DIAMETER

Description

Glossary

RFCs

Publications

Obsolete RFCs

Description:
Protocol suite: TCP/IP.
Protocol type: Application layer protocol.
Port: 3868 (SCTP, TCP).
URI: aaa:, aaas:
MIME subtype:
SNMP MIBs:
Working groups: aaa, Authentication, Authorization and Accounting.
dime, Diameter Maintanence and Extensions.
Links: diameter.org
IANA: AAA AVPs.
RFC 3588:
The Diameter base protocol is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications
such as network access or IP mobility. Diameter is also intended to work in both local Authentication, Authorization & Accounting and
roaming situations. This document specifies the message format, transport, error reporting, accounting and security services to be used by
all Diameter applications. The Diameter base application needs to be supported by all Diameter implementations.
The Diameter protocol consists of the Diameter header followed by one or more AVP structures.
MAC header IP header SCTP | TCP header Diameter header Data :::
Diameter header:

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Version

Message length

Flags

Code
Application ID
Hop by Hop ID
End to End ID
AVP[] :::

Version. 8 bits.
Diameter protocol version.
Message length. 24 bits.
Size of the Diameter message including the header fields.
Flags. 8 bits.
00 01 02 03 04 05 06 07
R P E T

reserved

R, Request. 1 bit.
If set, the message is a request. Otherwise the message is an answer.
P, Proxiable. 1 bit.
If set, the message MAY be proxied, relayed or redirected. Otherwise the message MUST be locally processed.
E, Error. 1 bit.
If set, the message contains a protocol error, and the message will not conform to the ABNF described for this command. Messages
with this bit set are commonly referred to as error messages. This bit MUST NOT be set in request messages.
T, Potentially retransmitted message. 1 bit.
This flag is set after a link failover procedure, to aid the removal of duplicate requests. It is set when resending requests not yet
acknowledged, as an indication of a possible duplicate due to a link failure. This bit MUST be cleared when sending a request for the
first time, otherwise the sender MUST set this flag. Diameter agents only need to be concerned about the number of requests they send

based on a single received request. Retransmissions by other entities do not need to be tracked. Diameter agents that receive a request
with the T flag set, MUST keep the T flag set in the forwarded request. This flag MUST NOT be set if an error answer message (e.g., a
protocol error) has been received for the earlier message. It can be set only in cases where no answer has been received from the server
for a request and the request is sent again. This flag MUST NOT be set in answer messages.
reserved. 4 bits.
Must be cleared to zero.
Code. 24 bits.
Code
0
255
256

Description

References

Radius command codes.

257

CER; CEA.

258

RAR, Re-Auth-Request; RAA, Re-Auth-Answer.

RFC 4005

259
260

AMR, AA-Mobile-Node-Request; AMA, AA-Mobile-Node-Answer.

RFC 4004

HAR, Home-Agent-MIP-Request; HAA, Home-Agent-MIP-Answer.

RFC 4004

AAR, AA-Request; AAA, AA-Answer.

RFC 4005

DER, Diameter-EAP-Request; DEA, Diameter-EAP-Answer.

RFC 4072

ACR, Accounting-Request; ACA, Accounting-Answer.

CCR, Credit-Control-Request; CCA, Credit-Control-Answer.

RFC 4005
RFC 4006

261
262
263
264
265
266
267
268
269
270
271
272

273
274

ASR, Abort-Session-Request; ASA, Abort-Session-Answer.

RFC 4005

275

STR, Session-Termination-Request; STA, Session-Termination-Answer.

RFC 4005

280

DWR; DWA.

RFC 3588

281
282

DPR; DPA.

RFC 3588

283

UAR; UAA.

RFC 4740

284

SAR; SAA.

RFC 4740

285
286

LIR; LIA.
MAR; MAA.

RFC 4740
RFC 4740

287

RTR; RTA.

RFC 4740

288
289
299

PPR; PPA.

RFC 4740

276
279

301
313
314
315
316
317

PDR.
PDA.
PIR, Policy-Install-Request.
PIA, Policy-Install-Answer.
ULR, 3GPP-Update-Location-Request.
ULA, 3GPP-Update-Location-Answer.
CLR, 3GPP-Cancel-Location-Request.
CLA, 3GPP-Cancel-Location-Answer.

RFC 5224
RFC 5431
RFC 5516
RFC 5516

16777215 Experimental code.

RFC 3588

Application ID. 32 bits.

