Diameter AVPs are the basic unit inside the Diameter message that carries the Data(Authentication Data , Security Data , Data pertaining to Application etc). There must be at least one AVP inside Diameter message.
AVP has following frame format.
AVP has following frame format.
AVP Code (4-bytes)
The AVP Code, combined with the Vendor-Id field, identifies the attribute uniquely. AVP numbers 256 and above are used for Diameter, which are allocated by IANA.
AVP numbers 1 through 255 are reserved for backward compatibility with RADIUS, without setting the Vendor-Id
field.
AVP Flag (1-Byte [VMPRRRRR])
These flag give the information to the receiver how the each attribute to be handled.
R- Reserved bits and SHOULD be set to 0.
The AVP Code, combined with the Vendor-Id field, identifies the attribute uniquely. AVP numbers 256 and above are used for Diameter, which are allocated by IANA.
AVP numbers 1 through 255 are reserved for backward compatibility with RADIUS, without setting the Vendor-Id
field.
AVP Flag (1-Byte [VMPRRRRR])
These flag give the information to the receiver how the each attribute to be handled.
R- Reserved bits and SHOULD be set to 0.
M-Mandatory Bit
-->Means If this bit is Set then Diameter Client, Server,Proxy and Translation Agent MUST support the handling of this AVP. If Handling is not support(Either AVP or Its value is Unrecognized) by the mentioned Diameter Agents then Diameter message MUST be Rejected.
-->Diameter Relay and Redirect Agent MUST not reject the message with unrecognized AVPs.
-->Diameter Relay and Redirect Agent MUST not reject the message with unrecognized AVPs.
-->If M bit is clear and Receiver does not support the handling of considered Avp then Receiver may ignore the considered AVP.
V- Vendor Id Bit
-->It is just the indication whether Vendor-Id field is there in the AVP or Not
-->If V is Set the Vendor-Id Field is prsent in the AVP Otherwise missing this Field.
Vendor-ID (4- bytes)
Vendor-ID field contains the IANA assigned "SMI Network Management Private Enterprise Codes" value.
As we know Diameter is Extensible Protocol, so any vendor wishs to implement vendor-specific Diameter AVp MUST use Their OWN Vendor-ID along with their privately managed AVP address Space.
P-Protected Bit
This bit is set indicates that Avp data is encrypted for end-to-end security.
AVP Length (3- bytes)
Contains No. of octets used by Data + Vendor-ID + AVP Code + AVP Length + AVP Flags.
Data
Vendor-ID (4- bytes)
Vendor-ID field contains the IANA assigned "SMI Network Management Private Enterprise Codes" value.
As we know Diameter is Extensible Protocol, so any vendor wishs to implement vendor-specific Diameter AVp MUST use Their OWN Vendor-ID along with their privately managed AVP address Space.
P-Protected Bit
This bit is set indicates that Avp data is encrypted for end-to-end security.
AVP Length (3- bytes)
Contains No. of octets used by Data + Vendor-ID + AVP Code + AVP Length + AVP Flags.
Data
Data Field is of ZERO or More octets and contains information. AVP with Zero octet length is used for indications only.The format of the Data field MUST be one of the data type defined in Base Diameter protocol RFC-3588.
Grouped AVP
Grouped AVP more or less same like the single AVPs except that the data field of grouped avp contains the one or move avps rather than Raw data. Here avps act as data.
Images given Below shows their format
Your Comments /Suggestions and Questions are always welcome.I would try to clarify doubts with best of my knowledge. So feel free to put Questions.
Thx for providing good explanation with example.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteDo you have an example, i mean a file you can share.
ReplyDeletewhat is the difference between a 'Relay' and a 'Proxy'?
ReplyDeletehi,
Deletefollowing link will helpful
http://diameter-protocol.blogspot.in/2012/07/diameter-agents.html
This comment has been removed by the author.
ReplyDeleteCan a AVP have both M and V set to 1.Can it exists?
