Diameter Presentation
-
Upload
beny-haddad -
Category
Technology
-
view
983 -
download
5
Transcript of Diameter Presentation
DiameterBeny Haddad
Agenda• Origin of Diameter
• Main Features of Diametero Diameter Base protocol
o Type of Diameter Nodes
• Main Applications
• Messages Overview
Company Confidential 2
Why did we need Diameter?
• Diameter is an Authentication, Authorization and Accounting protocol (AAA) for computer networks, and an alternative to RADIUS.
• Diameter provides an upgrade path for the “old” RADIUS (Remote Authentication Dial In User Service) and solves several limitations.
In the early 1990s, Radius has
been developed to control
Dial-in access
AAA• Authenticate users or devices before granting them
access to a network
• Authorize those users or devices for certain network
services
• Account for usage of those services
Company Confidential 4
DIAMETER = 2 * RADIUS
RADIUS DIAMETER
Reliable
transport
No (uses UDP) TCP, SCTP
Failover Not defined by
standard
Failover is defined for
network errors and actions
Security Not mandatory and not
end to end
Mandatory and end to end
Agent roles Not defined (other
then client and server)
Defines many (such as
proxy, relay and redirect)
Transactions ID up to 255, other
implicit methods
End to end and node by
node each 2^32 range
Vendor specific Not explicit Through negotiation
Dynamic
configuration
No Defined in the standard
5
Company Confidential 6
Main features of Diameter
Diameter - Basic Functionality
Diameter Tutorial - IETF67
Diameter
Client Application
Diameter
Server Application
Routing Management
Connection
Management
Connection
Management
Diameter Client Node at somerealm.com
Base Protocol Base Protocol
Diameter Server Node at otherrealm.com
Session Management
Routing Management
Session Management
Diameter - Basic Functionality
Diameter Tutorial - IETF67
• Base Protocol
– Connectivity: Peering and Routing
– Application support: Application session management
• Applications
– Purpose specific: Gx, Gy, etc
– Identified by application Id
• Every application MUST have an IANA-assigned application
identifier
• Used also for diameter message routing
- Define the Commands (e.g. CCR/CCA, RAR/RAA)
- Defines the AVP (Attribute/Value Pair) fields (e.g. Origin-Host)
Diameter – Message Format
Diameter Tutorial - IETF67
Diameter Header AVP AVP AVP
• Diameter Message:
AVP Header AVP Data
• Each message must be defined using an ABNF grammar
• Pre-defined AVP data types (Integer32, Float, OctetString etc.)
Version, Length, Flags, Code, AppId, H2H Id, E2E IdDiameter Header =
Code, Flag, Length, Vendor-Id (Opt)AVP Header =
Diameter ABNF Conventions
Diameter Tutorial - IETF67
Symbol Example Meaning Occurrences
<XXX> ::= <X, F> <CER> ::= < Diameter Header: 257, REQ >
Command Code, Flags 1
< AVP > < Session-Id > Required AVPAt this place (first)
1
{ AVP } { Origin-Host } Required AVP 1
1* { AVP } 1* { Host-IP-Address }
Required AVP,Canappear more than once
1+
[ AVP ] [ Origin-State-Id ] Optional AVP 0,1
*[ AVP ] * [ Supported-Vendor-Id ]
Optional AVP, Can appear more than once
0+
Diameter ABNF Example
<CER> ::= < Diameter Header: 257, REQ > /* Command Code, Flags */
< Session-Id > /* Required AVP, Occurrence: 1 At this place (first) */
{ Origin-Host } /* Required AVP, Occurrence: 1 */
{ Origin-Realm }
1* { Host-IP-Address } /* Required AVP, Occurrence: 1+ */
{ Vendor-Id }
{ Product-Name }[ Origin-State-Id ] /* Optional AVP, Occurrence: 0 or 1 */
* [ Supported-Vendor-Id ] /* Optional AVP, Occurrence: 0+ */
* [ Auth-Application-Id ]
* [ Inband-Security-Id ]
* [ Acct-Application-Id ]
* [ Vendor-Specific-Application-Id ]
[ Firmware-Revision ]* [ AVP ]
