📄 rfc3588.txt
字号:
Network Working Group P. Calhoun
Request for Comments: 3588 Airespace, Inc.
Category: Standards Track J. Loughney
Nokia
E. Guttman
Sun Microsystems, Inc.
G. Zorn
Cisco Systems, Inc.
J. Arkko
Ericsson
September 2003
Diameter Base Protocol
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
The Diameter base protocol is intended to provide an Authentication,
Authorization and Accounting (AAA) framework for applications such as
network access or IP mobility. Diameter is also intended to work in
both local Authentication, Authorization & Accounting and roaming
situations. This document specifies the message format, transport,
error reporting, accounting and security services to be used by all
Diameter applications. The Diameter base application needs to be
supported by all Diameter implementations.
Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[KEYWORD].
Calhoun, et al. Standards Track [Page 1]
RFC 3588 Diameter Based Protocol September 2003
Table of Contents
1. Introduction................................................. 6
1.1. Diameter Protocol..................................... 9
1.1.1. Description of the Document Set.............. 10
1.2. Approach to Extensibility............................. 11
1.2.1. Defining New AVP Values...................... 11
1.2.2. Creating New AVPs............................ 11
1.2.3. Creating New Authentication Applications..... 11
1.2.4. Creating New Accounting Applications......... 12
1.2.5. Application Authentication Procedures........ 14
1.3. Terminology........................................... 14
2. Protocol Overview............................................ 18
2.1. Transport............................................. 20
2.1.1. SCTP Guidelines.............................. 21
2.2. Securing Diameter Messages............................ 21
2.3. Diameter Application Compliance....................... 21
2.4. Application Identifiers............................... 22
2.5. Connections vs. Sessions.............................. 22
2.6. Peer Table............................................ 23
2.7. Realm-Based Routing Table............................. 24
2.8. Role of Diameter Agents............................... 25
2.8.1. Relay Agents................................. 26
2.8.2. Proxy Agents................................. 27
2.8.3. Redirect Agents.............................. 28
2.8.4. Translation Agents........................... 29
2.9. End-to-End Security Framework......................... 30
2.10. Diameter Path Authorization........................... 30
3. Diameter Header.............................................. 32
3.1. Command Codes......................................... 35
3.2. Command Code ABNF specification....................... 36
3.3. Diameter Command Naming Conventions................... 38
4. Diameter AVPs................................................ 38
4.1. AVP Header............................................ 39
4.1.1. Optional Header Elements..................... 41
4.2. Basic AVP Data Formats................................ 41
4.3. Derived AVP Data Formats.............................. 42
4.4. Grouped AVP Values.................................... 49
4.4.1. Example AVP with a Grouped Data Type......... 50
4.5. Diameter Base Protocol AVPs........................... 53
5. Diameter Peers............................................... 56
5.1. Peer Connections...................................... 56
5.2. Diameter Peer Discovery............................... 56
5.3. Capabilities Exchange................................. 59
5.3.1. Capabilities-Exchange-Request................ 60
5.3.2. Capabilities-Exchange-Answer................. 60
5.3.3. Vendor-Id AVP................................ 61
5.3.4. Firmware-Revision AVP........................ 61
Calhoun, et al. Standards Track [Page 2]
RFC 3588 Diameter Based Protocol September 2003
5.3.5. Host-IP-Address AVP.......................... 62
5.3.6. Supported-Vendor-Id AVP...................... 62
5.3.7. Product-Name AVP............................. 62
5.4. Disconnecting Peer Connections........................ 62
5.4.1. Disconnect-Peer-Request...................... 63
5.4.2. Disconnect-Peer-Answer....................... 63
5.4.3. Disconnect-Cause AVP......................... 63
5.5. Transport Failure Detection........................... 64
5.5.1. Device-Watchdog-Request...................... 64
5.5.2. Device-Watchdog-Answer....................... 64
5.5.3. Transport Failure Algorithm.................. 65
5.5.4. Failover and Failback Procedures............. 65
5.6. Peer State Machine.................................... 66
5.6.1. Incoming connections......................... 68
5.6.2. Events....................................... 69
5.6.3. Actions...................................... 70
5.6.4. The Election Process......................... 71
6. Diameter Message Processing.................................. 71
6.1. Diameter Request Routing Overview..................... 71
6.1.1. Originating a Request........................ 73
6.1.2. Sending a Request............................ 73
6.1.3. Receiving Requests........................... 73
6.1.4. Processing Local Requests.................... 73
6.1.5. Request Forwarding........................... 74
6.1.6. Request Routing.............................. 74
6.1.7. Redirecting Requests......................... 74
6.1.8. Relaying and Proxying Requests............... 75
6.2. Diameter Answer Processing............................ 76
6.2.1. Processing Received Answers.................. 77
6.2.2. Relaying and Proxying Answers................ 77
6.3. Origin-Host AVP....................................... 77
6.4. Origin-Realm AVP...................................... 78
6.5. Destination-Host AVP.................................. 78
6.6. Destination-Realm AVP................................. 78
6.7. Routing AVPs.......................................... 78
6.7.1. Route-Record AVP............................. 79
6.7.2. Proxy-Info AVP............................... 79
6.7.3. Proxy-Host AVP............................... 79
6.7.4. Proxy-State AVP.............................. 79
6.8. Auth-Application-Id AVP............................... 79
6.9. Acct-Application-Id AVP............................... 79
6.10. Inband-Security-Id AVP................................ 79
6.11. Vendor-Specific-Application-Id AVP.................... 80
6.12. Redirect-Host AVP..................................... 80
