Diameter
-15%
portes grátis
Diameter
New Generation AAA Protocol - Design, Practice, and Applications
Mahoney, Jean; Tschofenig, Hannes; Decugis, Sebastien; Korhonen, Jouni
John Wiley & Sons Inc
04/2019
248
Dura
Inglês
9781118875902
15 a 20 dias
564
Descrição não disponível.
Disclaimer xiii
About the Authors xv
Foreword xvii
Preface xix
Acknowledgements xxiii
List of Abbreviations xxv
1 Introduction 1
1.1 What is AAA? 1
1.2 Open Standards and the IETF 2
1.3 What is Diameter? 3
1.3.1 Diameter versus RADIUS 4
1.3.2 Diameter Improvements 5
1.4 What is freeDiameter? 6
References 6
2 Fundamental Diameter Concepts and Building Blocks 9
2.1 Introduction 9
2.2 Diameter Nodes 9
2.3 Diameter Protocol Structure 10
2.4 Diameter Applications 10
2.5 Connections 11
2.5.1 Transport Layer 11
2.5.2 Peer-to-Peer Messaging Layer 12
2.5.3 Setting up a Connection between freeDiameter Peers 12
2.6 Diameter Message Overview 12
2.6.1 The Command Code Format 13
2.6.2 Message Structure 15
2.6.3 Attribute-Value Pairs 16
2.6.3.1 Format 16
2.6.4 Derived AVP Data Formats 20
2.7 Diameter Sessions 20
2.8 Transaction Results 21
2.8.1 Successful Transactions 21
2.8.2 Protocol Errors 21
2.8.3 Transient Failures 22
2.8.4 Permanent Failures 23
2.9 Diameter Agents 25
2.9.1 Saving State 25
2.9.2 Redirect Agents 25
2.9.3 Relay Agents 25
2.9.4 Proxy Agents 27
2.9.5 Translation Agents 27
References 27
3 Communication between Neighboring Peers 29
3.1 Introduction 29
3.2 Peer Connections and Diameter Sessions 29
3.3 The DiameterIdentity 29
3.4 Peer Discovery 31
3.4.1 Static Discovery 31
3.4.1.1 Static Discovery in freeDiameter 31
3.4.2 Dynamic Discovery 32
3.4.2.1 Dynamic Discovery and DiameterURI 35
3.4.2.2 DNS Further Reading 36
3.5 Connection Establishment 36
3.5.1 The Election Process: Handling Simultaneous Connection Attempts 37
3.6 Capabilities Exchange 37
3.6.1 freeDiameter example 38
3.6.2 The Capabilities Exchange Request 39
3.6.3 Capabilities Exchange Answer 40
3.6.4 Hop-by-Hop Identifiers 41
3.7 The Peer Table 42
3.8 Peer Connection Maintenance 43
3.8.1 Transport Failure, Failover, and Failback Procedures 45
3.8.2 Peer State Machine 49
3.9 Advanced Transport and Peer Topics 49
3.9.1 TCP Multi-homing 50
3.9.2 SCTP Multi-homing 51
3.9.2.1 Multi-homing in freeDiameter 53
3.9.3 Avoiding Head-of-Line Blocking 56
3.9.4 Multiple Connection Instances 56
References 59
4 Diameter End-to-End Communication 61
4.1 Introduction 61
4.2 The Routing Table 61
4.3 Diameter Request Routing 63
4.3.1 AVPs to Route Request Messages 64
4.3.1.1 Destination-Realm AVP 64
4.3.1.2 Destination-Host AVP 64
4.3.1.3 Auth-Application-Id and Acct-Application-Id AVPs 64
4.3.1.4 User-Name AVP 65
4.3.2 Routing AVPs 66
4.3.2.1 Route-Record AVP 66
4.3.2.2 Proxy-Info AVP 66
4.4 Request Routing Error Handling 67
4.4.1 Detecting Duplicated Messages 67
4.4.2 Error Codes 67
4.5 Answer Message Routing 68
4.5.1 Relaying and Proxying Answer Messages 69
4.6 Intra-Realm versus Inter-Realm Communication 69
4.7 Diameter Routing and Inter-Connection Networks 70
4.7.1 Inter-Connection Approaches 70
4.7.2 Dynamic Diameter Node Discovery 72
4.7.2.1 Alternative 1 73
4.7.2.2 Alternative 2 73
4.7.2.3 Alternative 3 73
4.8 Diameter Overload Control 75
4.8.1 Overload Reports 77
4.8.2 Overload Control State 77
4.8.3 Overload Abatement Considerations 79
References 79
5 Diameter Security 81
5.1 Introduction 81
5.2 Background 82
5.2.1 Unkeyed Primitives 83
5.2.2 Symmetric Key Primitives 84
5.2.3 Asymmetric Key Primitives 84
5.2.4 Key Length Recommendations 86
5.3 Security Threats 87
5.4 Security Services 90
5.4.1 Diameter Security Model 90
5.4.1.1 Secure Transports 91
5.4.1.2 Authorization 92
5.4.2 Relation to Threats 93
5.4.3 Mitigating Other Threats 93
5.5 PKI Example Configuration in freeDiameter 94
5.5.1 The Configuration File 94
5.5.2 The Certificate 96
5.5.3 Protecting Exchanges via TLS 97
5.5.3.1 Common Name and Hostname Mismatch 98
5.5.3.2 Unprotected Exchanges 99
5.5.3.3 Certificate Revocation 100
5.6 Security Evolution 102
References 102
6 Diameter Applications 105
6.1 Introduction 105
6.2 Base Accounting 105
6.2.1 Actors 106
6.2.2 Accounting Application Setup 106
6.2.3 Accounting Services 107
6.2.4 Accounting Records 109
6.2.5 Correlation of Accounting Records 109
6.2.6 Sending Accounting Information 110
6.2.7 Accounting AVPs 110
6.2.8 freeDiameter Example 112
6.2.9 Fault Resilience 113