ReplyDeleteHi Krishna
DeleteSorry for delayed response.
Yes, We can have AVP with M and V bits are set to 1. Most of the AVPs in 3gpp standard interfaces are with M and V bits set to 1
Thanks for your query.
Happy to help you again
Team-Diameter
Great Blog.Detail information on diameter protocol. Just want to bring to your notice a small typo error at the starting of the page "Daimeter AVP Structure" instead of "Diameter AVP Structure". Also the url : http://diameter-protocol.blogspot.in/2011/05/daimeter-avp-structure.html. Best information ever on diameter protocol.
ReplyDeleteHi Chinmoy
DeleteSorry for delayed response.
Thanks for precious advise to help us in improving quality of content.
We are looking forward for same kind of support in future.
Appreciate your effort.
Team-Diameter
I need some information on Session-ID avp. Currently I have visited a page http://www.cisco.com/c/en/us/td/docs/cable/serv_exch/serv_control/broadband_app/rel37x/mobile_sol/mobile_sol/07_mobile_appA.html
ReplyDeletewhere I found few information about Session-ID format,but i am not clear with that.
Where it has been mentioned Session-ID is "pid; ip; time".
If the above format holds correct can you please explain with an example and also explain the data type of pid, ip, time?
Thanks in advance.
How to determine the Service Type in CCR message? I mean which avp is used to check the service type. For example Voice,GPRS,SMS,MMS etc.
ReplyDeleteThanks in advance
The Voice/GPRS/SMS/MMS type should be on the AVP, eg AVP for SMS is 2000.
DeleteHi Guys,
ReplyDeleteGreat blog. I have a question on Grouped AVP. In a grouped AVP, is number of entries fixed? Is the order of the AVPs also fixed?
Thanks,
Hi Vitandavadi,
DeleteOrder of AVP is just a convention (immaterial). Can be changed.
Kindly explain, what you want to point out by asking "is number of entries fixed?"
Thanks for your query.
Happy to help you again
Team-Diameter
in this example
DeleteMedia-Sub-Component ::= < AVP Header: 519 >
{ Flow-Number } ; Ordinal number of the IP flow
0*2[ Flow-Description ] ; UL and/or DL
[ Flow-Status ]
[ Flow-Usage ]
[ Max-Requested-Bandwidth-UL ]
[ Max-Requested-Bandwidth-DL ]
[ AF-Signalling-Protocol ]
*[ AVP ]
What does 0*2 indcates, i'm assuming *[AVP] is to indicate more AVPs to follow.
This AVP is from http://www.etsi.org/deliver/etsi_ts/129200_129299/129214/12.06.00_60/ts_129214v120600p.pdf (Rx Specification )
Hi Vitandavadi,
DeleteThanks for clarification, Here 0*2 indicates, there can be Zero and up to two occurrence of [ Flow-Description ] AVP in message Media-Sub-Component.
* indicates multiple occurrence of AVP
*[AVP] is generally shows there can be more AVP that can be added in message Media-Sub-Component and there could be zero or more than Route-Record AVPs can be added by intermediate nodes.
Thanks for highlighting the a very valid point that we have not explained in this blog. We appreciate your efforts.
Thanks for your query.
Happy to help you again
Team-Diameter
Thanks a lot for your reply. I'm learning a lot.
ReplyDeleteAnother question is, when they (specification ) say Enumerated ( what does that mean in terms of length, is it uint8 , uint16, uint24 or uint32 )
for example,
The Required-Access-Info AVP (AVP code 536) is of type Enumerated, and contains the access network information
required for that AF session.
The following values are defined:
USER_LOCATION (0)
Indicates that the user location information shall be reported, the PCRF shall report the user location
information within the 3GPP-User-Location-Info AVP (if available), the serving PLMN identifier within the
3GPP-SGSN-MCC-MNC AVP (if available), the user location information within the TWAN-Identifier (if
available) and User-Location-Info-Time AVP (if available).
