The IP Multimedia Subsystem (IMS) offers significant value to service providers
since it allows them to introduce new real-time, multimedia services and provide
end users with a seamless experience across multiple access networks. The Base Diameter
Protocol is an IETF-defined protocol that provides applications a framework for
Authentication, Authorization, and Accounting functions. Diameter operates on top
of reliable transport protocols like TCP and SCTP. Figure 1 depicts the architecture
of the Diameter protocol.
|
Diameter Extensions
|
|
(SH, CX, RO, Rf, etc.)
|
|
Diameter Base Protocol
|
|
SCTP/TCP
|
|
IP
|
Figure 1 - Architecture of the Diameter Protocol
The Base Diameter Protocol provides the following basic services:
• Delivery of AVPs
• Capability Negotiation
• Error Notification
• Accounting
• Extensibility via new command codes and AVPs
Diameter is used in the Sh and Cx interfaces defined by 3GPP for the IMS. The Sh
and Cx Diameter applications extend the Base Diameter Command codes and AVPs to
support the authentication and authorization functions required for the respective
interfaces. Figure 2 depicts these interfaces in the IMS network along with the
Dh and Dx interfaces.
Figure 2 - Sh, Dh, Cx, and Dx interfaces
AS - Application Server
CSCF - Call Session Control Function
HSS - Home Subscriber Server
I-CSCF - Interrogating CSCF
S-CSCF - Serving CSCF
SLF - Subscription Locator Function
The Sh interface operates between a SIP AS and the HSS network elements in the IMS.
The Sh interface allows for:
• Download and update of transparent and non-transparent user data
• Request and send notifications on changes in the user data
The Dh interface is used between the AS and the SLF. It is used to get the address
of the HSS serving an IMS Public User Identity or Public Service Identity. The Dh
interface uses the same message set as the Sh interface.
The Cx interface operates between I-CSCF and HSS and between S-CSCF and the HSS.
The Cx interface allows for:
• Location management procedures (exchange of location information)
• User data handling procedures (download user data stored in the server)
• User authentication procedures
HSS implements the Diameter Multimedia server side of the Cx interface while the
I-CSCF and the S-CSCF implement the Diameter Multimedia client side of the Cx interface.
The Dx interface is used between the Call Session Control Function (CSCF) and the
Subscriber Locator Function (SLF). It is used to get the address of the HSS serving
an IMS Public User Identity or Public Service Identity. The Dx interface uses the
same message set as the Cx interface.
For charging, the 3GPP defines two types of interfaces. The online charging interface
(Ro) is used for real-time billing while a service is occurring. Charging information
can affect the service being rendered. The offline charging interface (Rf) is used
to transfer charging information that will not affect, in real-time, the service
being rendered. The Ro interface is based on the IETF defined Credit Control Application
(RFC 4006). It uses the Credit-Control command (CCR/CCA). The Rf interface is based
on the accounting functionality of IETF-diameter base (RFC 3588) and uses the accounting
command (ACR/ACA).
This Diameter Reference Guide has been compiled by Ulticom to provide an easy resource
for system and service providers as they build out their IMS-based services and
infrastructures. Updates or additional copies can be requested from the Ulticom
website, www.ulticom.com
3GPP
Acronym for the 3rd Generation Partnership Project. 3GPP is a user and definer of
Diameter protocols as applied to 3rd Generation Wireless Networks and the IMS.
3GPP2
Acronym for the 3rd Generation Partnership Project 2. 3GPP2 is a user and definer
of Diameter protocols as applied to 3rd Generation Wireless Networks and the IMS.
4G
Acronym for 4th Generation. 4G standards and trade groups are users and definers
of Diameter protocols as applied to FMC and 4th Generation Networks beyond IMS phase
3.
AAA
Acronym for Authentication, Authorization, and Accounting. Among other capabilities,
Diameter is a type of AAA protocol.
AAA Transport Profile
A profile that defines transport layer usage for AAA protocols including Diameter.
Accounting
The act of collecting information on resource usage for the purpose of capacity
planning, auditing, billing, or cost allocation. Diameter provides an accounting
capability.
Accounting Record
An accounting record represents a summary of the resource consumption of a user
over the entire session. Accounting servers creating the accounting record may do
so by processing interim accounting events or accounting events from several devices
serving the same user.
Application-ID
A field defined in a Diameter Header for standard and vendor-specific Diameter applications
and maintained by the IANA.
Authentication
The act of verifying the identity of an entity. Diameter provides an authentication
capability.
Authorization
The act of determining whether a requesting entity will be allowed access to a resource.
Diameter provides an authorization capability.
Billing
The act of charging for usage or events normally derived from accounting information.
Diameter provides accounting information.
