OutlineWhatisDiameterDiameterBaseProtocolSLgintroduction1WhatisDiameterDiameterisanAAA(Authentication,AuthorizationandAccounting)protocolinanIPnetwork.Diameterisanapplication-layersignalingprotocol.DiameterwasderivedfromtheRADIUSwithalotofimprovementsDiameterApplicationsextendthebaseprotocolbyaddingnewcommandsand/orattributes2ThenextgenerationAAAprotocolExtractstheessenceoftheAAAprotocolfromRADIUSDefinesasetofmessagesthataregeneralenoughtobethecoreoftheDiameterBaseprotocol.VariousapplicationsthatrequireAAAfunctionscandefinetheirownextensionsontopoftheDiameterbaseprotocol,3AAAinBaseProtocolAuthenticationandAuthorizationBecauseauthenticationandauthorizationmechanismsvaryamongapplications,theDiameterbaseprotocoldoesn'tdefinecommandcodesandAVPsspecifictoauthenticationandauthorizationAccountingthebehaviorandmessagetobeexchangedforaccountingisclearlydefined4DiameterBasicFunctionalityBaseProtocolBasicsupport:ConnectionandRoutingApplicationsupport:ApplicationsessionmanagementDiameterApplicationsDiameterMobileIPv4Application(MobileIP,RFC4004)DiameterNetworkAccessServerApplication(NASREQ,RFC4005)DiameterExtensibleAuthenticationProtocolApplication(RFC4072)DiameterCredit-ControlApplication(DCCA,RFC4006)DiameterSessionInitiationProtocolApplication(RFC4740)Variousapplicationsinthe3GPPIPMultimediaSubsystemNASApplicationCredit

ControlApplicationSIPApplicationBaseProtocolMIPApplicationSlgApplication5DiameterBasicFunctionalityDiameterClientApplicationDiameterServerApplicationTCP/SCTPRouting