MS_TIME_ZONE (1)
I'm assuming this AVP is of type enumerated and value is either 0 or 1 and represented by unit32 ( to satisfy the multiplicity of 4 in total length )
Regards
vv
Hi Vitandavadi,
DeleteEnumerated AVP follows Integer32 Basic AVP Format.
Thanks for your query.
Happy to help you again
Team-Diameter
Another question,
ReplyDeleteHow do I translate radius values into Diameter values.
for example.
3GPP-MS-TimeZone
Octets
1 3GPP type = 23
2 3GPP Length= 4
3 Time Zone
4 Daylight Saving Time (octet string)
AVP:
Code :23
Flags : 0xc0
Length :16
Vendor ID: 3GPP
Value : [Time-Zone DST] ( just 2 bytes ) add 0x00 0x00 ( for length to be multiple of 4)
is this correct ?
Regards
vv
Hi Vitandavadi,
DeleteTranslation Agents(Application Nodes) are used to translate Radius values to DIAMETER and vice versa. IANA has reserved AVP code upto 256 for backward compatibility. Value of vendor Id shall be assigned be IANA. But in practical implementation we shall use direct mapping of AVP codes and Value format from Radius to DIAMETER.
I hope above details shall suffice you.
Thanks for your reply. I understand we will use same AVP code and follow the same mapping rules. I'm looking for explicit table (or if there is a such a reference on public internet ) that i can use. Most of the confusion comes from the length translation on octet strings etc. If you guys agree, I can start a public google sheet and edit them with your blessings.
DeleteHI Vitandavadi,
ReplyDeleteRFC-6733 tell following ::
AVP numbers 1 through 255 are reserved for
reuse of RADIUS attributes, without setting the Vendor-Id field.
AVP numbers 256 and above are used for Diameter, which are
allocated by IANA
We haven't came across any document with mapping.
Purpose to put an effort to create a translation agent is very minimal. RFC-6733 tell as
Translation agents are likely to be used as aggregation servers to communicate
with a Diameter infrastructure, while allowing for the embedded
systems to be migrated at a slower pace.
It would be great idea if you want to work on it.
Hi Diameter-Team,
ReplyDeleteIs that the data field length must be x*4 bytes? What if I have a string not have multiply 4 in length?
Regards,
Hi Minh Nguyen,
DeleteNo, you can give odd length to your DATA ,use datatype as OctetString, Unsigned32 or Unsigned64 that are defined RFC-6733. The AVP Length field of an AVP of type Grouped is always a multiple of 4.
Moreover you don't need to take care to length as Diameter Stack that frame Grouped AVP shall take care of it.
We hope above solution shall help you. Do write us for any clarification.
Thanks for your query.
Happy to help you again.
Team-Diameter
Thanks Team-Diameter.
DeleteHi Team-Diameter,
ReplyDeleteI tried to write some c# code to connect to a Diameter server. But when I send AAR command, the server did not reply!
Here is my wireshark dump image:
https://lh3.googleusercontent.com/FX7eWlE2b-x6vMza0VpwF4NbXVxQbH5HGSalLUm9Zb8=w797-h353-no
Can you help me to resolve this.
Thanks in advance,
Hi Minh Nguyen,
DeleteKindly try following things as we feel there is formation of is incorrect that creating issue in current shared library of wirshark.
1) Kindly try to capture AVP fromat as describe in following link.
http://diameter-protocol.blogspot.in/2013/04/capture-diameter-messages-without-wire.html
2) Check at server side whether or not, server is able to receive even the request message (AAR) if yes, kindly check what all AVPs it shall able to decode. Because AAA is not received is comes second there might be case AAA would not able to process it.
Kindly check,does connection break after you send AAR? there might be a case Server crashes because of any data value sent in AAR and that's why not able to send reply.
3)Please try to send AAR without Pushing AVPs after 3gpp-Charging-ID
4)Kindly send mandatory AVPs of AAR only. then push AVPs one by one and check datatype of each of them.