6.2.10 Example: 3GPP Rf Interface for Mobile Offline Charging 113
6.2.10.1 Rf Interface Commands 114
6.3 Credit Control 115
6.3.1 Credit-Control-Request Command 116
6.3.2 Credit-Control-Answer Command 118
6.3.3 Failure Handling 120
6.3.4 Extensibility 121
6.3.5 Example: 3GPP Ro Interface for Online Charging 121
6.4 Quality of Service 122
6.4.1 Actors 122
6.4.2 Modes of Operation 123
6.4.2.1 Push Mode 123
6.4.2.2 Pull Mode 123
6.4.3 Authorization 124
6.4.3.1 Push Mode Authorization Schemes 124
6.4.3.2 Pull Mode Authorization 124
6.4.4 Establishing and Managing a QoS Application Session 126
6.4.4.1 Establishing a Session 126
6.4.5 Re-Authorizing a Session 129
6.4.5.1 Re-Authorization Initiated by the NE 129
6.4.5.2 Re-Authorization Initiated by the Authorizing Elements 129
6.4.6 Terminating a Session 129
6.4.6.1 Session Terminated by the NE 129
6.4.6.2 Session Terminated by the AE 129
6.5 Interworking RADIUS and Diameter 130
6.6 S6a Interface 137
6.6.1 Evolved Packet Core 137
6.6.2 S6a Overview 138
6.6.2.1 Common AVPs for S6a Commands 139
6.6.3 Authentication 140
6.6.3.1 Authentication-Information-Request Command 140
6.6.3.2 Authentication-Information-Answer Command 141
6.6.4 Location Management 142
6.6.4.1 Update-Location-Request Command 142
6.6.4.2 Cancel-Location-Request Command 144
6.6.4.3 Cancel-Location-Answer Command 145
6.6.4.4 Update-Location-Answer Command 145
6.6.5 Subscriber Data Handling 146
6.6.5.1 Insert-Subscriber-Data-Request Command 146
6.6.5.2 Insert-Subscriber-Data-Answer Command 147
6.6.5.3 Delete-Subscriber-Data-Request Command 149
6.6.5.4 Delete-Subscriber-Data-Answer Message 150
6.6.6 Fault Recovery 150
6.6.6.1 Reset-Request Command 150
6.6.6.2 Reset-Answer Command 151
6.6.7 Notifications 152
6.6.7.1 Notify-Request Command 152
6.6.7.2 Notify-Answer Command 154
6.6.8 Ending Subscriber Sessions 154
6.6.8.1 Purge-UE-Request AVPs 154
6.6.8.2 Purge-UE-Answer Command 155
6.6.9 Extensibility 156
References 156
7 Guidelines for Extending Diameter 159
7.1 Introduction 159
7.2 Registration Policies 160
7.3 Overview of Extension Strategies 161
7.4 Extending Attribute-Value Pairs 162
7.4.1 Extending Existing AVPs 162
7.4.1.1 Creating New AVP Flags 162
7.4.1.2 Adding AVP Extension Points 162
7.4.1.3 Adding New AVP Values 162
7.5 Extending Commands 163
7.5.1 Allocating New Command Flags 163
7.5.2 Adding New AVPs 163
7.5.2.1 Adding New AVPs to Base Commands 165
7.5.3 Creating New Commands 165
7.5.3.1 Routing AVPs 165
7.6 Creating New Applications 166
7.6.1 The Application-Id 166
7.7 Lessons Learned 167
7.8 Vendor-specific Extensions 169
7.8.1 AVPs 169
7.8.2 Command Codes 170
7.8.3 Diameter Applications 170
7.9 Prototyping with freeDiameter 170
References 170
Appendix A freeDiameter Tutorial 173
A.1 Introduction to Virtual Machines 173
A.2 Installing the Virtualization Software 174
A.3 Creating Your Own Environment 174
A.4 Downloading the VM Image 174
A.5 Installing and Starting the Master VM freeDiameter 174
A.6 Creating a Connection Between Two Diameter Peers 175
A.6.1 Building client.example.net 176
A.6.2 Building server.example.net 177
A.6.3 Creating the Diameter Connection 178
Appendix B freeDiameter from Sources 183
B.1 Introduction 183
B.2 Tools and Dependencies 183
B.2.1 Runtime Dependencies 184
B.2.1.1 SCTP 184
B.2.1.2 TLS 184
B.2.1.3 Internationalized Domain Names 185
B.3 Obtaining freeDiameter Source Code 185
B.4 Configuring the Build 186
B.5 Compiling freeDiameter 188
B.6 Installing freeDiameter 189
B.7 freeDiameter Configuration File 189
B.8 Running and Debugging freeDiameter 190
B.9 Extensions for Debug Support 192
B.9.1 Extended Trace 192
B.9.2 Logging Diameter Messages: dbg_msg_dumps.fdx 193
B.9.3 Measuring Processing Time: dbg_msg_timings.fdx 195
B.9.4 Viewing Queue Statistics: dbg_monitor.fdx 196
B.9.5 Understanding Routing Decisions: dbg_rt.fdx 197
B.9.6 The Interactive Python Shell Extension: dbg_interactive.fdx 198
B.10 Further Reading 199
Reference 199
Appendix C The freeDiameter Framework 201
C.1 Introduction 201
C.2 Framework Modules 201
C.3 freeDiameter API Overview 202
C.3.1 libfdproto.h 203
C.3.2 libfdcore.h 205
C.3.3 extension.h 207
C.4 freeDiameter Architectures 207
Reference 208
Glossary 209
Index 213
About the Authors xv
Foreword xvii
Preface xix
Acknowledgements xxiii
List of Abbreviations xxv
1 Introduction 1
1.1 What is AAA? 1
1.2 Open Standards and the IETF 2
1.3 What is Diameter? 3
