Diameter

Beny Haddad
Agenda
Origin of Diameter
Main Features of Diameter
o Diameter Base protocol
o Type of Diameter Nodes

Main Applications
Messages Overview

Company Confidential 2
Why did we need
Diameter?
Diameter is an
Authentication,
Authorization and
Accounting protocol (AAA)
for computer networks, and
an alternative to RADIUS.
Diameter provides an
upgrade path for the old
RADIUS (Remote In the early 1990s, Radius has
Authentication Dial In User been developed to control
Service) and solves several Dial-in access
limitations.
 AAA
Authenticate users or devices before granting
them access to a network
Authorize those users or devices for certain
network services
Account for usage of those services

Company Confidential 4
 RADIUS
RADIUS DIAMETER
Reliable No (uses UDP) TCP, SCTP
transport
Failover Not defined by Failover is defined for
standard network errors and actions
Security Not mandatory and not Mandatory and end to end
end to end
Agent roles Not defined (other Defines many (such as
then client and server) proxy, relay and redirect)
Transactions ID up to 255, other End to end and node by
implicit methods node each 2^32 range
Vendor specific Not explicit Through negotiation

Dynamic No Defined in the standard

configuration

5
 Main features of
Diameter

Company Confidential 6
 Diameter - Basic Functionality

Diameter Client Node at somerealm.com Diameter Server Node at otherrealm.com

Diameter Diameter
Client Application Server Application

Session Management Session Management

Routing Management Routing Management

Connection Connection
Management Management
Base Protocol Base Protocol

Diameter Tutorial - IETF67

 Diameter - Basic Functionality

Base Protocol
Connectivity: Peering and Routing
Application support: Application session management
Applications
Purpose specific: Gx, Gy, etc
Identified by application Id
Every application MUST have an IANA-assigned application identifier
Used also for diameter message routing
- Define the Commands (e.g. CCR/CCA, RAR/RAA)
- Defines the AVP (Attribute/Value Pair) fields (e.g. Origin-Host)

Diameter Tutorial - IETF67

 Diameter Message Format

Diameter Message:

Diameter Header AVP AVP AVP

AVP Header AVP Data

Diameter Header = Version, Length, Flags, Code, AppId, H2H Id, E2E Id

AVP Header = Code, Flag, Length, Vendor-Id (Opt)

Each message must be defined using an ABNF grammar

Pre-defined AVP data types (Integer32, Float, OctetString etc.)

Diameter Tutorial - IETF67

 Diameter ABNF Conventions

Symbol Example Meaning Occurrences

<XXX> ::= <X, F> <CER> ::= < Command Code, Flags 1
Diameter Header:
257, REQ >
< AVP > < Session-Id > Required AVP 1
At this place (first)
{ AVP } { Origin-Host } Required AVP 1

1* { AVP } 1* { Host-IP- Required AVP,Can 1+

Address } appear more than once
[ AVP ] [ Origin-State-Id ] Optional AVP 0,1
*[ AVP ] * [ Supported- Optional AVP, Can 0+
Vendor-Id ] appear more than once

Diameter Tutorial - IETF67

 Diameter ABNF Example

<CER> ::= < Diameter Header: 257, REQ > /* Command Code,
Flags */
< Session-Id > /* Required AVP, Occurrence: 1 At this place
(first) */
{ Origin-Host } /* Required AVP, Occurrence: 1 */
{ Origin-Realm }
1* { Host-IP-Address } /* Required AVP, Occurrence: 1+ */
{ Vendor-Id }
{ Product-Name }
[ Origin-State-Id ] /* Optional AVP, Occurrence: 0 or 1
*/
* [ Supported-Vendor-Id ] /* Optional AVP, Occurrence: 0+
*/
* [ Auth-Application-Id ]
* [ Inband-Security-Id ]
* [ Acct-Application-Id ]
* [ Vendor-Specific-Application-Id ]
[ Firmware-Revision ]
Note: /* */ is not part of ABNF
Diameter*Tutorial
[ AVP ]
- IETF67
 Capabilities Exchange

Capabilities Exchange
Use of Capabilities-Exchange (CER/CEA) messages
Message exchange advertises:
Peer Identity
Security schemes Indicates the use of TLS
SCTP host addresses if used
CER/CEA may or may not be protected
Peer Table Creation
Lists all peers that passes capabilities negotiation
Indicates the connection status of each peers
Also used for message routing

Diameter Tutorial - IETF67

 Diameter Sessions definitions

What is a session?
o A session is a related progression of events devoted to a
particular activity
Applications provide guidelines as to when a
session begins and ends
Sessions are identified by Session-Id
o Globally and eternally unique

