Details

<p>Disclaimer xiii</p> <p>About the Authors xv</p> <p>Foreword xvii</p> <p>Preface xix</p> <p>Acknowledgements xxiii</p> <p>List of Abbreviations xxv</p> <p><b>1 Introduction </b><b>1</b></p> <p>1.1 What is AAA? 1</p> <p>1.2 Open Standards and the IETF 2</p> <p>1.3 What is Diameter? 3</p> <p>1.3.1 Diameter versus RADIUS 4</p> <p>1.3.2 Diameter Improvements 5</p> <p>1.4 What is freeDiameter? 6</p> <p>References 6</p> <p><b>2 Fundamental Diameter Concepts and Building Blocks </b><b>9</b></p> <p>2.1 Introduction 9</p> <p>2.2 Diameter Nodes 9</p> <p>2.3 Diameter Protocol Structure 10</p> <p>2.4 Diameter Applications 10</p> <p>2.5 Connections 11</p> <p>2.5.1 Transport Layer 11</p> <p>2.5.2 Peer-to-Peer Messaging Layer 12</p> <p>2.5.3 Setting up a Connection between freeDiameter Peers 12</p> <p>2.6 Diameter Message Overview 12</p> <p>2.6.1 The Command Code Format 13</p> <p>2.6.2 Message Structure 15</p> <p>2.6.3 Attribute–Value Pairs 16</p> <p>2.6.3.1 Format 16</p> <p>2.6.4 Derived AVP Data Formats 20</p> <p>2.7 Diameter Sessions 20</p> <p>2.8 Transaction Results 21</p> <p>2.8.1 Successful Transactions 21</p> <p>2.8.2 Protocol Errors 21</p> <p>2.8.3 Transient Failures 22</p> <p>2.8.4 Permanent Failures 23</p> <p>2.9 Diameter Agents 25</p> <p>2.9.1 Saving State 25</p> <p>2.9.2 Redirect Agents 25</p> <p>2.9.3 Relay Agents 25</p> <p>2.9.4 Proxy Agents 27</p> <p>2.9.5 Translation Agents 27</p> <p>References 27</p> <p><b>3 Communication between Neighboring Peers </b><b>29</b></p> <p>3.1 Introduction 29</p> <p>3.2 Peer Connections and Diameter Sessions 29</p> <p>3.3 The DiameterIdentity 29</p> <p>3.4 Peer Discovery 31</p> <p>3.4.1 Static Discovery 31</p> <p>3.4.1.1 Static Discovery in freeDiameter 31</p> <p>3.4.2 Dynamic Discovery 32</p> <p>3.4.2.1 Dynamic Discovery and DiameterURI 35</p> <p>3.4.2.2 DNS Further Reading 36</p> <p>3.5 Connection Establishment 36</p> <p>3.5.1 The Election Process: Handling Simultaneous Connection Attempts 37</p> <p>3.6 Capabilities Exchange 37</p> <p>3.6.1 freeDiameter example 38</p> <p>3.6.2 The Capabilities Exchange Request 39</p> <p>3.6.3 Capabilities Exchange Answer 40</p> <p>3.6.4 Hop-by-Hop Identifiers 41</p> <p>3.7 The Peer Table 42</p> <p>3.8 Peer Connection Maintenance 43</p> <p>3.8.1 Transport Failure, Failover, and Failback Procedures 45</p> <p>3.8.2 Peer State Machine 49</p> <p>3.9 Advanced Transport and Peer Topics 49</p> <p>3.9.1 TCP Multi-homing 50</p> <p>3.9.2 SCTP Multi-homing 51</p> <p>3.9.2.1 Multi-homing in freeDiameter 53</p> <p>3.9.3 Avoiding Head-of-Line Blocking 56</p> <p>3.9.4 Multiple Connection Instances 56</p> <p>References 59</p> <p><b>4 Diameter End-to-End Communication </b><b>61</b></p> <p>4.1 Introduction 61</p> <p>4.2 The Routing Table 61</p> <p>4.3 Diameter Request Routing 63</p> <p>4.3.1 AVPs to Route Request Messages 64</p> <p>4.3.1.1 Destination-Realm AVP 64</p> <p>4.3.1.2 Destination-Host AVP 64</p> <p>4.3.1.3 Auth-Application-Id and Acct-Application-Id AVPs 64</p> <p>4.3.1.4 User-Name AVP 65</p> <p>4.3.2 Routing AVPs 66</p> <p>4.3.2.1 Route-Record AVP 66</p> <p>4.3.2.2 Proxy-Info AVP 66</p> <p>4.4 Request Routing Error Handling 67</p> <p>4.4.1 Detecting Duplicated Messages 67</p> <p>4.4.2 Error Codes 67</p> <p>4.5 Answer Message Routing 68</p> <p>4.5.1 Relaying and Proxying Answer Messages 69</p> <p>4.6 Intra-Realm versus Inter-Realm Communication 