The IP Multimedia Subsystem (IMS) offers significant value to service providers since it allows them to introduce new real-time, multimedia services and provide end users with a seamless experience across multiple access networks. The Base Diameter Protocol is an IETF-defined protocol that provides applications a framework for Authentication, Authorization, and Accounting functions. Diameter operates on top of reliable transport protocols like TCP and SCTP. Figure 1 depicts the architecture of the Diameter protocol.
Figure 1 – Architecture of the Diameter Protocol
The Base Diameter Protocol provides the following basic services:
• Delivery of AVPs
• Capability Negotiation
• Error Notification
• Extensibility via new command codes and AVPs
Diameter is used in the Sh and Cx interfaces defined by 3GPP for the IMS. The Sh and Cx Diameter applications extend the Base Diameter Command codes and AVPs to support the authentication and authorization functions required for the respective interfaces. Figure 2 depicts these interfaces in the IMS network along with the Dh and Dx interfaces.
Figure 2 – Sh, Dh, Cx, and Dx interfaces
AS – Application Server
CSCF – Call Session Control Function
HSS – Home Subscriber Server
I-CSCF – Interrogating CSCF
S-CSCF – Serving CSCF
SLF – Subscription Locator Function
The Sh interface operates between a SIP AS and the HSS network elements in the IMS. The Sh interface allows for:
• Download and update of transparent and non-transparent user data
• Request and send notifications on changes in the user data
The Dh interface is used between the AS and the SLF. It is used to get the address of the HSS serving an IMS Public User Identity or Public Service Identity. The Dh interface uses the same message set as the Sh interface.
The Cx interface operates between I-CSCF and HSS and between S-CSCF and the HSS. The Cx interface allows for:
• Location management procedures (exchange of location information)
• User data handling procedures (download user data stored in the server)
• User authentication procedures
HSS implements the Diameter Multimedia server side of the Cx interface while the I-CSCF and the S-CSCF implement the Diameter Multimedia client side of the Cx interface.
The Dx interface is used between the Call Session Control Function (CSCF) and the Subscriber Locator Function (SLF). It is used to get the address of the HSS serving an IMS Public User Identity or Public Service Identity. The Dx interface uses the same message set as the Cx interface.
For charging, the 3GPP defines two types of interfaces. The online charging interface (Ro) is used for real-time billing while a service is occurring. Charging information can affect the service being rendered. The offline charging interface (Rf) is used to transfer charging information that will not affect, in real-time, the service being rendered. The Ro interface is based on the IETF defined Credit Control Application (RFC 4006). It uses the Credit-Control command (CCR/CCA). The Rf interface is based on the accounting functionality of IETF-diameter base (RFC 3588) and uses the accounting command (ACR/ACA).
This Diameter Reference Guide has been compiled by Ulticom to provide an easy resource for system and service providers as they build out their IMS-based services and infrastructures. Updates or additional copies can be requested from the Ulticom website, www.ulticom.com
Acronym for the 3rd Generation Partnership Project. 3GPP is a user and definer of Diameter protocols as applied to 3rd Generation Wireless Networks and the IMS.
Acronym for the 3rd Generation Partnership Project 2. 3GPP2 is a user and definer of Diameter protocols as applied to 3rd Generation Wireless Networks and the IMS.
Acronym for 4th Generation. 4G standards and trade groups are users and definers of Diameter protocols as applied to FMC and 4th Generation Networks beyond IMS phase 3.
Acronym for Authentication, Authorization, and Accounting. Among other capabilities, Diameter is a type of AAA protocol.
AAA Transport Profile
A profile that defines transport layer usage for AAA protocols including Diameter.
The act of collecting information on resource usage for the purpose of capacity planning, auditing, billing, or cost allocation. Diameter provides an accounting capability.
An accounting record represents a summary of the resource consumption of a user over the entire session. Accounting servers creating the accounting record may do so by processing interim accounting events or accounting events from several devices serving the same user.
A field defined in a Diameter Header for standard and vendor-specific Diameter applications and maintained by the IANA.
The act of verifying the identity of an entity. Diameter provides an authentication capability.
The act of determining whether a requesting entity will be allowed access to a resource. Diameter provides an authorization capability.
The act of charging for usage or events normally derived from accounting information. Diameter provides accounting information.