Used to identify to which application the message is applicable for. The application can be an authentication application, an accounting application or a
vendor specific application. The application ID in the header MUST be the same as what is contained in any relevant AVPs contained in the message.
Hop by Hop ID. 32 bits, unsigned.
This field aids in matching requests and replies. The sender MUST ensure that the identifier in a request is unique on a given connection at any given
time, and MAY attempt to ensure that the number is unique across reboots. The sender of an Answer message MUST ensure that this field contains
the same value that was found in the corresponding request. The identifier is normally a monotonically increasing number, whose start value was
randomly generated. An answer message that is received with an unknown identifier MUST be discarded.
End to End ID. 32 bits, unsigned.
This field is used to detect duplicate messages. Upon reboot implementations MAY set the high order 12 bits to contain the low order 12 bits of
current time, and the low order 20 bits to a random value. Senders of request messages MUST insert a unique identifier on each message. The
identifier MUST remain locally unique for a period of at least 4 minutes, even across reboots. The originator of an Answer message MUST ensure that
the field contains the same value that was found in the corresponding request. This field MUST NOT be modified by Diameter agents of any kind. The
combination of the Origin-Host and this field is used to detect duplicates. Duplicate requests SHOULD cause the same answer to be transmitted
(modulo the Hop by Hop ID field and any routing AVPs that may be present), and MUST NOT affect any state that was set when the original request
was processed. Duplicate answer messages that are to be locally consumed SHOULD be silently discarded.
AVP, Attribute Value Pair.
A structure used to encapsulate protocol specific data as well as authentication, authorization and accounting information.
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
AVP code
AVP flags

AVP length
Vendor ID
Data :::

AVP code. 32 bits.

When combined with the Vendor ID the attribute is uniquely identified. AVP numbers 1 through 255 are reserved for backward compatibility with
RADIUS, without setting the Vendor ID field. AVP numbers 256 and above are used for Diameter, which are allocated by IANA.

Code
1
255
256
257

Description

References

Radius attributes.

Host-IP-Address.

RFC 3588

258
259
260

Auth-Application-Id.
Acct-Application-Id.
Vendor-Specific-Application-Id.

RFC 3588
RFC 3588
RFC 3588

261
262
263

Redirect-Host-Usage.
Redirect-Max-Cache-Time.
Session-Id.

RFC 3588
RFC 3588
RFC 3588

264
265

Origin-Host.
Supported-Vendor-Id.

RFC 3588

266
267
268

Vendor-Id.
Firmware-Version.
Result-Code.

269
270
271

Product-Name.
Session-Binding.
Session-Server-Failover.

272
273
274

Multi-Round-Time-Out.
Disconnect-Cause.
Auth-Request-Type.

275
276
277

Auth-Grace-Period.
Auth-Session-State.

278
279

Origin-State-Id.
Failed-AVP.

280

Proxy-Host.

281
282
283

Error-Message.
Route-Record.
Destination-Realm.

284
285
286

Proxy-Info.
Re-Auth-Request-Type.

287
288
290

Accounting-Sub-Session-Id.

291
292

Authorization-Lifetime.
Redirect-Host.

293
294
295

Destination-Host.
Error-Reporting-Host.
Termination-Cause.

296
297
298

Origin-Realm.
Experimental-Result.
Experimental-Result-Code.

299
300
301
317
318
319

Inband-Security-Id.
E2E-Sequence.

MIP-FA-to-HA-SPI.
MIP-FA-to-MN-SPI.

RFC 4004
RFC 4004

320
321
322

MIP-Reg-Request.
MIP-Reg-Reply.
MIP-MN-AAA-Auth.

RFC 4004
RFC 4004
RFC 4004

323

MIP-HA-to-FA-SPI.

RFC 4004

RFC 3588

RFC 4005

324
325

MIP-MN-to-FA-MSA.

RFC 4004

326
327
328

MIP-FA-to-MN-MSA.

RFC 4004

MIP-FA-to-HA-MSA.

RFC 4004

329
330

MIP-HA-to-FA-MSA.

RFC 4004

331
332
333

MIP-MN-to-HA-MSA.
MIP-HA-to-MN-MSA.
MIP-Mobile-Node-Address.

RFC 4004
RFC 4004
RFC 4004

334
335
336
337
338

MIP-Home-Agent-Address.
MIP-Nonce.
MIP-Candidate-Home-Agent-Host.
MIP-Feature-Vector.
MIP-Auth-Input-Data-Length.

RFC 4004
RFC 4004
RFC 4004
RFC 4004
RFC 4004

339
340
341
342
343

MIP-Authenticator-Length.
MIP-Authenticator-Offset.
MIP-MN-AAA-SPI.
MIP-Filter-Rule.
MIP-Session-Key.

RFC 4004
RFC 4004
RFC 4004
RFC 4004
RFC 4004

344
345
346
347
348
349
362
363

MIP-FA-Challenge.
MIP-Algorithm-Type.
MIP-Replay-Mode.
MIP-Originating-Foreign-AAA.
MIP-Home-Agent-Host.