<DiameterIdentity>;<high 32 bits>;<low 32 bits>[;<optional

value>]

DiameterIdentity: Senders identity in FQDN

High and Low 32 bits: Decimal representation of a 64-bit value,
monotonically increased
Optional value: Implementation specific, i.e. MAC address,
timestamp etc

Diameter Tutorial - IETF67

 Types of Diameter Nodes

Diameter Clients and Servers

Request and Answer Originators
Where application normally reside
Advertises supported applications only
Diameter Agents
Request and Answer forwarders
Adds routing information to the message
Relay Agents
Provides basic message forwarding
Does not inspect content of the message other than Destination-Host
and/or Realm and AppIds
Advertises support all applications

Diameter Tutorial - IETF67

 Types of Diameter Nodes (cont.)

Proxy Agents
Inspects and possibly modifies contents of the request or answer it is
forwarding.
Useful in scenarios such policy enforcement, admission control,
provisioning etc
Can maintain session state
Examples: Translation agents, RADIUS<->DIAMETER
Re-Direct Agents
Does not forward messages but notifies the previous hop of the new
next-hop to use
Advertises support all applications

Diameter Tutorial - IETF67

 Types of Diameter Nodes

Redirect
Agent

2. Request 3. Redirect
Notification
1. Request 4. Request
Relay/Proxy
Client Server
Agent

6. Answer 5. Answer
realmA.com realmB.com

Request/Answer Path:
Normal Relay or Proxy: 1, 4, 5, 6
Re-directed Agent: 1, 2, 3, 4, 5, 6

Diameter Tutorial - IETF67

 Main Applications

Company Confidential 17
Main Applications in 3gpp
Policy:
- Gx
- Rx
- S9
- Sd
Charging:
- Gy
- Gz (Rf)
- Sy
Subscriber Info:
- Sh

Company Confidential 18
 Gx/Rx Application
Gx:
o Interface between the PCEF (Policy and Charging Enforcement
Function) and the PCRF (Policy Control and Charging Rule Function)
o PCRF provides PCC rules (QoS and Charging rules) to PCEF at session
establishment
o PCRF can push PCC Rules for new bearers creation

Rx:
o Interface between the AF (Application Function) and the PCRF
o Enables 3rd party applications (IMS, SBC, etc) to create dynamically
bearers

Company Confidential 19
 Gy/Gz Application
Gy:
o Diameter Credit Control Application (DCCA)
o Online Charging
o OCS (Online Charging) Allocates Quotas to PCEF

Gz:
o Offline Charging
o Also known as Rf
o Report usage to OFCS (Offline Charging)

Company Confidential 20
 Messages overview

Company Confidential 21
 Message Flow
Transport (TCP/SCTP)
Capabilities Exchange

Messages (CCR/CCA, etc)

Watch Dog

Disconnect

Transport Disconnect

Company Confidential 22
 Messages
Message name Abbreviation Command code
Capabilities-Exchanging-Request CER 257
Capabilities-Exchanging-Answer CEA 257
Device-Watchdog-Request DWR 280
Device-Watchdog-Answer DWA 280
Credit-Control-Request CCR 272
Credit-Control-Answer CCA 272
Re-Auth-Request RAR 258
Re-Auth-Answer RAA 258
Session-Termination-Request STR 275
Session-Termination-Answer STA 275
Disconnect-Peer-Request DPR 282
Disconnect-Peer-Answer DPA 282

Company Confidential 23
 Gx Interface

Company Confidential 24
 Gx Messages - CCR
CCR command: sent by the PCEF to PCRF for 2
purposes:
o To request from PCRF for PCC rules for a bearer
o To indicate bearer or PCC rule related events or the termination of the
IP CAN bearer and/or session

Company Confidential 25
 Gx Messages - CCR
<CCR> ::= < Diameter Header: 272, REQ, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ CC-Request-Type }
{ CC-Request-Number }
[ Destination-Host ]
[ CC-Subsession-Id ]
[ Origin-State-Id ]
*[ Subscription-Id ]
[ Framed-IP-Address ]
*[ Framed-IPv6-Prefix ]
[ 3GPP-RAT-Type ]
[ Termination-Cause ]
[ User-Equipment-Info ]
{ 3GPP-GPRS-Negotiated-QoS-Profile }
[ 3GPP-SGSN-MCC-MNC ]
[ 3GPP-SGSN-Address ]
[ 3GPP-SGSN-IPv6-Address ]
[ Called-Station-ID ]
[ Bearer-Usage ]
[ TFT-Packet-Filter-Information ]
* [ Proxy-Info ]
* [ Route-Record ]
*[ AVP ]