ManagementConnection

ManagementConnection

ManagementDiameterClientNodeBase

ProtocolBase

ProtocolDiameterServerNodeSession

ManagementRoutingManagementSession

Management6DiameterMessage7BaseprotocolmessagesMessagenameAbbreviationCommandcodeAbort-Session-RequestASR274Abort-Session-AnswerASA274Accounting-RequestACR271Accounting-AnswerACA271Capabilities-Exchanging-RequestCER257Capabilities-Exchanging-AnswerCEA257Device-Watchdog-RequestDWR280Device-Watchdog-AnswerDWA280Disconnect-Peer-RequestDPR282Disconnect-Peer-AnswerDPA282Re-Auth-RequestRAR258Re-Auth-AnswerRAA258Session-Termination-RequestSTR275Session-Termination-AnswerSTA2758Attribute-ValuePairs(AVP)Command-NameAbbr.CodeAA-AnswerAAA265AA-RequestAAR265Abort-Session-AnswerASA274Abort-Session-RequestASR274Accounting-AnswerACA271Accounting-RequestACR271Bootstrapping-Info-AnswerBIA310Bootstrapping-Info-RequestBIR310Capabilities-Exchange-AnswerCEA257Capabilities-Exchange-RequestCER257Device-Watchdog-AnswerDWA280Device-Watchdog-RequestDWR280Diameter-EAP-AnswerDEA268Diameter-EAP-RequestDER268Disconnect-Peer-AnswerDPA282Disconnect-Peer-RequestDPR282Location-Info-AnswerLIA302Location-Info-RequestLIR302…..…9DiameterBaseProtocolBaseprotocolprovidesthefollowingfacilities:ConnectionmanagementRoutingmanagementSessionmanagementTCP/SCTPRoutingManagementConnectionManagementConnectionManagementBaseProtocolBaseProtocolSessionManagementRoutingManagementSessionManagement10ConnectionManagementPeerDiscoveryStaticconfiguration:mandatorySLPv2andDNS:optionalTransportProtocols:SCTPand(or)TCPSecurity:TLSandIPSecCapabilitiesnegotiationPeerIdentitySecurityschemesSupportedApplicationUseofCapabilities-Exchange(CER/CEA)messagesPeerlivenessanddisconnectionUseofDisconnect-Peerexchange(DPR/DPA)UseofDevice-Watchdogexchange(DWR/DWA)11RoutingManagementTypesofDiameterNodesRequestRoutingAnswerRoutingLoopDetectionFailover-FailbackProcedureDuplicateDetection12TypesofDiameterNodesDiameterClientsandSeversRequestandAnswerOriginatorsAdvertisessupportedapplicationsonlyDiameterAgentsRequestandAnswerForwardersAddsroutinginformationtothemessage3TypesofAgents13TypesofDiameterAgentsRelayAgentsProvidesbasicmessageforwardingDoesnotinspectcontentofthemessageotherthanDestination-Hostand/orRealmandAppIdsAdvertisessupportallapplicationsProxyAgentsInspectsandpossiblymodifiescontentsoftherequestoransweritisforwarding.Usefulinscenariossuchaspolicyenforcement,admissioncontrol,provisioningetcExamples:Translationagents,RADIUS<->DIAMETERRe-DirectAgentsDoesnotforwardmessagesbutnotifiestheprevioushopofthenewnext-hoptouseAdvertisessupportallapplications14DiameterAgentOverviewRedirectAgentClient1.Request2.Request3.RedirectNotification4.Request5.Answer6.AnswerrealmA.comrealmB.comRelay/ProxyAgentServerRequest/AnswerPath:NormalRelayorProxy:1,4,5,6Re-directedAgent:1,2,3,4,5,615RequestRoutingInformationusedforrouting:Application-Id:presentisintheheaderDestination-HostORDestination-RealmAVPRoutingrules:Iflocalidentity==Destination-HostAVPthenprocesslocally,otherwiseIfpeeridentity==Destination-HostAVPthensendthatpeer,otherwiseLookuprealmtablewithDestination-RealmandAppIdIffoundsendtothedesignatednext-hopOtherwise,sendanUNABLE_TO_DELIVERanswerUseofRequestQueueSuccessfullyforwardedrequestarequeued16AnswerRoutingInformationusedforroutingHop-by-HopIdisusedinsteadofDestination-HostorDestination-RealmAVPHop-by-HopIdisuniquewithineachhopAnswerroutingpathisthereverseoftherequestpathRoutingRules:Foransweroriginators:UsethesameHop-by-HopIdfoundintherequestForanswerforwarders:LookupHop-by-HopIdinrequestqueueIffound,forwardanswertoappropriatepeerandremoverequestfromthequeueOtherwise,discard17LoopDetectionRecordingtheRoutingPathForwardingagentsaddRoute-RecordAVPsDetectionLocalhostidentitymustnotbepresentintheRoute-RecordAVPSendLOOP_DETECTEDanswer18Failover-FailbackProcedureFailover:Attempttore-routependingrequesttoanalternatepeerincaseoftransportfailure‘T’bitissetforre-routedrequestsFailback:Switchbacktotheoriginalnexthopwhenconnectionisre-establishedClientRelayRelayServer1.Request4.Answer2.RequestT-bitset3.RequestT-bitset4.Answer5.Answer2.Request3.AnswerRequestQueueRequestQueueRequestQueue19DuplicateDetectionDuplicatescanoccurDuetoFailoverNodesre-sendingun-answeredrequests:DuetorebootDetectionEnd-to-EndIdisuniqueforanodeRe-sentrequestmusthaveT-flagsetTherefore,useT-flagasahintforpossibleduplication,thenUseEnd-to-EndIdandOrigin-HostAVPtodetectduplicationDuplicaterequestSHOULDcausethesameanswertobesentOtherConsiderationsUseofSession-IdforduplicatedetectioninaccountingrecordsTimeneededtowaitforduplicatemessages20SessionManagementDiameterSessions-definitionsSessiontypesandstatefulnessAuthenticationandAuthorizationSessionsAccountingSessions21DiameterSession