Diameter Tutorial - IETF67
Note: /* */ is not part of ABNF
Capabilities Exchange
Diameter Tutorial - IETF67
• Capabilities Exchange
– Use of Capabilities-Exchange (CER/CEA) messages
– Message exchange advertises:
• Peer Identity
• Security schemes – Indicates the use of TLS
• SCTP host addresses if used
– CER/CEA may or may not be protected
• Peer Table Creation
– Lists all peers that passes capabilities negotiation
– Indicates the connection status of each peers
– Also used for message routing
Diameter Sessions – definitions
• What is a session? o A session is a related progression of events devoted to a
particular activity
• Applications provide guidelines as to when a session begins and ends
• Sessions are identified by Session-Ido Globally and eternally unique
<DiameterIdentity>;<high 32 bits>;<low 32 bits>[;<optional value>]
• DiameterIdentity: Senders identity in FQDN
• High and Low 32 bits: Decimal representation of a 64-bit value, monotonically increased
• Optional value: Implementation specific, i.e. MAC address, timestamp etc
Diameter Tutorial - IETF67
Types of Diameter Nodes
Diameter Tutorial - IETF67
• Diameter Clients and Servers
– Request and Answer Originators
• Where application normally reside
– Advertises supported applications only
• Diameter Agents
– Request and Answer forwarders
– Adds routing information to the message
– Relay Agents
• Provides basic message forwarding
• Does not inspect content of the message other than Destination-
Host and/or Realm and AppIds
• Advertises support all applications
Types of Diameter Nodes – (cont.)
Diameter Tutorial - IETF67
– Proxy Agents
• Inspects and possibly modifies contents of the request or answer it is
forwarding.
– Useful in scenarios such policy enforcement, admission control,
provisioning etc
– Can maintain session state
• Examples: Translation agents, RADIUS<->DIAMETER
– Re-Direct Agents
• Does not forward messages but notifies the previous hop of the new
next-hop to use
• Advertises support all applications
Types of Diameter Nodes
Diameter Tutorial - IETF67
Redirect
Agent
Client
1. Request
2. Request 3. Redirect Notification
4. Request
5. Answer6. Answer
Request/Answer Path:
• Normal Relay or Proxy: 1, 4, 5, 6
• Re-directed Agent: 1, 2, 3, 4, 5, 6
realmA.com realmB.com
Relay/Proxy
AgentServer
Main Applications
Company Confidential 17
Main Applications in 3gpp
Company Confidential 18
Policy:
- Gx
- Rx
- S9
- Sd
Charging:
- Gy
- Gz (Rf)
- Sy
Subscriber Info:
- Sh
Gx/Rx Application• Gx:
o Interface between the PCEF (Policy and Charging Enforcement Function)
and the PCRF (Policy Control and Charging Rule Function)
o PCRF provides PCC rules (QoS and Charging rules) to PCEF at session
establishment
o PCRF can push PCC Rules for new bearers creation
• Rx:o Interface between the AF (Application Function) and the PCRF
o Enables 3rd party applications (IMS, SBC, etc) to create dynamically
bearers
Company Confidential 19
Gy/Gz Application• Gy:
o Diameter Credit Control Application (DCCA)
o Online Charging
o OCS (Online Charging) Allocates Quotas to PCEF
• Gz:o Offline Charging
o Also known as Rf
o Report usage to OFCS (Offline Charging)
Company Confidential 20
Messages overview
Company Confidential 21
Message Flow• Transport (TCP/SCTP)
• Capabilities Exchange
• Messages (CCR/CCA, etc)
• Watch Dog
• Disconnect
• Transport Disconnect
Company Confidential 22
MessagesMessage name Abbreviation Command code
Capabilities-Exchanging-Request CER 257
Capabilities-Exchanging-Answer CEA 257
Device-Watchdog-Request DWR 280
Device-Watchdog-Answer DWA 280
Credit-Control-Request CCR 272
Credit-Control-Answer CCA 272
Re-Auth-Request RAR 258