1.3.1 Diameter versus RADIUS 4
1.3.2 Diameter Improvements 5
1.4 What is freeDiameter? 6
References 6
2 Fundamental Diameter Concepts and Building Blocks 9
2.1 Introduction 9
2.2 Diameter Nodes 9
2.3 Diameter Protocol Structure 10
2.4 Diameter Applications 10
2.5 Connections 11
2.5.1 Transport Layer 11
2.5.2 Peer-to-Peer Messaging Layer 12
2.5.3 Setting up a Connection between freeDiameter Peers 12
2.6 Diameter Message Overview 12
2.6.1 The Command Code Format 13
2.6.2 Message Structure 15
2.6.3 Attribute-Value Pairs 16
2.6.3.1 Format 16
2.6.4 Derived AVP Data Formats 20
2.7 Diameter Sessions 20
2.8 Transaction Results 21
2.8.1 Successful Transactions 21
2.8.2 Protocol Errors 21
2.8.3 Transient Failures 22
2.8.4 Permanent Failures 23
2.9 Diameter Agents 25
2.9.1 Saving State 25
2.9.2 Redirect Agents 25
2.9.3 Relay Agents 25
2.9.4 Proxy Agents 27
2.9.5 Translation Agents 27
References 27
3 Communication between Neighboring Peers 29
3.1 Introduction 29
3.2 Peer Connections and Diameter Sessions 29
3.3 The DiameterIdentity 29
3.4 Peer Discovery 31
3.4.1 Static Discovery 31
3.4.1.1 Static Discovery in freeDiameter 31
3.4.2 Dynamic Discovery 32
3.4.2.1 Dynamic Discovery and DiameterURI 35
3.4.2.2 DNS Further Reading 36
3.5 Connection Establishment 36
3.5.1 The Election Process: Handling Simultaneous Connection Attempts 37
3.6 Capabilities Exchange 37
3.6.1 freeDiameter example 38
3.6.2 The Capabilities Exchange Request 39
3.6.3 Capabilities Exchange Answer 40
3.6.4 Hop-by-Hop Identifiers 41
3.7 The Peer Table 42
3.8 Peer Connection Maintenance 43
3.8.1 Transport Failure, Failover, and Failback Procedures 45
3.8.2 Peer State Machine 49
3.9 Advanced Transport and Peer Topics 49
3.9.1 TCP Multi-homing 50
3.9.2 SCTP Multi-homing 51
3.9.2.1 Multi-homing in freeDiameter 53
3.9.3 Avoiding Head-of-Line Blocking 56
3.9.4 Multiple Connection Instances 56
References 59
4 Diameter End-to-End Communication 61
4.1 Introduction 61
4.2 The Routing Table 61
4.3 Diameter Request Routing 63
4.3.1 AVPs to Route Request Messages 64
4.3.1.1 Destination-Realm AVP 64
4.3.1.2 Destination-Host AVP 64
4.3.1.3 Auth-Application-Id and Acct-Application-Id AVPs 64
4.3.1.4 User-Name AVP 65
4.3.2 Routing AVPs 66
4.3.2.1 Route-Record AVP 66
4.3.2.2 Proxy-Info AVP 66
4.4 Request Routing Error Handling 67
4.4.1 Detecting Duplicated Messages 67
4.4.2 Error Codes 67
4.5 Answer Message Routing 68
4.5.1 Relaying and Proxying Answer Messages 69
4.6 Intra-Realm versus Inter-Realm Communication 69
4.7 Diameter Routing and Inter-Connection Networks 70
4.7.1 Inter-Connection Approaches 70
4.7.2 Dynamic Diameter Node Discovery 72
4.7.2.1 Alternative 1 73
4.7.2.2 Alternative 2 73
4.7.2.3 Alternative 3 73
4.8 Diameter Overload Control 75
4.8.1 Overload Reports 77
4.8.2 Overload Control State 77
4.8.3 Overload Abatement Considerations 79
References 79
5 Diameter Security 81
5.1 Introduction 81
5.2 Background 82
5.2.1 Unkeyed Primitives 83
5.2.2 Symmetric Key Primitives 84
5.2.3 Asymmetric Key Primitives 84
5.2.4 Key Length Recommendations 86
5.3 Security Threats 87
5.4 Security Services 90
5.4.1 Diameter Security Model 90
5.4.1.1 Secure Transports 91
5.4.1.2 Authorization 92
5.4.2 Relation to Threats 93
5.4.3 Mitigating Other Threats 93
5.5 PKI Example Configuration in freeDiameter 94
5.5.1 The Configuration File 94
5.5.2 The Certificate 96
5.5.3 Protecting Exchanges via TLS 97
5.5.3.1 Common Name and Hostname Mismatch 98
5.5.3.2 Unprotected Exchanges 99
5.5.3.3 Certificate Revocation 100
5.6 Security Evolution 102
References 102
6 Diameter Applications 105
6.1 Introduction 105
6.2 Base Accounting 105
6.2.1 Actors 106
6.2.2 Accounting Application Setup 106
6.2.3 Accounting Services 107
6.2.4 Accounting Records 109
6.2.5 Correlation of Accounting Records 109
6.2.6 Sending Accounting Information 110
6.2.7 Accounting AVPs 110
6.2.8 freeDiameter Example 112
6.2.9 Fault Resilience 113
6.2.10 Example: 3GPP Rf Interface for Mobile Offline Charging 113
6.2.10.1 Rf Interface Commands 114
6.3 Credit Control 115
6.3.1 Credit-Control-Request Command 116
6.3.2 Credit-Control-Answer Command 118
6.3.3 Failure Handling 120
6.3.4 Extensibility 121
6.3.5 Example: 3GPP Ro Interface for Online Charging 121
6.4 Quality of Service 122
6.4.1 Actors 122
6.4.2 Modes of Operation 123
6.4.2.1 Push Mode 123
6.4.2.2 Pull Mode 123
6.4.3 Authorization 124
6.4.3.1 Push Mode Authorization Schemes 124
