Sh Interface [Application Server <--> HSS]

This article shall give you the abstract of WHY and HOW Sh-interface works.

Sh is a DIAMETER interface; having application ID 16777217, between Application Server (AS) and HSS. Application Server is place where actually the services are executed e.g. Call-Forwarding services related processing take place at Application server. Sh interface is used by AS to communicate with HSS; Application Server uses HSS as repository, AS can put some of its Transparent or Non-Transparent data, Transparent data is the information that HSS doesn't understand. Also fetches subscriber information (such as Subscriber status, Location information etc )from HSS .

This interface contains 4 messages.
1)User-Data-Request/Answer (AS--> HSS) [DATA Read]: 
In this AS asks for subscriber related information from HSS; Subscriber related data at HSS either provisioned by operator and/or received from network and/or earlier stored by AS itself with the help of Profile-Update-Request/Answer. 

2)Profile-Update-Request/Answer (AS-->HSS) [DATA Update]: 
In this message AS stores/update its data at HSS for a particular subscriber and/or application.

3)Subscribe-Notifications-Request/Answer(AS-->HSS)
[Subscriber for Notification]: 
In this message AS takes a subscription that when ever there is change in particular data field, more particularly for a given subscriber then I(AS) must be informed. Even some time AS can ask for current data for a given subscriber in same Answer message

4)Push-Notification-Request/Answer (HSS-->AS)[Notification]: 
Here HSS downloads the Updated value of field at Application server, whose subsciption is earlier take by AS;  when-ever subscriber field changed either by Operator or Network.


Your Comments /Suggestions and Questions are always welcome. I would try to clear your doubts with best of my knowledge. So feel free to put Questions.

31 comments:

  1. May I know the usage of "Vendor-Specific-Application-Id" AVP in all the Sh-interface request/answer messages? I know that this AVP is used in the CER/CEA messages to advertise the support of vendor specific applications to the peer diameter nodes. So when the diameter nodes knew each of the supported vendor specific applications, why this AVP is needed again (that too as Mandatory AVP) to be sent in the application messages? The application ID 16777217 is anyhow sent in the diameter header. Please someone clarify.
    Eg:
    Message Format
    < User-Data-Answer > ::= < Diameter Header: 306, PXY, 16777217 >
    < Session-Id >
    { Vendor-Specific-Application-Id }
    [ Result-Code ]
    [ Experimental-Result ]
    { Auth-Session-State }
    { Origin-Host }
    { Origin-Realm }
    *[ Supported-Features ]
    [ Wildcarded-Public-Identity ]
    [ Wildcarded-IMPU ]
    [ User-Data ]
    *[ AVP ]
    *[ Failed-AVP ]
    *[ Proxy-Info ]
    *[ Route-Record ]

    ReplyDelete
    Replies
    1. Hi Vijay,

      Your doubt is genuine.

      Yes, You are right that NODE knows what all it supports. Reason of sending is that there might be a case where UDR/UDA have message code 306 in some other application-ID supported by NODE. That is why Vendor-Specific-Application-Id is mandatory AVP.

      There are cases where same message code being used in Multiple Application ID. E.g. MAR[Multimedia-Authentication-Request] is used in two interface Cx and Zh.


      Delete
    2. Hello Dinesh,
      Thank you for the reply. I think even if the same command code is used by some other application, the diameter node will identify the application using this message by checking the ApplicationId (for UDR over Sh-interface it is 16777217) sent in the Diameter header as below:
      < User-Data-Answer > ::= < Diameter Header: 306, PXY, 16777217 >

      So, why there is a need to encode "Vendor-Specific-Application-Id" AVP again? Please clarify.

      Delete
    3. Hi Vijay

      Thanks for highlighting this issue and making us to improve/enhance our knowledge.
      We hope our knowledge shall help you.

      Mr. Dinesh has also told the correct point, it can elaborated as

      Main purpose of "Vendor-Specific-Application-Id" Avp is to know the vendor id of Application Vendor that has created/implemented [sh interface], Type of application vendor has created i.e. Authentication App or Accountancy App, application Id to identify an application

      "Vendor-Specific-Application-Id" avp is a group AVP with following format

      ::= < AVP Header: 260 >
      { Vendor-Id }
      [ Auth-Application-Id ]
      [ Acct-Application-Id ]

      Now when "Vendor-Specific-Application-Id" Avp is exchanged in CER/CEA then it vendor id that part of "Vendor-Specific-Application-Id" is not been used for computation as mentioned in standard.

      There is no other AVP that contain vendor id in message.

      Here "Vendor-Specific-Application-Id" Avp shall contain
      1)Vendor-Id : to tell which vendor has created/Implemented this message.
      2)Auth-Application-Id : set to 16777217. This value must match with the application id value in Diameter header.