Re-Auth-Answer RAA 258
Session-Termination-Request STR 275
Session-Termination-Answer STA 275
Disconnect-Peer-Request DPR 282
Disconnect-Peer-Answer DPA 282
Company Confidential 23
Gx Interface
Company Confidential 24
GW
Online Charging System (OCS)
Service Data Flow Based
Credit Control
Policy and Charging
Rules Function (PCRF)
CAMEL SCP
Gy
Rx
AF
Gz
Gx
Subscription Profile Repository
(SPR)
Sp
Offline Charging System (OFCS)
PCEF
Gx Messages - CCR• CCR command: sent by the PCEF to PCRF for 2
purposes:o To request from PCRF for PCC rules for a bearer
o To indicate bearer or PCC rule related events or the termination of the IP
CAN bearer and/or session
Company Confidential 25
Gx Messages - CCR<CCR> ::= < Diameter Header: 272, REQ, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ CC-Request-Type }
{ CC-Request-Number }
[ Destination-Host ]
[ CC-Subsession-Id ]
[ Origin-State-Id ]
*[ Subscription-Id ]
[ Framed-IP-Address ]
*[ Framed-IPv6-Prefix ]
[ 3GPP-RAT-Type ]
[ Termination-Cause ]
[ User-Equipment-Info ]
{ 3GPP-GPRS-Negotiated-QoS-Profile }
[ 3GPP-SGSN-MCC-MNC ]
[ 3GPP-SGSN-Address ]
[ 3GPP-SGSN-IPv6-Address ]
[ Called-Station-ID ]
[ Bearer-Usage ]
[ TFT-Packet-Filter-Information ]
* [ Proxy-Info ]
* [ Route-Record ]*[ AVP ]
Company Confidential 26
Gx Messages - CCA• The CCA command is sent from the PCRF to PCEF
as a response to a CCR command.
• It provides the PCEF witho PCC rules and event triggers for the bearer/session
o Selected bearer control mode for the IP-CAN session
Company Confidential 27
Gx Messages – CCA (cont)<CCA> ::= < Diameter Header: 272, PXY >
< Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } [ Result-Code ] [ Experimental-Result ] [ CC-Request-Type ] [ CC-Request-Number ][ CC-Sub-Session-Id ]
*[ Event-Trigger ] [ Origin-State-Id ]
*[ Charging-Rule-Remove ] *[ Charging-Rule-Install ] [ Primary-CCF-Address ] [ Secondary-CCF-Address ] [ Primary-OCS-Address ] [ Secondary-OCS-Address ] [ Error-Message] [ Error-Reporting-Host ]
*[ Failed-AVP ]*[ Proxy-Info ] *[ Route-Record ] *[ AVP ]
Company Confidential 28
Charging-Rule-Install ::= < AVP Header: 1001 >
*[ Charging-Rule-Definition ]
*[ Charging-Rule-Name ]
*[ Charging-Rule-Base-Name ]
[ Bearer-Identifier ]
[ Rule-Activation-Time ]
[ Rule-Deactivation-Time ]
[ Resource-Allocation-Notification ]
[ Charging-Correlation-Indicator ]
*[ AVP ]
Gx Messages – CCA (cont)
Company Confidential 29
Flow-Information ::= < AVP Header: 1058 >
[ Flow-Description ]
[ Packet-Filter-Identifier ]
[ Packet-Filter-Usage ]
[ ToS-Traffic-Class ]
[ Security-Parameter-Index ]
[ Flow-Label ]
[ Flow-Direction ]
*[ AVP ]
QoS-Information ::= < AVP Header: 1016 >
[ QoS-Class-Identifier ]
[ Max-Requested-Bandwidth-UL ]
[ Max-Requested-Bandwidth-DL ]
[ Guaranteed-Bitrate-UL ]
[ Guaranteed-Bitrate-DL ]
[ Bearer-Identifier ]
[ Allocation-Retention-Priority]
[ APN-Aggregate-Max-Bitrate-UL]
[ APN-Aggregate-Max-Bitrate-DL]
* [AVP]
Charging-Rule-Definition ::= < AVP Header: 1003 >
{ Charging-Rule-Name }
[ Service-Identifier ]
[ Rating-Group ]
* [ Flow-Information ]
[ Flow-Status ]
[ QoS-Information ]
[ Reporting-Level ]
[ Online ]
[ Offline ]
[ Metering-Method ]
[ Precedence ]
[ AF-Charging-Identifier ]
* [ Flows ]
[ Monitoring-Key]
[ AF-Signalling-Protocol ]
* [ AVP ]
Gx Messages - RAR• The RAR command: sent by the PCRF to the PCEF in
order to provision PCC rules and event triggers using
the PUSH procedure to initiate the provision of
unsolicited PCC rules. o NOTE: If the RAR command is received by the PCEF without providing any
operation on PCC rules or any QoS information, the PCEF will respond with a CCR command requesting PCC rules.
