Presents the principles, design, development and applications of the Diameter protocol suiteThe Diameter protocol was born in the Internet Engineering Task Force (IETF) and designed to be a general-purpose Authentication, Authorization, and Accounting (AAA) protocol applicable to many network environments. This book is for everyone who wants to understand the Diameter protocol and its applications. This book explains the place Diameter holds in global telecommunication networks and teaches system architects and designers how to incorporate Diameter into their network environments.Diameter: New Generation AAA Protocol - Design, Practice and Applications begins by describing the foundation of Diameter step-by-step, starting with building blocks of the protocol, and progressing from a simple two-party exchange to a multi-party exchange involving complex routing. It discusses the motivation for using Diameter, talks about its predecessor, RADIUS, and introduces the open source Diameter implementation, freeDiameter. The book expands beyond protocol basics to cover end-to-end communication, security functionality, and real-world applications, extending to the backend infrastructure of mobile telecommunications. In addition, an advanced chapter teaches readers how to develop Diameter extensions for their own AAA applications.* Written by an experienced author team who are members of the group that standardized Diameter in the IETF and are at the forefront of this cutting-edge technology* Presents the still-developing topic of Diameter from both introductory and advanced levels* Makes available for download a virtual machine containing the open source implementation: https://diameter-book.info* Provides hands-on experience via freeDiameter examples and exercises throughout the bookDiameter: New Generation AAA Protocol - Design, Practice and Applications will appeal to system architects and system designers, programmers, standardization experts new to Diameter, students and researchers interested in technology that is deployed by many network operators.

Disclaimer xiiiAbout the Authors xvForeword xviiPreface xixAcknowledgements xxiiiList of Abbreviations xxv1 Introduction 11.1 What is AAA? 11.2 Open Standards and the IETF 21.3 What is Diameter? 31.3.1 Diameter versus RADIUS 41.3.2 Diameter Improvements 51.4 What is freeDiameter? 6References 62 Fundamental Diameter Concepts and Building Blocks 92.1 Introduction 92.2 Diameter Nodes 92.3 Diameter Protocol Structure 102.4 Diameter Applications 102.5 Connections 112.5.1 Transport Layer 112.5.2 Peer-to-Peer Messaging Layer 122.5.3 Setting up a Connection between freeDiameter Peers 122.6 Diameter Message Overview 122.6.1 The Command Code Format 132.6.2 Message Structure 152.6.3 Attribute-Value Pairs 162.6.3.1 Format 162.6.4 Derived AVP Data Formats 202.7 Diameter Sessions 202.8 Transaction Results 212.8.1 Successful Transactions 212.8.2 Protocol Errors 212.8.3 Transient Failures 222.8.4 Permanent Failures 232.9 Diameter Agents 252.9.1 Saving State 252.9.2 Redirect Agents 252.9.3 Relay Agents 252.9.4 Proxy Agents 272.9.5 Translation Agents 27References 273 Communication between Neighboring Peers 293.1 Introduction 293.2 Peer Connections and Diameter Sessions 293.3 The DiameterIdentity 293.4 Peer Discovery 313.4.1 Static Discovery 313.4.1.1 Static Discovery in freeDiameter 313.4.2 Dynamic