idnits 2.17.1 draft-ietf-dime-app-design-guide-25.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: As a general recommendation, commands SHOULD not be defined from scratch. It is instead RECOMMENDED to re-use an existing command offering similar functionality and use it as a starting point. Code re-use lead to a smaller implementation effort as well as reduce the need for testing. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: Additionally, application designers using Vendor-Specific-Application-Id AVP SHOULD not use the Vendor-Id AVP to further dissect or differentiate the vendor-specification Application Id. Diameter routing is not based on the Vendor-Id. As such, the Vendor-Id SHOULD not be used as an additional input for routing or delivery of messages. The Vendor-Id AVP is an informational AVP only and kept for backward compatibility reasons. -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 19, 2014) is 3569 days in the past. Is this intentional? Checking references for intended status: Best Current Practice ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'AVP' is mentioned on line 421, but not defined == Missing Reference: 'RFC4005bis' is mentioned on line 725, but not defined ** Obsolete undefined reference: RFC 4005 (Obsoleted by RFC 7155) -- Obsolete informational reference (is this intentional?): RFC 2409 (Obsoleted by RFC 4306) -- Obsolete informational reference (is this intentional?): RFC 3588 (Obsoleted by RFC 6733) -- Obsolete informational reference (is this intentional?): RFC 4005 (Obsoleted by RFC 7155) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Diameter Maintenance and Extensions (DIME) L. Morand, Ed. 3 Internet-Draft Orange Labs 4 Intended status: Best Current Practice V. Fajardo 5 Expires: January 20, 2015 Independent 6 H. Tschofenig 7 Nokia Siemens Networks 8 July 19, 2014 10 Diameter Applications Design Guidelines 11 draft-ietf-dime-app-design-guide-25 13 Abstract 15 The Diameter base protocol provides facilities for protocol 16 extensibility enabling to define new Diameter applications or modify 17 existing applications. This document is a companion document to the 18 Diameter Base protocol that further explains and clarifies the rules 19 to extend Diameter. Furthermore, this document provides guidelines 20 to Diameter application designers reusing/defining Diameter 21 applications or creating generic Diameter extensions. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on January 20, 2015. 40 Copyright Notice 42 Copyright (c) 2014 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 This document may contain material from IETF Documents or IETF 56 Contributions published or made publicly available before November 57 10, 2008. The person(s) controlling the copyright in some of this 58 material may not have granted the IETF Trust the right to allow 59 modifications of such material outside the IETF Standards Process. 60 Without obtaining an adequate license from the person(s) controlling 61 the copyright in such materials, this document may not be modified 62 outside the IETF Standards Process, and derivative works of it may 63 not be created outside the IETF Standards Process, except to format 64 it for publication as an RFC or to translate it into languages other 65 than English. 67 Table of Contents 69 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 70 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 71 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 72 4. Reusing Existing Diameter Applications . . . . . . . . . . . 5 73 4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 5 74 4.2. Deleting an Existing Command . . . . . . . . . . . . . . 7 75 4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 7 76 4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 7 77 4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 9 78 4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 10 79 4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 10 80 4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 10 81 5. Defining New Diameter Applications . . . . . . . . . . . . . 10 82 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 10 83 5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 11 84 5.3. Use of Application-Id in a Message . . . . . . . . . . . 11 85 5.4. Application-Specific Session State Machines . . . . . . . 12 86 5.5. Session-Id AVP and Session Management . . . . . . . . . . 12 87 5.6. Use of Enumerated Type AVPs . . . . . . . . . . . . . . . 13 88 5.7. Application-Specific Message Routing . . . . . . . . . . 15 89 5.8. Translation Agents . . . . . . . . . . . . . . . . . . . 15 90 5.9. End-to-End Application Capabilities Exchange . . . . . . 16 91 5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 17 92 5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 18 93 6. Defining Generic Diameter Extensions . . . . . . . . . . . . 19 94 7. Guidelines for Registrations of Diameter Values . . . . . . . 20 95 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 96 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 97 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 22 98 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 99 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 100 12.1. Normative References . . . . . . . . . . . . . . . . . . 23 101 12.2. Informative References . . . . . . . . . . . . . . . . . 23 102 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 104 1. Introduction 106 The Diameter base protocol provides facilities to extend Diameter 107 (see Section 1.3 of [RFC6733]) to support new functionality. In the 108 context of this document, extending Diameter means one of the 109 following: 111 1. Addition of new functionality to an existing Diameter application 112 without defining a new application. 114 2. Addition of new functionality to an existing Diameter application 115 that requires the definition of a new application. 117 3. The definition of an entirely new Diameter application to offer 118 functionality not supported by existing applications. 120 4. The definition of a new generic functionality that can be reused 121 across different applications. 123 All of these choices are design decisions that can be done by any 124 combination of reusing existing or defining new commands, AVPs or AVP 125 values. However, application designers do not have complete freedom 126 when making their design. A number of rules have been defined in 127 [RFC6733] that place constraints on when an extension requires the 128 allocation of a new Diameter application identifier or a new command 129 code value. The objective of this document is the following: 131 o Clarify the Diameter extensibility rules as defined in the 132 Diameter base protocol. 134 o Discuss design choices and provide guidelines when defining new 135 applications. 137 o Present trade-off choices. 139 2. Terminology 141 This document reuses the terminology defined in [RFC6733]. 