Diameter AVP Structure

Diameter AVPs are the basic unit inside the Diameter message that carries the Data(Authentication Data , Security Data , Data pertaining to Application etc). There must be at least one AVP inside Diameter message.

AVP has following frame format.

Diameter AVP Structure

AVP Code (4-bytes)
The AVP Code, combined with the Vendor-Id field, identifies the attribute uniquely. AVP numbers 256 and above are used for Diameter, which are allocated by IANA.
AVP numbers 1 through 255 are reserved for backward compatibility with RADIUS, without setting the Vendor-Id
field.

AVP Flag (1-Byte [VMPRRRRR])

These flag give the information to the receiver how the each attribute to be handled.
R- Reserved bits and SHOULD be set to 0.
 
M-Mandatory Bit
-->Means If this bit is Set then Diameter Client, Server,Proxy and Translation Agent MUST support the handling of this AVP. If Handling is not support(Either AVP or Its value is Unrecognized) by the mentioned Diameter Agents then Diameter message MUST be Rejected.
-->Diameter Relay and Redirect Agent MUST not reject the message with unrecognized AVPs.
-->If M bit is clear and Receiver does not support the handling of considered Avp then Receiver may ignore the considered AVP.
 
V- Vendor Id Bit
-->It is just the indication whether Vendor-Id field is there in the AVP or Not
-->If V is Set the Vendor-Id Field is prsent in the AVP Otherwise missing this Field.

Vendor-ID (4- bytes)
Vendor-ID field contains the IANA assigned "SMI Network Management Private Enterprise Codes" value.
As we know Diameter is Extensible Protocol, so any vendor wishs to implement vendor-specific Diameter AVp MUST use Their OWN Vendor-ID along with their privately managed AVP address Space.


P-Protected Bit 
This bit is set indicates that Avp data is encrypted for end-to-end security.

AVP Length (3- bytes)
Contains No. of octets used by Data + Vendor-ID + AVP Code + AVP Length + AVP Flags.

Data  
Data Field is of ZERO or More octets and contains information. AVP with Zero octet length is used for indications only.The format of the Data field MUST be one of the data type defined in Base Diameter protocol RFC-3588.



Grouped AVP
Grouped AVP more or less same like the single AVPs except that the data field of grouped avp contains the one or move avps rather than Raw data. Here avps act as data. 

Images given Below shows their format


Your Comments /Suggestions and Questions are always welcome.I would try to clarify doubts with best of my knowledge. So feel free to put Questions.

56 comments:

  1. Thx for providing good explanation with example.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Do you have an example, i mean a file you can share.

    ReplyDelete
  4. what is the difference between a 'Relay' and a 'Proxy'?

    ReplyDelete
    Replies
    1. hi,
      following link will helpful
      http://diameter-protocol.blogspot.in/2012/07/diameter-agents.html

      Delete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Can a AVP have both M and V set to 1.Can it exists?

    ReplyDelete
    Replies
    1. Hi Krishna

      Sorry for delayed response.

      Yes, We can have AVP with M and V bits are set to 1. Most of the AVPs in 3gpp standard interfaces are with M and V bits set to 1

      Thanks for your query.
      Happy to help you again
      Team-Diameter

      Delete
  7. Great Blog.Detail information on diameter protocol. Just want to bring to your notice a small typo error at the starting of the page "Daimeter AVP Structure" instead of "Diameter AVP Structure". Also the url : http://diameter-protocol.blogspot.in/2011/05/daimeter-avp-structure.html. Best information ever on diameter protocol.

    ReplyDelete
    Replies
    1. Hi Chinmoy

      Sorry for delayed response.
      Thanks for precious advise to help us in improving quality of content.

      We are looking forward for same kind of support in future.

      Appreciate your effort.
      Team-Diameter

      Delete
  8. I need some information on Session-ID avp. Currently I have visited a page http://www.cisco.com/c/en/us/td/docs/cable/serv_exch/serv_control/broadband_app/rel37x/mobile_sol/mobile_sol/07_mobile_appA.html
    where I found few information about Session-ID format,but i am not clear with that.
    Where it has been mentioned Session-ID is "pid; ip; time".
    If the above format holds correct can you please explain with an example and also explain the data type of pid, ip, time?

    Thanks in advance.