RFC 4004
RFC 4004
RFC 4004
RFC 4004
RFC 4004

Accounting-Input-Octets.

RFC 4005

364
365
366
367

Accounting-Output-Octets.
Accounting-Input-Packets.
Accounting-Output-Packets.
MIP-MSA-Lifetime.

RFC 4005
RFC 4005
RFC 4005
RFC 4004

368
369
370
371
372
373

SIP-Accounting-Information.
SIP-Accounting-Server-URI.
SIP-Credit-Control-Server-URI.
SIP-Server-URI.
SIP-Server-Capabilities.
SIP-Mandatory-Capability.

RFC4740
RFC4740
RFC4740
RFC4740
RFC4740
RFC4740

374
375
376
377
378
379

SIP-Optional-Capability.
SIP-Server-Assignment-Type.
SIP-Auth-Data-Item.
SIP-Authentication-Scheme.
SIP-Item-Number.
SIP-Authenticate.

RFC4740
RFC4740
RFC4740
RFC4740
RFC4740
RFC4740

380
381
382
383
384

SIP-Authorization.
SIP-Authentication-Info.
SIP-Number-Auth-Items.
SIP-Deregistration-Reason.
SIP-Reason-Code.

RFC4740
RFC4740
RFC4740
RFC4740
RFC4740

385
386
387
388
389
390

SIP-Reason-Info.
SIP-Visited-Network-Id.
SIP-User-Authorization-Type.
SIP-Supported-User-Data-Type.
SIP-User-Data.
SIP-User-Data-Type.

RFC4740
RFC4740
RFC4740
RFC4740
RFC4740
RFC4740

391
392

SIP-User-Data-Contents.
SIP-User-Data-Already-Available.

RFC4740
RFC4740

393

SIP-Method.

RFC4740

394
399
400
401
402
403

NAS-Filter-Rule.
Tunneling.
CHAP-Auth.
CHAP-Algorithm.

RFC 4005
RFC 4005
RFC 4005
RFC 4005

CHAP-Ident.
CHAP-Response.
Acounting-Auth-Method.
QoS-Filter-Rule.
Origin-AAA-Protocol.

RFC 4005
RFC 4005
RFC 4005
RFC 4005
RFC 4005

410
411
412
413
414
415

CC-Correlation-Id.
CC-Input-Octets.
CC-Money.
CC-Output-Octets.
CC-Request-Number.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

416
417
418
419
420

CC-Request-Type.
CC-Service-Specific-Units.
CC-Session-Failover.
CC-Sub-Session-Id.
CC-Time.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

421
422
423

CC-Total-Octets.
Check-Balance-Result.
Cost-Information.

RFC 4006
RFC 4006
RFC 4006

404
405
406
407
408
409

424
425

Cost-Unit.
Currency-Code.

RFC 4006
RFC 4006

426
427
428
429
430

Credit-Control.
Credit-Control-Failure-Handling.
Direct-Debiting-Failure-Handling.
Exponent.
Final-Unit-Indication.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

431
432
433
434
435
436

Granted-Service-Unit.
Rating-Group.
Redirect-Address-Type.
Redirect-Server.
Redirect-Server-Address.
Requested-Action.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

437
438
439
440
441
442

Requested-Service-Unit.
Restriction-Filter-Rule.
Service-Identifier.
Service-Parameter-Info.
Service-Parameter-Type.
Service-Parameter-Value.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

443
444
445
446
447

Subscription-Id.
Subscription-Id-Data.
Unit-Value.
Used-Service-Unit.
Value-Digits.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

448
449
450
451
452

Validity-Time.
Final-Unit-Action.
Subscription-Id-Type.
Tariff-Time-Change.
Tariff-Change-Usage.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

453

G-S-U-Pool-Identifier.

RFC 4006

454

CC-Unit-Type.

RFC 4006

455
456
457
458
459
460

Multiple-Services-Indicator.
Multiple-Services-Credit-Control.
G-S-U-Pool-Reference.
User-Equipment-Info.
User-Equipment-Info-Type.
User-Equipment-Info-Value.

RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006
RFC 4006

461
462
463
464
465

Service-Context-Id.
EAP-Payload.
EAP-Reissued-Payload.
EAP-Master-Session-Key.
Accounting-EAP-Auth-Method.

RFC 4006
RFC 4072
RFC 4072
RFC 4072
RFC 4072

466
479
480

Accounting-Record-Type.

RFC 3588

481
482
483
484
485

Accounting-Realtime-Required.

RFC 3588

Accounting-Record-Number.

RFC 3588

486
487
488
489

MIP6-Agent-Info.
MIP-Careof-Address.
MIP-Authenticator.
MIP-MAC-Mobility-Data.