6.13. Redirect-Host-Usage AVP............................... 80
6.14. Redirect-Max-Cache-Time AVP........................... 81
6.15. E2E-Sequence AVP...................................... 82
Calhoun, et al. Standards Track [Page 3]
RFC 3588 Diameter Based Protocol September 2003
7. Error Handling............................................... 82
7.1. Result-Code AVP....................................... 84
7.1.1. Informational................................ 84
7.1.2. Success...................................... 84
7.1.3. Protocol Errors.............................. 85
7.1.4. Transient Failures........................... 86
7.1.5. Permanent Failures........................... 86
7.2. Error Bit............................................. 88
7.3. Error-Message AVP..................................... 89
7.4. Error-Reporting-Host AVP.............................. 89
7.5. Failed-AVP AVP........................................ 89
7.6. Experimental-Result AVP............................... 90
7.7. Experimental-Result-Code AVP.......................... 90
8. Diameter User Sessions....................................... 90
8.1. Authorization Session State Machine................... 92
8.2. Accounting Session State Machine...................... 96
8.3. Server-Initiated Re-Auth.............................. 101
8.3.1. Re-Auth-Request.............................. 102
8.3.2. Re-Auth-Answer............................... 102
8.4. Session Termination................................... 103
8.4.1. Session-Termination-Request.................. 104
8.4.2. Session-Termination-Answer................... 105
8.5. Aborting a Session.................................... 105
8.5.1. Abort-Session-Request........................ 106
8.5.2. Abort-Session-Answer......................... 106
8.6. Inferring Session Termination from Origin-State-Id.... 107
8.7. Auth-Request-Type AVP................................. 108
8.8. Session-Id AVP........................................ 108
8.9. Authorization-Lifetime AVP............................ 109
8.10. Auth-Grace-Period AVP................................. 110
8.11. Auth-Session-State AVP................................ 110
8.12. Re-Auth-Request-Type AVP.............................. 110
8.13. Session-Timeout AVP................................... 111
8.14. User-Name AVP......................................... 111
8.15. Termination-Cause AVP................................. 111
8.16. Origin-State-Id AVP................................... 112
8.17. Session-Binding AVP................................... 113
8.18. Session-Server-Failover AVP........................... 113
8.19. Multi-Round-Time-Out AVP.............................. 114
8.20. Class AVP............................................. 114
8.21. Event-Timestamp AVP................................... 115
9. Accounting................................................... 115
9.1. Server Directed Model................................. 115
9.2. Protocol Messages..................................... 116
9.3. Application Document Requirements..................... 116
9.4. Fault Resilience...................................... 116
9.5. Accounting Records.................................... 117
9.6. Correlation of Accounting Records..................... 118
Calhoun, et al. Standards Track [Page 4]
RFC 3588 Diameter Based Protocol September 2003
9.7. Accounting Command-Codes.............................. 119
9.7.1. Accounting-Request........................... 119
9.7.2. Accounting-Answer............................ 120
9.8. Accounting AVPs....................................... 121
9.8.1. Accounting-Record-Type AVP................... 121
9.8.2. Acct-Interim-Interval AVP.................... 122
9.8.3. Accounting-Record-Number AVP................. 123
9.8.4. Acct-Session-Id AVP.......................... 123
9.8.5. Acct-Multi-Session-Id AVP.................... 123
9.8.6. Accounting-Sub-Session-Id AVP................ 123
9.8.7. Accounting-Realtime-Required AVP............. 123
10. AVP Occurrence Table......................................... 124
10.1. Base Protocol Command AVP Table....................... 124
10.2. Accounting AVP Table.................................. 126
11. IANA Considerations.......................................... 127
11.1. AVP Header............................................ 127
11.1.1. AVP Code..................................... 127
11.1.2. AVP Flags.................................... 128
11.2. Diameter Header....................................... 128
11.2.1. Command Codes................................ 128
11.2.2. Command Flags................................ 129
11.3. Application Identifiers............................... 129
11.4. AVP Values............................................ 129
11.4.1. Result-Code AVP Values....................... 129
11.4.2. Accounting-Record-Type AVP Values............ 130
11.4.3. Termination-Cause AVP Values................. 130
11.4.4. Redirect-Host-Usage AVP Values............... 130
11.4.5. Session-Server-Failover AVP Values........... 130
11.4.6. Session-Binding AVP Values................... 130
11.4.7. Disconnect-Cause AVP Values.................. 130
11.4.8. Auth-Request-Type AVP Values................. 130
11.4.9. Auth-Session-State AVP Values................ 130
11.4.10. Re-Auth-Request-Type AVP Values.............. 131
11.4.11. Accounting-Realtime-Required AVP Values...... 131
11.5. Diameter TCP/SCTP Port Numbers........................ 131
11.6. NAPTR Service Fields.................................. 131
12. Diameter Protocol Related Configurable Parameters............ 131
13. Security Considerations...................................... 132
13.1. IPsec Usage........................................... 133
13.2. TLS Usage............................................. 134
13.3. Peer-to-Peer Considerations........................... 134
14. References................................................... 136
14.1. Normative References.................................. 136
14.2. Informative References................................ 138
15. Acknowledgements............................................. 140
Appendix A. Diameter Service Template........................... 141
Appendix B. NAPTR Example....................................... 142
Appendix C. Duplicate Detection................................. 143
Calhoun, et al. Standards Track [Page 5]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -