DIAMETER Connection Establishment




Most of the issue arises with DIAMETER Connection Establishment, here we are giving some view on how does DIAMETER Connection take place. As we know; Diameter is an application layer protocol, therefore virtually we could distinguish into two connections.
1) Transport Connection
2) DIAMETER connection


1) Transport Connection:

When ever a DIAMETER Application comes up (Client/Server) first of all it brings its transport connection which can be TCP/SCTP  on Port 3868 (By Default)or TLS/DTLS on PORT 5868 (By Default)( if security is applied). Before moving further we must check that Transport Connection is UP. For this we could check the message s that are exchanged during TCP/SCTP or TLS/DTLS connection establishment.


2) DIAMETER Connection

Once the Transport Connection is properly set up then Application initiates DIAMETER connection, For this First message that is triggered; is CER (Capabilities-Exchange-Request) with all supported application Ids. DIAMETER Connection said to be established when an Application receives CEA (Capabilities-Exchange-Answer) with Result-Code set to DIAMETER_SUCCESS. 

According to RFC-6733 When secure transport is established then all messages shall be exchanged on secured transport including CER/CEA.
Your Comments /Suggestions and Questions are always welcome,  shall clarify with best of our knowledge. So feel free to put Questions.

51 comments:

  1. Hi,

    Thank you for the information.

    I am a newbie for diameter.

    If we have two peers (A, B) communicating, where A is client and B is server.

    If A initiates transport layer connection and is successful, the this is the time to send CER message.

    Now my doubt is who sends CER message whether A or B; or anybody can send depending on the implementation?

    Thanks in advance.

    ReplyDelete
    Replies
    1. Hi Vamsi

      CER message can be initiated by any node. But in general Client initiates CER and server responds to CER by CEA message.

      Following link shall help you:
      http://diameter-protocol.blogspot.in/2013/09/election-process.html

      Delete
  2. Hello, please I need help in implementing Diameter protocol with SCAPv2. I am trying to write an App that will communicate with a charging system.

    ReplyDelete
    Replies
    1. HI Albert,

      Please share your issue.

      Happy to help you.
      Team-Diameter

      Delete
  3. Hi Team-Diameter,

    We are currently facing an issue in Diamtere connection establishment.

    TCP handshake (SYN,SYNACK & ACK) was successful. After that CER and CEA were exhcanged.
    But client side resent CER even after CEA is recieved.
    As per TCP dump, i have compared both CEA messages one after which CER was resent and one after which connection was established. Found no difference.

    Only error i am facing is "IP Checksum Offload" on IP layer.

    Please suggest what could be possible cause of resending of CER even after CEA and how we can overcome this issue ?

    Thanks in advance

    ReplyDelete
    Replies
    1. Hi Nauman

      this could be possible for number of reasons kindly explain it further,

      We hope it could be because of Transport connection failure. Your client might be behaving as "Creates Transport Connection then creates diameter connection and sends messages on diameter breaks connection bcz of Result-Code is not set to SUCCESSS"


      Kindly check
      1) Result-Code AVP
      2) TCP messages between two CER request initiated by client. (It should be creating Transport connection again ((SYN,SYNACK & ACK)) should be twice.)
      3) Capture the trace by Tshark and share if possible.

      Thanks for your query.

      Happy to help you again.
      Team-Diameter

      Delete
  4. Hi

    So is there any possibility that DIAMETER APPLICATION sends CER Message without any link breakage on Transport layer?

    Regards,
    AUP

    ReplyDelete
    Replies
    1. Hi

      Ideally No, If two nodes A and B are communicating on DIAMETER Connection and if node A receives CER with Origin-Host Avp set to B then it is assumed that B has rebooted/restarted the connection.

      Thanks for your query.

      Happy to help you again.
      Team-Diameter

      Delete
  5. Dear Team - Diameter,
    I want to use a TCP load balancer to share load from 1 Diameter Client to 2 Diameter Servers.
    This is a pure TCP Load balancer and it doesn't understand Diameter protocol so my solution is possible?
    Thank you


    ReplyDelete
    Replies
    1. Hi

      Its seems impractical, because Transport layer would not understand the format of Application layer.