142 Additionally, the following terms and acronyms are used in this 143 application: 145 Application Extension of the Diameter base protocol [RFC6733] via 146 the addition of new commands or AVPs. Each application is 147 uniquely identified by an IANA-allocated application identifier 148 value. 150 Command Diameter request or answer carrying AVPs between Diameter 151 endpoints. Each command is uniquely identified by a IANA- 152 allocated command code value and is described by a Command Code 153 Format (CCF) for an application. 155 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 156 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 157 document are to be interpreted as described in [RFC2119]. 159 3. Overview 161 As designed, the Diameter base protocol [RFC6733] can be seen as a 162 two-layer protocol. The lower layer is mainly responsible for 163 managing connections between neighboring peers and for message 164 routing. The upper layer is where the Diameter applications reside. 165 This model is in line with a Diameter node having an application 166 layer and a peer-to-peer delivery layer. The Diameter base protocol 167 document defines the architecture and behavior of the message 168 delivery layer and then provides the framework for designing Diameter 169 applications on the application layer. This framework includes 170 definitions of application sessions and accounting support (see 171 Section 8 and Section 9 of [RFC6733]). Accordingly, a Diameter node 172 is seen in this document as a single instance of a Diameter message 173 delivery layer and one or more Diameter applications using it. 175 The Diameter base protocol is designed to be extensible and the 176 principles are described in the Section 1.3 of [RFC6733]. As a 177 summary, Diameter can be extended by: 179 1. Defining new AVP values 181 2. Creating new AVPs 183 3. Creating new commands 185 4. Creating new applications 187 As a main guiding principle, application designers SHOULD follow the 188 following recommendation: "try to re-use as much as possible!". It 189 will reduce the time to finalize specification writing, and it will 190 lead to a smaller implementation effort as well as reduce the need 191 for testing. In general, it is clever to avoid duplicate effort when 192 possible. 194 However, re-use is not appropriate when the existing functionality 195 does not fit the new requirement and/or the re-use leads to 196 ambiguity. 198 The impact on extending existing applications can be categorized into 199 two groups: 201 Minor Extension: Enhancing the functional scope of an existing 202 application by the addition of optional features to support. Such 203 enhancement has no backward compatibility issue with the existing 204 application. 206 A typical example would be the definition of a new optional AVP 207 for use in an existing command. Diameter implementations 208 supporting the existing application but not the new AVP will 209 simply ignore it, without consequences for the Diameter message 210 handling, as described in [RFC6733]. The standardization effort 211 will be fairly small. 213 Major Extension: Enhancing an application that requires the 214 definition of a new Diameter application. Such enhancement causes 215 backward compatibility issue with existing implementations 216 supporting the application. 218 Typical examples would be the creation of a new command for 219 providing functionality not supported by existing applications or 220 the definition of a new AVP to be carried in an existing command 221 with the M-bit set in the AVP flags (see Section 4.1 of [RFC6733] 222 for definition of the "M-bit"). For such extension, a significant 223 specification effort is required and a careful approach is 224 recommended. 226 4. Reusing Existing Diameter Applications 228 An existing application may need to be enhanced to fulfill new 229 requirements and these modifications can be at the command level and/ 230 or at the AVP level. The following sections describe the possible 231 modifications that can be performed on existing applications and 232 their related impact. 234 4.1. Adding a New Command 236 Adding a new command to an existing application is considered as a 237 major extension and requires a new Diameter application to be 238 defined, as stated in the Section 1.3.4 of [RFC6733]. The need for a 239 new application is due to the fact that a Diameter node not upgraded 240 to support the new application and therefore the new command will 241 reject any unknown command with the protocol error 242 DIAMETER_COMMAND_UNSUPPORTED and the transaction will fail. 244 Adding a new command means either defining a completely new command 245 or importing the command's Command Code Format (CCF) syntax from 246 another application whereby the new application inherits some or all 247 of the functionality of the application where the command came from. 248 In the former case, the decision to create a new application is 249 straightforward since this is typically a result of adding a new 250 functionality that does not exist yet. For the latter, the decision 251 to create a new application will depend on whether importing the 252 command in a new application is more suitable than simply using the 253 existing application as it is in conjunction with any other 254 application. Therefore, a case by case study of each application 255 requirement SHOULD be applied. 257 An example considers the Diameter EAP application [RFC4072] and the 258 Diameter Network Access Server application [RFC7155]. When network 259 access authentication using EAP is required, the Diameter EAP 260 commands (Diameter-EAP-Request/Diameter-EAP-Answer) are used; 261 otherwise the Diameter Network Access Server application will be 262 used. When the Diameter EAP application is used, the accounting 263 exchanges defined in the Diameter Network Access Server may be used. 265 However, in general, it is difficult to come to a hard guideline, and 266 so a case-by-case study of each application requirement should be 267 applied. Before adding or importing a command, application designers 268 should consider the following: 270 o Can the new functionality be fulfilled by creating a new command 271 independent from any existing command? In this case, the 272 resulting new application and the existing application can work 273 independent of, but cooperating with each other. 275 o Can the existing command be reused without major extensions and 276 therefore without the need for the definition of a new 277 application, e.g. new functionality introduced by the creation of 278 new optional AVPs. 280 It is important to note that importing commands too liberally could 281 result in a monolithic and hard to manage application supporting too 282 many different features. 284 4.2. Deleting an Existing Command 286 Although this process is not typical, removing a command from an 287 application requires a new Diameter application to be defined and 288 then it is considered as a major extension. This is due to the fact 289 that the reception of the deleted command would systematically result 290 in a protocol error (i.e., DIAMETER_COMMAND_UNSUPPORTED). 