6.4.3.2 Pull Mode Authorization 124
6.4.4 Establishing and Managing a QoS Application Session 126
6.4.4.1 Establishing a Session 126
6.4.5 Re-Authorizing a Session 129
6.4.5.1 Re-Authorization Initiated by the NE 129
6.4.5.2 Re-Authorization Initiated by the Authorizing Elements 129
6.4.6 Terminating a Session 129
6.4.6.1 Session Terminated by the NE 129
6.4.6.2 Session Terminated by the AE 129
6.5 Interworking RADIUS and Diameter 130
6.6 S6a Interface 137
6.6.1 Evolved Packet Core 137
6.6.2 S6a Overview 138
6.6.2.1 Common AVPs for S6a Commands 139
6.6.3 Authentication 140
6.6.3.1 Authentication-Information-Request Command 140
6.6.3.2 Authentication-Information-Answer Command 141
6.6.4 Location Management 142
6.6.4.1 Update-Location-Request Command 142
6.6.4.2 Cancel-Location-Request Command 144
6.6.4.3 Cancel-Location-Answer Command 145
6.6.4.4 Update-Location-Answer Command 145
6.6.5 Subscriber Data Handling 146
6.6.5.1 Insert-Subscriber-Data-Request Command 146
6.6.5.2 Insert-Subscriber-Data-Answer Command 147
6.6.5.3 Delete-Subscriber-Data-Request Command 149
6.6.5.4 Delete-Subscriber-Data-Answer Message 150
6.6.6 Fault Recovery 150
6.6.6.1 Reset-Request Command 150
6.6.6.2 Reset-Answer Command 151
6.6.7 Notifications 152
6.6.7.1 Notify-Request Command 152
6.6.7.2 Notify-Answer Command 154
6.6.8 Ending Subscriber Sessions 154
6.6.8.1 Purge-UE-Request AVPs 154
6.6.8.2 Purge-UE-Answer Command 155
6.6.9 Extensibility 156
References 156
7 Guidelines for Extending Diameter 159
7.1 Introduction 159
7.2 Registration Policies 160
7.3 Overview of Extension Strategies 161
7.4 Extending Attribute-Value Pairs 162
7.4.1 Extending Existing AVPs 162
7.4.1.1 Creating New AVP Flags 162
7.4.1.2 Adding AVP Extension Points 162
7.4.1.3 Adding New AVP Values 162
7.5 Extending Commands 163
7.5.1 Allocating New Command Flags 163
7.5.2 Adding New AVPs 163
7.5.2.1 Adding New AVPs to Base Commands 165
7.5.3 Creating New Commands 165
7.5.3.1 Routing AVPs 165
7.6 Creating New Applications 166
7.6.1 The Application-Id 166
7.7 Lessons Learned 167
7.8 Vendor-specific Extensions 169
7.8.1 AVPs 169
7.8.2 Command Codes 170
7.8.3 Diameter Applications 170
7.9 Prototyping with freeDiameter 170
References 170
Appendix A freeDiameter Tutorial 173
A.1 Introduction to Virtual Machines 173
A.2 Installing the Virtualization Software 174
A.3 Creating Your Own Environment 174
A.4 Downloading the VM Image 174
A.5 Installing and Starting the Master VM freeDiameter 174
A.6 Creating a Connection Between Two Diameter Peers 175
A.6.1 Building client.example.net 176
A.6.2 Building server.example.net 177
A.6.3 Creating the Diameter Connection 178
Appendix B freeDiameter from Sources 183
B.1 Introduction 183
B.2 Tools and Dependencies 183
B.2.1 Runtime Dependencies 184
B.2.1.1 SCTP 184
B.2.1.2 TLS 184
B.2.1.3 Internationalized Domain Names 185
B.3 Obtaining freeDiameter Source Code 185
B.4 Configuring the Build 186
B.5 Compiling freeDiameter 188
B.6 Installing freeDiameter 189
B.7 freeDiameter Configuration File 189
B.8 Running and Debugging freeDiameter 190
B.9 Extensions for Debug Support 192
B.9.1 Extended Trace 192
B.9.2 Logging Diameter Messages: dbg_msg_dumps.fdx 193
B.9.3 Measuring Processing Time: dbg_msg_timings.fdx 195
B.9.4 Viewing Queue Statistics: dbg_monitor.fdx 196
B.9.5 Understanding Routing Decisions: dbg_rt.fdx 197
B.9.6 The Interactive Python Shell Extension: dbg_interactive.fdx 198
B.10 Further Reading 199
Reference 199
Appendix C The freeDiameter Framework 201
C.1 Introduction 201
C.2 Framework Modules 201
C.3 freeDiameter API Overview 202
C.3.1 libfdproto.h 203
C.3.2 libfdcore.h 205
C.3.3 extension.h 207
C.4 freeDiameter Architectures 207
Reference 208
Glossary 209
Index 213
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
wireless communications; mobile communications; Diameter protocol; Diameter nodes; system architecture; system designers; computer programming; protocol standardization; network operation; mobile software; mobile technology; network security; network security for mobile access; software; software analysis; Diameter; RADIUS; IETF; AAA protocol; protocol design; Internet Engineering Task Force; Diameter Maintenance and Extensions; DIME; IP protocols in 3GPP systems; IP protocols; cellular networks; Diameter within mobile operator networks; mobile technology; Diameter applications; mobile protocols; attribute-value pairs (AVPs); Diameter security; peer-to-peer communication; freeDiameter; 3GPP; 3GPP networks; TCP/IP protocols; end-to-end communication