AVP
Acronym for Attribute Value Pair. The Diameter protocol consists of a header followed
by one or more Attribute Value Pairs (AVPs). An AVP includes a header and is used
to encapsulate protocol-specific data (e.g., routing information) as well as authentication,
authorization, or accounting information.
AVP-Code
A field in the header of a Diameter AVP that uniquely identifies the object attribute.
Standardized AVP-Codes are maintained by the IANA.
Broker
A broker is a business term commonly used in AAA infrastructures. A broker is either
a relay, proxy, or redirect agent, and may be operated by roaming consortiums. Depending
on the business model, a broker may either choose to deploy either relay agents
or proxy agents.
CC
1. Acronym for Command Code. The name and number associated with a particular Diameter
Message and maintained by the IANA.
2. Acronym for Credit Control. A function of an Online Billing systems.
Cx
A Diameter-based interface defined in the IMS that is used for AAA functions.
Dh
A Diameter-based interface defined in the IMS that is used for service layer AAA
functions.
Diameter
A type of AAA protocol defined in the IETF and extended in other standards bodies
and trade groups like 3GPP and 3GPP2.
Diameter Agent
A Diameter Agent is a Diameter node that provides either relay, proxy, redirect,
or translation services.
Diameter Application Protocol
An application-specific protocol used for transfer of application-specific functions
and messages.
Diameter Base Protocol
A base foundation protocol that provides transfer of Diameter messages, negotiation
capabilities, routing capabilities, error handling, and Diameter extensibility.
Diameter Client
A Diameter Client is a device at the edge of the network that performs access control.
An example of a Diameter client is a Network Access Server (NAS) or a Foreign Agent
(FA).
Diameter Node
A Diameter node is a host process that implements the Diameter protocol, and acts
either as a Client, Agent, or Server.
Diameter Peer
A Diameter Peer is a Diameter Node to which a given Diameter Node has a direct transport
connection.
Diameter Peer Table
A data structure maintained on each Diameter Node that contains an entry for each
known Diameter Peer and their respective properties.
Diameter Peer State Machine
A data structure maintained on a Diameter Node that contains finite state machine
status for each known connection to a Diameter Peer.
Diameter Realm Routing Table
A data structure maintained on each Diameter Node and that is used for message routing.
This data structure contains an entry for each known realm that has been discovered
by that node.
Diameter Security Exchange
A Diameter Security Exchange is a process through which two Diameter odes establish
end-to-end security.
Diameter Server
A Diameter Server is one that handles authentication, authorization, and accounting
requests for a particular realm. By its very nature, a Diameter Server must support
Diameter applications in addition to the base protocol.
Downstream
Downstream is used to identify the direction of a particular Diameter message from
the home server toward the access device.
Dx
A Diameter based interface defined in the IMS that is used for AAA functions.
End-to-End Security
TLS and IPsec provide hop-by-hop security, or security across a transport connection.
When relays or proxies are involved, this hop-by-hop security does not protect the
entire Diameter user session. End-to-end security is security between two Diameter
nodes, possibly communicating through Diameter Agents. This security protects the
entire Diameter communications path from the originating Diameter node to the terminating
Diameter node.
Gq
A Diameter-based interface defined in the IMS that is used for Policy Control functions.
Home Realm
A Home Realm is the administrative domain with which the user maintains an account
relationship.
Home Server
See Diameter Server.
IANA
Acronym for the Internet Assigned Number Authority.
IETF
Acronym for the Internet Engineering Task Force. The IETF is the first user and
definer of the Diameter Base protocol as well as the first application-level protocols
that use Diameter.
IMS
Acronym for the Internet Protocol Multimedia Subsystem. Through the efforts of the
3GPP, it is one of the first functional subsystems that is a user and definer of
the Diameter protocol and extensions.
Interim Accounting
An interim accounting message provides a snapshot of usage during a user’s
session. It is typically implemented in order to provide for partial accounting
of a user’s session in the case of a device reboot or where other network
problems prevent the reception of a session summary message or session record.
IPsec
Acronym for Internet Protocol Security. A network layer security protocol defined
in the IETF.
Local Realm
A local realm is the administrative domain providing services to a user. An administrative
domain MAY act as a local realm for certain users, while being a home realm for
others.
Multi-session
A multi-session represents a logical linking of several sessions. Multi-sessions
are tracked by using the Acct-Multi-Session-Id. An example of a multi-session would
be a Multi-link PPP bundle. Each leg of the bundle would be a session while the
entire bundle would be a multi-session.
Network Access Identifier
The Network Access Identifier, or NAI, is used in the Diameter protocol to extract
a user’s identity and realm. The identity is used to identify the user during
authentication and/or authorization, while the realm is used for message routing
purposes.
Network Access Server
Network Access Server or NAS is a network edge functional entity that may have a
Diameter Client in order to request AAA functions to a Diameter Server.
Offline Billing
The act of charging after a usage or event that is normally based on non-real-time
accounting information.
