Diameter is a Authentication Authorization and Accounting (AAA) protocol. It works on the Application Layer if we consider OSI Layered model. Diameter is a message based protocol, where AAA nodes exchange messages and receive Positive or Negative acknowledgment for each message exchanged between nodes. For message exchange it internally uses the TCP and SCTP which makes diameter reliable. Its technical specifications are given in RFC-6733 Diameter Base Protocol.
Diameter basically a successor of RADIUS (Remote Authentication Dial In User Service) Which is also a AAA protocol based on UDP. UDP does not use implicit hand-shaking mechanism for providing reliability, ordering, or data integrity, Unreliability was the major Flaw in Radius.
Here i have tried to explain various facets of Diameter Base Protocol, Before going to the details of various aspects of the Diameter Base Protocol we will see the improvements of the diameter over RADIUS.
(NEXT)
Your Comments /Suggestions and Questions are always welcome. I would try to clarify doubts with best of my knowledge. So feel free to put Questions.
(NEXT)
Your Comments /Suggestions and Questions are always welcome. I would try to clarify doubts with best of my knowledge. So feel free to put Questions.
Hi, one question.
ReplyDeleteI have noticed that many uses host-names on the form name.realm. From the example in RFC 6773: "Origin-Host=nas.example.net, Origin-Realm=example.net"
This will ensure that the host-name is unique. But is this necessary? Isn't it enough that FQDN is unique for a single agent? In the above example the FQDN will be nas.example.net.example.net, which to me looks strange.
From RFC 6773: "The value of the Origin-Host AVP is guaranteed to be unique within a single host."
Does this mean that origin/destination-host must be unique within a realm or unique whatsoever?
So question is, can be host-name (origin or destination) be a simple name (Node1 /Node2 etc.) that is only unique within a realm, or might this lead to some errors?
Br
Ola
Hi!
DeleteHave you found out the answer to this?
Thanks in advance!
Hi!
DeleteHave you found out the answer to this?
Thanks in advance!
Hello ola,
DeleteDiameter message routing is based on Realm. It is based in realm routing. Any message is transmitted on basis of realm.
As per standard Origin-Host, Origin-Realm, Destination-Realm are mandatory AVP. while Destination-host is optional.
So host-name (origin or destination) will be unique within a realm. We append realm to make it unique regarding realm.
Although it is not mandatory to append, it should be unique only within realm
e.g. Suppose there are only two nodes
Node 1 : Origin-Host node1.diameter.test.com Realm : diameter.test.com
Node 2 : Origin-Host node1.digital.test.com Realm : digital.test.com
both can exist simultaneously as they are unique as well.
So for diameter messaging always use Origin-host as hostname.realm for better visibilty of nodes.
Hi!
DeleteThanks! you were able to enlighten me. A good practice should be origin-host: hostname.realm
But as long as host-name will be unique within a realm, this scenario is acceptable
Node1 : Origin-host: NODE1.diameter.com Realm: diameter.com
Node2 : Origin-host: NODE2.diameter.com Realm: diameter-test.com
Node2 is still valid as long as the hostname is unique within the realm "diameter-test.com".
HI Team Diameters ,
ReplyDeleteCan You please provide some TCP dump for Diamater AVP's
Hi Sumit
DeleteFollowing link could help you.
http://diameter-protocol.blogspot.in/2011/05/daimeter-avp-structure.html
Regards,
Ajay
thanks for sharing this kind information. Great blog. nice work .....
ReplyDeleteGreat diameter protocol tutorial. Thanks for sharing this nice information.
ReplyDeleteHi, As you mentioned Diameter works on the Application Layer. Can you please explain why it fits in Application layer, when we consider OSI model?
ReplyDeleteHi
DeleteAs we know Diameter Protocol runs over TCP or SCTP protocol.
Thanks for your query.
Happy to help you again.
Team-Diameter
how can I find diameter message in wire shark Version 2.4.8-20180902 for data packet.
ReplyDeleteHi
ReplyDeletePlease set correct filter at wirshark or you can use following link
https://diameter-protocol.blogspot.com/2013/04/capture-diameter-messages-without-wire.html
Thanks for your query.
Happy to help you again.
Team-Diameter