I hope above shall help you. Do revert us if something notable observed?
Thanks for your query.
Happy to help you again.
Team-Diameter
Thanks for your advice.
DeleteI will notify when I have something notable.
Thanks again,
Minh Nguyen
Hi Team-Diameter,
DeleteJust found the error, we have to send CER and receive CEA before AAR :)
Now I can get the AAA already :)
Thanks & Regards,
Minh Nguyen
This comment has been removed by the author.
ReplyDeleteThank you Guys .. its too help full .. :)
ReplyDeleteHi Team ,
ReplyDeletekindly any body help me to know the use of RATING GROUP in diameter, and why it need to set mandatory ?
Hi Pritiranjan jena,
DeleteThanks for your query, Kindly elaborate more on your question. what is RATING GROUP?
Happy to help you again.
Team-Diameter
Hi team,
ReplyDeleteObserved in S6 specification that there is an AVP like *[AVP]. What is meant by this?
Thanks
Ashwini
Hi Ashwini,
DeleteIn 3GPP standards message ABNF have following significance.
{} -> Mandatory
[] -> Optional
*[] -> Multiple & optional
So *[AVP] means you can add any nos of AVP. which may be vendor specific or proprietary.
Hi all,
ReplyDeleteI am new to this blog and don't know much about IMS. is there any doc or link from where I can learn end to end configuration protocols for IMS.
Hi Aditya,
DeleteFor complete end to end knowledge of IMS, you need to learn SIP and diameter protocols. As you are querying here on diameter blog, so for diameter you need to learn Cx & Sh interface.
3GPP standards for Cx -> 29.228 & 29.229
for Sh -> 29.328 & 29.329
You can learn basics here.
https://diameter-protocol.blogspot.in/p/blog-page_81.html
Any query on IMS you can ask. Happy to help you.
Thanks
Hello.
ReplyDeleteDo I understand correctly below RFC sentence:
"AVP numbers 1 through 255 are reserved for backward compatibility with RADIUS, without setting the Vendor-Id field."
that with Vendor-Id any AVP codes can be used, including 1-255?
Thanks,
Alex
Hi Alex,
DeleteRFC-6733 says one should reuse existing Functionality, namely AVP Values, AVPs, Commands and Diameter Applications. Reuse simplifies standardization and implementation. To avoid potential interoperability issues, it is important to ensure that the semantics of the reused features are well understood.
As far as we understood your point that you are try to use User-Name AVP with code 1 with Vendor ID for what purpose or You are try to give Code 1 to new AVP (Say New-Test AVP) with vendor ID say 13451. Kindly suggest your purpose you are try to achieve. Hopefully we could help you better
User-Name attribute also exist in Radius and same is imported to diameter with same Attribute value i.e. 1(one).
Thanks for your query.
Happy to help you again.
This comment has been removed by the author.
DeleteHello. Yes, if I use new AVP (e.g. New-Test AVP) with AVP number 1 and with vendor ID say 13451 would that be against the RFC?
DeleteThanks.
Alex
HI
ReplyDeleteWhat is the meaning/use of the "[]" "{}" on the protocol description?
Hi,
DeleteIn 3GPP standards message ABNF have following significance.
{} -> Mandatory
[] -> Optional
*[] -> Multiple & optional
So *[AVP] means you can add any nos of AVP. which may be vendor specific or proprietary.
Hi,
ReplyDeleteI have following questions:
1. Where exactly we have to place the diameter.xml?
2. How to set the values for host, port and other fields in of diameter.xml?
Dear Ram,
DeleteIts your design choice, wherever you want to put diameter configuration file, you can put. you can create a config or diaconfig folder. Simple base diameter protocol means you want limited functionality but major basics of rfc 6733 you need to implement.
All these must be part of configuration, so you can get it from xml or some other database. Its totally design specific. In your case, you should do it via xml.