      That is why "Vendor-Specific-Application-Id" avp is mandatory in message structure.

      Delete
    4. Hello Ajay,
      Thank you for inputs. But, I am still not convinced with your explanation. I agree that "Vendor-Specific-Application-Id" AVP is used to indicate the Vendor-id of the application message, but not necessarily to identify the type of application. As you can see, HSS will send the 3GPP S6a/SH application ids under Auth-Application-Id AVP of the "Vendor-Specific-Application-Id" avp of all the S6a/Sh interface messages. HSS does not support any Authentication/authorization/accounting applications, but still it sends the 3gpp S6a/SH Application ids in the Auth-Application-Id AVP.
      Also, it may be noted that the "Vendor-Specific-Application-Id" avp is an optional AVP over S6a interface as per 3GPP TS 29.272 version 10.3.0 Release 10, while it's a mandatory AVP over Sh interface!!
      < Update-Location-Request> ::= < Diameter Header: 316, REQ, PXY, 16777251 >
      < Session-Id >
      [ Vendor-Specific-Application-Id ]
      { Auth-Session-State }
      { Origin-Host }
      { Origin-Realm }
      [ Destination-Host ]
      { Destination-Realm }
      { User-Name }
      *[ Supported-Features ]
      [ Terminal-Information ]
      { RAT-Type }
      { ULR-Flags }
      [UE-SRVCC-Capability ]
      { Visited-PLMN-Id }
      [ SGSN-Number ]
      [ Homogeneous-Support-of-IMS-Voice-Over-PS-Sessions ]
      [ GMLC-Address ]
      *[ Active-APN ]
      *[ AVP ]
      *[ Proxy-Info ]
      *[ Route-Record ]

      So, your logic of sending "Vendor-Specific-Application-Id" avp in application messages does not hold good in this case. It is even explained as a NOTE under 3GPP TS 29.272 version 10.3.0 Release 10:

      "NOTE: For this release, the Vendor-Specific-Application-ID is included as an optional AVP in all commands in order to ensure interoperability with diameter agents following a strict implementation of IETF RFC3588, by which messages not including this AVP will be rejected. IETF RFC 3588 indicates that the AVP shall be present in all proxiable commands, such as those specified here, dispite that the contents of this AVP are redundant since the Application ID is already present in the command header. This AVP may be removed in subsequent revisions of this specification, once the diameter base protocol is updated accordingly. "

      So, in my opinion this "Vendor-Specific-Application-Id" avp need not be sent under the Application messages over S6a/SH interfaces.

      Delete
    5. Hi Vijay,

      You are right.

      As the s6a/s6d application are standard given by 3gpp, no there is no possibilities of multiple vendors. Vendor-Specific-Application-ID value is redundant. Thanks for highlighting this issue.

      I appreciate your efforts.

      @Vijay

      HSS is itself an authentication and authorization application server. But doesn't perform accounting. AAA shall be used for accounting.

      Hi Ajay,

      You are right too. In Ideal/Strict implementation of RFC-6733/RFC-3588 required it. Your explanation is correct in terms of general/strict implementation of RFC.

      Thanks you all for your efforts and time.
      Your suggestions are warmly welcome.

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. How does an AS knows which HSS to contact? If AS serves different subscribers having profiles on different HSS then how AS will determine the right HSS to contact for downloading profile over Sh interface?

    ReplyDelete
    Replies
    1. Dear DG,

      In network everything is planned, so routing is well defined for each node in network to its connecting node-element. so on basis of IMPU domain wise routing should be defined.

      e.g. if IMPU is sip:dg@diameter.com
      so all requests will go to router and router have routing defined for all diameter.com domain to some hss1@net.imsnetwork.com

      so request for sip:dg@diameter.com will go to hss1@net.imsnetwork.com.

      Delete
  4. Dear All,

    Please let us know when will HSS send Diameter Out of space error in response to subscriber notification request on SH interface?

    ReplyDelete
    Replies
    1. Hi Ankit,

      DIAMETER_OUT_OF_SPACE is base diameter error.
      It is due to Transient Failures. This error occurs when received request was unable to complete due to temporary lack of space.

      When this error should be send is totally depends upon the implementation of diameter protocol. So if you team have implemented your protocol, you can respond to received request when you goes below threshold value of available buffers.

      Delete
  5. Dear All

    Can Application server request Multiple Data references in Single UDR
    eg: (Location Information & Public Identity)

    ReplyDelete
    Replies
    1. Yes, Sh interface have supported-features notiff-eff & update-eff. If AS supports notiff-eff there is no issues at HSS end. HSS always ready to support what receiver supports.