    ReplyDelete
  9. How to determine the Service Type in CCR message? I mean which avp is used to check the service type. For example Voice,GPRS,SMS,MMS etc.

    Thanks in advance

    ReplyDelete
    Replies
    1. The Voice/GPRS/SMS/MMS type should be on the AVP, eg AVP for SMS is 2000.

      Delete
  10. Hi Guys,
    Great blog. I have a question on Grouped AVP. In a grouped AVP, is number of entries fixed? Is the order of the AVPs also fixed?

    Thanks,

    ReplyDelete
    Replies
    1. Hi Vitandavadi,

      Order of AVP is just a convention (immaterial). Can be changed.

      Kindly explain, what you want to point out by asking "is number of entries fixed?"

      Thanks for your query.
      Happy to help you again
      Team-Diameter

      Delete
    2. in this example
      Media-Sub-Component ::= < AVP Header: 519 >
      { Flow-Number } ; Ordinal number of the IP flow
      0*2[ Flow-Description ] ; UL and/or DL
      [ Flow-Status ]
      [ Flow-Usage ]
      [ Max-Requested-Bandwidth-UL ]
      [ Max-Requested-Bandwidth-DL ]
      [ AF-Signalling-Protocol ]
      *[ AVP ]

      What does 0*2 indcates, i'm assuming *[AVP] is to indicate more AVPs to follow.

      This AVP is from http://www.etsi.org/deliver/etsi_ts/129200_129299/129214/12.06.00_60/ts_129214v120600p.pdf (Rx Specification )

      Delete
    3. Hi Vitandavadi,

      Thanks for clarification, Here 0*2 indicates, there can be Zero and up to two occurrence of [ Flow-Description ] AVP in message Media-Sub-Component.

      * indicates multiple occurrence of AVP

      *[AVP] is generally shows there can be more AVP that can be added in message Media-Sub-Component and there could be zero or more than Route-Record AVPs can be added by intermediate nodes.

      Thanks for highlighting the a very valid point that we have not explained in this blog. We appreciate your efforts.


      Thanks for your query.
      Happy to help you again
      Team-Diameter

      Delete
  11. Thanks a lot for your reply. I'm learning a lot.
    Another question is, when they (specification ) say Enumerated ( what does that mean in terms of length, is it uint8 , uint16, uint24 or uint32 )
    for example,
    The Required-Access-Info AVP (AVP code 536) is of type Enumerated, and contains the access network information
    required for that AF session.
    The following values are defined:
    USER_LOCATION (0)
    Indicates that the user location information shall be reported, the PCRF shall report the user location
    information within the 3GPP-User-Location-Info AVP (if available), the serving PLMN identifier within the
    3GPP-SGSN-MCC-MNC AVP (if available), the user location information within the TWAN-Identifier (if
    available) and User-Location-Info-Time AVP (if available).
    MS_TIME_ZONE (1)

    I'm assuming this AVP is of type enumerated and value is either 0 or 1 and represented by unit32 ( to satisfy the multiplicity of 4 in total length )

    Regards
    vv

    ReplyDelete
    Replies
    1. Hi Vitandavadi,

      Enumerated AVP follows Integer32 Basic AVP Format.

      Thanks for your query.
      Happy to help you again
      Team-Diameter

      Delete
  12. Another question,
    How do I translate radius values into Diameter values.
    for example.
    3GPP-MS-TimeZone

    Octets
    1 3GPP type = 23
    2 3GPP Length= 4
    3 Time Zone
    4 Daylight Saving Time (octet string)

    AVP:
    Code :23
    Flags : 0xc0
    Length :16
    Vendor ID: 3GPP
    Value : [Time-Zone DST] ( just 2 bytes ) add 0x00 0x00 ( for length to be multiple of 4)

    is this correct ?

    Regards
    vv

    ReplyDelete
    Replies
    1. Hi Vitandavadi,

      Translation Agents(Application Nodes) are used to translate Radius values to DIAMETER and vice versa. IANA has reserved AVP code upto 256 for backward compatibility. Value of vendor Id shall be assigned be IANA. But in practical implementation we shall use direct mapping of AVP codes and Value format from Radius to DIAMETER.


      I hope above details shall suffice you.

