| < draft-ietf-dime-app-design-guide-16.txt | draft-ietf-dime-app-design-guide-17.txt > | |||
|---|---|---|---|---|
| Diameter Maintenance and Extensions L. Morand, Ed. | Diameter Maintenance and Extensions (DIME) L. Morand, Ed. | |||
| (DIME) Orange Labs | Internet-Draft Orange Labs | |||
| Internet-Draft V. Fajardo | Intended status: Informational V. Fajardo | |||
| Intended status: Informational | Expires: November 30, 2013 H. Tschofenig | |||
| Expires: April 25, 2013 H. Tschofenig | ||||
| Nokia Siemens Networks | Nokia Siemens Networks | |||
| October 22, 2012 | May 29, 2013 | |||
| Diameter Applications Design Guidelines | Diameter Applications Design Guidelines | |||
| draft-ietf-dime-app-design-guide-16 | draft-ietf-dime-app-design-guide-17 | |||
| Abstract | Abstract | |||
| The Diameter Base protocol provides facilities for protocol | The Diameter Base protocol provides facilities for protocol | |||
| extensibility enabling to define new Diameter applications or modify | extensibility enabling to define new Diameter applications or modify | |||
| existing applications. This document is a companion document to the | existing applications. This document is a companion document to the | |||
| Diameter base protocol that further explains and clarifies the rules | Diameter base protocol that further explains and clarifies the rules | |||
| to extend the Diameter base protocol. It is meant as a guidelines | to extend the Diameter base protocol. It is meant as a guidelines | |||
| document and therefore it does not add, remove or change existing | document and therefore it does not add, remove or change existing | |||
| rules. | rules. | |||
| Requirements Language | Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| Status of this Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 25, 2013. | This Internet-Draft will expire on November 30, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Reusing Existing Diameter Applications . . . . . . . . . . . . 8 | 4. Reusing Existing Diameter Applications . . . . . . . . . . . 5 | |||
| 4.1. Adding a New Command . . . . . . . . . . . . . . . . . . . 8 | 4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 5 | |||
| 4.2. Deleting an Existing Command . . . . . . . . . . . . . . . 9 | 4.2. Deleting an Existing Command . . . . . . . . . . . . . . 6 | |||
| 4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 9 | 4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 6 | |||
| 4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . . 9 | 4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 7 | |||
| 4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . . 11 | 4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 8 | |||
| 4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 12 | 4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 9 | |||
| 4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . . 12 | 4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 9 | |||
| 4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 12 | 4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 9 | |||
| 5. Defining New Diameter Applications . . . . . . . . . . . . . . 13 | 5. Defining New Diameter Applications . . . . . . . . . . . . . 9 | |||
| 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 13 | 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 13 | 5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 10 | |||
| 5.3. Use of Application-Id in a Message . . . . . . . . . . . . 14 | 5.3. Use of Application-Id in a Message . . . . . . . . . . . 11 | |||
| 5.4. Application-Specific Session State Machines . . . . . . . 14 | 5.4. Application-Specific Session State Machines . . . . . . . 11 | |||
| 5.5. Session-Id AVP and Session Management . . . . . . . . . . 15 | 5.5. Session-Id AVP and Session Management . . . . . . . . . . 11 | |||
| 5.6. AVPs Defined as Boolean Flag . . . . . . . . . . . . . . . 15 | 5.6. AVPs Defined as Boolean Flag . . . . . . . . . . . . . . 12 | |||
| 5.7. Application-Specific Message Routing . . . . . . . . . . . 16 | 5.7. Application-Specific Message Routing . . . . . . . . . . 13 | |||
| 5.8. About Translation Agent . . . . . . . . . . . . . . . . . 17 | 5.8. About Translation Agent . . . . . . . . . . . . . . . . . 13 | |||
| 5.9. End-to-End Application Capabilities Exchange . . . . . . . 17 | 5.9. End-to-End Application Capabilities Exchange . . . . . . 14 | |||
| 5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 18 | 5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 15 | |||
| 5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . . 20 | 5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 16 | |||
| 6. Defining Generic Diameter Extensions . . . . . . . . . . . . . 22 | 6. Defining Generic Diameter Extensions . . . . . . . . . . . . 17 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | |||
| 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 26 | 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 | 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . . 28 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 19 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . . 28 | 11.2. Informative References . . . . . . . . . . . . . . . . . 19 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 1. Introduction | 1. Introduction | |||