Disclaimer xiii
About the Authors xv
Foreword xvii
Preface xix
Acknowledgements xxiii
List of Abbreviations xxv
1 Introduction 1
1.1 What is AAA? 1
1.2 Open Standards and the IETF 2
1.3 What is Diameter? 3
1.3.1 Diameter versus RADIUS 4
1.3.2 Diameter Improvements 5
1.4 What is freeDiameter? 6
References 6
2 Fundamental Diameter Concepts and Building Blocks 9
2.1 Introduction 9
2.2 Diameter Nodes 9
2.3 Diameter Protocol Structure 10
2.4 Diameter Applications 10
2.5 Connections 11
2.5.1 Transport Layer 11
2.5.2 Peer-to-Peer Messaging Layer 12
2.5.3 Setting up a Connection between freeDiameter Peers 12
2.6 Diameter Message Overview 12
2.6.1 The Command Code Format 13
2.6.2 Message Structure 15
2.6.3 Attribute-Value Pairs 16
2.6.3.1 Format 16
2.6.4 Derived AVP Data Formats 20
2.7 Diameter Sessions 20
2.8 Transaction Results 21
2.8.1 Successful Transactions 21
2.8.2 Protocol Errors 21
2.8.3 Transient Failures 22
2.8.4 Permanent Failures 23
2.9 Diameter Agents 25
2.9.1 Saving State 25
2.9.2 Redirect Agents 25
2.9.3 Relay Agents 25
2.9.4 Proxy Agents 27
2.9.5 Translation Agents 27
References 27
3 Communication between Neighboring Peers 29
3.1 Introduction 29
3.2 Peer Connections and Diameter Sessions 29
3.3 The DiameterIdentity 29
3.4 Peer Discovery 31
3.4.1 Static Discovery 31
3.4.1.1 Static Discovery in freeDiameter 31
3.4.2 Dynamic Discovery 32
3.4.2.1 Dynamic Discovery and DiameterURI 35
3.4.2.2 DNS Further Reading 36
3.5 Connection Establishment 36
3.5.1 The Election Process: Handling Simultaneous Connection Attempts 37
3.6 Capabilities Exchange 37
3.6.1 freeDiameter example 38
3.6.2 The Capabilities Exchange Request 39
3.6.3 Capabilities Exchange Answer 40
3.6.4 Hop-by-Hop Identifiers 41
3.7 The Peer Table 42
3.8 Peer Connection Maintenance 43
3.8.1 Transport Failure, Failover, and Failback Procedures 45
3.8.2 Peer State Machine 49
3.9 Advanced Transport and Peer Topics 49
3.9.1 TCP Multi-homing 50
3.9.2 SCTP Multi-homing 51
3.9.2.1 Multi-homing in freeDiameter 53
3.9.3 Avoiding Head-of-Line Blocking 56
3.9.4 Multiple Connection Instances 56
References 59
4 Diameter End-to-End Communication 61
4.1 Introduction 61
4.2 The Routing Table 61
4.3 Diameter Request Routing 63
4.3.1 AVPs to Route Request Messages 64
4.3.1.1 Destination-Realm AVP 64
4.3.1.2 Destination-Host AVP 64
4.3.1.3 Auth-Application-Id and Acct-Application-Id AVPs 64
4.3.1.4 User-Name AVP 65
4.3.2 Routing AVPs 66
4.3.2.1 Route-Record AVP 66
4.3.2.2 Proxy-Info AVP 66
4.4 Request Routing Error Handling 67
4.4.1 Detecting Duplicated Messages 67
4.4.2 Error Codes 67
4.5 Answer Message Routing 68
4.5.1 Relaying and Proxying Answer Messages 69
4.6 Intra-Realm versus Inter-Realm Communication 69
4.7 Diameter Routing and Inter-Connection Networks 70
4.7.1 Inter-Connection Approaches 70
4.7.2 Dynamic Diameter Node Discovery 72
4.7.2.1 Alternative 1 73
4.7.2.2 Alternative 2 73
4.7.2.3 Alternative 3 73
4.8 Diameter Overload Control 75
4.8.1 Overload Reports 77
4.8.2 Overload Control State 77
4.8.3 Overload Abatement Considerations 79
References 79
5 Diameter Security 81
5.1 Introduction 81
5.2 Background 82
5.2.1 Unkeyed Primitives 83
5.2.2 Symmetric Key Primitives 84
5.2.3 Asymmetric Key Primitives 84
5.2.4 Key Length Recommendations 86
5.3 Security Threats 87
5.4 Security Services 90
5.4.1 Diameter Security Model 90
5.4.1.1 Secure Transports 91
5.4.1.2 Authorization 92
5.4.2 Relation to Threats 93
5.4.3 Mitigating Other Threats 93
5.5 PKI Example Configuration in freeDiameter 94
5.5.1 The Configuration File 94
5.5.2 The Certificate 96
5.5.3 Protecting Exchanges via TLS 97
5.5.3.1 Common Name and Hostname Mismatch 98
5.5.3.2 Unprotected Exchanges 99
5.5.3.3 Certificate Revocation 100
5.6 Security Evolution 102
References 102
6 Diameter Applications 105
6.1 Introduction 105
6.2 Base Accounting 105
6.2.1 Actors 106
6.2.2 Accounting Application Setup 106
6.2.3 Accounting Services 107
6.2.4 Accounting Records 109
6.2.5 Correlation of Accounting Records 109
6.2.6 Sending Accounting Information 110
6.2.7 Accounting AVPs 110
6.2.8 freeDiameter Example 112
6.2.9 Fault Resilience 113
6.2.10 Example: 3GPP Rf Interface for Mobile Offline Charging 113
6.2.10.1 Rf Interface Commands 114
6.3 Credit Control 115
6.3.1 Credit-Control-Request Command 116