292 It is unusual to delete an existing command from an application for 293 the sake of deleting it or the functionality it represents. This 294 normally indicates of a flawed design. An exception might be if the 295 intent of the deletion is to create a newer variance of the same 296 application that is somehow simpler than the application initially 297 specified. 299 4.3. Reusing Existing Commands 301 This section discusses rules in adding and/or deleting AVPs from an 302 existing command of an existing application. The cases described in 303 this section may not necessarily result in the creation of new 304 applications. 306 From a historical point of view, it is worth to note that there was a 307 strong recommendation to re-use existing commands in the [RFC3588] to 308 prevent rapid depletion of code values available for vendor-specific 309 commands. However, [RFC6733] has relaxed the allocation policy and 310 enlarged the range of available code values for vendor-specific 311 applications. Although reuse of existing commands is still 312 RECOMMENDED, protocol designers MAY consider defining a new command 313 when it provides a solution more suitable than the twisting of an 314 existing command's use and applications. 316 4.3.1. Adding AVPs to a Command 318 Based on the rules in [RFC6733], AVPs that are added to an existing 319 command can be categorized into: 321 o Mandatory (to understand) AVPs. As defined in [RFC6733], these 322 are AVPs with the M-bit flag set in this command, which means that 323 a Diameter node receiving them is required to understand not only 324 their values but also their semantics. Failure to do so will 325 cause an message handling error: either a error message with the 326 result-code set to DIAMETER_AVP_UNSUPPORTED if the AVP not 327 understood in a request or a application specific error handling 328 if the given AVP is in an answer. 330 o Optional (to understand) AVPs. As defined in [RFC6733], these are 331 AVPs with the M-bit flag cleared in this command. A Diameter node 332 receiving these AVPs can simply ignore them if it does not support 333 them. 334 It is important to note that the definition given above are 335 independent of whether these AVPs are required or optional in the 336 command as specified by the command's Command Code Format (CCF) 337 syntax [RFC6733]. 339 NOTE: As stated in [RFC6733], the M-bit setting for a given AVP is 340 relevant to an application and each command within that 341 application that includes the AVP. 343 The rules are strict in the case where the AVPs to be added in an 344 exiting command are mandatory to understand, i.e., they have the 345 M-bit set. A mandatory AVP MUST NOT be added to an existing command 346 without defining a new Diameter application, as stated in [RFC6733]. 347 This falls into the "Major Extensions" category. Despite the clarity 348 of the rule, ambiguity still arises when evaluating whether a new AVP 349 being added should be mandatory to begin with. Application designers 350 SHOULD consider the following questions when deciding about the M-bit 351 for a new AVP: 353 o Would it be required for the receiving side to be able to process 354 and understand the AVP and its content? 356 o Would the new AVPs change the state machine of the application? 358 o Would the presence of the new AVP lead to a different number of 359 round-trips, effectively changing the state machine of the 360 application? 362 o Would the new AVP be used to differentiate between old and new 363 variances of the same application whereby the two variances are 364 not backward compatible? 366 o Would the new AVP have duality in meaning, i.e., be used to carry 367 application-related information as well as to indicate that the 368 message is for a new application? 370 If the answer to at least one of the questions is "yes" then the 371 M-bit MUST be set for the new AVP. This list of questions is non- 372 exhaustive and other criteria MAY be taken into account in the 373 decision process. 375 If application designers are instead contemplating the use of 376 optional AVPs, i.e., with the M-bit cleared, then the following are 377 some of the pitfalls that SHOULD be avoided: 379 o Use of optional AVPs with intersecting meaning. One AVP has 380 partially the same usage and meaning as another AVP. The presence 381 of both can lead to confusion. 383 o An optional AVPs with dual purpose, i.e., to carry application 384 data as well as to indicate support for one or more features. 385 This has a tendency to introduce interpretation issues. 387 o Adding one or more optional AVPs and indicating (usually within 388 descriptive text for the command) that at least one of them has to 389 be present in the command. This essentially circumventing the 390 ABNF and is equivalent to adding a mandatory AVP to the command. 392 These practices generally result in interoperability issues and 393 SHOULD be avoided. 395 4.3.2. Deleting AVPs from a Command 397 Application designers may want to reuse an existing command but some 398 of the AVP present in the command's CCF syntax specification may be 399 irrelevant for the functionality foreseen to be supported by this 400 command. It may be then tempting to delete those AVPs from the 401 command. 403 The impacts of deleting an AVP from a command depends on its command 404 code format specification and M-bit setting: 406 o Case 1: Deleting an AVP that is indicated as a required AVP (noted 407 as {AVP}) in the command's CCF syntax specification (regardless of 408 the M-bit setting). 410 In this case, a new command code and subsequently a new Diameter 411 application MUST be specified. 413 o Case 2: Deleting an AVP, which has the M-bit set, and is indicated 414 as optional AVP (noted as [AVP]) in the command CCF) in the 415 command's CCF syntax specification. 417 In this case, no new command code has to be specified but the 418 definition of a new Diameter application is REQUIRED. 420 o Case 3: Deleting an AVP, which has the M-bit cleared, and is 421 indicated as [AVP] in the command's CCF syntax specification. 423 In this case, the AVP can be deleted without consequences. 425 Application designers SHOULD attempt the reuse the command's CCF 426 syntax specification without modification and simply ignore (but not 427 delete) any optional AVP that will not be used. This is to maintain 428 compatibility with existing applications that will not know about the 429 new functionality as well as maintain the integrity of existing 430 dictionaries. 432 4.4. Reusing Existing AVPs 434 This section discusses rules in reusing existing AVP when reusing an 435 existing command or defining a new command in a new application. 437 4.4.1. Setting of the AVP Flags 439 When reusing existing AVPs in a new application, application 440 designers MUST specify the setting of the M-bit flag for a new 441 Diameter application and, if necessary, for every command of the 442 application that can carry these AVPs. In general, for AVPs defined 443 outside of the Diameter base protocol, the characteristics of an AVP 444 are tied to its role within a given application and the commands used 445 in this application. 