Acronym for Attribute Value Pair. The Diameter protocol consists of a header followed by one or more Attribute Value Pairs (AVPs). An AVP includes a header and is used to encapsulate protocol-specific data (e.g., routing information) as well as authentication, authorization, or accounting information.
A field in the header of a Diameter AVP that uniquely identifies the object attribute. Standardized AVP-Codes are maintained by the IANA.
A broker is a business term commonly used in AAA infrastructures. A broker is either a relay, proxy, or redirect agent, and may be operated by roaming consortiums. Depending on the business model, a broker may either choose to deploy either relay agents or proxy agents.
1. Acronym for Command Code. The name and number associated with a particular Diameter
Message and maintained by the IANA.
2. Acronym for Credit Control. A function of an Online Billing systems.
A Diameter-based interface defined in the IMS that is used for AAA functions.
A Diameter-based interface defined in the IMS that is used for service layer AAA functions.
A type of AAA protocol defined in the IETF and extended in other standards bodies and trade groups like 3GPP and 3GPP2.
A Diameter Agent is a Diameter node that provides either relay, proxy, redirect, or translation services
Diameter Application Protocol
An application-specific protocol used for transfer of application-specific functions and messages.
Diameter Base Protocol
A base foundation protocol that provides transfer of Diameter messages, negotiation capabilities, routing capabilities, error handling, and Diameter extensibility.
A Diameter Client is a device at the edge of the network that performs access control. An example of a Diameter client is a Network Access Server (NAS) or a Foreign Agent (FA).
A Diameter node is a host process that implements the Diameter protocol, and acts either as a Client, Agent, or Server.
A Diameter Peer is a Diameter Node to which a given Diameter Node has a direct transport connection.
Diameter Peer Table
A data structure maintained on each Diameter Node that contains an entry for each known Diameter Peer and their respective properties.
Diameter Peer State Machine
A data structure maintained on a Diameter Node that contains finite state machine status for each known connection to a Diameter Peer.
Diameter Realm Routing Table
A data structure maintained on each Diameter Node and that is used for message routing. This data structure contains an entry for each known realm that has been discovered by that node.
Diameter Security Exchange
A Diameter Security Exchange is a process through which two Diameter odes establish end-to-end security.
A Diameter Server is one that handles authentication, authorization, and accounting requests for a particular realm. By its very nature, a Diameter Server must support Diameter applications in addition to the base protocol.
Downstream is used to identify the direction of a particular Diameter message from the home server toward the access device.
A Diameter based interface defined in the IMS that is used for AAA functions.
TLS and IPsec provide hop-by-hop security, or security across a transport connection. When relays or proxies are involved, this hop-by-hop security does not protect the entire Diameter user session. End-to-end security is security between two Diameter nodes, possibly communicating through Diameter Agents. This security protects the entire Diameter communications path from the originating Diameter node to the terminating Diameter node.
A Diameter-based interface defined in the IMS that is used for Policy Control functions.
A Home Realm is the administrative domain with which the user maintains an account relationship.
See Diameter Server.
Acronym for the Internet Assigned Number Authority.
Acronym for the Internet Engineering Task Force. The IETF is the first user and definer of the Diameter Base protocol as well as the first application-level protocols that use Diameter.
Acronym for the Internet Protocol Multimedia Subsystem. Through the efforts of the 3GPP, it is one of the first functional subsystems that is a user and definer of the Diameter protocol and extensions.
An interim accounting message provides a snapshot of usage during a user’s session. It is typically implemented in order to provide for partial accounting of a user’s session in the case of a device reboot or where other network problems prevent the reception of a session summary message or session record.
Acronym for Internet Protocol Security. A network layer security protocol defined in the IETF.
A local realm is the administrative domain providing services to a user. An administrative domain MAY act as a local realm for certain users, while being a home realm for others.
A multi-session represents a logical linking of several sessions. Multi-sessions are tracked by using the Acct-Multi-Session-Id. An example of a multi-session would be a Multi-link PPP bundle. Each leg of the bundle would be a session while the entire bundle would be a multi-session.
Network Access Identifier
The Network Access Identifier, or NAI, is used in the Diameter protocol to extract a user’s identity and realm. The identity is used to identify the user during authentication and/or authorization, while the realm is used for message routing purposes.
Network Access Server
Network Access Server or NAS is a network edge functional entity that may have a Diameter Client in order to request AAA functions to a Diameter Server.
The act of charging after a usage or event that is normally based on non-real-time accounting information.