      If DRA (Dimeter Relay Agent) could help you.

      Do share with us if you found some thing different if would be beneficial for all the viewers.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  6. Many thanks for you answer
    I'm thinking about traffic sharing solution without understanding about higher protocol ( above TCP layer), is there any way to solve this problem?
    Which DRA should I use?
    I'm looking forward to your answer

    ReplyDelete
    Replies
    1. Hi

      Sorry, We are not able to understand your query. Kindly explain.

      We are saying Diameter Relay Agent can be used as Load Balancer. It can balance the load either by Round Robin or in range using user-name
      AVP.

      Thanks for your query.
      Happy to help you again
      Team-Diameter

      Delete
    2. You're so nice! Thank you!
      1. I meant that I want to do this: after through the load balancer, packages flow will be divided into 2 stream of TCP packages( not diameter messages) - so load balancer need not understand diameter protocol. Could I implement this?
      2. If DRA (Dimeter Relay Agent) could help you.
      --> I think DRA is a concept not a product, so could you suggest me some DRA product( software is better) should I use to load balance?

      Delete
    3. Hi Tuan

      Most of the Vendors provide DRA as product.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
    4. Thank you so much
      Could you please review my first question?
      I'm looking for some java Diameter Stack Open to use it as DRA, could you suggest me something here?
      Your answer is very useful for our team.

      Delete
    5. Hey Taun, one of the good stack API that we used in our company, Packet Force's Diameter Stack API.
      http://www.packetforce.in/diameter-stack-java-api.htm

      Delete
  7. This comment has been removed by the author.

    ReplyDelete
  8. hi team diameter,

    please tell me about all the messages in an entire diameter session..starting from first to last

    regards,
    pushan

    ReplyDelete
    Replies
    1. Hi Pushan,

      There are no specific set of messages that are use to create, destroy a sessions. Messages to manage a session are application dependant.

      Kindly go through the articles related to session management on this portal, it would help you a lot.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  9. How many CCRs are possible over a single tcp diameter connection? 65k?

    ReplyDelete
  10. Hi Team-Diameter,
    Thanks for this wonderful info..
    I am having two diameter nodes one is server and other one is client.Both are connected and messages are exchanged properly between them.Client got restarted and there is a successful TCP three way hand-shaking between client and server.After that Client initiated CER message towards server node and didn't receive any CEA.After retrying configure number of times, client disconnects the transport layer also.In this scenario, when i am checking the stack log there is no CER message received to the server side stack. But if i restarts server after client got restarted then CER/CEA messages are exchanged successfully.
    Can you please give some idea why CER is not received to server after client restart.

    ReplyDelete
    Replies
    1. 91578880 -santosh kumar


      Hi Rajesh,

      We hope our suggestion shall help you. From your description we got glimpse that server stuck in his last state.

      -- As we know TCP does not have its own transport health check mechanism, therefore if client goes down then server does not gets information. Now DIAMETER is an application protocol that run over TCP. Therefore DIAMETER need to implement DWR/DWA message. So time it happens that DWR time is larger than the Client start-up time then it doesn't come in notice. And some diameter stacks are made in such a way that if request (CER) comes with same host before DWR miss it doesn't come up to stack.

      Kindly do following things to debug.

      1) Check TCP state of server when client goes down. [We expect it would be ESTABLISHED state]

      2) Try to attach with same server with New Client having different Diameter-Identity then the client that has restarted. [We expect it to connect properly on DIAMETER]

      If 1) and 2) are true then reason could be that Stack doesn't come to know client is restarted and Peer Table and Realm table doesn't delete/refresh the entry of client that has crashed. and Stuck in state.

      Is the messages that are exchanged, maintain session before restart of client.
      Kindly share peer table and realm table entries before restart and after restart.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  11. Hi All, Please help in this

    If im getting following error. How to solve this.

    OCDiameter[INFO]: Transport connection re-established with peer SVRRTCC105.nova.dev. Peer Watchdog State Machine is now in the ReOpen state. Incoming messages will be discarded until in the Okay state.