definitionsWhatisasession?AsessionisarelatedprogressionofeventsdevotedtoaparticularactivityApplicationsprovideguidelinesastowhenasessionbeginsandendsSessionsareidentifiedbySession-IdGloballyandeternallyunique22SessiontypesandstatefulnessTwotypesofsessionsbyusageAuthorizationsessionisusedforauthenticationand/orauthorizationAccountingsessionisusedforaccountingAsessioncanbestatefulorstatelessDependingonwhethertheapplicationrequiresthesessiontobemaintainedforacertaindurationStatefulsessionsnormallyspansmultiplemessageexchanges23Authentication&AuthorizationSessionsAuth-Session-StateAVPindicatesstatefulnessForstatefulsessionSessionteardownusesBaseProtocolmessagesASR/ASAandSTR/STASupportforServer-InitiatedRe-AuthUsesBaseProtocolmessageRAR/RAAAuthorizationSessionStateMachines:CLIENT/STATELESSCLIENT/STATEFULSERVER/STATELESSSERVER/STATEFUL24AccountingSessionsUsesBaseProtocolmessagesACR/ACAAccountingSessionStateMachines:CLIENTSERVER/STATELESSSERVER/STATEFUL25P-LRFuseSLginterfaceTheP-LRFshallsupporttheSLginterfaceasspecified3GPPTS29.172v9.4.0EPCLCSProtocol(ELP)usedontheSLginterfacebetweentheGMLCandtheMMEintheEvolvedPacketCore(EPC)ELPprotocolisdefinedasaVendorSpecificdiameterapplication(SLgapplication)Reusethebasicmechanismsdefinedbythediameterbaseprotocol,anddefineanumberofadditionalcommandsandAVPstoimplementtheSLgspecificprocedures.

26SLginterfaceintheLCSArchitectureUEeNBMMEGMLCServingGatewayPDNGatewayPSAPLRFSLgE-SMLCIMSHSS27ELPUseDiameterbaseprotocolTransportprotocol:diametermessagesovertheSLginterfaceshallmakeuseofSCTPRoutingAccountingfunctionality:shallnotbeusedontheSLginterfaceSessions:BetweentheMMEandtheGMLC,Diametersessionsshallbeimplicitlyterminated.28ELPProceduresTheELPprocedures,betweentheGMLCandtheMME,areusedtoexchangemessagesrelatedtolocationservicesovertheSLginterface.TheELPcanbedividedintothefollowingsub-procedures.ProvideSubscriberLocationSubscriberLocationReport29ProvideSubscriberLocationTheProvideSubscriberLocationoperationisusedbyaGMLCtorequestthelocationofatargetUEfromtheMMEThisprocedureismappedtothecommandsProvide-Location-Request/AnswerintheDiameterapplication30SubscriberLocationReportTheSubscriberLocationReportoperationisusedbyanMMEtoprovidethelocationofatargetUEtoaGMLCThisprocedureismappedtothecommandsLocation-Report-Request/AnswerintheDiameterapplication31Command-NameAbbreviationCodeProvide-Location-RequestPLR8388620Provide-Location-AnswerPLA8388620Location-Report-RequestLRR8388621Location-Report-AnswerLRA838862132Provide-Location-Request(PLR)<Provide-Location-Request>::= <DiameterHeader:8388620,REQ,PXY,16777255><Session-Id>[Vendor-Specific-Application-Id]{Auth-Session-State}{Origin-Host}{Origin-Realm}{Destination-Host}{Destination-Realm}{Location-Type}[User-Name][MSISDN][IMEI]{LCS-EPS-Client-Name}{LCS-Client-Type}[LCS-Requestor-Name][LCS-Priority][LCS-QoS][Velocity-Requested][Supported-GAD-Shapes][LCS-Service-Type-ID][LCS-Codeword][LCS-Privacy-Check-Non-Session][LCS-Privacy-Check-Session][Service-Selection]*[Supported-Features]*[AVP