Company Confidential 26
 Gx Messages - CCA
The CCA command is sent from the PCRF to PCEF
as a response to a CCR command.
It provides the PCEF with
o PCC rules and event triggers for the bearer/session
o Selected bearer control mode for the IP-CAN session

Company Confidential 27
 Gx Messages CCA
(cont)
<CCA> ::= < Diameter Header: 272, PXY >
< Session-Id >
Charging-Rule-Install ::= < AVP Header: 1001 >
{ Auth-Application-Id }
{ Origin-Host } *[ Charging-Rule-Definition ]
{ Origin-Realm } *[ Charging-Rule-Name ]
[ Result-Code ] *[ Charging-Rule-Base-Name ]
[ Experimental-Result ] [ Bearer-Identifier ]
[ CC-Request-Type ]
[ Rule-Activation-Time ]
[ CC-Request-Number ]
[ CC-Sub-Session-Id ] [ Rule-Deactivation-Time ]
*[ Event-Trigger ] [ Resource-Allocation-Notification ]
[ Origin-State-Id ] [ Charging-Correlation-Indicator ]
*[ Charging-Rule-Remove ] *[ AVP ]
*[ Charging-Rule-Install ]
[ Primary-CCF-Address ]
[ Secondary-CCF-Address ]
[ Primary-OCS-Address ]
[ Secondary-OCS-Address ]
[ Error-Message]
[ Error-Reporting-Host ]
*[ Failed-AVP ]
*[ Proxy-Info ]
*[ Route-Record ]
*[ AVP ]

Company Confidential 28
 Gx Messages CCA
(cont)
Flow-Information ::= < AVP Header: 1058 >
Charging-Rule-Definition ::= < AVP Header: 1003 > [ Flow-Description ]
{ Charging-Rule-Name } [ Packet-Filter-Identifier ]
[ Service-Identifier ] [ Packet-Filter-Usage ]
[ Rating-Group ] [ ToS-Traffic-Class ]
* [ Flow-Information ] [ Security-Parameter-Index ]
[ Flow-Status ] [ Flow-Label ]
[ QoS-Information ] [ Flow-Direction ]
[ Reporting-Level ] *[ AVP ]
[ Online ]
[ Offline ] QoS-Information ::= < AVP Header: 1016 >
[ Metering-Method ] [ QoS-Class-Identifier ]
[ Precedence ] [ Max-Requested-Bandwidth-UL ]
[ AF-Charging-Identifier ] [ Max-Requested-Bandwidth-DL ]
* [ Flows ] [ Guaranteed-Bitrate-UL ]
[ Monitoring-Key] [ Guaranteed-Bitrate-DL ]
[ AF-Signalling-Protocol ] [ Bearer-Identifier ]
* [ AVP ] [ Allocation-Retention-Priority]
[ APN-Aggregate-Max-Bitrate-UL]
[ APN-Aggregate-Max-Bitrate-DL]
* [AVP]

Company Confidential 29
 Gx Messages - RAR
The RAR command: sent by the PCRF to the PCEF
in order to provision PCC rules and event triggers
using the PUSH procedure to initiate the provision
of unsolicited PCC rules.
o NOTE: If the RAR command is received by the PCEF without providing
any operation on PCC rules or any QoS information, the PCEF will
respond with a CCR command requesting PCC rules.

Company Confidential 30
 Gx Message - RAR
<RA-Request> ::= < Diameter Header: 258, REQ, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ Destination-Host }
{ Re-Auth-Request-Type }
[ Origin-State-Id ]
*[ Event-Trigger ]
*[ Charging-Rule-Remove ]
*[ Charging-Rule-Install ]
*[ QoS-Information ]
*[ Proxy-Info ]
*[ Route-Record ]
*[ AVP]

Company Confidential 31
 Gx Messages - RAA
The RAA command: sent by the PCEF to the PCRF
in response to the RAR command.
<RA-Answer> ::= < Diameter Header: 258, PXY >
< Session-Id >
{ Origin-Host }
{ Origin-Realm }
[ Result-Code ]
[ Experimental-Result ]
[ Origin-State-Id ]
[ Event-Trigger ]
*[ Charging-Rule-Report]
[ Access-Network-Charging-Address ]
*[ Access-Network-Charging-Identifier-Gx ]
[ Bearer-Identifier ]
[ Error-Message ]
[ Error-Reporting-Host ]
*[ Failed-AVP ]
*[ Proxy-Info ]
*[ AVP ]