    ReplyDelete
    Replies
    1. Hi Boopathy Madeshwaran,

      Kindly share Debug log of this issue. Because we are not able to understand clearly.

      Thanks for your query.
      Happy to help you.
      Team-Diameter

      Delete
  12. Could you please help identify why SHUTDOWN is being sent here ???

    Destination: 66.1.11.40 (66.1.11.40)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
    Stream Control Transmission Protocol, Src Port: 3868 (3868), Dst Port: 8001 (8001)
    Source port: 3868
    Destination port: 8001
    Verification tag: 0x1fd91321
    [Assocation index: 0]
    Checksum: 0x9d6883d4 (not verified)
    COOKIE_ACK chunk
    Chunk type: COOKIE_ACK (11)
    0... .... = Bit: Stop processing of the packet
    .0.. .... = Bit: Do not report
    Chunk flags: 0x00
    Chunk length: 4

    No. Time Source Destination Protocol Length Info
    9 0.003243000 66.1.12.36 66.1.11.40 SCTP 56 SHUTDOWN

    Frame 9: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface 0
    Interface id: 0 (any)
    Encapsulation type: Linux cooked-mode capture (25)
    Arrival Time: Oct 3, 2015 16:47:24.264271000 India Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1443871044.264271000 seconds
    [Time delta from previous captured frame: 0.002133000 seconds]
    [Time delta from previous displayed frame: 0.002133000 seconds]
    [Time since reference or first frame: 0.003243000 seconds]
    Frame Number: 9
    Frame Length: 56 bytes (448 bits)
    Capture Length: 56 bytes (448 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: sll:ethertype:ip:sctp]
    Linux cooked capture
    Packet type: Sent by us (4)
    Link-layer address type: 1
    Link-layer address length: 6
    Source: AlcatelD_ee:4d:13 (00:11:3f:ee:4d:13)
    Protocol: IP (0x0800)
    Internet Protocol Version 4, Src: 66.1.12.36 (66.1.12.36), Dst: 66.1.11.40 (66.1.11.40

    ReplyDelete
  13. Hi :
    I am new to Diameter and want to build an event base charging application. I have found this piece of code , to make a connection with Diameter and then send a debit request. I just want to know will this code work on not? If work how to configure the DiameterStackSetup.java. .. What will be the value of these variables.


    /** The subscriber to debit */
    private static String myMSISDN = "00001000";

    /** The destination realm */
    private static String myDestinationRealm = ?

    /** The URI for this client */
    private static String myURI =?

    /** The realm for this client */
    private static String myRealm = ?

    /** The destination host */
    private static String myDestinationHost = ?


    The complete code is here below.


    /*
    * DimeterStackSetup.java
    *
    * Created on March 30, 2004, 10:20 AM
    */

    package com.ef.diameter;

    import com.ericsson.pps.diameter.api.base.DiameterConfig;
    import com.ericsson.pps.diameter.api.base.URISyntaxException;
    import com.ericsson.pps.diameter.api.base.UnknownServiceException;
    import com.ericsson.pps.diameter.api.scap.SCAPStack;
    import com.ericsson.pps.diameter.api.scap.usecase.ChargingException;
    import com.ericsson.pps.diameter.api.scap.usecase.ChargingServerConnection;
    import java.io.IOException;

    /**
    *
    * @author epktvla
    */
    public class DiameterStackSetup {

    private static ChargingServerConnection myCSConn;
    /** The subscriber to debit */
    private static String myMSISDN = "00001000";

    /** The destination realm */
    private static String myDestinationRealm = "test.com";

    /** The URI for this client */
    private static String myURI = "aaa://localhost:9999";

    /** The realm for this client */
    private static String myRealm = "realm.com";

    /** The destination host */
    private static String myDestinationHost = "aaa://localhost:1812";

    /** Creates a new instance of DimeterStackSetup */
    public DiameterStackSetup() {

