DIAMETER PROTOCOL

ASRI WULANDARI ST MT
EVOLUTION OF SIGNALLING
 What Is Diameter??
• Diameter is an authentication, authorization, and
accounting protocol for computer networks. It
evolved from and replaces the much less
capable RADIUS protocol that preceded it. It
belongs to the application layer protocols in
the internet protocol suite.
• Diameter Applications extend the base protocol
by adding new commands and/or attributes, such
as those for use with the Extensible
Authentication Protocol (EAP)
 Diameter Protocol

The Diameter stack follows the protocol’s layered architecture and has
a Diameter Base engine which runs over any reliable transport (TCP,
TLS, SCTP, IPSec). All the specific IMS Diameter applications plug in as
separate modules above it
 Comparison with Radius
The name is a play on words, derived from the RADIUS protocol,
which is the predecessor (a diameter is twice the radius).
Diameter is not directly backwards compatible but provides an
upgrade path for RADIUS. The main features provided by
Diameter but lacking in RADIUS are:
• Support for SCTP
• Capability negotiation
• Application layer acknowledgements, Diameter
defines failover methods and state machines (RFC 3539)
• Extensibility; new commands can be defined
• Aligned on 32 bit boundaries
Backward compatibility is a property of a system, product, or technology that allows
for interoperability with an older legacy system, or with input designed for such a system, especially
in telecommunications and computing
failover is switching to a redundant or standby computer server, system, hardware component or
network upon the failure or abnormal termination of the previously active application,[1] server,
system, hardware component, or network.
 RADIUS
• Remote Authentication Dial-In User Service (RADIUS)
is a networking protocol that provides centralized
Authentication, Authorization, and Accounting (AAA or
Triple A) management for users who connect and use a
network service. RADIUS was developed by Livingston
Enterprises, Inc. in 1991 as an access server
authentication and accounting protocol and later
brought into the Internet Engineering Task Force (IETF)
standards.
 • Because of the broad support and the ubiquitous nature of
the RADIUS protocol, it is often used by Internet service
providers (ISPs) and enterprises to manage access to
the Internetor internal networks, wireless networks, and
integrated e-mail services. These networks may
incorporate modems, digital subscriber line (DSL), access
points, virtual private networks (VPNs), network ports, web
servers, etc
• RADIUS is a client/server protocol that runs in the application
layer, and can use either TCPor UDP as transport. Network
access servers, the gateways that control access to a network,
usually contain a RADIUS client component that
communicates with the RADIUS server.[3] RADIUS is often
the back-end of choice for 802.1X authentication as well
 Characteristic of Diameter
• It is intended to work in both local and roaming AAA
situations.
• It uses TCP or SCTP and not UDP. It uses transport level
security (IPSEC or TLS).
• It has 32 bit instead of 8 bit identifiers.
• It supports application layer acknowledgment and defines
failover. It offers better roaming support. It uses AVPs.
• Diameter allows defining new commands and attributes.
It is easy to extend
• DIAMETER base protocol must be used in conjunction
with DIAMETER applications (also called DIAMETER
interfaces) which complement the base protocol
functionality.
 Diameter Application
A Diameter Application is not a software application but is
a protocol based on the Diameter base protocol defined in RFC
6733(Obsoletes: RFC 3588). Each application is defined by an
application identifier and can add new command codes and/or
new mandatory AVPs (Attribute-Value Pair). Adding a new optional
AVP does not require a new application.
DIAMETER applications are used in mobile environments within
different architectures, including :
• EPS (Evolved Packet System),
• IMS (IP Multimedia Subsystem),
• PCC (Policy and Charging Control),
• GAA/GBA (Generic Authentication Architecture / Generic
Bootstrapping Architecture) and
• M2M (Machine to Machine).
 Architecture of DIAMETER
The DIAMETER architecture consists of a number of entities :
• Diameter Node: A host process that implements the Diameter
protocol.
• Diameter Peer: A diameter node that has a direct transport
connection with another diameter node.
• Client : A Diameter Client is a device at the edge of the network
that performs access control. Examples of Diameter clients are
MME (Mobility Management Entity), PCEF (Policy and Charging
Enforcement Function) in EPS architecture.
• Server : A Diameter Server is one that handles authentication,
authorization, and accounting requests for a particular realm.
Example of Diameter server is HSS (Home Subscriber Server) and
PCRF (Policy and Charging Rules Function) in EPS architecture.
• Agent : A Diameter Agent is a Diameter node that provides relay,
proxy, redirect or translation services.
IETF Defined Agents
Diameter Basics
Diameter Protocol
Diameter Message Format

A Diameter message consists of a fixed-length 20-octet header

followed by a variable number of AVPs (Attributed Value Pair).
• The Version field indicates the Diameter protocol version and is
set to 1 for now.
• The Command flags field specifies 4 flags for now:
- R flag (stands for Request) shows whether the message is a
request or response.
- P flag (stands for Proxiable) shows if the message can be
proxied, relayed or redirected or it must be locally processed.
- E flag (stands for Error) to show if the message contains
protocol or semantic errors. When a request message
generates a protocol error an answer message is sent back
with the ‘‘E’’ bit set in the Diameter header, indicating a
protocol error.
- T flag to show that a message can potentially be a
retransmitted message after a link fail-over or is used to aid
removal of duplicate messages.
- r : these flag bits are reserved for future use, and must be
set to zero, and ignored by the receiver.
• The command code value indicates the command associated with
the message, such as “credit -control-request ” or “accounting-
request”, and so on. Every Diameter message must contain a
command code so that the receiver can determine what action it
needs to take for each message. The command code is the same of
the request and its corresponding answer.
• Application ID identifies the specific application the message is used
for, such as S6a/S6d between MME and HSS, Gx between PCEF and
PCR, etc.
• Hop-by-hop identifier field carries an identifier that is used to match
request and responses over that hop. The sender of the request must
ensure that the identifier is unique over the connection on that hop
at any given time. The sender of a response must ensure that the
identifier value is the same as that in the corresponding request. . The
Hop-by-Hop identifier is normally a monotonically increasing number,
whose start value was randomly generated. An answer message that
is received with an unknown Hop-by-Hop Identifier must be
discarded. Hop-by-Hop identifier allows a Diameter response to
follow the same route as the corresponding Diameter request.
• End-to-end identifier is an identifier used to detect duplicate
messages. The identifier in a response message must match
the identifier in the corresponding request message. The
identifier must remain locally unique for at least 4 minutes.
This identifier and the Origin- Host AVP are used together to
detect message duplicates. Note duplicate request could
cause duplicate responses but the duplications must not affect
any states that were Cre ated by the original request
LTE NETWORK OVERVIEW
2G 3G TO LTE : REALITY AND LEGACY

SG
Comparing the SS7 and Diameter
Protocol Stacks
Comparing the SS7, Sigtran SS7 and
Diameter Protocol Stacks
Mapping of SS7 to IP Protocols
Implementation Diameter in 4G LTE
Sigtran SS7 Sigtran
SS7
Diameter in EPC/IMS
Diameter in EPC/IMS
Need of Diameter Agents
Diameter Agents Solution