      Delete
  6. May I ask what if the AS receives no response (eg. PUA, UDA) from the HSS, because HSS is congested on the Sh interface? What are the behaviours of the AS expected? Thank you so much in advance!

    ReplyDelete
    Replies
    1. Hi Shuang,

      It is expected that each request get some response from its peer. Even If it congested, there are other responses (eg. TOO_BUSY etc.). Until there is any response AS will re-transmit the message again and again.
      Although AS behavior is specific to deployment vendor's requirement. But each complies 3GPP standards. So AS will behave as per standard. Call-flow could vary vendor to vendor, but each message will strictly comply standard.

      Delete
  7. Hi can anyone tell me what is the relation between notiff eff and update eff feature

    ReplyDelete
    Replies
    1. Hi bhuvija,

      The basic use is to optimize the network load by avoiding multiple messages for multiple Data-References. So by using these supported feature, we can club the multiple Data-Reference within single message.

      Notiff-eff : This feature is applicable to the UDR/UDA, SNR/SNA and PNR/PNA command pairs.

      The HSS may combine the response for multiple Data References,Service Indications and Identity Sets into a single message.

      Update-eff : This feature is applicable to the PUR/PUA commands. For Data reference Repository Data, Response may contain an XML document with several Repository Data instances.

      Delete
  8. Hello, I'm currently designing the IMS network. Please can you assist with the 3gpp format for diameter realm for the cx and sh interfaces respectively.

    ReplyDelete
    Replies
    1. The Home network Domain form ‘ims.mnc.mcc.3gppnetwork.org’

      Both and are 3 digits long.

      Sample details

      Realm FQDN (Hostname.Realm) Interface
      ims.mnc345.mcc405.3gppnetwork.org pldraxxx4.ims.mnc345.mcc405.3gppnetwork.org Cx
      ims.mnc789.mcc405.3gppnetwork.org kldraxxx1.ims.mnc789.mcc405.3gppnetwork.org Sh

      Its nothing related to interface. Its all depends on your network planning. Need more specific details eloborate your question.

      Delete
  9. Can Anyone tell me what is the use of sending ProxyInfo in SNR.I dont think so it is mandatory.What are the consequences if I am going to remove it from SNR.

    ReplyDelete
    Replies
    1. The Proxy-Info AVP (AVP Code 284) is base diameter AVP. This AVP contains the identity and local state information of the Diameter node that creates and adds it to a message.

      It has same usage in all diameter messages. No special handling for SNR. its optional and usage totally depends on your deployment architecture/model. Base diameter will do the usage handling, no specific handling required on sh interface.

      Delete
  10. Hello every one,
    can any one tell me the importance of Route Record AVP and use case of it. thanks in advance.

    ReplyDelete
    Replies
    1. It is base diameter AVP used to keep record of all hops(diameter identity). Request message before reaching destination this AVP is populated by all intermediate hops with self diameter identity, so that answer take same path in reverse order.

      Delete
  11. Hello everyone.
    Let's suppose,I have an IMSI, so how can i get MSISDN(or FQDN) from HSS?i don't know either these subscription contain MSISDN or it MSISDNless.

    Thanks in advance.

    ReplyDelete
    Replies
    1. Hi

      Subscriber Profile in HSS contain (Mapping of) IMSI/MSISDN/FQDN/IMPI/IMPU and that could be sent to controlling node if required.

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  12. Thanks for answer, but it seems that i'm not clearly explain.
    I have an IMSI on my AS and i need to know MSISDN. as far as i checked messages on Sh int. and i could not found a message(requsest) where an argument for request was IMSI and an answer (from HSS) was an profile or part of profile containing MSISDN/FQDN/IMPU/IMPI (i mean UDR/UDA). If itis not possible on Sh int is it possible to get reqeusted data from another interface?
    Thanks in advance.
    Evgeniy.

    ReplyDelete
  13. I am sending SNR with repository data and multiple service indication , but PNR is not getting trigger. what may be the reason ?

    TIS

    ReplyDelete
    Replies
    1. SNR is subscription, It's application where & how it have planned to send PNR.
      Following probable reasons may be.
      1. Peer(AS) is not up (or peer details are not matching).
      2. If there are some threshold limit for invoking PNR, might be the message is in queue.

      Are you using simulators or executing end-to-end scenario. First case is most probable reason, when we use simulators. Check configurations and connections.

      Delete
  14. i have a big conflict between PNR, SNR and PUR . so if anyone can help me to clarify that in my mind i will be very thankful

    ReplyDelete
  15. I wanted to know like is it necessary to have server name header in SNR request during AS subscription

    ReplyDelete
  16. I need UDA sample format from HSS. Please provide a sample UDR/UDA from HSS. [may be in PCAP format]

    ReplyDelete