Company Confidential 30
Gx Message - RAR
<RA-Request> ::= < Diameter Header: 258, REQ, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ Destination-Host }
{ Re-Auth-Request-Type }
[ Origin-State-Id ]
*[ Event-Trigger ]
*[ Charging-Rule-Remove ]
*[ Charging-Rule-Install ]
*[ QoS-Information ]
*[ Proxy-Info ]
*[ Route-Record ]
*[ AVP]
Company Confidential 31
Gx Messages - RAA• The RAA command: sent by the PCEF to the PCRF in
response to the RAR command.
<RA-Answer> ::= < Diameter Header: 258, PXY >
< Session-Id >
{ Origin-Host }
{ Origin-Realm }
[ Result-Code ]
[ Experimental-Result ]
[ Origin-State-Id ]
[ Event-Trigger ]
*[ Charging-Rule-Report]
[ Access-Network-Charging-Address ]
*[ Access-Network-Charging-Identifier-Gx ]
[ Bearer-Identifier ]
[ Error-Message ]
[ Error-Reporting-Host ]
*[ Failed-AVP ]
*[ Proxy-Info ]
*[ AVP ]
Company Confidential 32
Rx Interface
Company Confidential 33
GW
Online Charging System (OCS)
Service Data Flow Based
Credit Control
Policy and Charging
Rules Function (PCRF)
CAMEL SCP
Gy
Rx
AF
Gz
Gx
Subscription Profile Repository
(SPR)
Sp
Offline Charging System (OFCS)
PCEF
Event Triggers (examples) • SGSN_CHANGE (0)
• QOS_CHANGE (1)
• RAT_CHANGE (2)
• TFT_CHANGE (3)
• PLMN_CHANGE (4)
• LOSS_OF_BEARER (5)
• RECOVERY_OF_BEARER (6)
• IP-CAN_CHANGE (7)
• QOS_CHANGE_EXCEEDING_AUTHORIZATION (11)
• RAI_CHANGE (12)
• USER_LOCATION_CHANGE (13)
• OUT_OF_CREDIT (15)
• REALLOCATION_OF_CREDIT (16)
Company Confidential 34
• UE_IP_ADDRESS_ALLOCATE (18)
• UE_IP_ADDRESS_RELEASE (19)
• UE_TIME_ZONE_CHANGE (25)
• USAGE_REPORT (26)
Rx Messages• AAR: sent by an AF to the PCRF in order to provide it
with the Session Information
• AAA: sent by the PCRF to the AF in response to the AAR command
• RAR: (Re Authentication Request): sent by the PCRF to
the AF in order to indicate an Rx specific action
• RAA: sent by the AF to the PCRF in response to the RAR
command
• STR (Session Termination Req): sent by the AF to inform
the PCRF that an established session shall be terminated
• STA: sent by the PCRF to the AF in response to the STR
command.