447 All other AVP flags (V-bit, P-bit, reserved bits) MUST remain 448 unchanged. 450 4.4.2. Reuse of AVP of Type Enumerated 452 When reusing an AVP of type Enumerated in a command for a new 453 application, it is RECOMMENDED to avoid modifying the set of valid 454 values defined for this AVP. Modifying the set of Enumerated values 455 includes adding a value or deprecating the use of a value defined 456 initially for the AVP. Modifying the set of values will impact the 457 application defining this AVP and all the applications using this 458 AVP, causing potential interoperability issues. When the full range 459 of values defined for this Enumerated AVP is not suitable for the new 460 application, it is RECOMMENDED to define a new AVP to avoid backwards 461 compatibility issues with existing implementations. 463 5. Defining New Diameter Applications 465 5.1. Introduction 467 This section discusses the case where new applications have 468 requirements that cannot be fulfilled by existing applications and 469 would require definition of completely new commands, AVPs and/or AVP 470 values. Typically, there is little ambiguity about the decision to 471 create these types of applications. Some examples are the interfaces 472 defined for the IP Multimedia Subsystem of 3GPP, e.g., Cx/Dx 473 ([TS29.228] and [TS29.229]), Sh ([TS29.328] and [TS29.329]) etc. 475 Application designers SHOULD try to import existing AVPs and AVP 476 values for any newly defined commands. In certain cases where 477 accounting will be used, the models described in Section 5.10 SHOULD 478 also be considered. 480 Additional considerations are described in the following sections. 482 5.2. Defining New Commands 484 As a general recommendation, commands SHOULD not be defined from 485 scratch. It is instead RECOMMENDED to re-use an existing command 486 offering similar functionality and use it as a starting point. Code 487 re-use lead to a smaller implementation effort as well as reduce the 488 need for testing. 490 Moreover, the new command's CCF syntax specification SHOULD be 491 carefully defined when considering applicability and extensibility of 492 the application. If most of the AVPs contained in the command are 493 indicated as fixed or required, it might be difficult to reuse the 494 same command and therefore the same application in a slightly changed 495 environment. Defining a command with most of the AVPs indicated as 496 optional MUST NOT be seen as a sub-optimal design introducing too 497 much flexibility in the protocol. The protocol designers SHOULD only 498 clearly state the condition of presence of these AVPs and properly 499 define the corresponding behaviour of the Diameter nodes when these 500 AVPs are absent from the command. 502 NOTE: As a hint for protocol designers, it is not sufficient to just 503 look at the command's CCF syntax specification. It is also 504 necessary to carefully read through the accompanying text in the 505 specification. 507 In the same way, the CCF syntax specification SHOULD be defined such 508 that it will be possible to add any arbitrary optional AVPs with the 509 M-bit cleared (including vendor-specific AVPs) without modifying the 510 application. For this purpose, "* [AVP]" SHOULD be added in the 511 command's CCF, which allows the addition of any arbitrary number of 512 optional AVPs as described in [RFC6733]. 514 5.3. Use of Application-Id in a Message 516 When designing new applications, application designers SHOULD specify 517 that the Application Id carried in all session-level messages is the 518 Application Id of the application using those messages. This 519 includes the session-level messages defined in Diameter base 520 protocol, i.e., RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the 521 coupled accounting model, see Section 5.10. Some existing 522 specifications do not adhere to this rule for historical reasons. 524 However, this guidance SHOULD be followed by new applications to 525 avoid routing problems. 527 When a new application has been allocated with a new Application Id 528 and it also reuses existing commands with or without modifications, 529 the commands SHOULD use the newly allocated Application Id in the 530 header and in all relevant Application Id AVPs (Auth-Application-Id 531 or Acct-Application-Id) present in the commands message body. 533 Additionally, application designers using Vendor-Specific- 534 Application-Id AVP SHOULD not use the Vendor-Id AVP to further 535 dissect or differentiate the vendor-specification Application Id. 536 Diameter routing is not based on the Vendor-Id. As such, the Vendor- 537 Id SHOULD not be used as an additional input for routing or delivery 538 of messages. The Vendor-Id AVP is an informational AVP only and kept 539 for backward compatibility reasons. 541 5.4. Application-Specific Session State Machines 543 Section 8 of [RFC6733] provides session state machines for 544 authentication, authorization and accounting (AAA) services and these 545 session state machines are not intended to cover behavior outside of 546 AAA. If a new application cannot clearly be categorized into any of 547 these AAA services, it is RECOMMENDED that the application defines 548 its own session state machine. Support for server-initiated request 549 is a clear example where an application-specific session state 550 machine would be needed, for example, the Rw interface for ITU-T push 551 model (cf.[Q.3303.3]). 553 5.5. Session-Id AVP and Session Management 555 Diameter applications are usually designed with the aim of managing 556 user sessions (e.g., Diameter network access session (NASREQ) 557 application [RFC4005]) or specific service access session (e.g., 558 Diameter SIP application [RFC4740]). In the Diameter base protocol, 559 session state is referenced using the Session-Id AVP. All Diameter 560 messages that use the same Session-Id will be bound to the same 561 session. Diameter-based session management also implies that both 562 Diameter client and server (and potentially proxy agents along the 563 path) maintain session state information. 565 However, some applications may not need to rely on the Session-Id to 566 identify and manage sessions because other information can be used 567 instead to correlate Diameter messages. Indeed, the User-Name AVP or 568 any other specific AVP can be present in every Diameter message and 569 used therefore for message correlation. Some applications might not 570 require the notion of Diameter session concept at all. For such 571 applications, the Auth-Session-State AVP is usually set to 572 NO_STATE_MAINTAINED in all Diameter messages and these applications 573 are therefore designed as a set of stand-alone transactions. Even if 574 an explicit access session termination is required, application- 575 specific commands are defined and used instead of the Session- 576 Termination-Request/Answer (STR/STA) or Abort-Session-Request/Answer 577 (ASR/ASA) defined in the Diameter base protocol [RFC6733]. In such a 578 case, the Session-Id is not significant. 