    }

    public static void init() {
    try {
    myCSConn = ChargingServerConnection.createConnection(myDestinationHost, myDestinationRealm, -1, -1);
    }
    catch (ChargingException e){
    System.out.println("Connection error "+ e );
    }

    boolean stackStarted = ChargingServerConnection.startStack(myURI, myRealm, "examples", null);
    if ( !stackStarted ){
    System.out.println("Diameter Stack Failed to Start.");
    System.exit(1);

    }
    else{
    System.out.println("Diameter Stack Started");
    }
    }

    public static void shutdown() {
    try{
    myCSConn.closeConnection();
    }
    catch (ChargingException e){
    System.out.println("Connection error "+ e );
    }
    ChargingServerConnection.shutDownStack();
    System.out.println("shutdown stack");
    }
    }

    ReplyDelete
  14. Hi, Can u share a valid trace of CER & CEA

    ReplyDelete
  15. Hi Diameter team,
    In my case we are trying to connect to HSS via Diameter. I could notice SYN/ACK exchanges between client and server but when CER message framed, it is not getting posted as Diameter message in wireshark. But from code we could notice that message is being written to the socket and while reading from the socket, getting error as received incomplete diameter message as:

    Message { version: -1, command: 257, flags: ---, app-id: 0, hop-by-hop-id: 0, end-to-end-id: 0
    }

    Note: Same Code with port number 3868 is working for another backend system. But while we change the port number to point to the new backend and try posting the same CER message, above error is returned.

    Please suggest what would be the cause of this issue.

    Regards
    Anitha

    ReplyDelete
    Replies
    1. HI Anitha,

      From your description primarily we conclude that transport connection is not up.
      Kindly check for transport connection (TCP/SCTP) between Client and Server. Kindly check that Server is in LISTEN state on given(new) port.

      on linux following command shall help you.
      netstat -apn|grep

      if server is up on new port then Application share/check logs of your client and server. along with /var/log/messages


      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  16. Hello -

    The Diameter Spec specifies the following:

    “A given Diameter instance of the peer state machine MUST NOT use more than one transport connection to communicate with a given peer, unless multiple instances exist on the peer in which case a separate connection per process is allowed.”

    A peer is identified by its Origin-Host AVP from CER.

    Is there any good reason to have this limitation of 1 transport connection per peer ?

    Multiple connections between peers could be useful to multiplex peer traffic on multiple connections so it supports the load. E.g between 2 DRA, we may have 60000 Messages per sec to handle - while each TCP/IP connection has a throughput limiting the traffic to 5000 msg/sec - how is this handled ?

    ReplyDelete
    Replies
    1. Hi

      You are right "A peer is identified by its Origin-Host AVP from CER"

      In case of multiple instances then each instance of application shall have different Diameter Identity that shall be transported in Origin-Host. E.g. If DRA have two instances then Diameter Identities could be as DRA1.test.com and DRA2.Test.com



      Kindly elaborate your point about your example of DRA load. and multiple connection on same port.

      Happy to help you again.
      Team-Diameter

      Delete
  17. Dear Diameter Team,

    What are the possibilities due to which when an IDR / CLR (HSS initiated outbound diameter requests) get dropped/discarded by the diameter stack when other messages like AIR/AIA, ULA/ULA get sent successfully?

    ReplyDelete
    Replies
    1. Hi Ramya Nagarajan

      If CLR is dropped, should not hamper processing of ULR-ULA. Because CLR is an indication to OLD-MME/SGSN if that indication is not received then some data shall remains that might to be deleted. This situation shall automatically taken care in CLean-Up or handover phase


      Similarly, If IDR is dropped i.e. IDA is not received then HSS keeps or mark dirty bit against that subscriber. This dirty bit indicates that some changes have been done in Subscriber Profile and this updated subscriber profile is not downloaded to MME/SGSN. Now if Dirty bit is set and ULR received, HSS must send Subscriber Data whether or not skip subscriber data flag is set


      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
    2. Following Links shall help you.

      (1)CLR-CLA

      http://diameter-protocol.blogspot.in/2013/04/clrclacancel-location-requestanswer.html

      (2) IDR-IDA
      http://diameter-protocol.blogspot.in/2013/05/idridainsert-subscription-data.html

      Delete
  18. Hi,

    Can you explain more about the election of the election process? When they say " The responder connection will survive if the Origin-Host of the local Diameter entity is higher than that of the peer"

    Can you explain with an example? I dont understand can I check who entity is higher than the other entity.