6.3.2 Credit-Control-Answer Command 118
6.3.3 Failure Handling 120
6.3.4 Extensibility 121
6.3.5 Example: 3GPP Ro Interface for Online Charging 121
6.4 Quality of Service 122
6.4.1 Actors 122
6.4.2 Modes of Operation 123
6.4.2.1 Push Mode 123
6.4.2.2 Pull Mode 123
6.4.3 Authorization 124
6.4.3.1 Push Mode Authorization Schemes 124
6.4.3.2 Pull Mode Authorization 124
6.4.4 Establishing and Managing a QoS Application Session 126
6.4.4.1 Establishing a Session 126
6.4.5 Re-Authorizing a Session 129
6.4.5.1 Re-Authorization Initiated by the NE 129
6.4.5.2 Re-Authorization Initiated by the Authorizing Elements 129
6.4.6 Terminating a Session 129
6.4.6.1 Session Terminated by the NE 129
6.4.6.2 Session Terminated by the AE 129
6.5 Interworking RADIUS and Diameter 130
6.6 S6a Interface 137
6.6.1 Evolved Packet Core 137
6.6.2 S6a Overview 138
6.6.2.1 Common AVPs for S6a Commands 139
6.6.3 Authentication 140
6.6.3.1 Authentication-Information-Request Command 140
6.6.3.2 Authentication-Information-Answer Command 141
6.6.4 Location Management 142
6.6.4.1 Update-Location-Request Command 142
6.6.4.2 Cancel-Location-Request Command 144
6.6.4.3 Cancel-Location-Answer Command 145
6.6.4.4 Update-Location-Answer Command 145
6.6.5 Subscriber Data Handling 146
6.6.5.1 Insert-Subscriber-Data-Request Command 146
6.6.5.2 Insert-Subscriber-Data-Answer Command 147
6.6.5.3 Delete-Subscriber-Data-Request Command 149
6.6.5.4 Delete-Subscriber-Data-Answer Message 150
6.6.6 Fault Recovery 150
6.6.6.1 Reset-Request Command 150
6.6.6.2 Reset-Answer Command 151
6.6.7 Notifications 152
6.6.7.1 Notify-Request Command 152
6.6.7.2 Notify-Answer Command 154
6.6.8 Ending Subscriber Sessions 154
6.6.8.1 Purge-UE-Request AVPs 154
6.6.8.2 Purge-UE-Answer Command 155
6.6.9 Extensibility 156
References 156
7 Guidelines for Extending Diameter 159
7.1 Introduction 159
7.2 Registration Policies 160
7.3 Overview of Extension Strategies 161
7.4 Extending Attribute-Value Pairs 162
7.4.1 Extending Existing AVPs 162
7.4.1.1 Creating New AVP Flags 162
7.4.1.2 Adding AVP Extension Points 162
7.4.1.3 Adding New AVP Values 162
7.5 Extending Commands 163
7.5.1 Allocating New Command Flags 163
7.5.2 Adding New AVPs 163
7.5.2.1 Adding New AVPs to Base Commands 165
7.5.3 Creating New Commands 165
7.5.3.1 Routing AVPs 165
7.6 Creating New Applications 166
7.6.1 The Application-Id 166
7.7 Lessons Learned 167
7.8 Vendor-specific Extensions 169
7.8.1 AVPs 169
7.8.2 Command Codes 170
7.8.3 Diameter Applications 170
7.9 Prototyping with freeDiameter 170
References 170
Appendix A freeDiameter Tutorial 173
A.1 Introduction to Virtual Machines 173
A.2 Installing the Virtualization Software 174
A.3 Creating Your Own Environment 174
A.4 Downloading the VM Image 174
A.5 Installing and Starting the Master VM freeDiameter 174
A.6 Creating a Connection Between Two Diameter Peers 175
A.6.1 Building client.example.net 176
A.6.2 Building server.example.net 177
A.6.3 Creating the Diameter Connection 178
Appendix B freeDiameter from Sources 183
B.1 Introduction 183
B.2 Tools and Dependencies 183
B.2.1 Runtime Dependencies 184
B.2.1.1 SCTP 184
B.2.1.2 TLS 184
B.2.1.3 Internationalized Domain Names 185
B.3 Obtaining freeDiameter Source Code 185
B.4 Configuring the Build 186
B.5 Compiling freeDiameter 188
B.6 Installing freeDiameter 189
B.7 freeDiameter Configuration File 189
B.8 Running and Debugging freeDiameter 190
B.9 Extensions for Debug Support 192
B.9.1 Extended Trace 192
B.9.2 Logging Diameter Messages: dbg_msg_dumps.fdx 193
B.9.3 Measuring Processing Time: dbg_msg_timings.fdx 195
B.9.4 Viewing Queue Statistics: dbg_monitor.fdx 196
B.9.5 Understanding Routing Decisions: dbg_rt.fdx 197
B.9.6 The Interactive Python Shell Extension: dbg_interactive.fdx 198
B.10 Further Reading 199
Reference 199
Appendix C The freeDiameter Framework 201
C.1 Introduction 201
C.2 Framework Modules 201
C.3 freeDiameter API Overview 202
C.3.1 libfdproto.h 203
C.3.2 libfdcore.h 205
C.3.3 extension.h 207
C.4 freeDiameter Architectures 207
Reference 208
Glossary 209
Index 213
About the Authors xv
Foreword xvii
Preface xix
Acknowledgements xxiii
List of Abbreviations xxv
1 Introduction 1
1.1 What is AAA? 1
1.2 Open Standards and the IETF 2
1.3 What is Diameter? 3
1.3.1 Diameter versus RADIUS 4
1.3.2 Diameter Improvements 5
1.4 What is freeDiameter? 6
References 6
2 Fundamental Diameter Concepts and Building Blocks 9
