Introduction to Diameter

Diameter is a Authentication Authorization and Accounting (AAA) protocol. It works on the Application Layer if we consider OSI Layered model. Diameter is a message based protocol, where AAA  nodes exchange messages and receive Positive or Negative acknowledgment for each message exchanged between nodes. For  message exchange  it internally uses the TCP and SCTP which makes diameter reliable. Its technical specifications are given in RFC-6733 Diameter Base Protocol.

Diameter basically a successor of RADIUS (Remote Authentication Dial In User Service) Which is also a AAA protocol based on UDP. UDP does not use implicit hand-shaking mechanism for providing reliability, ordering, or data integrity, Unreliability was the major Flaw in Radius.

Here i have tried to explain various facets of Diameter Base Protocol, Before going to the details of various aspects of the Diameter Base Protocol we will see the improvements of the diameter over RADIUS.
                                                                                                                                                 (NEXT)


Your Comments /Suggestions and Questions are always welcome. I would try to clarify doubts with best of my knowledge. So feel free to put Questions.  

7 comments:

  1. Hi, one question.

    I have noticed that many uses host-names on the form name.realm. From the example in RFC 6773: "Origin-Host=nas.example.net, Origin-Realm=example.net"

    This will ensure that the host-name is unique. But is this necessary? Isn't it enough that FQDN is unique for a single agent? In the above example the FQDN will be nas.example.net.example.net, which to me looks strange.

    From RFC 6773: "The value of the Origin-Host AVP is guaranteed to be unique within a single host."

    Does this mean that origin/destination-host must be unique within a realm or unique whatsoever?

    So question is, can be host-name (origin or destination) be a simple name (Node1 /Node2 etc.) that is only unique within a realm, or might this lead to some errors?

    Br
    Ola

    ReplyDelete
    Replies
    1. Hi!

      Have you found out the answer to this?

      Thanks in advance!

      Delete
    2. Hi!

      Have you found out the answer to this?

      Thanks in advance!

      Delete
    3. Hello ola,

      Diameter message routing is based on Realm. It is based in realm routing. Any message is transmitted on basis of realm.
      As per standard Origin-Host, Origin-Realm, Destination-Realm are mandatory AVP. while Destination-host is optional.

      So host-name (origin or destination) will be unique within a realm. We append realm to make it unique regarding realm.
      Although it is not mandatory to append, it should be unique only within realm

      e.g. Suppose there are only two nodes
      Node 1 : Origin-Host node1.diameter.test.com Realm : diameter.test.com
      Node 2 : Origin-Host node1.digital.test.com Realm : digital.test.com
      both can exist simultaneously as they are unique as well.

      So for diameter messaging always use Origin-host as hostname.realm for better visibilty of nodes.

      Delete
    4. Hi!

      Thanks! you were able to enlighten me. A good practice should be origin-host: hostname.realm

      But as long as host-name will be unique within a realm, this scenario is acceptable

      Node1 : Origin-host: NODE1.diameter.com Realm: diameter.com
      Node2 : Origin-host: NODE2.diameter.com Realm: diameter-test.com

      Node2 is still valid as long as the hostname is unique within the realm "diameter-test.com".

      Delete
  2. HI Team Diameters ,

    Can You please provide some TCP dump for Diamater AVP's

    ReplyDelete
    Replies
    1. Hi Sumit

      Following link could help you.

      http://diameter-protocol.blogspot.in/2011/05/daimeter-avp-structure.html

      Regards,
      Ajay

      Delete