580 Based on these considerations, protocol designers SHOULD carefully 581 appraise whether the application currently defined relies on its own 582 session management concept or whether the Session-Id defined in the 583 Diameter base protocol would be used for correlation of messages 584 related to the same session. If not, the protocol designers MAY 585 decide to define application commands without the Session-Id AVP. If 586 any session management concept is supported by the application, the 587 application documentation MUST clearly specify how the session is 588 handled between client and server (as possibly Diameter agents in the 589 path). 591 5.6. Use of Enumerated Type AVPs 593 The type Enumerated was initially defined to provide a list of valid 594 values for an AVP with their respective interpretation described in 595 the specification. For instance, AVPs of type Enumerated can be used 596 to provide further information on the reason for the termination of a 597 session or a specific action to perform upon the reception of the 598 request. 600 As described in the section 4.4.2 above, defining an AVP of type 601 Enumerated presents some limitations in term of extensibility and 602 reusability. Indeed, the finite set of valid values defined at the 603 definition of the AVP of type Enumerated cannot be modified in 604 practice without causing backward compatibility issues with existing 605 implementations. As a consequence, AVPs of Type Enumerated MUST NOT 606 be extended by adding new values to support new capabilities. 607 Diameter protocol designers SHOULD carefully consider before defining 608 an Enumerated AVP whether the set of values will remain unchanged or 609 new values may be required in a near future. If such extension is 610 foreseen or cannot be avoided, it is RECOMMENED to rather define AVPs 611 of type Unsigned32 or Unsigned64 in which the data field would 612 contain an address space representing "values" that would have the 613 same use of Enumerated values. 615 For illustration, an AVP describing possible access networks would be 616 defined as follow: 618 Access-Network-Type AVP (XXX) is of type Unsigned32 and contains a 619 32-bit address space representing types of access networks. This 620 application defines the following classes of access networks, all 621 identified by the thousands digit in the decimal notation: 623 o 1xxx (Mobile Access Networks) 625 o 2xxx (Fixed Access Network) 627 o 3xxx (Wireless Access Networks) 629 Values that fall within the Mobile Access Networks category are used 630 to inform a peer that a request has been sent for a user attached to 631 a mobile access networks. The following values are defined in this 632 application: 634 1001: 3GPP-GERAN 636 TBD. 638 1002: 3GPP-UTRAN-FDD 640 TBD. 642 Unlike Enumerated AVP, any new value can be added in the address 643 space defined by this Unsigned32 AVP without modifying the definition 644 of the AVP. There is therefore no risk of backward compatibility 645 issue, especially when intermediate nodes may be present between 646 Diameter endpoints. 648 In the same line, AVPs of type Enumerated are too often used as a 649 simple Boolean flag, indicating for instance a specific permission or 650 capability, and therefore only two values are defined, e.g., TRUE/ 651 FALSE, AUTORIZED/UNAUTHORIZED or SUPPORTED/UNSUPPORTED. This is a 652 sub-optimal design since it limits the extensibility of the 653 application: any new capability/permission would have to be supported 654 by a new AVP or new Enumerated value of the already defined AVP, with 655 the backward compatibility issues described above. Instead of using 656 an Enumerated AVP for a Boolean flag, protocol designers SHOULD use 657 AVPs of type Unsigned32 or Unsigned64 AVP in which the data field 658 would be defined as bit mask whose bit settings are described in the 659 relevant Diameter application specification. Such AVPs can be reused 660 and extended without major impact on the Diameter application. The 661 bit mask SHOULD leave room for future additions. Examples of AVPs 662 that use bit masks are the Session-Binding AVP defined in [RFC6733] 663 and the MIP6-Feature-Vector AVP defined in [RFC5447]. 665 5.7. Application-Specific Message Routing 667 As described in [RFC6733], a Diameter request that needs to be sent 668 to a home server serving a specific realm, but not to a specific 669 server (such as the first request of a series of round trips), will 670 contain a Destination-Realm AVP and no Destination-Host AVP. 672 For such a request, the message routing usually relies only on the 673 Destination-Realm AVP and the Application Id present in the request 674 message header. However, some applications may need to rely on the 675 User-Name AVP or any other application-specific AVP present in the 676 request to determine the final destination of a request, e.g., to 677 find the target AAA server hosting the authorization information for 678 a given user when multiple AAA servers are addressable in the realm. 680 In such a context, basic routing mechanisms described in [RFC6733] 681 are not fully suitable, and additional application-level routing 682 mechanisms MUST be described in the application documentation to 683 provide such specific AVP-based routing. Such functionality will be 684 basically hosted by an application-specific proxy agent that will be 685 responsible for routing decisions based on the received specific 686 AVPs. 688 Examples of such application-specific routing functions can be found 689 in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP 690 Multimedia Subsystem, in which the proxy agent (Subscriber Location 691 Function aka SLF) uses specific application-level identities found in 692 the request to determine the final destination of the message. 694 Whatever the criteria used to establish the routing path of the 695 request, the routing of the answer MUST follow the reverse path of 696 the request, as described in [RFC6733], with the answer being sent to 697 the source of the received request, using transaction states and hop- 698 by-hop identifier matching. In particular, this ensures that the 699 Diameter Relay or Proxy agents in the request routing path will be 700 able to release the transaction state upon receipt of the 701 corresponding answer, avoiding unnecessary failover. Application 702 designers SHOULD NOT modify the answer-routing principles described 703 in [RFC6733] when defining a new application. 705 5.8. Translation Agents 707 As defined in [RFC6733], a translation agent is a device that 708 provides interworking between Diameter and another AAA protocol, such 709 as RADIUS . 