      Delete
    2. Thanks for your reply. I understand we will use same AVP code and follow the same mapping rules. I'm looking for explicit table (or if there is a such a reference on public internet ) that i can use. Most of the confusion comes from the length translation on octet strings etc. If you guys agree, I can start a public google sheet and edit them with your blessings.

      Delete
  13. HI Vitandavadi,

    RFC-6733 tell following ::
    AVP numbers 1 through 255 are reserved for
    reuse of RADIUS attributes, without setting the Vendor-Id field.
    AVP numbers 256 and above are used for Diameter, which are
    allocated by IANA

    We haven't came across any document with mapping.

    Purpose to put an effort to create a translation agent is very minimal. RFC-6733 tell as

    Translation agents are likely to be used as aggregation servers to communicate
    with a Diameter infrastructure, while allowing for the embedded
    systems to be migrated at a slower pace.

    It would be great idea if you want to work on it.

    ReplyDelete
  14. Hi Diameter-Team,

    Is that the data field length must be x*4 bytes? What if I have a string not have multiply 4 in length?

    Regards,

    ReplyDelete
    Replies
    1. Hi Minh Nguyen,

      No, you can give odd length to your DATA ,use datatype as OctetString, Unsigned32 or Unsigned64 that are defined RFC-6733. The AVP Length field of an AVP of type Grouped is always a multiple of 4.

      Moreover you don't need to take care to length as Diameter Stack that frame Grouped AVP shall take care of it.

      We hope above solution shall help you. Do write us for any clarification.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  15. Hi Team-Diameter,

    I tried to write some c# code to connect to a Diameter server. But when I send AAR command, the server did not reply!
    Here is my wireshark dump image:
    https://lh3.googleusercontent.com/FX7eWlE2b-x6vMza0VpwF4NbXVxQbH5HGSalLUm9Zb8=w797-h353-no

    Can you help me to resolve this.

    Thanks in advance,

    ReplyDelete
    Replies
    1. Hi Minh Nguyen,

      Kindly try following things as we feel there is formation of is incorrect that creating issue in current shared library of wirshark.

      1) Kindly try to capture AVP fromat as describe in following link.
      http://diameter-protocol.blogspot.in/2013/04/capture-diameter-messages-without-wire.html

      2) Check at server side whether or not, server is able to receive even the request message (AAR) if yes, kindly check what all AVPs it shall able to decode. Because AAA is not received is comes second there might be case AAA would not able to process it.

      Kindly check,does connection break after you send AAR? there might be a case Server crashes because of any data value sent in AAR and that's why not able to send reply.

      3)Please try to send AAR without Pushing AVPs after 3gpp-Charging-ID

      4)Kindly send mandatory AVPs of AAR only. then push AVPs one by one and check datatype of each of them.

      I hope above shall help you. Do revert us if something notable observed?


      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
    2. Thanks for your advice.
      I will notify when I have something notable.

      Thanks again,
      Minh Nguyen

      Delete
    3. Hi Team-Diameter,

      Just found the error, we have to send CER and receive CEA before AAR :)
      Now I can get the AAA already :)

      Thanks & Regards,
      Minh Nguyen

      Delete
  16. This comment has been removed by the author.

    ReplyDelete
  17. Thank you Guys .. its too help full .. :)

    ReplyDelete
  18. Hi Team ,

    kindly any body help me to know the use of RATING GROUP in diameter, and why it need to set mandatory ?

    ReplyDelete
    Replies
    1. Hi Pritiranjan jena,

      Thanks for your query, Kindly elaborate more on your question. what is RATING GROUP?

      Happy to help you again.
      Team-Diameter

      Delete
  19. Hi team,
    Observed in S6 specification that there is an AVP like *[AVP]. What is meant by this?

    Thanks
    Ashwini

    ReplyDelete
    Replies
    1. Hi Ashwini,

      In 3GPP standards message ABNF have following significance.

      {} -> Mandatory
      [] -> Optional
      *[] -> Multiple & optional

      So *[AVP] means you can add any nos of AVP. which may be vendor specific or proprietary.

      Delete
  20. Hi all,

    I am new to this blog and don't know much about IMS. is there any doc or link from where I can learn end to end configuration protocols for IMS.