Company Confidential 32
 Rx Interface

Company Confidential 33
Event Triggers (examples)
SGSN_CHANGE (0)
QOS_CHANGE (1)
UE_IP_ADDRESS_ALLOCAT
RAT_CHANGE (2)
E (18)
TFT_CHANGE (3)
UE_IP_ADDRESS_RELEASE
PLMN_CHANGE (4)
(19)
LOSS_OF_BEARER (5)
UE_TIME_ZONE_CHANGE
RECOVERY_OF_BEARER (6)
(25)
IP-CAN_CHANGE (7)
USAGE_REPORT (26)
QOS_CHANGE_EXCEEDING_AUTH
ORIZATION (11)
RAI_CHANGE (12)
USER_LOCATION_CHANGE
(13)
OUT_OF_CREDIT (15)
REALLOCATION_OF_CREDIT (16)
Company Confidential 34
 Rx Messages
AAR: sent by an AF to the PCRF in order to provide it
with the Session Information
AAA: sent by the PCRF to the AF in response to the AAR
command
RAR: (Re Authentication Request): sent by the PCRF to
the AF in order to indicate an Rx specific action
RAA: sent by the AF to the PCRF in response to the RAR
command
STR (Session Termination Req): sent by the AF to inform
the PCRF that an established session shall be terminated
STA: sent by the PCRF to the AF in response to the STR
command.

Company Confidential 35
 Rx Messages - AAR
<AA-Request> ::= < Diameter Header: 265, REQ, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
[ Destination-Host ]
[ AF-Application-Identifier ]
*[ Media-Component-Description ]
[Service-Info-Status ]
[ AF-Charging-Identifier ]
[ SIP-Forking-Indication ]
*[ Specific-Action ]
*[ Subscription-ID ]
[ Reservation-Priority ]
[ Framed-IP-Address ]
[ Framed-IPv6-Prefix ]
[ Service-URN ]
[ Origin-State-Id ]
*[ Proxy-Info ]
*[ Route-Record ]
*[ AVP ]

Company Confidential 36
 Rx Messages Media
Component AVP
Media-Component-Description ::= < AVP Header: 517 >
{ Media-Component-Number } ; Ordinal number of the media comp.
*[ Media-Sub-Component ] ; Set of flows for one flow identifier
[ AF-Application-Identifier ]
[ Media-Type ] ; Video, Audio, Data , applucation, Control, text, message, other
[ Max-Requested-Bandwidth-UL ]
[ Max-Requested-Bandwidth-DL ]
[ Flow-Status ] ; enable DL, enable UL, enable All, Remove All
[ Reservation-priority ]
[ RS-Bandwidth ]
[ RR-Bandwidth ]
*[ Codec-Data ]

Company Confidential 37
 Rx Messages - AAA
<AA-Answer> ::= < Diameter Header: 265, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
[ Result-Code ]
[ Experimental-Result ]
*[ Access-Network-Charging-Identifier ]
[ Access-Network-Charging-Address ]
[Acceptable-Service-Info ]
[ IP-CAN-Type ]
[ 3GPP-RAT-Type ]
[ Error-Message ]
[ Error-Reporting-Host ]
*[ Failed-AVP ]
[ Origin-State-Id ]
*[ Redirect-Host ]
[ Redirect-Host-Usage ]
[ Redirect-Max-Cache-Time ]
*[ Proxy-Info ]
*[ AVP ]

Company Confidential 38
 Rx Messages - RAR
<RA-Request> ::= < Diameter Header: 258, REQ, PXY >
< Session-Id >
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
{ Destination-Host }
{ Auth-Application-Id }
{ Specific-Action }
*[ Access-Network-Charging-Identifier ]
[ Access-Network-Charging-Address ]
*[ Flows ]
*[ Subscription-ID ]
[ Abort-Cause ]
[ IP-CAN-Type ]
[ 3GPP-RAT-Type ]
[ Origin-State-Id ]
*[ Proxy-Info ]
*[ Route-Record ]
*[ AVP ]

Company Confidential 39
 Rx Messages - RAA
<RA-Answer> ::= < Diameter Header: 258, PXY >
< Session-Id >
{ Origin-Host }
{ Origin-Realm }
[ Result-Code ]
[ Experimental-Result ]
*[ Media-Component-Description ]
[ Service-URN ]
[ Origin-State-Id ]
[ Error-Message ]
[ Error-Reporting-Host ]
*[ Failed-AVP ]
*[ Proxy-Info ]
*[ AVP ]

40
 Specs
Diameter Base Protocol: RFC 3588
3GPP TS 23.203: "Policy and charging control
architecture":
o http://www.3gpp.org/ftp/Specs/html-info/23203.htm

3GPP TS 29.212: Gx Interface:

o http://www.3gpp.org/ftp/Specs/html-info/29212.htm

3GPP TS 29.211: Rx Interface:

o http://www.3gpp.org/ftp/Specs/html-info/29211.htm

3GPP TS 32.29: Gy interface

41
Questions?

42
Thank You

43