711 In the case of RADIUS, it was initially thought that defining the 712 translation function would be straightforward by adopting few basic 713 principles, e.g., by the use of a shared range of code values for 714 RADIUS attributes and Diameter AVPs. Guidelines for implementing a 715 RADIUS-Diameter translation agent were put into the Diameter NASREQ 716 Application ([RFC4005]). 718 However, it was acknowledged that such translation mechanism was not 719 so obvious and deeper protocol analysis was required to ensure 720 efficient interworking between RADIUS and Diameter. Moreover, the 721 interworking requirements depend on the functionalities provided by 722 the Diameter application under specification, and a case-by-case 723 analysis is required. As a consequence, all the material related to 724 RADIUS-to-Diameter translation is removed from the new version of the 725 Diameter NASREQ application specification [RFC4005bis], (see 726 [RFC7155]) which deprecates the RFC4005 ([RFC4005]). 728 Therefore, protocol designers SHOULD NOT assume the availability of a 729 "standard" Diameter-to-RADIUS gateways agent when planning to 730 interoperate with the RADIUS infrastructure. They SHOULD specify the 731 required translation mechanism along with the Diameter application, 732 if needed. This recommendation applies for any kind of translation. 734 5.9. End-to-End Application Capabilities Exchange 736 Diameter applications can rely on optional AVPs to exchange 737 application-specific capabilities and features. These AVPs can be 738 exchanged on an end-to-end basis at the application layer. Examples 739 of this can be found with the MIP6-Feature-Vector AVP in [RFC5447] 740 and the QoS-Capability AVP in [RFC5777]. 742 End-to-end capabilities AVPs can be added as optional AVPs with the 743 M-bit cleared to existing applications to announce support of new 744 functionality. Receivers that do not understand these AVPs or the 745 AVP values can simply ignore them, as stated in [RFC6733]. When 746 supported, receivers of these AVPs can discover the additional 747 functionality supported by the Diameter end-point originating the 748 request and behave accordingly when processing the request. Senders 749 of these AVPs can safely assume the receiving end-point does not 750 support any functionality carried by the AVP if it is not present in 751 corresponding response. This is useful in cases where deployment 752 choices are offered, and the generic design can be made available for 753 a number of applications. 755 When used in a new application, these end-to-end capabilities AVPs 756 SHOULD be added as optional AVP into the CCF of the commands used by 757 the new application. Protocol designers SHOULD clearly specify this 758 end-to-end capabilities exchange and the corresponding behaviour of 759 the Diameter nodes supporting the application. 761 It is also important to note that this end-to-end capabilities 762 exchange relying on the use of optional AVPs is not meant as a 763 generic mechanism to support extensibility of Diameter applications 764 with arbitrary functionality. When the added features drastically 765 change the Diameter application or when Diameter agents must be 766 upgraded to support the new features, a new application SHOULD be 767 defined, as recommended in [RFC6733]. 769 5.10. Diameter Accounting Support 771 Accounting can be treated as an auxiliary application that is used in 772 support of other applications. In most cases, accounting support is 773 required when defining new applications. This document provides two 774 possible models for using accounting: 776 Split Accounting Model: 778 In this model, the accounting messages will use the Diameter base 779 accounting Application Id (value of 3). The design implication 780 for this is that the accounting is treated as an independent 781 application, especially for Diameter routing. This means that 782 accounting commands emanating from an application may be routed 783 separately from the rest of the other application messages. This 784 may also imply that the messages end up in a central accounting 785 server. A split accounting model is a good design choice when: 787 * The application itself does not define its own accounting 788 commands. 790 * The overall system architecture permits the use of centralized 791 accounting for one or more Diameter applications. 793 Centralizing accounting may have advantages but there are also 794 drawbacks. The model assumes that the accounting server can 795 differentiate received accounting messages. Since the received 796 accounting messages can be for any application and/or service, the 797 accounting server MUST have a method to match accounting messages 798 with applications and/or services being accounted for. This may 799 mean defining new AVPs, checking the presence, absence or contents 800 of existing AVPs, or checking the contents of the accounting 801 record itself. One of these means could be to insert into the 802 request sent to the accounting server an Auth-Application-Id AVP 803 containing the identifier of the application for which the 804 accounting request is sent. But in general, there is no clean and 805 generic scheme for sorting these messages. Therefore, the use of 806 this model is NOT RECOMMENDED when all received accounting 807 messages cannot be clearly identified and sorted. For most cases, 808 the use of Coupled Accounting Model is RECOMMENDED. 810 Coupled Accounting Model: 812 In this model, the accounting messages will use the Application Id 813 of the application using the accounting service. The design 814 implication for this is that the accounting messages are tightly 815 coupled with the application itself; meaning that accounting 816 messages will be routed like the other application messages. It 817 would then be the responsibility of the application server 818 (application entity receiving the ACR message) to send the 819 accounting records carried by the accounting messages to the 820 proper accounting server. The application server is also 821 responsible for formulating a proper response (ACA). A coupled 822 accounting model is a good design choice when: 824 * The system architecture or deployment does not provide an 825 accounting server that supports Diameter. Consequently, the 826 application server MUST be provisioned to use a different 827 protocol to access the accounting server, e.g., via LDAP, SOAP 828 etc. This case includes the support of older accounting 829 systems that are not Diameter aware. 831 * The system architecture or deployment requires that the 832 accounting service for the specific application should be 833 handled by the application itself. 835 In all cases above, there will generally be no direct Diameter 836 access to the accounting server. 838 These models provide a basis for using accounting messages. 