Hi,
ReplyDeleteIs there any application to extract data of a grouped AVP
May i know what is the max size of session id value
ReplyDeleteThe Session-Id AVP (AVP Code 263) is of type UTF8String. Its length is not defined.
Delete;;[;]
So in AVP Header length of 'Data + Header' should be given in AVP Length field.
AVP Length (3- bytes) Contains No. of octets used by Data + Vendor-ID + AVP Code + AVP Length + AVP Flags.
Hi,
ReplyDeleteThere are below two AVPs which is conflicting in avp code
1) ”OC-OLR (623)” conflicts with “User-Authorization-Type (623)”
2) “OC-Supported-Features (621)” conflicts with “Primary-Charging-Collection-Function-Name (621)”
Can you please suggest that how to handle these or in general while parsing a message containing these AVP.
Hi Jak,
DeleteThanks for your query and as you have highlighted a valid point.
To distinguish between Above given AVPs one shall use Vendor-Id field.
Description:
OC-<> AVPs belongs to Overload control mechanism that uses piggyback approach implies that no new message to be trigger to exchange overload information, rather some OC- are added in existing message. Now there are chances that AVPs shall have identical AVP codes (Added AVPs and Already existing AVPs in message)
Here one must use Vendor-Id field as in OC- Vendor-ID is not set i.e. Ref RFC-7683
|AVP flag |
|rules |
+----+----+
AVP Section | |MUST|
Attribute Name Code Defined Value Type |MUST| NOT|
+-------------------------------------------+----+----+
|OC-Supported 621 7.1 Grouped | | V |
| -Features | | |
+-------------------------------------------+----+----+
|OC-Feature 622 7.2 Unsigned64 | | V |
| -Vector | | |
+-------------------------------------------+----+----+
|OC-OLR 623 7.3 Grouped | | V |
+-------------------------------------------+----+----+
|OC-Sequence 624 7.4 Unsigned64 | | V |
| -Number | | |
+-------------------------------------------+----+----+
|OC-Validity 625 7.5 Unsigned32 | | V |
| -Duration | | |
+-------------------------------------------+----+----+
|OC-Report | | |
| -Type 626 7.6 Enumerated | | V |
+-------------------------------------------+----+----+
|OC-Reduction | | |
| -Percentage 627 7.7 Unsigned32 | | V |
+-------------------------------------------+----+----+
Ref:3gpp-29229
Attribute Name AVPCode Value Type | MUST |
User-Authorization-Type 623 Enumerated M, V
Primary-Charging 621 DiameterURI M, V
-Collection-Function
-Name
Happy to help you again.
Team-Diameter
Hi Jak,
DeleteThanks for your query and as you have highlighted a valid point.
To distinguish between Above given AVPs one shall use Vendor-Id field.
Description:
OC-<> AVPs belongs to Overload control mechanism that uses piggyback approach implies that no new message to be trigger to exchange overload information, rather some OC- are added in existing message. Now there are chances that AVPs shall have identical AVP codes (Added AVPs and Already existing AVPs in message)
Here one must use Vendor-Id field as in OC- Vendor-ID is not set i.e. Ref RFC-7683
|AVP flag |
|rules |
+----+----+
AVP Section | |MUST|
Attribute Name Code Defined Value Type |MUST| NOT|
+-------------------------------------------+----+----+
|OC-Supported 621 7.1 Grouped | | V |
| -Features | | |
+-------------------------------------------+----+----+
|OC-Feature 622 7.2 Unsigned64 | | V |
| -Vector | | |
+-------------------------------------------+----+----+
|OC-OLR 623 7.3 Grouped | | V |
+-------------------------------------------+----+----+
|OC-Sequence 624 7.4 Unsigned64 | | V |
| -Number | | |
+-------------------------------------------+----+----+
|OC-Validity 625 7.5 Unsigned32 | | V |
| -Duration | | |
+-------------------------------------------+----+----+
|OC-Report | | |
| -Type 626 7.6 Enumerated | | V |
+-------------------------------------------+----+----+
|OC-Reduction | | |
| -Percentage 627 7.7 Unsigned32 | | V |
+-------------------------------------------+----+----+
Ref:3gpp-29229
Attribute Name AVPCode Value Type | MUST |
User-Authorization-Type 623 Enumerated M, V
Primary-Charging 621 DiameterURI M, V
-Collection-Function
-Name
Happy to help you again.