Company Confidential 35
Rx Messages - AAR• <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
• < Session-Id >
• { Auth-Application-Id }
• { Origin-Host }
• { Origin-Realm }
• { Destination-Realm }
• [ Destination-Host ]
• [ AF-Application-Identifier ]
• *[ Media-Component-Description ]
• [Service-Info-Status ]
• [ AF-Charging-Identifier ]
• [ SIP-Forking-Indication ]
• *[ Specific-Action ]
• *[ Subscription-ID ]
• [ Reservation-Priority ]
• [ Framed-IP-Address ]
• [ Framed-IPv6-Prefix ]
• [ Service-URN ]
• [ Origin-State-Id ]
• *[ Proxy-Info ]
• *[ Route-Record ]
• *[ AVP ]
Company Confidential 36
Rx Messages – Media Component AVP
• Media-Component-Description ::= < AVP Header: 517 >
• { Media-Component-Number } ; Ordinal number of the media comp.
• *[ Media-Sub-Component ] ; Set of flows for one flow identifier
• [ AF-Application-Identifier ]
• [ Media-Type ] ; Video, Audio, Data , applucation, Control, text, message, other
• [ Max-Requested-Bandwidth-UL ]
• [ Max-Requested-Bandwidth-DL ]
• [ Flow-Status ] ; enable DL, enable UL, enable All, Remove All
• [ Reservation-priority ]
• [ RS-Bandwidth ]
• [ RR-Bandwidth ]
• *[ Codec-Data ]
Company Confidential 37
Rx Messages - AAA• <AA-Answer> ::= < Diameter Header: 265, PXY >
• < Session-Id >
• { Auth-Application-Id }
• { Origin-Host }
• { Origin-Realm }
• [ Result-Code ]
• [ Experimental-Result ]
• *[ Access-Network-Charging-Identifier ]
• [ Access-Network-Charging-Address ]
• [Acceptable-Service-Info ]
• [ IP-CAN-Type ]
• [ 3GPP-RAT-Type ]
• [ Error-Message ]
• [ Error-Reporting-Host ]
• *[ Failed-AVP ]
• [ Origin-State-Id ]
• *[ Redirect-Host ]
• [ Redirect-Host-Usage ]
• [ Redirect-Max-Cache-Time ]
• *[ Proxy-Info ]
• *[ AVP ]
Company Confidential 38
Rx Messages - RAR• <RA-Request> ::= < Diameter Header: 258, REQ, PXY >
• < Session-Id >
• { Origin-Host }
• { Origin-Realm }
• { Destination-Realm }
• { Destination-Host }
• { Auth-Application-Id }
• { Specific-Action }
• *[ Access-Network-Charging-Identifier ]
• [ Access-Network-Charging-Address ]
• *[ Flows ]
• *[ Subscription-ID ]
• [ Abort-Cause ]
• [ IP-CAN-Type ]
• [ 3GPP-RAT-Type ]
• [ Origin-State-Id ]
• *[ Proxy-Info ]
• *[ Route-Record ]
• *[ AVP ]
Company Confidential 39
Rx Messages - RAA• <RA-Answer> ::= < Diameter Header: 258, PXY >
• < Session-Id >
• { Origin-Host }
• { Origin-Realm }
• [ Result-Code ]
• [ Experimental-Result ]
• *[ Media-Component-Description ]
• [ Service-URN ]
• [ Origin-State-Id ]
• [ Error-Message ]
• [ Error-Reporting-Host ]
• *[ Failed-AVP ]
• *[ Proxy-Info ]
• *[ AVP ]
40
Specs• Diameter Base Protocol: RFC 3588
• 3GPP TS 23.203: "Policy and charging control
architecture": o http://www.3gpp.org/ftp/Specs/html-info/23203.htm
• 3GPP TS 29.212: “Gx Interface”:o http://www.3gpp.org/ftp/Specs/html-info/29212.htm
• 3GPP TS 29.211: “Rx Interface”:o http://www.3gpp.org/ftp/Specs/html-info/29211.htm
• 3GPP TS 32.29: “Gy interface”
41
Questions?
42
Thank You
43