839 Application designers may obviously deviate from these models 840 provided that the factors being addressed here have also been taken 841 into account. An application MAY define a new set of commands to 842 carry application-specific accounting records but it is NOT 843 RECOMMENDED to do so. 845 5.11. Diameter Security Mechanisms 847 As specified in [RFC6733], the Diameter message exchange SHOULD be 848 secured between neighboring Diameter peers using TLS/TCP or DTLS/ 849 SCTP. However, IPsec MAY also be deployed to secure communication 850 between Diameter peers. When IPsec is used instead of TLS or DTLS, 851 the following recommendations apply. 853 IPsec ESP [RFC4301] in transport mode with non-null encryption and 854 authentication algorithms MUST be used to provide per-packet 855 authentication, integrity protection and confidentiality, and support 856 the replay protection mechanisms of IPsec. IKEv2 [RFC5996] SHOULD be 857 used for performing mutual authentication and for establishing and 858 maintaining security associations (SAs). 860 IKEv1 [RFC2409] was used with RFC 3588 [RFC3588] and for easier 861 migration from IKEv1 based implementations both RSA digital 862 signatures and pre-shared keys SHOULD be supported in IKEv2. 863 However, if IKEv1 is used, implementers SHOULD follow the guidelines 864 given in Section 13.1 of RFC 3588 [RFC3588]. 866 6. Defining Generic Diameter Extensions 868 Generic Diameter extensions are AVPs, commands or applications that 869 are designed to support other Diameter applications. They are 870 auxiliary applications meant to improve or enhance the Diameter 871 protocol itself or Diameter applications/functionality. Some 872 examples include the extensions to support realm-based redirection of 873 Diameter requests (see [RFC7075]), convey a specific set of priority 874 parameters influencing the distribution of resources (see [RFC6735]), 875 and the support for QoS AVPs (see [RFC5777]). 877 Since generic extensions may cover many aspects of Diameter and 878 Diameter applications, it is not possible to enumerate all scenarios. 879 However, some of the most common considerations are as follows: 881 Backward Compatibility: 883 When defining generic extensions designed to be supported by 884 existing Diameter applications, protocol designers MUST consider 885 the potential impacts of the introduction of the new extension on 886 the behavior of node that would not be yet upgraded to support/ 887 understand this new extension. Designers MUST also ensure that 888 new extensions do not break expected message delivery layer 889 behavior. 891 Forward Compatibility: 893 Protocol designers MUST ensure that their design will not 894 introduce undue restrictions for future applications. 896 Trade-off in Signaling: 898 Designers may have to choose between the use of optional AVPs 899 piggybacked onto existing commands versus defining new commands 900 and applications. Optional AVPs are simpler to implement and may 901 not need changes to existing applications. However, this ties the 902 sending of extension data to the application's transmission of a 903 message. This has consequences if the application and the 904 extensions have different timing requirements. The use of 905 commands and applications solves this issue, but the trade-off is 906 the additional complexity of defining and deploying a new 907 application. It is left up to the designer to find a good balance 908 among these trade-offs based on the requirements of the extension. 910 In practice, generic extensions often use optional AVPs because they 911 are simple and non-intrusive to the application that would carry 912 them. Peers that do not support the generic extensions need not 913 understand nor recognize these optional AVPs. However, it is 914 RECOMMENDED that the authors of the extension specify the context or 915 usage of the optional AVPs. As an example, in the case that the AVP 916 can be used only by a specific set of applications then the 917 specification MUST enumerate these applications and the scenarios 918 when the optional AVPs will be used. In the case where the optional 919 AVPs can be carried by any application, it SHOULD be sufficient to 920 specify such a use case and perhaps provide specific examples of 921 applications using them. 923 In most cases, these optional AVPs piggybacked by applications would 924 be defined as a Grouped AVP and it would encapsulate all the 925 functionality of the generic extension. In practice, it is not 926 uncommon that the Grouped AVP will encapsulate an existing AVP that 927 has previously been defined as mandatory ('M'-bit set) e.g., 3GPP IMS 928 Cx/Dx interfaces ([TS29.228] and [TS29.229]). 930 7. Guidelines for Registrations of Diameter Values 932 As summarized in the Section 3 of this document and further described 933 in the Section 1.3 of [RFC6733], there are four main ways to extend 934 Diameter. The process for defining new functionality slightly varies 935 based on the different extensions. This section provides protocol 936 designers with some guidance regarding the definition of values for 937 possible Diameter extensions and the necessary interaction with IANA 938 to register the new functionality. 940 a. Defining new AVP values 942 The specifications defining AVPs and AVP values MUST provide 943 guidance for defining new values and the corresponding policy for 944 adding these values. For example, the RFC 5777 [RFC5777] defines 945 the Treatment-Action AVP which contains a list of valid values 946 corresponding to pre-defined actions (drop, shape, mark, permit). 947 This set of values can be extended following the Specification 948 Required policy defined in [RFC5226]. As a second example, the 949 Diameter base specification [RFC6733] defines the Result-Code AVP 950 that contains a 32-bit address space used to identity possible 951 errors. According to the Section 11.3.2 of [RFC6733], new values 952 can be assigned by IANA via an IETF Review process [RFC5226]. 954 b. Creating new AVPs 956 Two different types of AVP Codes namespaces can be used to create 957 a new AVPs: 959 * IETF AVP Codes namespace; 961 * Vendor-specific AVP Codes namespace. 963 In the latter case, a vendor needs to be first assigned by IANA 964 with a private enterprise number, which can be used within the 965 Vendor-Id field of the vendor-specific AVP. This enterprise 966 number delimits a private namespace in which the vendor is 967 responsible for vendor-specific AVP code value assignment. The 968 absence of a Vendor-Id or a Vendor-Id value of zero (0) in the AVP 969 header identifies standard AVPs from the IETF AVP Codes namespace 970 managed by IANA. The allocation of code values from the IANA- 971 managed namespace is conditioned by an Expert Review of the 972 specification defining the AVPs or an IETF review if a block of 973 AVPs needs to be assigned. Moreover, the remaining bits of the 974 AVP Flags field of the AVP header are also assigned via Standard 975 Action if the creation of new AVP Flags is desired. 