Diameter Message Structure and Message Flow

Diameter is Message (Packet) based protocol. There are two types of messages Request Messages and Answer Messages.And the Message structure is of following sort.
Diameter Message Structure
 
Version
This Version field MUST be set to 1 to indicate Diameter Version 1. 
Message Length 
Contain the length of Message Header + (Data) Avp
Command Flags
The Command Flags field is eight bits. The following bits are
assigned:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|R P E T r r r r|
+-+-+-+-+-+-+-+-+

R(equest) - If set, the message is a request. If cleared, the
message is an answer.

P(roxiable) - If set, the message MAY be proxied, relayed or
redirected. If cleared, the message MUST be locally processed.
E(rror) - If set, the message contains a protocol error, This bit MUST NOT be set in request messages.
T(Potentially re-transmitted message) - This flag is set after a link Failover procedures to aid the removal of duplicate requests. 
It is set when resending a request that not yet acknowledged,as an indication of a possible duplicate due to a link failure. This bit MUST be cleared when sending a request for the first time, otherwise the sender MUST set this flag.Diameter agents that receive a request with the T flag set, MUST keep the T flag set in the forwarded request. This flag MUST NOT be set if an error answer message (e.g., a protocol error) has been received for the earlier message. It can be set only in cases where no answer has been received from the server for a request and the request is sent again. This flag MUST NOT be set in answer messages.



For instance
Re-Transmission

Client triggers a request to server and at that instance, suppose server was down, so client does not receive the  answer/acknowledgement for that message then after a certain period of time the client will trigger the same request with bit-T=1 and this is called the retransmission. 

if client receive the error-Answer-message then client will not trigger the same request message with bit-T=0,because error-Answer-messgae it self the answer-message or acknowledgemet for that request.

r(eserved) - these flag bits are reserved for future use, and MUST be set to zero, and ignored by the receiver.

Command-Code
To uniquely identify the each diameter message IANA has assigned the unique command code for each Request. The answer of this Request will also have the same command code but have Bit-R=0.The Command-Code field is three octets.

For Example :Command code for  User-Authorization-Request is 300, 301 for Server-Assignment-Request  and  280  for Device-Watchdog-Request etc.

Application-ID

As we know that Base Diameter Protocol is the extensible protocol, so many application/interfaces are built by using the Base Diameter Protocol, Therefore to uniquely identify the each application IANA gives the Application-Id to each application.

There is also an Application-ID Avp, so in one application these two field (Application-ID Avp and Application-ID in structure) will contain the same value. Application-ID is four octets.


For Example : Application Id for S6a/s6d interface is 16777251 and for S13 is 16777252

Hop-by-Hop Identifier
The Hop-by-Hop Identifier is an unsigned 32-bit integer field (in network byte order) and aids in matching requests and replies.The sender MUST ensure that the Hop-by-Hop identifier in a request is unique on a given connection at any given time, and MAY attempt to ensure that the number is unique across reboots. The sender of an Answer message MUST ensure that the Hop-by-Hop Identifier field contains the same value that was found in the corresponding
request
The Hop-by-Hop identifier is normally a monotonically ncreasing number, whose start value was randomly generated. An answer message that is received with an unknown Hop-by-Hop Identifier MUST be discarded.Use of Hop-By-Hop Identifier is explain below with figure.



End-to-End Identifier
The End-to-End Identifier is an unsigned 32-bit integer field (in network byte order) and is used to detect duplicate messages. The identifier MUST remain locally unique for a period of at least 4 minutes, even across reboots. The originator of an Answer message MUST ensure that the End-to-End Identifier field contains the same value that was found in the corresponding request.
The End-to-End Identifier MUST NOT be modified by Diameter agents of any kind.  Duplicate requests SHOULD cause the same answer to be transmitted (modulo the hop-by-hop Identifier field and any routing AVPs that may be present),and MUST NOT affect any state that was set when the original request was processed. Duplicate answer messages that are to be locally consumed  SHOULD be silently discarded.Use of  End-To-End Identifier is  explained below with Example.

Message Flow Explained
Hop-By-Hop Identifier =H-Id
End-To-End Identifier =E-Id
Message Flow among Diameter Agents
































Every Dia-Agent contains the map for each message it receives and forwards to other node, so that answer for any request will come then answer will be sent to proper host(that generated the request). Map shown above is just for understanding purpose.

--> Whenever Diameter agent receives a message(Req/Ans) it matches the End-To-End Id.if message is Request and received End-To-End Identifier is not in the Table then it will insert the new entry in the table and treat the message as new message. In case of answer End-To-End Identifier shall not be inserted in TABLE if it is not present because answer shall follow the route followed by request(implies misrouted message).


--> if End-To-End Id exists in Table then it will check for bit-T, if Bit-t=1 and R=1 that means message is retransmitted so it retransmit the message to the next host.



--> if it receives the message with t=0 and r=0 and End-To-End Id exists in Table i.e. Answer message corresponding to the Request received earlier then it will insert the Proper hop-by-hop Id as shown in figure to the Answer and forwards it and deletes the entry form the Table.



--> if it receives a message with  t=0 and r=1 and End-To-End Id exists in Table then it will treat the message as duplicate message of Looped-message and take the appropriate action that was configured during the deployment.

(PREVIOUS)                                                     (NEXT)


Your Comments /Suggestions and Questions are always welcome.We would try to clarify doubts with best of our knowledge. So feel free to put Questions.

44 comments:

  1. Please clarify whether the "ApplicationId" in the Diameter header is always set to value 0 in CER message. I want to know how the DRA advertise its relay service to other node, is it by sending this value set to 0xffffffff in the Diameter header or by sending the "Auth-Application-Id" AVP value set to 0xffffffff and "ApplicationId" value set to value 0 in the header? Please clarify.

    ReplyDelete
    Replies
    1. Thank you Vinay for the clarification. Appreciate your blog.

      Delete
    2. This comment has been removed by the author.

      Delete
    3. Can you clarify exactly what is meant by RELAY application ID means ????

      Delete
    4. Hi Vijay,

      Thanks for highlighting this Point.

      There is an exception for CER/CEA Message; The value of Application-Id in message header and Auth-Application-Id AVP or Acct-Application-Id AVP can be differ.

      In above mentioned case ideally following values are expected
      1)Application-Id in message header set to ZERO.
      2)Auth-Application-Id/Acct-Application-Id AVP set to RELAY application id.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  2. Hello.

    Does the value of 'Message Length' take into account any padding bytes that may come with the AVPs contained in 'Data'?

    Thanks.

    ReplyDelete
    Replies
    1. Hi Laura

      The Message Length field is three octet and indicates the length of Diameter message including the header field and the padded AVPs. Thus, the Message Length field is always a multiple of 4.

      Following link shall help you.
      http://diameter-protocol.blogspot.in/2013/02/blog-post.html

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  3. if End-To-End Id exists in Table then it will check for bit-T, if Bit-t=1 and R=1 that means message is retransmitted so it retransmit the message to the next host.
    if I understand it correctly.. its a retransmitted Request message, so it just retransmits the request to the next HOP? or is there some level of processing involved as part of the peer table as well

    ReplyDelete
    Replies
    1. Hi Karan

      It is the Re-Transmitted Request Message, to Next Hop

      Thanks for your query.

      Happy to help you again.
      Team-Diameter

      Delete
    2. This comment has been removed by the author.

      Delete
    3. This comment has been removed by the author.

      Delete
    4. From the explanation mentioned above for T field :- It seem that the field is set in case of lost of Ack message or Answer .so the sender of message could not confirm that whether the previous message is processed or not ....But the explanation given for this query is means different. it has created a confusion.Can someone plz elaborate it ..

      Delete
    5. Hi Chanchal

      Your following understanding is correct.
      " T field :- It seem that the field is set in case of lost of Ack message or Answer .so the sender of message could not confirm that whether the previous message is processed or not "


      Thanks for your query.
      Happy to help you again
      Team-Diameter

      Delete
  4. Hi,
    I have one most basic question in my mind. As per Hop-by-Hop Identifier usage, we know that it is used to route Answer messages in Diameter Routing. Now my question is the same could have been achieved by End-2-End Identifier also as it is also a unique Id. This question was asked to me in one of the Diameter interview.
    My answer for this was that, End-2-End Identifier in two diameter messages coming from 2 nodes can be same (rare occurrence) and to avoid those cases, Hop-by-Hop Id also had been used. Interviewer was not satisfied and said that your answer is partially correct.
    Could you please share your thought on this?

    ReplyDelete
    Replies
    1. Hi Jaiswal,

      Major work of End-To-End Identifier is to detect duplicate message. A Node uses Origin-Host avp and End-To-End Identifier to detect duplicate message.