RFC 5447
RFC 5778
RFC 5778
RFC 5778

581

0xFFFFFF
AVP flags. 8 bits.
00 01 02 03 04 05 06 07
V M P

reserved

V, Vendor specific. 1 bit.

If set, the Vendor ID field is present.
M, Mandatory. 1 bit.
If set, support of this AVP is required.
P. 1 bit.
If set, encryption for end to end security is needed.
reserved. 5 bits.
Must be cleared to zero.
AVP length. 24 bits.
Total size of the AVP header and data in bytes.
Vendor ID. 32 bits.
This field is present if the V bit is set in the AVP Flags field. This field contains the IANA assigned "SMI Network Management Private Enterprise
Codes" value, encoded in network byte order. Any vendor wishing to implement a vendor-specific Diameter AVP MUST use their own Vendor ID
along with their privately managed AVP address space, guaranteeing that they will not collide with any other vendor's vendor-specific AVP(s), nor
with future IETF applications. A value of zero corresponds to the IETF adopted AVP values, as managed by the IANA. Since the absence of this
field implies that the AVP in question is not vendor specific, implementations MUST NOT use the zero value.
Application ID.
ID
0

Description
Diameter common message.

References
RFC 3588

16777256 ITU-T Rw.

RFC 5431

Glossary:
Diameter Agent.
A Diameter node that provides either relay, proxy, redirect or translation services.
Diameter Client.
A device at the edge of the network that performs access control. An example of a Diameter client is a Network Access Server (NAS) or a Foreign
Agent (FA).
Diameter Node.
A host process that implements the Diameter protocol, and acts either as a Client, Agent or Server.
Diameter Peer.
A Diameter Node to which a given Diameter Node has a direct transport connection.
Diameter Security Exchange.
A process through which two Diameter nodes establish end-to-end security.
Diameter Server.
A Diameter Server is one that handles authentication, authorization and accounting requests for a particular realm. By its very nature, a Diameter
Server MUST support Diameter applications in addition to the base protocol.
Home Realm.
The administrative domain with which the user maintains an account relationship.
Local Realm.
The administrative domain providing services to a user. An administrative domain MAY act as a local realm for certain users, while being a home
realm for others.
NAI, Network Access Identifier.
Used to extract the identity and realm of a user. The identity is used to recognize the user during authentication and/or authorization, while the realm is
used for message routing purposes.

Realm.
The string in the NAI that immediately follows the '@' character. NAI realm names are required to be unique, and are piggybacked on the
administration of the DNS namespace. Diameter makes use of the realm, also loosely referred to as domain, to determine whether messages can be
satisfied locally, or whether they must be routed or redirected. In RADIUS, realm names are not necessarily piggybacked on the DNS namespace but
may be independent of it.
RFCs:
[RFC 2924] Accounting Attributes and Record Formats.
Category: Informational.
[RFC 3127] Authentication, Authorization, and Accounting: Protocol Evaluation.
Category: Informational.
[RFC 3588] Diameter Base Protocol.
Category: Standards Track.
Defines Diameter version 1.
Defines URI schemes aaa:, aaas:.
[RFC 3589] Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5.
Category: Informational.
[RFC 3955] Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX).
Category: Informational.
[RFC 4004] Diameter Mobile IPv4 Application.
Category: Standards Track.
Defines Diameter command codes 260 and 262.
Defines Diameter AVP codes 318 - 323, 325, 326, 328, 329, 331 - 348, 367.

[RFC 4005] Diameter Network Access Server Application.

Category: Standards Track.
Defines Diameter command codes 258, 265, 271, 274, 275.
Defines Diameter AVP codes 295, 363 - 366, 400 - 408.
[RFC 4006] Diameter Credit-Control Application.
Category: Standards Track.
Defines Diameter command code 272 (Credit-Control-Request, Credit-Control-Answer).
Defines Diameter AVP codes 411 - 461.
[RFC 4072] Diameter Extensible Authentication Protocol (EAP) Application.
Category: Standards Track.
Defines Diameter command code 268.
Defines Diameter AVP codes 462 - 465.
Defines RADIUS AVP code 102 (EAP-Key-Name).
[RFC 5431] Diameter ITU-T Rw Policy Enforcement Interface Application.
Category: Informational.
Defines Diameter application ID 16777256.
Defines Diameter command code 315.
[RFC 5447] Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction.
Category: Standards Track.
Defines Diameter AVP code 486 (MIP6-Agent-Info).
Defines RADIUS AVP code 124 (MIP6-Feature-Vector).
Defines RADIUS AVP code 125 (MIP6-Home-Link-Prefix).
Publications:

Obsolete RFCs:
Description

Glossary

RFCs

1998 - 2012 Network Sorcery, Inc. All rights reserved.

Publications

Obsolete RFCs