    ReplyDelete
    Replies
    1. Hi Aditya,

      For complete end to end knowledge of IMS, you need to learn SIP and diameter protocols. As you are querying here on diameter blog, so for diameter you need to learn Cx & Sh interface.
      3GPP standards for Cx -> 29.228 & 29.229
      for Sh -> 29.328 & 29.329

      You can learn basics here.
      https://diameter-protocol.blogspot.in/p/blog-page_81.html

      Any query on IMS you can ask. Happy to help you.

      Thanks

      Delete
  21. Hello.

    Do I understand correctly below RFC sentence:

    "AVP numbers 1 through 255 are reserved for backward compatibility with RADIUS, without setting the Vendor-Id field."
    that with Vendor-Id any AVP codes can be used, including 1-255?

    Thanks,
    Alex

    ReplyDelete
    Replies
    1. Hi Alex,


      RFC-6733 says one should reuse existing Functionality, namely AVP Values, AVPs, Commands and Diameter Applications. Reuse simplifies standardization and implementation. To avoid potential interoperability issues, it is important to ensure that the semantics of the reused features are well understood.


      As far as we understood your point that you are try to use User-Name AVP with code 1 with Vendor ID for what purpose or You are try to give Code 1 to new AVP (Say New-Test AVP) with vendor ID say 13451. Kindly suggest your purpose you are try to achieve. Hopefully we could help you better

      User-Name attribute also exist in Radius and same is imported to diameter with same Attribute value i.e. 1(one).



      Thanks for your query.
      Happy to help you again.

      Delete
    2. This comment has been removed by the author.

      Delete
    3. Hello. Yes, if I use new AVP (e.g. New-Test AVP) with AVP number 1 and with vendor ID say 13451 would that be against the RFC?
      Thanks.
      Alex

      Delete
  22. HI

    What is the meaning/use of the "[]" "{}" on the protocol description?

    ReplyDelete
    Replies
    1. Hi,

      In 3GPP standards message ABNF have following significance.

      {} -> Mandatory
      [] -> Optional
      *[] -> Multiple & optional

      So *[AVP] means you can add any nos of AVP. which may be vendor specific or proprietary.

      Delete
  23. Hi,

    I have following questions:
    1. Where exactly we have to place the diameter.xml?
    2. How to set the values for host, port and other fields in of diameter.xml?

    ReplyDelete
    Replies
    1. Dear Ram,

      Its your design choice, wherever you want to put diameter configuration file, you can put. you can create a config or diaconfig folder. Simple base diameter protocol means you want limited functionality but major basics of rfc 6733 you need to implement.
      All these must be part of configuration, so you can get it from xml or some other database. Its totally design specific. In your case, you should do it via xml.

      Delete
  24. Hi,

    Is there any application to extract data of a grouped AVP

    ReplyDelete
  25. May i know what is the max size of session id value

    ReplyDelete
    Replies
    1. The Session-Id AVP (AVP Code 263) is of type UTF8String. Its length is not defined.
      ;;[;]

      So in AVP Header length of 'Data + Header' should be given in AVP Length field.
      AVP Length (3- bytes) Contains No. of octets used by Data + Vendor-ID + AVP Code + AVP Length + AVP Flags.

      Delete
  26. Hi,
    There are below two AVPs which is conflicting in avp code

    1) ”OC-OLR (623)” conflicts with “User-Authorization-Type (623)”
    2) “OC-Supported-Features (621)” conflicts with “Primary-Charging-Collection-Function-Name (621)”

    Can you please suggest that how to handle these or in general while parsing a message containing these AVP.

    ReplyDelete
    Replies
    1. Hi Jak,


      Thanks for your query and as you have highlighted a valid point.
      To distinguish between Above given AVPs one shall use Vendor-Id field.

      Description:
      OC-<> AVPs belongs to Overload control mechanism that uses piggyback approach implies that no new message to be trigger to exchange overload information, rather some OC- are added in existing message. Now there are chances that AVPs shall have identical AVP codes (Added AVPs and Already existing AVPs in message)