Postpaid Billing
A type of offline billing system.
Proxy Agent or Proxy
In addition to forwarding requests and responses, proxies make policy decisions
relating to resource usage and provisioning. This is typically accomplished by tracking
the state of AS devices. While proxies typically do not respond to client requests
prior to receiving a response from the server, they may originate reject messages
in cases where policies are violated. As a result, proxies need to understand the
semantics of the messages passing through them, and may not support all Diameter
applications.
RADIUS
Acronym for Remote Authentication
Dial In User Service. RADIUS is a type of AAA protocol.
Rating
The act of applying charging based on specific usage or event content and rules.
Rating Engine
A functional entity capable of rendering charging information based on specific
usage or event content and rules.
Re
A Diameter-based interface defined
in the IMS that is used for Billing
Rating functions.
Realm
The string in the NAI that immediately follows the ’@’ character. NAI
realm names are required to be unique, and are piggybacked on the administration
of the DNS namespace. Diameter makes use of the realm, also loosely referred to
as domain, to determine whether messages can be satisfied locally, or whether they
must be routed or redirected. In RADIUS, realm names are not necessarily piggybacked
on the DNS namespace but may be independent of it.
Real-time Accounting
Real-time accounting involves the processing of information on resource usage within
a defined time window. Time constraints are typically imposed in order to limit
financial risk.
Relay Agent or Relay
Relays forward requests and responses based on routing-related AVPs and realm routing
table entries. Since relays do not make policy decisions, they do not examine or
alter non-routing AVPs. As a result, relays never originate messages, do not need
to understand the semantics of messages or non-routing AVPs, and are capable of
handling any Diameter application or message type. Since relays make decisions based
on information in routing AVPs and realm forwarding tables, they do not keep state
on NAS resource usage or sessions in progress.
Redirect Agent
Rather than forwarding requests and responses between clients and servers, redirect
agents refer clients to servers and allow them to communicate directly. Since redirect
agents do not sitin the forwarding path, they do not alter any AVPs transiting between
client and server. Redirect agents do not originate messages. They are capable of
handling any message type, although they may be configured only to redirect messages
of certain types, while acting as relay or proxy agents for other types. As with
proxy agents, redirect agents do not keep state with respect to sessions or NAS
resources.
Result-Code AVP
A field defined in a Diameter answer message for error conditions and whose values
are maintained by the IANA.
Rf
A Diameter-based interface defined in the IMS that is used for Offline Billing functions.
Ro
A Diameter-based interface defined in the IMS that is used for Online Billing functions.
Roaming Relationships
Roaming relationships include relationships between companies and Internet Service
Providers (ISPs), relationships among peer ISPs within a roaming consortium, and
relationships between an ISP and a roaming consortium.
SCTP
Acronym for Stream Control Transmission Protocol. A reliable transport protocol
used for the exchange of Diameter protocols.
Security Association
A security association is an association between two endpoints in a Diameter session
that allows the endpoints to communicate with integrity and confidentially, even
in the presence of relays and/or proxies.
Session
A session is a related progression of events devoted to a particular activity. Each
application should provide guidelines as to when a session begins and ends. All
Diameter packets with the same Session-Identifier are considered to be part of the
same session.
Session State
A stateful agent is one that maintains session state information, by keeping track
of all authorized active sessions. Each authorized session is bound to a particular
service, and its state is considered active either until it is notified otherwise,
or by expiration.
Sh
A Diameter-based interface defined in the IMS that is used for service layer-based
AAA functions.
Sub-session
A sub-session represents a distinct service (e.g., QoS or data characteristics)
provided to a given session. These services may happen concurrently (e.g., simultaneous
voice and data transfer during the same session) or serially. These changes in sessions
are tracked with the Accounting-Sub-Session-Id.
TCP
Acronym for Transmission Control Protocol. A reliable transport layer protocol used
for the exchange of Diameter protocols.
TLS
Acronym for Transport Layer Security. A transport layer security protocol that encapsulates
and secures application layer protocols.
Transaction State
The Diameter protocol requires that agents maintain transaction state, which is
used for failover purposes. Transaction state implies that upon forwarding a request,
the Hop-by-Hop identifier is saved; the field is replaced with a locally unique
identifier, which is restored to its original value when the corresponding answer
is received. The request’s state is released upon receipt of the answer. A
stateless agent is one that only maintains transaction state.
Translation Agent
A translation agent is a stateful Diameter node that performs protocol translation
between Diameter and another AAA protocol, such as RADIUS.
Transport Connection
A transport connection is a TCP or SCTP connection existing directly between two
Diameter peers, otherwise known as a Peer-to-Peer Connection.
Upstream
Upstream is used to identify the direction of a particular Diameter message from
the access device toward the home server.
User
The entity requesting or using some resource, in support of which a Diameter client
has generated a request.