y.No securing of AVPs
Offers End-to-End securi ty, wi th digit al signaturesand encryption for selected AVPs
Not presentAllows replay at tack prevent ion. Better secur it y
for malicious attack
Not presentAllows Server ini t iated messages. Capabili t y t o
terminate and reauthenticate user sessions.
No proxy servers.
Reliance on NAS
Better ut il izat ion of proxy and agents for failure
detection and failover for next-hop peers
Diameter Radius
-
7/31/2019 IntelliNet IMS Diameter Tut
17/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
3GPP Motivation for Diameter
! An All-IP Network vision. Diameter is an IETFrecommended protocol
! Ability to support accounting for multiple sessions,with multi-media in a single PDP context
!
Lessons from current set of diverse standards andproprietary interfaces ISUP, CAMEL,WIN,Parlay
! Harmonized AAA function across all access
networks
-
7/31/2019 IntelliNet IMS Diameter Tut
18/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter in 3GPP
Subscription
Cx,Dx,Sh
Subscription
Cx,Dx,Sh
ChargingRo,Rf
ChargingRo,Rf
PolicyGq,Gq
i lli h
-
7/31/2019 IntelliNet IMS Diameter Tut
19/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Major Interfaces in the 3GPP Architecture
Cx
Dx
Rf
Ro
Sh
CSCF-HSS
CSCF-SLF
AS-HSS
CCF
ECF
TS 29.228TS 29.229
Obt ain Subscriber Profi le, locat ionAuthor ize User Access, ExchangeAuthent ication informat ion
I nt er face Betw een Defined in Funct ions
TS 29.228TS 29.229
Obt ain Subscriber Profi le, locat ionAuthor ize User Access, ExchangeAuthent icat ion informat ion
TS 29.328
TS 29.329
Subscr iber Data Access or UpdateI n t he HSS by an AS or not ifi cat ionsTo AS for updates/ changes
Gq PCSCF-GGSN TS 29.207Policy Cont rol in I MS
Gq AF-RACS TS 29.209 Policy Cont rol in NGN
TS 32.260RFC 4006
TS 32.260RFC 4006
Off line Charg ing Services
Onl ine Charging Serv ices
i t lli t t h
-
7/31/2019 IntelliNet IMS Diameter Tut
20/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Authorization and
Authentication support
HSS
SLF
I-CSCFI-CSCF
S-CSCFS-CSCF
Dx
Cx
ApplicationServer
ApplicationServer
Sh
www intellinet tech com
-
7/31/2019 IntelliNet IMS Diameter Tut
21/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Policy support
P-CSCFP-CSCF
GGSNGGSN
Go
Gq PolicyDecisionFunction
PolicyDecisionFunction
RACSRACSGq
AFAF
IMS TISPAN-NGN
Diameter Diameter
www intellinet-tech com
-
7/31/2019 IntelliNet IMS Diameter Tut
22/23
www.intellinet-tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
Diameter Charging Support
DiameterDiameter
Offline Charging Online Charging
www intellinet-tech com
-
7/31/2019 IntelliNet IMS Diameter Tut
23/23
www.intellinet tech.com
C O N V E R G E N C E F U E L F O R T E L E C O M N E T W O R K S
3GPP Specific
! Recommendation for SCTP as a reliable transport
! Support for NASreq, EAP and other IP applications
not required
! Most Diameter communication falls within the samerealm.(SCSF-HSS)
! Diameter does not need a compression functionunlike SIP