3). Diameter Protocol Applications
§ The Diameter protocol consists of the Diameter base protocol and Diameter protocol applications in Diameter framework.
§ The applications are extensions of the Diameter base protocol.
Base Protocol
§ Connectivity: Peering and Routing
§ Application support: Application session management
Applications
§ Purpose specific: NASREQ, MIPv4, SIP etc.
§ Identified by Application Id
- Every application MUST have an IANA-assigned application identifier
- Used also for diameter message routing
3-1). EAP application
§ The NASREQ application, with native Extensible Authentication Protocol (EAP), offers secure authentication.
§ The NASREQ application defines the Diameter-EAP-Request (DER) and Diameter-EAP-Answer (DEA) messages that allow the EAP payload to be encapsulated within the Diameter protocol.
§ In the Diameter EAP application the usage of the Extensible Authentication Protocol (EAP) over Diameter between the NAS and Diameter server is described.
§ EAP [RFC 3748] can also be used over the data link layer between the user and the NAS.
§ EAP is an authentication framework that supports multiple authentication mechanisms.
§ The command codes Diameter-EAP-Request (DER) and Diameter-EAP-Answer (DEA) are specified in this application.
§ The user initiates the EAP request and sends it to its NAS. The NAS constructs a DER message and waits for the Server to respond with a DEA message.
3-2). NASREQ application
§ The NASREQ application is the direct replacement of the authentication and authorization part of the RADIUS protocol. This application specifies the interworking between the Diameter and the RADIUS protocol, for backward compatibility.
§ The NASREQ application defines extra commands for authentication.
§ First an Request (
§ The Re-Authentication-Request (RAR) can be used by the server to verify if the user is still using the service. The client sends back a Re-Authentication-Answer (RAA), where after an
§ The session can be terminated by the server or client.
§ The server can send an Abort-Session-Request (ASR) or
§ The client can send a Session-Termination-Request (STR).
§ The accounting is done by the Accounting-Request (ACR) and Accounting-Answer (ACA) messages.
3-3). Diameter – SIP Application
§ The Diameter SIP application [RFC 4740] is designed to be used in conjunction with the SIP protocol [RFC 3261].
§ It provides the functionality of authentication of the user of a SIP request and authorization of SIP resources.
§ The SIP server and Diameter client are co-located in the same node.
§ There is a single Diameter server that stores the user data.
§ The Diameter SL is the Subscriber Locater, which has the responsibility to find the Diameter Server that contains the user-related data.
§ The first SIP server sends a User-Authorization-Request (UAR) to the Diameter server after it receives a SIP register request. From the Diameter server it receives the address of the SIP server 2 that can handle the call.
§ The second SIP server authenticates the user by sending a Multimedia-Authentication-Request (MAR) message to the Diameter server. In the second register request of the SIP server 2, the credentials from the user are included and the user is authenticated by the Diameter server.
§ Because the first SIP server does not need to keep state, the SIP server allocated to the user has to be looked up again.
§ The Server-Assignment-Request (SAR) message can be used to retrieve the user profile from the Diameter Server or update information about the SIP server’s address.
§ The Location-Info-Request (LIR) message is sent to the Diameter server.
§ The Diameter server returns the SIP URI(s) of the SIP server of the recipient.
§ Updating the user profile can be done by sending a Push-Profile-Request (PPR) message to the SIP server.
§ In the request the Diameter server sends the updates user profile, which the SIP server acknowledges.
§ HSS registration: a Diameter application for Cx in 3GPP TS 29.228 (Figure: N/A)
§ Cx operations (information elements) are carried by Diameter protocol (over SCTP)
§ Messages 3 and 4 correspond to Cx-Query + Cx-Select-Pull: for the Diameter command, User-Authorization (UAR/UAA)
§ Messages 6 and 7 correspond to Cx-AuthDataReq: for Multi-media-Authentication (MAR/MAA)
§ Messages 18 and 19 cor-respond to Cx-Put+Cx-Pull: for Server-Assignment (SAR/SAA)
§ In the Diameter SIP application a Registration-Termination-Request (RTR) and answer (RTA) are specified.
§ These messages can be used when the Diameter server wants to terminate the SIP soft state and Diameter user sessions are not maintained.
3-4). DCCA application
§ Diameter Credit control application provides real-time credit-control for different end-user services.
§ The application is only concerned with credit authorization for prepaid subscribers.
§ Some accounting features are already specified at the base protocol, but these are not sufficient for real-time accounting for prepaid subscribers.
§ Two types of events can be seen at the application: session based credit-control and event based credit-control.