A type of offline billing system.
Proxy Agent or Proxy
In addition to forwarding requests and responses, proxies make policy decisions relating to resource usage and provisioning. This is typically accomplished by tracking the state of AS devices. While proxies typically do not respond to client requests prior to receiving a response from the server, they may originate reject messages in cases where policies are violated. As a result, proxies need to understand the semantics of the messages passing through them, and may not support all Diameter applications.
Acronym for Remote Authentication
Dial In User Service. RADIUS is a type of AAA protocol.
The act of applying charging based on specific usage or event content and rules.
A functional entity capable of rendering charging information based on specific usage or event content and rules.
A Diameter-based interface defined in the IMS that is used for Billing Rating functions.
The string in the NAI that immediately follows the ’@’ character. NAI realm names are required to be unique, and are piggybacked on the administration of the DNS namespace. Diameter makes use of the realm, also loosely referred to as domain, to determine whether messages can be satisfied locally, or whether they must be routed or redirected. In RADIUS, realm names are not necessarily piggybacked on the DNS namespace but may be independent of it.
Real-time accounting involves the processing of information on resource usage within a defined time window. Time constraints are typically imposed in order to limit financial risk.
Relay Agent or Relay
Relays forward requests and responses based on routing-related AVPs and realm routing table entries. Since relays do not make policy decisions, they do not examine or alter non-routing AVPs. As a result, relays never originate messages, do not need to understand the semantics of messages or non-routing AVPs, and are capable of handling any Diameter application or message type. Since relays make decisions based on information in routing AVPs and realm forwarding tables, they do not keep state on NAS resource usage or sessions in progress.
Rather than forwarding requests and responses between clients and servers, redirect agents refer clients to servers and allow them to communicate directly. Since redirect agents do not sitin the forwarding path, they do not alter any AVPs transiting between client and server. Redirect agents do not originate messages. They are capable of handling any message type, although they may be configured only to redirect messages of certain types, while acting as relay or proxy agents for other types. As with proxy agents, redirect agents do not keep state with respect to sessions or NAS resources.
A field defined in a Diameter answer message for error conditions and whose values are maintained by the IANA.
A Diameter-based interface defined in the IMS that is used for Offline Billing functions.
A Diameter-based interface defined in the IMS that is used for Online Billing functions.
Roaming relationships include relationships between companies and Internet Service Providers (ISPs), relationships among peer ISPs within a roaming consortium, and relationships between an ISP and a roaming consortium.
Acronym for Stream Control Transmission Protocol. A reliable transport protocol used for the exchange of Diameter protocols.
A security association is an association between two endpoints in a Diameter session that allows the endpoints to communicate with integrity and confidentially, even in the presence of relays and/or proxies.
A session is a related progression of events devoted to a particular activity. Each application should provide guidelines as to when a session begins and ends. All Diameter packets with the same Session-Identifier are considered to be part of the same session.
A stateful agent is one that maintains session state information, by keeping track of all authorized active sessions. Each authorized session is bound to a particular service, and its state is considered active either until it is notified otherwise, or by expiration.
A Diameter-based interface defined in the IMS that is used for service layer-based AAA functions.
A sub-session represents a distinct service (e.g., QoS or data characteristics) provided to a given session. These services may happen concurrently (e.g., simultaneous voice and data transfer during the same session) or serially. These changes in sessions are tracked with the Accounting-Sub-Session-Id.
Acronym for Transmission Control Protocol. A reliable transport layer protocol used for the exchange of Diameter protocols.
Acronym for Transport Layer Security. A transport layer security protocol that encapsulates and secures application layer protocols.
The Diameter protocol requires that agents maintain transaction state, which is used for failover purposes. Transaction state implies that upon forwarding a request, the Hop-by-Hop identifier is saved; the field is replaced with a locally unique identifier, which is restored to its original value when the corresponding answer is received. The request’s state is released upon receipt of the answer. A stateless agent is one that only maintains transaction state.
A translation agent is a stateful Diameter node that performs protocol translation between Diameter and another AAA protocol, such as RADIUS.
A transport connection is a TCP or SCTP connection existing directly between two Diameter peers, otherwise known as a Peer-to-Peer Connection.
Upstream is used to identify the direction of a particular Diameter message from the access device toward the home server.
The entity requesting or using some resource, in support of which a Diameter client has generated a request.
For more information, please contact firstname.lastname@example.org.