Team-Diameter
Hi Team,
ReplyDeleteCan we change the Mandatory bit M from "Set" to "Not Set" under AVP Flag for AVP 277 (Auth-Session-State)?
Hi
DeleteIdeally, It is not possible becasue it is base diameter AVP. Its flag must be same as assigned in RFC 6733.
For testing purpose you can do with any message generation tool.
Thanks for your query.
Happy to help you again
Hi Team,
ReplyDeleteWe are debugging an issue in establishing the S6b interface between a PGW and 3GPP AAA.
The PGW is sending CER with Auth-Application-Id AVP of 3GPP S6b. It is also adding a Vendor-Specific-Application-Id AVP and including another Auth-Application-Id of 3GPP S6b in here.
The AAA is sending CEA with Auth-Application-Id of 3GPP S6b. But the AAA is not adding another Auth-Application-Id of 3GPP S6b in the Vendor-Specific-Application-Id.
The PGW does not like the CEA and keeps repeating the CER.
Is the AAA encoding of the CEA correct?
Thank you very much.
ReplyDeleteYou have a great blog.
Hello Team,
ReplyDeleteCan you give some brief intro about MSCC AVP.
Hello Team
ReplyDeleteCan you please help me with the purpose of P bit in AVP Header and when exactly this Bit should be set to one.
As per Diameter RFC 6733, P bit should be set to 0
. The 'P' bit has been reserved for
future usage of end-to-end security. At the time of writing,
there are no end-to-end security mechanisms specified; therefore,
the 'P' bit SHOULD be set to 0.
Whereas while going through 3GPP specification for every Gx AVP it is mentioned that the P bit may be set.
Can you please provide any information on this?
Hello,
ReplyDeleteWhat is maximum length of the single AVP and Diameter Packet.
Gautam Sheladiya
Hi Gautam,
DeleteMaximum AVP length can be calculated with AVP Header+ Data Size.
Following link shall help you.
https://diameter-protocol.blogspot.com/2011/05/daimeter-avp-structure.html
Thanks for your query.
Happy to help you again.
Team-Diameter.
hello there,
ReplyDeleteis it fine to have a grouped avp without including any sub-avp, when all sub-avps are defined as optional in grouped avp. I have tried this but getting an error on wire-shark as malformed packet for grouped avp.
I am trying to encode RSU(Requested-service-unit) grouped avp which is defined as following:
RSU:
Requested-Service-Unit ::= < AVP Header: 437 >
[ CC-Time ]
[ CC-Money ]
[ CC-Total-Octets ]
[ CC-Input-Octets ]
[ CC-Output-Octets ]
[ CC-Service-Specific-Units ]
*[ AVP ]
Any help is well appreciated.
Hi Sudhir
DeleteThat means you are sending only Header part of grouped avp.
Is AVP optional in message
if yes then we should not add this in message itself as we don't have information for AVPs that shall be present in Grouped AVP.
if no then we must add atlease one AVP in .
Thanks for your query.
Happy to help you again.
Team-Diameter
Diameter Relay and Redirect Agent MUST not reject the message with unrecognized AVPs. How agent will handle the unrecognized AVPs?
ReplyDeleteHi
DeleteRelay does not extract and observe AVP that are not used in Routing. If unrecognized AVP is non-routing AVP then ideally it is transparent data for Relay.
If an unrecognised AVP is routing AVP then it shall apply the policy define in Relay.
Routing AVP means AVP that are used to decide path of message flow.