      Reasons of duplicate message could be any of the following:
      1) Wrong routing caused a LOOP. A message is rotating in circle of nodes, such as A-->B--->C--->A
      2) Due to Link Failure message is reached to a Node again.
      3) etc.


      T-Bit is used in removal of duplicate message in conjunction with Local Policy

      Thanks for your query.

      Happy to help you again.
      Team-Diameter

      Delete
    2. Dear Diameter team,

      Can you please elaborate in detail.Is the explanation given by Mr Jaiswal is complete or need more information. Also please mention meaning of reboots "MAY attempt to ensure that the number is unique across reboots".

      Thanks

      Delete
    3. Hello, Diameter-team!
      For me question of Mr Jaiswal is still unclear.
      Yes, we know basic usage of EtE-id, HbH-id -- but why is it not enough to have only EtE-id? Even for routing between hops. etc.?
      Please, help to understand this.
      Thank you

      Delete
    4. Hi,vasyl.horokhovskyi


      What we have understood from your query that why do we require two identifiers (E2E & H2H) in DIAMETER HEADER when we can achieve the feat with one. In your case you are asking to use E2E, while in Mr. Chandra Prakash was asked that feat is achieved only by H2H.

      Major Purpose of E2E for Loop detection and H2H is to uniquely identify message between two nodes.


      Now take a case where NoDE-1 sends a Requset message to NODE-2 without H2H id and it sets E2E ID =FFAD and expected an ANSWER with E2E=FFAD from NODE-2, We know that Answer message MUST follow the path of Request. Now because of Mis-transmission in Network Answer is received from NODE-3 with E2E=FFAD, Now you never come to know that Answer is comming from Unexpected node.

      Now you can say that NODE-1 MUST check origin host of Node sending the Answer that is right. BUT origin-host is not part of DIAMETER Header it comes in AVP (i.e Data Part), Now a node need to open AVP and need to Make string comparison which could be teadius task.

      While it would be more efficient to add one more field Namely H2H with of Interger type and when H2H is not matching with H2H expected Node-1 MUST Discard answer.


      We hope above explanation suffice you.


      Happy to help you agin.
      Team-Diameter

      Delete
  5. This comment has been removed by the author.

    ReplyDelete
  6. hi Diameter Team,

    I have a very basic question. After connection is broken, and reopened can a diameter client reuse the same session id as was in earlier messages?

    thanks
    Devesh

    ReplyDelete
    Replies
    1. Hi Devesh,

      Behavior of client is shall depend on local Polices applied depending upon the nature of application

      Thanks for your query.

      Happy to help you again.
      Team-Diameter

      Delete
  7. hi how much data can be transferred in a AVP (user data)

    ReplyDelete
    Replies
    1. As per my knowledge ..the data length should be 2^24 - 96 (4 byte Command code + 1 byte Flags + 3 byte length + 4 byte Vender ID = 12* 8 = 96 )...Please correct me if i am wrong..

      Delete
  8. hi how much data can be transferred in a AVP (user data)

    ReplyDelete
    Replies
    1. Hi Vaibhav,

      RFC -6733 doesn't make any statement pertaining to data size. Its depend upon the type of AVP such as unsigned Int, octet string, grouped avp etc.

      In practical, it depends on stack implementation.

      Thanks for your query,

      Happy to help you again.
      Team-Diameter

      Delete
  9. "Whenever Diameter agent receives a message(Req/Ans) it matches the End-To-End Id if it found that this End-To-End Identifier is not in the Table then it will insert the new entry in the table and treat the message as new message." why does it store even in case of answer message and does not discard. I guess only in case of loop we can expect unsolicited answer message. Does it forward the message as it is without changing the "hop by hop id". when does it delete the entry from the mapping table.

    ReplyDelete
    Replies
    1. Hi Soumya Srinivas.

      Thanks for highlighting editorial issue.Our statement mention by you is ambiguous.

      It should be as
      Whenever Diameter agent receives a message(Req/Ans) it matches the End-To-End Id.
      if message is Request and received End-To-End Identifier is not in the Table then it will insert the new entry in the table and treat the message as new message. In case of answer End-To-End Identifier shall not be inserted in TABLE if it is not present because answer shall follow the route followed by request.

      We appreciate your efforts.

      Thanks for your query.