Discovery 323.4.2.1 Dynamic Discovery and DiameterURI 353.4.2.2 DNS Further Reading 363.5 Connection Establishment 363.5.1 The Election Process: Handling Simultaneous Connection Attempts 373.6 Capabilities Exchange 373.6.1 freeDiameter example 383.6.2 The Capabilities Exchange Request 393.6.3 Capabilities Exchange Answer 403.6.4 Hop-by-Hop Identifiers 413.7 The Peer Table 423.8 Peer Connection Maintenance 433.8.1 Transport Failure, Failover, and Failback Procedures 453.8.2 Peer State Machine 493.9 Advanced Transport and Peer Topics 493.9.1 TCP Multi-homing 503.9.2 SCTP Multi-homing 513.9.2.1 Multi-homing in freeDiameter 533.9.3 Avoiding Head-of-Line Blocking 563.9.4 Multiple Connection Instances 56References 594 Diameter End-to-End Communication 614.1 Introduction 614.2 The Routing Table 614.3 Diameter Request Routing 634.3.1 AVPs to Route Request Messages 644.3.1.1 Destination-Realm AVP 644.3.1.2 Destination-Host AVP 644.3.1.3 Auth-Application-Id and Acct-Application-Id AVPs 644.3.1.4 User-Name AVP 654.3.2 Routing AVPs 664.3.2.1 Route-Record AVP 664.3.2.2 Proxy-Info AVP 664.4 Request Routing Error Handling 674.4.1 Detecting Duplicated Messages 674.4.2 Error Codes 674.5 Answer Message Routing 684.5.1 Relaying and Proxying Answer Messages 694.6 Intra-Realm versus Inter-Realm Communication 694.7 Diameter Routing and Inter-Connection Networks 704.7.1 Inter-Connection Approaches 704.7.2 Dynamic Diameter Node Discovery 724.7.2.1 Alternative 1 734.7.2.2 Alternative 2 734.7.2.3 Alternative 3 734.8 Diameter Overload Control 754.8.1 Overload Reports 774.8.2 Overload Control State 774.8.3 Overload Abatement Considerations 79References 795 Diameter Security 815.1 Introduction 815.2 Background 825.2.1 Unkeyed Primitives 835.2.2 Symmetric Key Primitives 845.2.3 Asymmetric Key Primitives 845.2.4 Key Length Recommendations 865.3 Security Threats 875.4 Security Services 905.4.1 Diameter Security Model 905.4.1.1 Secure Transports 915.4.1.2 Authorization 925.4.2 Relation to Threats 935.4.3 Mitigating Other Threats 935.5 PKI Example Configuration in freeDiameter 945.5.1 The Configuration File 945.5.2 The Certificate 965.5.3 Protecting Exchanges via TLS 975.5.3.1 Common Name and Hostname Mismatch 985.5.3.2 Unprotected Exchanges 995.5.3.3 Certificate Revocation 1005.6 Security Evolution 102References 1026 Diameter Applications 1056.1 Introduction 1056.2 Base Accounting 1056.2.1 Actors 1066.2.2 Accounting Application Setup 1066.2.3 Accounting Services 1076.2.4 Accounting Records 1096.2.5 Correlation of Accounting Records 1096.2.6 Sending Accounting Information 1106.2.7 Accounting AVPs 1106.2.8 freeDiameter Example 1126.2.9 Fault Resilience 1136.2.10 Example: 3GPP Rf Interface for Mobile Offline Charging 1136.2.10.1 Rf Interface Commands 1146.3 Credit Control 1156.3.1 Credit-Control-Request Command 1166.3.2 Credit-Control-Answer Command 1186.3.3 Failure Handling 1206.3.4 Extensibility 1216.3.5 Example: 3GPP Ro Interface for Online Charging 1216.4 Quality of Service 1226.4.1 Actors 1226.4.2 Modes of Operation 1236.4.2.1 Push Mode 1236.4.2.2 Pull Mode 1236.4.3 Authorization 1246.4.3.1 Push Mode Authorization Schemes 1246.4.3.2 Pull Mode Authorization 1246.4.4 Establishing and Managing a QoS Application Session 1266.4.4.1 Establishing a Session 1266.4.5 Re-Authorizing a Session 1296.4.5.1 Re-Authorization Initiated by the NE 1296.4.5.2 Re-Authorization