69</p> <p>4.7 Diameter Routing and Inter-Connection Networks 70</p> <p>4.7.1 Inter-Connection Approaches 70</p> <p>4.7.2 Dynamic Diameter Node Discovery 72</p> <p>4.7.2.1 Alternative 1 73</p> <p>4.7.2.2 Alternative 2 73</p> <p>4.7.2.3 Alternative 3 73</p> <p>4.8 Diameter Overload Control 75</p> <p>4.8.1 Overload Reports 77</p> <p>4.8.2 Overload Control State 77</p> <p>4.8.3 Overload Abatement Considerations 79</p> <p>References 79</p> <p><b>5 Diameter Security </b><b>81</b></p> <p>5.1 Introduction 81</p> <p>5.2 Background 82</p> <p>5.2.1 Unkeyed Primitives 83</p> <p>5.2.2 Symmetric Key Primitives 84</p> <p>5.2.3 Asymmetric Key Primitives 84</p> <p>5.2.4 Key Length Recommendations 86</p> <p>5.3 Security Threats 87</p> <p>5.4 Security Services 90</p> <p>5.4.1 Diameter Security Model 90</p> <p>5.4.1.1 Secure Transports 91</p> <p>5.4.1.2 Authorization 92</p> <p>5.4.2 Relation to Threats 93</p> <p>5.4.3 Mitigating Other Threats 93</p> <p>5.5 PKI Example Configuration in freeDiameter 94</p> <p>5.5.1 The Configuration File 94</p> <p>5.5.2 The Certificate 96</p> <p>5.5.3 Protecting Exchanges via TLS 97</p> <p>5.5.3.1 Common Name and Hostname Mismatch 98</p> <p>5.5.3.2 Unprotected Exchanges 99</p> <p>5.5.3.3 Certificate Revocation 100</p> <p>5.6 Security Evolution 102</p> <p>References 102</p> <p><b>6 Diameter Applications </b><b>105</b></p> <p>6.1 Introduction 105</p> <p>6.2 Base Accounting 105</p> <p>6.2.1 Actors 106</p> <p>6.2.2 Accounting Application Setup 106</p> <p>6.2.3 Accounting Services 107</p> <p>6.2.4 Accounting Records 109</p> <p>6.2.5 Correlation of Accounting Records 109</p> <p>6.2.6 Sending Accounting Information 110</p> <p>6.2.7 Accounting AVPs 110</p> <p>6.2.8 freeDiameter Example 112</p> <p>6.2.9 Fault Resilience 113</p> <p>6.2.10 Example: 3GPP Rf Interface for Mobile Offline Charging 113</p> <p>6.2.10.1 Rf Interface Commands 114</p> <p>6.3 Credit Control 115</p> <p>6.3.1 Credit-Control-Request Command 116</p> <p>6.3.2 Credit-Control-Answer Command 118</p> <p>6.3.3 Failure Handling 120</p> <p>6.3.4 Extensibility 121</p> <p>6.3.5 Example: 3GPP Ro Interface for Online Charging 121</p> <p>6.4 Quality of Service 122</p> <p>6.4.1 Actors 122</p> <p>6.4.2 Modes of Operation 123</p> <p>6.4.2.1 Push Mode 123</p> <p>6.4.2.2 Pull Mode 123</p> <p>6.4.3 Authorization 124</p> <p>6.4.3.1 Push Mode Authorization Schemes 124</p> <p>6.4.3.2 Pull Mode Authorization 124</p> <p>6.4.4 Establishing and Managing a QoS Application Session 126</p> <p>6.4.4.1 Establishing a Session 126</p> <p>6.4.5 Re-Authorizing a Session 129</p> <p>6.4.5.1 Re-Authorization Initiated by the NE 129</p> <p>6.4.5.2 Re-Authorization Initiated by the Authorizing Elements 129</p> <p>6.4.6 Terminating a Session 129</p> <p>6.4.6.1 Session Terminated by the NE 129</p> <p>6.4.6.2 Session Terminated by the AE 129</p> <p>6.5 Interworking RADIUS and Diameter 130</p> <p>6.6 S6a Interface 137</p> <p>6.6.1 Evolved Packet Core 137</p> <p>6.6.2 S6a Overview 138</p> <p>6.6.2.1 Common AVPs for S6a Commands 139</p> <p>6.6.3 Authentication 140</p> <p>6.6.3.1 Authentication-Information-Request Command 140</p> <p>6.6.3.2 Authentication-Information-Answer Command 141</p> <p>6.6.4 Location Management 142</p> <p>6.6.4.1 Update-Location-Request Command 142</p> <p>6.6.4.2 Cancel-Location-Request Command 144</p> <p>6.6.4.3 Cancel-Location-Answer Command 145</p> <p>6.6.4.4 