      Here one must use Vendor-Id field as in OC- Vendor-ID is not set i.e. Ref RFC-7683

      |AVP flag |
      |rules |
      +----+----+
      AVP Section | |MUST|
      Attribute Name Code Defined Value Type |MUST| NOT|
      +-------------------------------------------+----+----+
      |OC-Supported 621 7.1 Grouped | | V |
      | -Features | | |
      +-------------------------------------------+----+----+
      |OC-Feature 622 7.2 Unsigned64 | | V |
      | -Vector | | |
      +-------------------------------------------+----+----+
      |OC-OLR 623 7.3 Grouped | | V |
      +-------------------------------------------+----+----+
      |OC-Sequence 624 7.4 Unsigned64 | | V |
      | -Number | | |
      +-------------------------------------------+----+----+
      |OC-Validity 625 7.5 Unsigned32 | | V |
      | -Duration | | |
      +-------------------------------------------+----+----+
      |OC-Report | | |
      | -Type 626 7.6 Enumerated | | V |
      +-------------------------------------------+----+----+
      |OC-Reduction | | |
      | -Percentage 627 7.7 Unsigned32 | | V |
      +-------------------------------------------+----+----+


      Ref:3gpp-29229

      Attribute Name AVPCode Value Type | MUST |

      User-Authorization-Type 623 Enumerated M, V

      Primary-Charging 621 DiameterURI M, V
      -Collection-Function
      -Name


      Happy to help you again.
      Team-Diameter

      Delete
    2. Hi Jak,


      Thanks for your query and as you have highlighted a valid point.
      To distinguish between Above given AVPs one shall use Vendor-Id field.

      Description:
      OC-<> AVPs belongs to Overload control mechanism that uses piggyback approach implies that no new message to be trigger to exchange overload information, rather some OC- are added in existing message. Now there are chances that AVPs shall have identical AVP codes (Added AVPs and Already existing AVPs in message)

      Here one must use Vendor-Id field as in OC- Vendor-ID is not set i.e. Ref RFC-7683

      |AVP flag |
      |rules |
      +----+----+
      AVP Section | |MUST|
      Attribute Name Code Defined Value Type |MUST| NOT|
      +-------------------------------------------+----+----+
      |OC-Supported 621 7.1 Grouped | | V |
      | -Features | | |
      +-------------------------------------------+----+----+
      |OC-Feature 622 7.2 Unsigned64 | | V |
      | -Vector | | |
      +-------------------------------------------+----+----+
      |OC-OLR 623 7.3 Grouped | | V |
      +-------------------------------------------+----+----+
      |OC-Sequence 624 7.4 Unsigned64 | | V |
      | -Number | | |
      +-------------------------------------------+----+----+
      |OC-Validity 625 7.5 Unsigned32 | | V |
      | -Duration | | |
      +-------------------------------------------+----+----+
      |OC-Report | | |
      | -Type 626 7.6 Enumerated | | V |
      +-------------------------------------------+----+----+
      |OC-Reduction | | |
      | -Percentage 627 7.7 Unsigned32 | | V |
      +-------------------------------------------+----+----+


      Ref:3gpp-29229

      Attribute Name AVPCode Value Type | MUST |

      User-Authorization-Type 623 Enumerated M, V

      Primary-Charging 621 DiameterURI M, V
      -Collection-Function
      -Name


      Happy to help you again.
      Team-Diameter

      Delete
  27. Hi Diameter Team,

    Can i know whats the significance of Proxy-Info AVP?
    Since its a grouped AVP what does proxy host and proxy state mean?
    what values does the proxy host( is that host name of the destination ??) and proxy state should contain?

    ReplyDelete
  28. Hi Team,

    Can we change the Mandatory bit M from "Set" to "Not Set" under AVP Flag for AVP 277 (Auth-Session-State)?

    ReplyDelete
    Replies
    1. Hi

      Ideally, It is not possible becasue it is base diameter AVP. Its flag must be same as assigned in RFC 6733.

      For testing purpose you can do with any message generation tool.



      Thanks for your query.
      Happy to help you again

      Delete
  29. Hi Team,
    We are debugging an issue in establishing the S6b interface between a PGW and 3GPP AAA.
    The PGW is sending CER with Auth-Application-Id AVP of 3GPP S6b. It is also adding a Vendor-Specific-Application-Id AVP and including another Auth-Application-Id of 3GPP S6b in here.
    The AAA is sending CEA with Auth-Application-Id of 3GPP S6b. But the AAA is not adding another Auth-Application-Id of 3GPP S6b in the Vendor-Specific-Application-Id.
    The PGW does not like the CEA and keeps repeating the CER.
    Is the AAA encoding of the CEA correct?

    ReplyDelete