2.1 Introduction 9
2.2 Diameter Nodes 9
2.3 Diameter Protocol Structure 10
2.4 Diameter Applications 10
2.5 Connections 11
2.5.1 Transport Layer 11
2.5.2 Peer-to-Peer Messaging Layer 12
2.5.3 Setting up a Connection between freeDiameter Peers 12
2.6 Diameter Message Overview 12
2.6.1 The Command Code Format 13
2.6.2 Message Structure 15
2.6.3 Attribute-Value Pairs 16
2.6.3.1 Format 16
2.6.4 Derived AVP Data Formats 20
2.7 Diameter Sessions 20
2.8 Transaction Results 21
2.8.1 Successful Transactions 21
2.8.2 Protocol Errors 21
2.8.3 Transient Failures 22
2.8.4 Permanent Failures 23
2.9 Diameter Agents 25
2.9.1 Saving State 25
2.9.2 Redirect Agents 25
2.9.3 Relay Agents 25
2.9.4 Proxy Agents 27
2.9.5 Translation Agents 27
References 27
3 Communication between Neighboring Peers 29
3.1 Introduction 29
3.2 Peer Connections and Diameter Sessions 29
3.3 The DiameterIdentity 29
3.4 Peer Discovery 31
3.4.1 Static Discovery 31
3.4.1.1 Static Discovery in freeDiameter 31
3.4.2 Dynamic Discovery 32
3.4.2.1 Dynamic Discovery and DiameterURI 35
3.4.2.2 DNS Further Reading 36
3.5 Connection Establishment 36
3.5.1 The Election Process: Handling Simultaneous Connection Attempts 37
3.6 Capabilities Exchange 37
3.6.1 freeDiameter example 38
3.6.2 The Capabilities Exchange Request 39
3.6.3 Capabilities Exchange Answer 40
3.6.4 Hop-by-Hop Identifiers 41
3.7 The Peer Table 42
3.8 Peer Connection Maintenance 43
3.8.1 Transport Failure, Failover, and Failback Procedures 45
3.8.2 Peer State Machine 49
3.9 Advanced Transport and Peer Topics 49
3.9.1 TCP Multi-homing 50
3.9.2 SCTP Multi-homing 51
3.9.2.1 Multi-homing in freeDiameter 53
3.9.3 Avoiding Head-of-Line Blocking 56
3.9.4 Multiple Connection Instances 56
References 59
4 Diameter End-to-End Communication 61
4.1 Introduction 61
4.2 The Routing Table 61
4.3 Diameter Request Routing 63
4.3.1 AVPs to Route Request Messages 64
4.3.1.1 Destination-Realm AVP 64
4.3.1.2 Destination-Host AVP 64
4.3.1.3 Auth-Application-Id and Acct-Application-Id AVPs 64
4.3.1.4 User-Name AVP 65
4.3.2 Routing AVPs 66
4.3.2.1 Route-Record AVP 66
4.3.2.2 Proxy-Info AVP 66
4.4 Request Routing Error Handling 67
4.4.1 Detecting Duplicated Messages 67
4.4.2 Error Codes 67
4.5 Answer Message Routing 68
4.5.1 Relaying and Proxying Answer Messages 69
4.6 Intra-Realm versus Inter-Realm Communication 69
4.7 Diameter Routing and Inter-Connection Networks 70
4.7.1 Inter-Connection Approaches 70
4.7.2 Dynamic Diameter Node Discovery 72
4.7.2.1 Alternative 1 73
4.7.2.2 Alternative 2 73
4.7.2.3 Alternative 3 73
4.8 Diameter Overload Control 75
4.8.1 Overload Reports 77
4.8.2 Overload Control State 77
4.8.3 Overload Abatement Considerations 79
References 79
5 Diameter Security 81
5.1 Introduction 81
5.2 Background 82
5.2.1 Unkeyed Primitives 83
5.2.2 Symmetric Key Primitives 84
5.2.3 Asymmetric Key Primitives 84
5.2.4 Key Length Recommendations 86
5.3 Security Threats 87
5.4 Security Services 90
5.4.1 Diameter Security Model 90
5.4.1.1 Secure Transports 91
5.4.1.2 Authorization 92
5.4.2 Relation to Threats 93
5.4.3 Mitigating Other Threats 93
5.5 PKI Example Configuration in freeDiameter 94
5.5.1 The Configuration File 94
5.5.2 The Certificate 96
5.5.3 Protecting Exchanges via TLS 97
5.5.3.1 Common Name and Hostname Mismatch 98
5.5.3.2 Unprotected Exchanges 99
5.5.3.3 Certificate Revocation 100
5.6 Security Evolution 102
References 102
6 Diameter Applications 105
6.1 Introduction 105
6.2 Base Accounting 105
6.2.1 Actors 106
6.2.2 Accounting Application Setup 106
6.2.3 Accounting Services 107
6.2.4 Accounting Records 109
6.2.5 Correlation of Accounting Records 109
6.2.6 Sending Accounting Information 110
6.2.7 Accounting AVPs 110
6.2.8 freeDiameter Example 112
6.2.9 Fault Resilience 113
6.2.10 Example: 3GPP Rf Interface for Mobile Offline Charging 113
6.2.10.1 Rf Interface Commands 114
6.3 Credit Control 115
6.3.1 Credit-Control-Request Command 116
6.3.2 Credit-Control-Answer Command 118
6.3.3 Failure Handling 120
6.3.4 Extensibility 121
6.3.5 Example: 3GPP Ro Interface for Online Charging 121
6.4 Quality of Service 122
6.4.1 Actors 122
6.4.2 Modes of Operation 123
6.4.2.1 Push Mode 123
6.4.2.2 Pull Mode 123
6.4.3 Authorization 124
6.4.3.1 Push Mode Authorization Schemes 124
6.4.3.2 Pull Mode Authorization 124
6.4.4 Establishing and Managing a QoS Application Session 126
6.4.4.1 Establishing a Session 126