| The Diameter base protocol provides facilities to extend the Diameter | The Diameter base protocol provides facilities to extend the Diameter | |||
| base protocol (see Section 1.3 of [I-D.ietf-dime-rfc3588bis]) for | base protocol (see Section 1.3 of [RFC6733]) for supporting new | |||
| supporting new functionalities. In the context of this document, | functionalities. In the context of this document, extending Diameter | |||
| extending Diameter means one of the following: | means one of the following: | |||
| 1. Addition of a new functionality to an existing Diameter | 1. Addition of a new functionality to an existing Diameter | |||
| application without defining a new application. | application without defining a new application. | |||
| 2. Addition of a new functionality to an existing Diameter | 2. Addition of a new functionality to an existing Diameter | |||
| application that requires the definition of a new application. | application that requires the definition of a new application. | |||
| 3. The definition of a new Diameter application to provide a set of | 3. The definition of a new Diameter application to provide a set of | |||
| functionalities not supported by existing applications. | functionalities not supported by existing applications. | |||
| 4. The definition of a new generic functionality that can be reused | 4. The definition of a new generic functionality that can be reused | |||
| across different applications. | across different applications. | |||
| All of these choices are design decisions that can be done by any | All of these choices are design decisions that can be done by any | |||
| combination of reusing existing or defining new commands, AVPs or AVP | combination of reusing existing or defining new commands, AVPs or AVP | |||
| values. However, application designers do not have total freedom | values. However, application designers do not have total freedom | |||
| when making their design. A number of rules have been defined in | when making their design. A number of rules have been defined in | |||
| [I-D.ietf-dime-rfc3588bis] and place constraints on when an extension | [RFC6733] and place constraints on when an extension requires the | |||
| requires the allocation of a new Diameter application identifier or a | allocation of a new Diameter application identifier or a new command | |||
| new command code value. The objective of this document is the | code value. The objective of this document is the following: | |||
| following: | ||||
| o Clarify updated Diameter extensibility rules in the Diameter base | o Clarify updated Diameter extensibility rules in the Diameter base | |||
| protocol. | protocol. | |||
| o Clarify usage of certain Diameter functionalities that are not | o Clarify usage of certain Diameter functionalities that are not | |||
| explicitly described in the Diameter Base specification. | explicitly described in the Diameter Base specification. | |||
| o Discuss design choices and provide guidelines when defining new | o Discuss design choices and provide guidelines when defining new | |||
| applications. | applications. | |||
| o Present trade-off of design choices. | o Present trade-off of design choices. | |||
| 2. Terminology | 2. Terminology | |||
| This document reuses the terminology used in | This document reuses the terminology used in [RFC6733]. | |||
| [I-D.ietf-dime-rfc3588bis]. | ||||
| 3. Overview | 3. Overview | |||
| As designed, the Diameter base protocol [I-D.ietf-dime-rfc3588bis] | As designed, the Diameter base protocol [RFC6733] can be seen as a | |||
| can be seen as a two-layer protocol. The lower layer is mainly | two-layer protocol. The lower layer is mainly responsible for | |||
| responsible for managing connections between neighboring peers and | managing connections between neighboring peers and for message | |||
| for message routing. The upper layer is where the Diameter | routing. The upper layer is where the Diameter applications reside. | |||
| applications reside. This model is in line with a Diameter node | ||||
| having an application layer and a peer-to-peer delivery layer. The | This model is in line with a Diameter node having an application | |||
| Diameter base protocol document defines the architecture and behavior | layer and a peer-to-peer delivery layer. The Diameter base protocol | |||
| of the message delivery layer and then provides the framework for | document defines the architecture and behavior of the message | |||
| designing Diameter applications on the application layer. This | delivery layer and then provides the framework for designing Diameter | |||
| framework includes definitions of application sessions and accounting | applications on the application layer. This framework includes | |||
| support (see Section 8 and 9 of [I-D.ietf-dime-rfc3588bis]). | definitions of application sessions and accounting support (see | |||
| Accordingly, a Diameter node is seen in this document as a single | Section 8 and 9 of [RFC6733]). Accordingly, a Diameter node is seen | |||
| instance of a Diameter message delivery layer and one or more | in this document as a single instance of a Diameter message delivery | |||
| Diameter applications using it. | layer and one or more Diameter applications using it. | |||
| The Diameter base protocol is designed to be extensible and the | The Diameter base protocol is designed to be extensible and the | |||