Update-Location-Answer Command 145</p> <p>6.6.5 Subscriber Data Handling 146</p> <p>6.6.5.1 Insert-Subscriber-Data-Request Command 146</p> <p>6.6.5.2 Insert-Subscriber-Data-Answer Command 147</p> <p>6.6.5.3 Delete-Subscriber-Data-Request Command 149</p> <p>6.6.5.4 Delete-Subscriber-Data-Answer Message 150</p> <p>6.6.6 Fault Recovery 150</p> <p>6.6.6.1 Reset-Request Command 150</p> <p>6.6.6.2 Reset-Answer Command 151</p> <p>6.6.7 Notifications 152</p> <p>6.6.7.1 Notify-Request Command 152</p> <p>6.6.7.2 Notify-Answer Command 154</p> <p>6.6.8 Ending Subscriber Sessions 154</p> <p>6.6.8.1 Purge-UE-Request AVPs 154</p> <p>6.6.8.2 Purge-UE-Answer Command 155</p> <p>6.6.9 Extensibility 156</p> <p>References 156</p> <p><b>7 Guidelines for Extending Diameter </b><b>159</b></p> <p>7.1 Introduction 159</p> <p>7.2 Registration Policies 160</p> <p>7.3 Overview of Extension Strategies 161</p> <p>7.4 Extending Attribute–Value Pairs 162</p> <p>7.4.1 Extending Existing AVPs 162</p> <p>7.4.1.1 Creating New AVP Flags 162</p> <p>7.4.1.2 Adding AVP Extension Points 162</p> <p>7.4.1.3 Adding New AVP Values 162</p> <p>7.5 Extending Commands 163</p> <p>7.5.1 Allocating New Command Flags 163</p> <p>7.5.2 Adding New AVPs 163</p> <p>7.5.2.1 Adding New AVPs to Base Commands 165</p> <p>7.5.3 Creating New Commands 165</p> <p>7.5.3.1 Routing AVPs 165</p> <p>7.6 Creating New Applications 166</p> <p>7.6.1 The Application-Id 166</p> <p>7.7 Lessons Learned 167</p> <p>7.8 Vendor-specific Extensions 169</p> <p>7.8.1 AVPs 169</p> <p>7.8.2 Command Codes 170</p> <p>7.8.3 Diameter Applications 170</p> <p>7.9 Prototyping with freeDiameter 170</p> <p>References 170</p> <p><b>Appendix A freeDiameter Tutorial </b><b>173</b></p> <p>A.1 Introduction to Virtual Machines 173</p> <p>A.2 Installing the Virtualization Software 174</p> <p>A.3 Creating Your Own Environment 174</p> <p>A.4 Downloading the VM Image 174</p> <p>A.5 Installing and Starting the Master VM freeDiameter 174</p> <p>A.6 Creating a Connection Between Two Diameter Peers 175</p> <p>A.6.1 Building client.example.net 176</p> <p>A.6.2 Building server.example.net 177</p> <p>A.6.3 Creating the Diameter Connection 178</p> <p><b>Appendix B freeDiameter from Sources </b><b>183</b></p> <p>B.1 Introduction 183</p> <p>B.2 Tools and Dependencies 183</p> <p>B.2.1 Runtime Dependencies 184</p> <p>B.2.1.1 SCTP 184</p> <p>B.2.1.2 TLS 184</p> <p>B.2.1.3 Internationalized Domain Names 185</p> <p>B.3 Obtaining freeDiameter Source Code 185</p> <p>B.4 Configuring the Build 186</p> <p>B.5 Compiling freeDiameter 188</p> <p>B.6 Installing freeDiameter 189</p> <p>B.7 freeDiameter Configuration File 189</p> <p>B.8 Running and Debugging freeDiameter 190</p> <p>B.9 Extensions for Debug Support 192</p> <p>B.9.1 Extended Trace 192</p> <p>B.9.2 Logging Diameter Messages: dbg_msg_dumps.fdx 193</p> <p>B.9.3 Measuring Processing Time: dbg_msg_timings.fdx 195</p> <p>B.9.4 Viewing Queue Statistics: dbg_monitor.fdx 196</p> <p>B.9.5 Understanding Routing Decisions: dbg_rt.fdx 197</p> <p>B.9.6 The Interactive Python Shell Extension: dbg_interactive.fdx 198</p> <p>B.10 Further Reading 199</p> <p>Reference 199</p> <p><b>Appendix C The freeDiameter Framework </b><b>201</b></p> <p>C.1 Introduction 201</p> <p>C.2 Framework Modules 201</p> <p>C.3 freeDiameter API Overview 202</p> <p>C.3.1 <i>libfdproto.h</i> 203</p> <p>C.3.2 <i>libfdcore.h</i> 205</p> <p>C.3.3 <i>extension.h</i> 207</p> <p>C.4 freeDiameter Architectures 207</p> <p>Reference 208</p> <p>Glossary 209</p> <p>Index 213</p>