977 c. Creating new commands 979 Unlike the AVP Code namespace, the Command Code namespace is flat 980 but the range of values is subdivided into three chunks with 981 distinct IANA registration policies: 983 * A range of standard Command Code values that are allocated via 984 IETF review; 986 * A range of vendor-specific Command Code values that are 987 allocated on a First-Come/First-Served basis; 989 * A range of values reserved only for experimental and testing 990 purposes. 992 As for AVP Flags, the remaining bits of the Command Flags field of 993 the Diameter header are also assigned via a Standards Action to 994 create new Command Flags if required. 996 d. Creating new applications 997 Similarly to the Command Code namespace, the Application-Id 998 namespace is flat but divided into two distinct ranges: 1000 * A range of values reserved for standard Application-Ids 1001 allocated after Expert Review of the specification defining the 1002 standard application; 1004 * A range for values for vendor specific applications, allocated 1005 by IANA on a First-Come/First-Serve basis. 1007 The IANA AAA parameters page can be found at 1008 http://www.iana.org/assignments/aaa-parameters/aaa-parameters.xml and 1009 the enterprise number IANA page is available at 1010 http://www.iana.org/assignments/enterprise-numbers. More details on 1011 the policies followed by IANA for namespace management (e.g. First- 1012 Come/First-Served, Expert Review, IETF Review, etc.) can be found in 1013 [RFC5226]. 1015 NOTE: 1016 When the same functionality/extension is used by more than one 1017 vendor, it is RECOMMENDED to define a standard extension. 1018 Moreover, a vendor-specific extension SHOULD be registered to 1019 avoid interoperability issues in the same network. With this aim, 1020 the registration policy of vendor-specific extension has been 1021 simplified with the publication of [RFC6733] and the namespace 1022 reserved for vendor-specific extensions is large enough to avoid 1023 exhaustion. 1025 8. IANA Considerations 1027 This document does not require actions by IANA. 1029 9. Security Considerations 1031 This document provides guidelines and considerations for extending 1032 Diameter and Diameter applications. Although such an extension may 1033 be related to a security functionality, the document does not 1034 explicitly give guidance on enhancing Diameter with respect to 1035 security. 1037 10. Contributors 1039 The content of this document was influenced by a design team created 1040 to revisit the Diameter extensibility rules. The team was formed in 1041 February 2008 and finished its work in June 2008. Except the 1042 authors, the design team members were: 1044 o Avi Lior 1045 o Glen Zorn 1047 o Jari Arkko 1049 o Jouni Korhonen 1051 o Mark Jones 1053 o Tolga Asveren 1055 o Glenn McGregor 1057 o Dave Frascone 1059 We would like to thank Tolga Asveren, Glenn McGregor, and John 1060 Loughney for their contributions as co-authors to earlier versions of 1061 this document. 1063 11. Acknowledgments 1065 We greatly appreciate the insight provided by Diameter implementers 1066 who have highlighted the issues and concerns being addressed by this 1067 document. The authors would also like to thank Jean Mahoney, Ben 1068 Campbell, Sebastien Decugis and Benoit Claise for their invaluable 1069 detailed reviews and comments on this document. 1071 12. References 1073 12.1. Normative References 1075 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1076 Requirement Levels", BCP 14, RFC 2119, March 1997. 1078 [RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, 1079 "Diameter Base Protocol", RFC 6733, October 2012. 1081 12.2. Informative References 1083 [Q.3303.3] 1084 3rd Generation Partnership Project, "ITU-T Recommendation 1085 Q.3303.3, "Resource control protocol no. 3 (rcp3): 1086 Protocol at the Rw interface between the Policy Decision 1087 Physical Entity (PD-PE) and the Policy Enforcement 1088 Physical Entity (PE-PE): Diameter"", 2008. 1090 [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange 1091 (IKE)", RFC 2409, November 1998. 1093 [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. 1094 Arkko, "Diameter Base Protocol", RFC 3588, September 2003. 1096 [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, 1097 "Diameter Network Access Server Application", RFC 4005, 1098 August 2005. 1100 [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible 1101 Authentication Protocol (EAP) Application", RFC 4072, 1102 August 2005. 1104 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1105 Internet Protocol", RFC 4301, December 2005. 1107 [RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., 1108 Canales-Valenzuela, C., and K. Tammi, "Diameter Session 1109 Initiation Protocol (SIP) Application", RFC 4740, November 1110 2006. 1112 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1113 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1114 May 2008. 1116 [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., 1117 and K. Chowdhury, "Diameter Mobile IPv6: Support for 1118 Network Access Server to Diameter Server Interaction", RFC 1119 5447, February 2009. 1121 [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., 1122 and A. Lior, "Traffic Classification and Quality of 1123 Service (QoS) Attributes for Diameter", RFC 5777, February 1124 2010. 1126 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 1127 "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 1128 5996, September 2010. 1130 [RFC6735] Carlberg, K. and T. Taylor, "Diameter Priority Attribute- 1131 Value Pairs", RFC 6735, October 2012. 1133 [RFC7075] Tsou, T., Hao, R., and T. Taylor, "Realm-Based Redirection 1134 In Diameter", RFC 7075, November 2013. 1136 [RFC7155] Zorn, G., "Diameter Network Access Server Application", 1137 RFC 7155, April 2014. 1139 [TS29.228] 1140 3rd Generation Partnership Project, "3GPP TS 29.228; 1141 Technical Specification Group Core Network and Terminals; 1142 IP Multimedia (IM) Subsystem Cx and Dx Interfaces; 1143 Signalling flows and message contents", 1144 . 1146 [TS29.229] 1147 3rd Generation Partnership Project, "3GPP TS 29.229; 1148 Technical Specification Group Core Network and Terminals; 1149 Cx and Dx interfaces based on the Diameter protocol; 1150 Protocol details", 1151 . 1153 [TS29.328] 1154 3rd Generation Partnership Project, "3GPP TS 29.328; 1155 Technical Specification Group Core Network and Terminals; 1156 IP Multimedia (IM) Subsystem Sh interface; signalling 1157 flows and message content", 1158 . 1160 [TS29.329] 1161 3rd Generation Partnership Project, "3GPP TS 29.329; 1162 Technical Specification Group Core Network and Terminals; 1163 Sh Interface based on the Diameter protocol; Protocol 1164 details", 1165 . 1167 Authors' Addresses 1169 Lionel Morand (editor) 1170 Orange Labs 1171 38/40 rue du General Leclerc 1172 Issy-Les-Moulineaux Cedex 9 92794 1173 France 1175 Phone: +33145296257 1176 Email: lionel.morand@orange.com 1178 Victor Fajardo 1179 Independent 1181 Email: vf0213@gmail.com 1182 Hannes Tschofenig 1183 Nokia Siemens Networks 1184 Linnoitustie 6 1185 Espoo 02600 1186 Finland 1188 Phone: +358 (50) 4871445 1189 Email: Hannes.Tschofenig@gmx.net 1190 URI: http://www.tschofenig.priv.at