6.4.5 Re-Authorizing a Session 129
6.4.5.1 Re-Authorization Initiated by the NE 129
6.4.5.2 Re-Authorization Initiated by the Authorizing Elements 129
6.4.6 Terminating a Session 129
6.4.6.1 Session Terminated by the NE 129
6.4.6.2 Session Terminated by the AE 129
6.5 Interworking RADIUS and Diameter 130
6.6 S6a Interface 137
6.6.1 Evolved Packet Core 137
6.6.2 S6a Overview 138
6.6.2.1 Common AVPs for S6a Commands 139
6.6.3 Authentication 140
6.6.3.1 Authentication-Information-Request Command 140
6.6.3.2 Authentication-Information-Answer Command 141
6.6.4 Location Management 142
6.6.4.1 Update-Location-Request Command 142
6.6.4.2 Cancel-Location-Request Command 144
6.6.4.3 Cancel-Location-Answer Command 145
6.6.4.4 Update-Location-Answer Command 145
6.6.5 Subscriber Data Handling 146
6.6.5.1 Insert-Subscriber-Data-Request Command 146
6.6.5.2 Insert-Subscriber-Data-Answer Command 147
6.6.5.3 Delete-Subscriber-Data-Request Command 149
6.6.5.4 Delete-Subscriber-Data-Answer Message 150
6.6.6 Fault Recovery 150
6.6.6.1 Reset-Request Command 150
6.6.6.2 Reset-Answer Command 151
6.6.7 Notifications 152
6.6.7.1 Notify-Request Command 152
6.6.7.2 Notify-Answer Command 154
6.6.8 Ending Subscriber Sessions 154
6.6.8.1 Purge-UE-Request AVPs 154
6.6.8.2 Purge-UE-Answer Command 155
6.6.9 Extensibility 156
References 156
7 Guidelines for Extending Diameter 159
7.1 Introduction 159
7.2 Registration Policies 160
7.3 Overview of Extension Strategies 161
7.4 Extending Attribute-Value Pairs 162
7.4.1 Extending Existing AVPs 162
7.4.1.1 Creating New AVP Flags 162
7.4.1.2 Adding AVP Extension Points 162
7.4.1.3 Adding New AVP Values 162
7.5 Extending Commands 163
7.5.1 Allocating New Command Flags 163
7.5.2 Adding New AVPs 163
7.5.2.1 Adding New AVPs to Base Commands 165
7.5.3 Creating New Commands 165
7.5.3.1 Routing AVPs 165
7.6 Creating New Applications 166
7.6.1 The Application-Id 166
7.7 Lessons Learned 167
7.8 Vendor-specific Extensions 169
7.8.1 AVPs 169
7.8.2 Command Codes 170
7.8.3 Diameter Applications 170
7.9 Prototyping with freeDiameter 170
References 170
Appendix A freeDiameter Tutorial 173
A.1 Introduction to Virtual Machines 173
A.2 Installing the Virtualization Software 174
A.3 Creating Your Own Environment 174
A.4 Downloading the VM Image 174
A.5 Installing and Starting the Master VM freeDiameter 174
A.6 Creating a Connection Between Two Diameter Peers 175
A.6.1 Building client.example.net 176
A.6.2 Building server.example.net 177
A.6.3 Creating the Diameter Connection 178
Appendix B freeDiameter from Sources 183
B.1 Introduction 183
B.2 Tools and Dependencies 183
B.2.1 Runtime Dependencies 184
B.2.1.1 SCTP 184
B.2.1.2 TLS 184
B.2.1.3 Internationalized Domain Names 185
B.3 Obtaining freeDiameter Source Code 185
B.4 Configuring the Build 186
B.5 Compiling freeDiameter 188
B.6 Installing freeDiameter 189
B.7 freeDiameter Configuration File 189
B.8 Running and Debugging freeDiameter 190
B.9 Extensions for Debug Support 192
B.9.1 Extended Trace 192
B.9.2 Logging Diameter Messages: dbg_msg_dumps.fdx 193
B.9.3 Measuring Processing Time: dbg_msg_timings.fdx 195
B.9.4 Viewing Queue Statistics: dbg_monitor.fdx 196
B.9.5 Understanding Routing Decisions: dbg_rt.fdx 197
B.9.6 The Interactive Python Shell Extension: dbg_interactive.fdx 198
B.10 Further Reading 199
Reference 199
Appendix C The freeDiameter Framework 201
C.1 Introduction 201
C.2 Framework Modules 201
C.3 freeDiameter API Overview 202
C.3.1 libfdproto.h 203
C.3.2 libfdcore.h 205
C.3.3 extension.h 207
C.4 freeDiameter Architectures 207
Reference 208
Glossary 209
Index 213
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
wireless communications; mobile communications; Diameter protocol; Diameter nodes; system architecture; system designers; computer programming; protocol standardization; network operation; mobile software; mobile technology; network security; network security for mobile access; software; software analysis; Diameter; RADIUS; IETF; AAA protocol; protocol design; Internet Engineering Task Force; Diameter Maintenance and Extensions; DIME; IP protocols in 3GPP systems; IP protocols; cellular networks; Diameter within mobile operator networks; mobile technology; Diameter applications; mobile protocols; attribute-value pairs (AVPs); Diameter security; peer-to-peer communication; freeDiameter; 3GPP; 3GPP networks; TCP/IP protocols; end-to-end communication