<p><b>HANNES TSCHOFENIG</b> is employed by Arm Ltd. where his focus is on improving the security of Internet of Things device. While working for Nokia Siemens Networks he co-chaired the IETF Diameter Maintenance and Extensions (DIME) working group. <p><b>SÉBASTIEN DECUGIS</b> is a former Senior Visiting Researcher at Keio University in Japan, and developer of the <i>freeDiameter</i> implementation. <p><b>JEAN MAHONEY</b> has more than a decade's worth of experience with IETF specifications and the servers and clients built on top of them. Jean is currently the co-chair of the IETF SIPCORE working group and Gen-ART Secretary. <p><b>JOUNI KORHONEN</b> is Principal R&D Engineer with Nordic Semiconductor, and co-author of <i>Deploying IPv6 in 3GPP Networks.</i>

<p><b>PRESENTS THE PRINCIPLES, DESIGN, DEVELOPMENT AND APPLICATIONS OF THE DIAMETER PROTOCOL SUITE</b> <p>The Diameter protocol was born in the Internet Engineering Task Force (IETF) and designed to be a general-purpose Authentication, Authorization, and Accounting (AAA) protocol applicable to many network environments. This book is for everyone who wants to understand the Diameter protocol and its applications. It explains the place Diameter holds in global telecommunication networks and teaches system architects and designers how to incorporate Diameter into their network environments. <p><i>Diameter: New Generation AAA Protocol – Design, Practice, and Applications</i> begins by describing the foundation of Diameter step-by-step, starting with building blocks of the protocol, and progressing from a simple two-party exchange to a multi-party exchange involving complex routing. It discusses the motivation for using Diameter, talks about its predecessor, RADIUS, and introduces the open source Diameter implementation, <i>freeDiameter</i>. The book expands beyond protocol basics to cover end-to-end communication, security functionality, and real-world applications, extending to the backend infrastructure of mobile telecommunications. In addition, an advanced chapter teaches readers how to develop Diameter extensions for their own AAA applications. <ul> <li>Written by an experienced author team who are members of the group that standardized Diameter in the IETF and are at the forefront of this cutting-edge technology</li> <li>Presents the still-developing topic of Diameter from both introductory and advanced levels</li> <li>Makes available for download a virtual machine containing the open source implementation, https://diameter-book.info</li> <li>Provides hands-on experience via <i>freeDiameter</i> examples and exercises throughout the book</li> </ul> <p><i>Diameter: New Generation AAA Protocol – Design, Practice, and Applications</i> will appeal to system architects and system designers, programmers, standardization experts new to Diameter, and students and researchers interested in technology that is deployed by many network operators. </ul> <p><i>Diameter: New Generation AAA Protocol – Design, Practice, and Applications</i> will appeal to system architects and system designers, programmers, standardization experts new to Diameter, and students and researchers interested in technology that is deployed by many network operators.

GB