    Thanks,

    ReplyDelete
    Replies
    1. Hi Dayan Cantillo

      Following link shall be helpful.
      http://diameter-protocol.blogspot.in/2013/09/election-process.html


      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  19. Hi Team,
    I am very new to Diameter charging,any inputs on how to integrate from ESB(Oracle) to Diameter gateway?

    ReplyDelete
    Replies
    1. Hi UTSharma,


      Thanks for your query. Will you please elaborate on your exact issue.


      Happy to help you again.
      Team-Diameter

      Delete
  20. This comment has been removed by the author.

    ReplyDelete
  21. Hi Team
    I am totally new to the diameter protocol. I am gone through RFC 3588. but still having doubts. can anyone explain from where to initialize connection. How diameter MSG transferred from client to server with involvement of all the layer.

    ReplyDelete
    Replies
    1. Hi Avinash,

      You have read an obsolete version of diameter rfc, read 6733 there are few enhancements in 6733. you can refer link
      http://diameter-protocol.blogspot.in/2013/02/blog-post.html
      Read Diameter message structure
      http://diameter-protocol.blogspot.in/2011/05/diameter-message-structure-and-message.html
      Then create/use a diameter client/server and analyse the pcap.

      If you need more specific information, kindly elaborate more.

      Delete
  22. Dear,

    I am using dk.i1.diameter API for diameter connection, i have got tunnel success with SUCCESS CEA message, but while submitting EVENT Request , i am getting "No Routable" Please suggest

    Apr 20, 2017 10:45:57 AM dk.i1.diameter.node.Node start
    INFO: Starting Diameter node
    Apr 20, 2017 10:45:57 AM dk.i1.diameter.node.Node loadTransportProtocol
    INFO: TCP support was loaded
    Apr 20, 2017 10:45:57 AM dk.i1.diameter.node.Node loadTransportProtocol
    INFO: SCTP support was not loaded
    Apr 20, 2017 10:45:57 AM dk.i1.diameter.node.Node start
    INFO: Diameter node started
    Apr 20, 2017 10:45:57 AM dk.i1.diameter.node.Node initiateConnection
    INFO: Initiating connection to 'ccn.mtn.com.af' port 3868
    Apr 20, 2017 10:45:57 AM dk.i1.diameter.node.Node handleCEA
    INFO: Connection to aaa://ccn6.mtn.com.af:3868 is now ready
    SimpleSyncClient.sendRequest(): not routable

    ReplyDelete
  23. Between two diameter nodes, how to know who is Client and who is server ?

    ReplyDelete
    Replies
    1. Hi Drupad


      There is no different specification for Client or Server.
      Node that initiate Request Message shall act as Client, Node that give Response to the received message shall act as a Server.

      A node can be acting as a server and client at the same time.
      In RCF 6733 you can check the prefix I and R prefix also for the same.

      Thanks for your query.

      Delete
  24. Hi
    I m creating a diameter connection between MME and EIR. I can see CER and CEA in wireshark with DIAMETER_SUCCESS result code but still i can get some few aborts on SCTP layer with cause code: user initiated ABORT(0x000c)
    What can be the resolution for this as the ABORT is from the Upper layer protocol.

    ReplyDelete
  25. Hi,
    I am trying to established diameter level connection between client and server (port 3868). I can see from wireshark that TCP connection is established, but there after no CER is initiated by client.

    Could please let me the reason.

    ReplyDelete
  26. Hello,
    For a Diameter Link to establish between a DRA and another equipment. Is it necessary in both elements to configure the exact hostname/realmname of the peer?, or is it enough that L3/L4 is correctly configured to have the diameter link up?

    ReplyDelete
  27. Hi, I need to implement SCTP support in my Diameter implementation. My implementation is in Java and uses jdiameter, org.mobicents.protocols.sctp sctp-api, sctp-impl. Can someone suggest the code changes required to make Diameter calls through SCTP.

    ReplyDelete