| principles are described in the section 1.3 of | principles are described in the section 1.3 of [RFC6733]. Extending | |||
| [I-D.ietf-dime-rfc3588bis]. Extending Diameter can mean either the | Diameter can mean either the definition of a completely new Diameter | |||
| definition of a completely new Diameter application or the reuse of | application or the reuse of commands, AVPs and AVP values in any | |||
| commands, AVPs and AVP values in any combination for the purpose of | combination for the purpose of inheriting the features of an existing | |||
| inheriting the features of an existing Diameter application. The | Diameter application. The recommendation for re-using as much as | |||
| recommendation for re-using as much as possible existing | possible existing implementations is meaningful as most of the | |||
| implementations is meaningful as most of the requirements defined for | requirements defined for a new application are likely already | |||
| a new application are likely already fulfilled by existing | fulfilled by existing applications. | |||
| applications. | ||||
| However, when reusing existing applications, there is a greater | However, when reusing existing applications, there is a greater | |||
| likelihood of ambiguity on how much of the existing application can | likelihood of ambiguity on how much of the existing application can | |||
| be enhanced without being distorted too much and therefore requiring | be enhanced without being distorted too much and therefore requiring | |||
| the definition of a new application. | the definition of a new application. | |||
| The impacts of extending existing applications can be categorized as | The impacts of extending existing applications can be categorized as | |||
| follow: | follow: | |||
| Minor Extension: Enhancing the functional scope of an existing | Minor Extension: Enhancing the functional scope of an existing | |||
| skipping to change at page 7, line 15 ¶ | skipping to change at page 5, line 15 ¶ | |||
| Major Extension: Enhancing the functional scope of an existing | Major Extension: Enhancing the functional scope of an existing | |||
| application in such a way that this implies backward compatible | application in such a way that this implies backward compatible | |||
| change to the existing application and then requires the | change to the existing application and then requires the | |||
| definition of a new Diameter application. Typical examples would | definition of a new Diameter application. Typical examples would | |||
| be the creation of a new command for providing functionality not | be the creation of a new command for providing functionality not | |||
| supported by existing applications or the definition of a new AVP | supported by existing applications or the definition of a new AVP | |||
| with M-bit set to carry in an existing command. For such | with M-bit set to carry in an existing command. For such | |||
| extension, a significant specification effort is required and a | extension, a significant specification effort is required and a | |||
| careful approach is recommended. | careful approach is recommended. | |||
| The rules outlined in the section 1.3 of [I-D.ietf-dime-rfc3588bis] | The rules outlined in the section 1.3 of [RFC6733] indicate when an | |||
| indicate when an extension requires a new command code to be | extension requires a new command code to be registered and when new | |||
| registered and when new Diameter applications have to be defined. | Diameter applications have to be defined. The subsequent sections | |||
| The subsequent sections further explain and clarify the rules to | further explain and clarify the rules to extend the Diameter base | |||
| extend the Diameter base protocol. It is meant as a guidelines | protocol. It is meant as a guidelines document and therefore it does | |||
| document and therefore it does not add, remove or change existing | not add, remove or change existing rules. | |||
| rules. | ||||
| 4. Reusing Existing Diameter Applications | 4. Reusing Existing Diameter Applications | |||
| When selecting the Diameter base protocol to support new | When selecting the Diameter base protocol to support new | |||
| functionalities, protocol designers are advised to reuse as much as | functionalities, protocol designers are advised to reuse as much as | |||
| possible existing Diameter applications in order to simplify | possible existing Diameter applications in order to simplify | |||
| standardization, implementation and avoid potential interoperability | standardization, implementation and avoid potential interoperability | |||
| issues. However, existing application needs to be adapted to support | issues. However, existing application needs to be adapted to support | |||
| new requirements and these modifications can be at the command level | new requirements and these modifications can be at the command level | |||
| and/or at the AVP level. The following sections describe the | and/or at the AVP level. The following sections describe the | |||
| skipping to change at page 8, line 36 ¶ | skipping to change at page 6, line 4 ¶ | |||
| straightforward since this is typically a result of adding a new | straightforward since this is typically a result of adding a new | |||