Initiated by the Authorizing Elements 1296.4.6 Terminating a Session 1296.4.6.1 Session Terminated by the NE 1296.4.6.2 Session Terminated by the AE 1296.5 Interworking RADIUS and Diameter 1306.6 S6a Interface 1376.6.1 Evolved Packet Core 1376.6.2 S6a Overview 1386.6.2.1 Common AVPs for S6a Commands 1396.6.3 Authentication 1406.6.3.1 Authentication-Information-Request Command 1406.6.3.2 Authentication-Information-Answer Command 1416.6.4 Location Management 1426.6.4.1 Update-Location-Request Command 1426.6.4.2 Cancel-Location-Request Command 1446.6.4.3 Cancel-Location-Answer Command 1456.6.4.4 Update-Location-Answer Command 1456.6.5 Subscriber Data Handling 1466.6.5.1 Insert-Subscriber-Data-Request Command 1466.6.5.2 Insert-Subscriber-Data-Answer Command 1476.6.5.3 Delete-Subscriber-Data-Request Command 1496.6.5.4 Delete-Subscriber-Data-Answer Message 1506.6.6 Fault Recovery 1506.6.6.1 Reset-Request Command 1506.6.6.2 Reset-Answer Command 1516.6.7 Notifications 1526.6.7.1 Notify-Request Command 1526.6.7.2 Notify-Answer Command 1546.6.8 Ending Subscriber Sessions 1546.6.8.1 Purge-UE-Request AVPs 1546.6.8.2 Purge-UE-Answer Command 1556.6.9 Extensibility 156References 1567 Guidelines for Extending Diameter 1597.1 Introduction 1597.2 Registration Policies 1607.3 Overview of Extension Strategies 1617.4 Extending Attribute-Value Pairs 1627.4.1 Extending Existing AVPs 1627.4.1.1 Creating New AVP Flags 1627.4.1.2 Adding AVP Extension Points 1627.4.1.3 Adding New AVP Values 1627.5 Extending Commands 1637.5.1 Allocating New Command Flags 1637.5.2 Adding New AVPs 1637.5.2.1 Adding New AVPs to Base Commands 1657.5.3 Creating New Commands 1657.5.3.1 Routing AVPs 1657.6 Creating New Applications 1667.6.1 The Application-Id 1667.7 Lessons Learned 1677.8 Vendor-specific Extensions 1697.8.1 AVPs 1697.8.2 Command Codes 1707.8.3 Diameter Applications 1707.9 Prototyping with freeDiameter 170References 170Appendix A freeDiameter Tutorial 173A.1 Introduction to Virtual Machines 173A.2 Installing the Virtualization Software 174A.3 Creating Your Own Environment 174A.4 Downloading the VM Image 174A.5 Installing and Starting the Master VM freeDiameter 174A.6 Creating a Connection Between Two Diameter Peers 175A.6.1 Building client.example.net 176A.6.2 Building server.example.net 177A.6.3 Creating the Diameter Connection 178Appendix B freeDiameter from Sources 183B.1 Introduction 183B.2 Tools and Dependencies 183B.2.1 Runtime Dependencies 184B.2.1.1 SCTP 184B.2.1.2 TLS 184B.2.1.3 Internationalized Domain Names 185B.3 Obtaining freeDiameter Source Code 185B.4 Configuring the Build 186B.5 Compiling freeDiameter 188B.6 Installing freeDiameter 189B.7 freeDiameter Configuration File 189B.8 Running and Debugging freeDiameter 190B.9 Extensions for Debug Support 192B.9.1 Extended Trace 192B.9.2 Logging Diameter Messages: dbg_msg_dumps.fdx 193B.9.3 Measuring Processing Time: dbg_msg_timings.fdx 195B.9.4 Viewing Queue Statistics: dbg_monitor.fdx 196B.9.5 Understanding Routing Decisions: dbg_rt.fdx 197B.9.6 The Interactive Python Shell Extension: dbg_interactive.fdx 198B.10 Further Reading 199Reference 199Appendix C The freeDiameter Framework 201C.1 Introduction 201C.2 Framework Modules 201C.3 freeDiameter API Overview 202C.3.1 libfdproto.h 203C.3.2 libfdcore.h 205C.3.3 extension.h 207C.4 freeDiameter Architectures 207Reference 208Glossary 209Index 213