§ Price enquiry, user’s balance checks and refund of credit on the user’s account is usually done in one-time events. For these two types of events, there are two different credit authorization models: authorization with money reservation and credit authorization with direct debiting.
§ The money reservation model is session based. A credit-control session always consists of first, possibly intermediate and final interrogations.
§ Credit authorization with direct debiting is a one-time event. The server directly deducts the right amount of money for the request from the user’s account.
§ Two messages are added by this Diameter application: Credit-Control-Request (CCR) and Credit-Control-Answer (CCA).
3-5). Diameter – QoS Application
§ The Diameter Quality of service application provides AAA for quality of service reservations.
§ This means that a reservation request can be authenticated and authorized and that the resources consumed are accounted for.
§ A quality of service request must be made by protocols like the Resource Reservation Protocol (RSVP) [RFC 2750].
§ The network element receiving this request then processes this request and has to perform three different actions: admission control, authorization and resource reservation.
§ The admission control means determining if there are enough resources to fulfill the request.
§ The authorization server is contacted to perform authorization of the request.
§ Then the resources are reserved.
§ The messages added by this application are: QoS-Authorization-Request (QAR), QoS-Authorization-Answer (QAA), QoS-Install-Request (QIR), QoS-Install-Answer (QIA).
§ The first two messages are used for client initiated authorizations requests to the server.
§ The last two messages are used server-side initiated QoS parameter provisioning, which means that the server is able to update installed QoS parameters.
3-6). Diameter - DHCPv6 application
§ The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) application provides an establishment of a Security Association between the HAAA and the DHCP server with Diameter.
§ More details on DHCPv6 are given in [RFC 3315].
§ There are four messages specified in this application:
§ AAA-DHCP-Request (ADR), AAA-DHCP-Answer (
3-7). 3GPP applications
§ In IMS, several interfaces are specified that use the Diameter protocol.
§ The interfaces are defined as a Diameter application where the vendor is 3GPP.
Diameter 3GPP Reference:
§ TS 29.230: Diameter applications; 3GPP specific codes and identifiers
§ TS 29.909: Diameter-based protocols usage and recommendations in 3GPP
§ TS 29.305 / 29.805: IWF - between MAP based and Diameter based interfaces
§ TS 29.228: IMS Cx and Dx interfaces; Signalling flows and message contents
§ TS 29.229: IMS Cx and Dx interfaces based on the DIAMETER protocol; protocol details
§ TS 29.438: USPF/SLF - Signalling flows and protocol details [3GPP TS 29.228 and 29.229 modified – Cx/Dx Interfaces]
§ TS 29.328: IMS Sh interface; Signalling flows and message contents
§ TS 29.329: Sh interface based on DIAMETER protocol; protocol details
§ TS 29.272: EPS-MME & SGSN related interfaces with HSS & EIR based on Diameter protocol (S
§ TS 29.061: supporting packet based services and Packet Data Networks (PDN) Gi/SGi and Gmb + Mz (via Diameter)
§ TS 29.109: Generic Authentication Architecture (GAA); Zh, Zn and Zpn Interfaces based on the Diameter
§ TS 29.140: MMS - MM10 (MSCF) interface based on Diameter protocol
§ TS 29.209: (PDF) Policy control over Gq interface (via Diameter)
§ TS 29.210 & 212: (PCC) PCRF --- PCEF via Gx
§ TS 29.211 & 214: (PCC) PCRF --- AF (P-CSCF) via Rx or Rx over Gx
§ TS 29.212: (PCC) PCRF --- BBERF via Gxx
§ TS 29.215: (PCC) H-PCRF --- V-PCRF via S9
§ TS 29.234: (WLAN AAA) Wa: WLAN-AN --- AAA-S/P; Wd: AAA-S --- AAA-P; Wx: AAA-S ---- HSS; Dw: AAA-S --- SLF; Wm: AAA-S --- PDG; Wg: AAA-S/P --- WAG; Pr: AAA-S --- PNA
§ TS 29.273: (LTE EPS WLAN AAA) SWa: Untrusted non-3GPP WLAN-AN --- AAA-S/P; STa: Trusted non-3GPP WLAN-AN --- AAA-S/P; SWd: AAA-S --- AAA-P; SWx: AAA-S ---- HSS; SWm: AAA-S --- ePDG; S6b: AAA-S/P --- PDG; H2: AAA-S --- HA
§ TS 32.240: Charging management; Charging architecture and principles (Rf/Ro)
§ TS 32.260: Charging management; IP Multimedia Subsystem (IMS) charging (Rf/Ro)
§ TS 32.296: Charging management; Online Charging System --- Rating Function (Re)
§ TS 32.299: Charging management; Diameter charging applications (Rf/Ro)
沒有留言:
張貼留言