      Happy to help you again.
      Team-Diameter

      Delete
  10. Hi,
    I have one doubt related to the use of Hop-by-Hop identifier. Lets
    assume if my node acts as a proxy,

    ----- ---------------- -------
    1 --> MyNode(Proxy) --> 2
    ----- ---------------- -------


    1)My node will change hop-by-hop id in the any request message while sending it to 2, is this correct.
    2)If my node changes hop-by-hop id, then I believe my answer will come to be
    my node, is that possible to bypass the answer message and send that back to
    node 1 directly.

    Thanks.

    ReplyDelete
  11. Can you please let us know the use for route-record in diameter

    ReplyDelete
    Replies
    1. Hi

      Route-Record AVP contains the DIAMETER Identity of intermediate Peer. If there are multiple intermediate nodes between server and client then there shall be multiple Route-Record AVPs shall be persent.

      Use Cases::
      Route-Record AVP is used majorly in following Two cases.
      1) To Detect Loop:: Instead of End-To-End Identifier a Node can use Route-Record AVP to detect Loop. If a node founds that Its own identity in one of the Multiple Route-Record AVP, it denotes as LOOP situation.

      2) DIAMETER PATH AUTHORIZATION :: There is a concept of path authorization, majorly used in session based applications. Where can be a demand of an application to check the path of request. Whether request followed all trusted realms(Nodes) or Not.


      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  12. Hello, Diameter-team!
    Thanks for a such useful blog.
    I have a question about T-bit flag: why we can't have this bit set in answer message?
    If for example our answer didn't got an ACK, shouldn't we retransmit it wit T=1?

    ReplyDelete
    Replies
    1. Hi vasyl.horokhovskyi

      Your point is correct if there is 3-way message exchange in diameter at application level as well.

      There is no feature in diameter like ACK-ANSWER, There is just Request message and it's corresponding response Answer message.


      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  13. Hi Diameter Team,

    Is there any possible , h2h & e2e both are same value

    ReplyDelete
  14. in which scenario is it possible ???

    ReplyDelete
    Replies
    1. Hi Naresh Kumar,

      Same value for H2H and E2E is possible but very rare.

      For instance you are putting TIME value as value for H2H and E2E (Hopping computation time to generate TIME value is Zero or you are intentionally putting H2H in E2E).

      Now a new message that is to be initiated, it would have same value for both H2H and E2E, Until the message is reached to next Hop(peer) and not forwarded by next peer.

      We hope it suffice your query.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  15. Hi Team,

    Currently CCN is sending the 4010 error code on the MSCC (Multiservice Credit Control AVP) level. So EPG will not terminate the session if it receives this error on the MSCC level

    In order to terminate the PDP of subscriber who has no balance, CCN needs to send the Error code 4010 in “Diameter Result code AVP”. Then EPG will terminate the session

    Is this possible?

    ReplyDelete
  16. Hi Team,

    Currently CCN is sending the 4010 error code on the MSCC (Multiservice Credit Control AVP) level. So EPG will not terminate the session if it receives this error on the MSCC level

    In order to terminate the PDP of subscriber who has no balance, CCN needs to send the Error code 4010 in “Diameter Result code AVP”. Then EPG will terminate the session

    Is this possible?

    ReplyDelete
  17. Hi team-diameter ,grat work guyz...i need descrption of almost all avp used in ocs in your style...thanks

    ReplyDelete
  18. Hi Tiwari,

    We are already working on OCS system. Soon we shall be publish it in detail.

    Thanks for your Suggestion.
    Happy to help you again.
    Team-Diameter

    ReplyDelete
  19. Can Gx be replaced by GY if yes how? If No why?

    ReplyDelete
  20. hello,
    I have question about mapping various Diameter messages to IMSI or MSISDN or MEID, when the diameter messages AVPs carry these values it is easy to map it, but what happens when the value(s) is not present in the message how would Diameter server associated the Diameter message to the user in the LTE world ?

    ReplyDelete
    Replies
    1. Hi Lava AI-Doski


      Routing take place with the help of Routing, peer table & Elements in message Header.

      IMSI/MSISDN is some time required policies on DRA (RELAY AGENTS).

      if you have any specific scenario where IMSI/MSISDN not present then please share will help you for that case


      Regards

      Delete
  21. Hi,

    In case of retransmission, T-bit will be set for all the command codes?
    Especially,
    1. T-bit will be set for transport connection requests also(CER, DPR, DWR) apart from session connections? Any limitations for T-bit?
    2. How about answer messages?

    Thanks!!

    ReplyDelete