| functionality that does not exist yet. For the latter, the decision | functionality that does not exist yet. For the latter, the decision | |||
| to create a new application will depend on whether importing the | to create a new application will depend on whether importing the | |||
| command in a new application is more suitable than simply using the | command in a new application is more suitable than simply using the | |||
| existing application as it is in conjunction with any other | existing application as it is in conjunction with any other | |||
| application. Therefore, a case by case study of each application | application. Therefore, a case by case study of each application | |||
| requirement should be applied. | requirement should be applied. | |||
| An illustrative example is the command pair defined in Diameter EAP | An illustrative example is the command pair defined in Diameter EAP | |||
| application [RFC4072] that can be re-used conjointly with any other | application [RFC4072] that can be re-used conjointly with any other | |||
| application (e.g. the Diameter NASREQ application [RFC4005]) as soon | application (e.g. the Diameter NASREQ application [RFC4005]) as soon | |||
| as standard EAP-based authentication procedures need to be supported | as standard EAP-based authentication procedures need to be supported | |||
| by the implementation. It may therefore not be required to import | by the implementation. It may therefore not be required to import | |||
| the command pair in the new defined application. | the command pair in the new defined application. | |||
| However, in general, it is difficult to come to a hard guideline, and | However, in general, it is difficult to come to a hard guideline, and | |||
| so a case-by-case study of each application requirement should be | so a case-by-case study of each application requirement should be | |||
| applied. Before adding or importing a command, application designers | applied. Before adding or importing a command, application designers | |||
| should consider the following: | should consider the following: | |||
| o Can the new functionality be fulfilled by creating a new command | o Can the new functionality be fulfilled by creating a new command | |||
| independent from any existing command? In this case, the | independent from any existing command? In this case, the | |||
| resulting new application and the existing application can work | resulting new application and the existing application can work | |||
| independent of, but cooperating with each other. | independent of, but cooperating with each other. | |||
| o Can the existing command be reused without major extensions and | o Can the existing command be reused without major extensions and | |||
| therefore without the need for the definition of a new | therefore without the need for the definition of a new | |||
| application, e.g. new functionality introduced by the creation of | application, e.g. new functionality introduced by the creation of | |||
| new optional AVPs. | new optional AVPs. | |||
| o Care should be taken to avoid a liberal method of importing an | o Care should be taken to avoid a liberal method of importing an | |||
| existing command's CCF syntax specification. This would result in | existing command's CCF syntax specification. This would result in | |||
| a monolithic and hard to manage application supporting too many | a monolithic and hard to manage application supporting too many | |||
| different functionalities and can cause interoperability issues | different functionalities and can cause interoperability issues | |||
| between the different applications. | between the different applications. | |||
| 4.2. Deleting an Existing Command | 4.2. Deleting an Existing Command | |||
| skipping to change at page 9, line 39 ¶ | skipping to change at page 7, line 7 ¶ | |||
| 4.3. Reusing Existing Commands | 4.3. Reusing Existing Commands | |||
| This section discusses rules in adding and/or deleting AVPs from an | This section discusses rules in adding and/or deleting AVPs from an | |||
| existing command of an existing application. The cases described in | existing command of an existing application. The cases described in | |||
| this section may not necessarily result in the creation of new | this section may not necessarily result in the creation of new | |||
| applications. | applications. | |||
| It is worth to note that the strong recommendation to re-use existing | It is worth to note that the strong recommendation to re-use existing | |||
| commands in the [RFC3588] was to prevent rapid scarcity of code | commands in the [RFC3588] was to prevent rapid scarcity of code | |||
| values available for vendor-specific commands. | values available for vendor-specific commands. [RFC6733] relaxes the | |||
| [I-D.ietf-dime-rfc3588bis] relaxes the policy with respect to the | policy with respect to the allocation of command codes for vendor- | |||
| allocation of command codes for vendor-specific uses and enlarges the | specific uses and enlarges the range of available code values for | |||
| range of available code values for vendor-specific applications. | vendor-specific applications. Although reuse of existing commands is | |||
| Although reuse of existing commands is still recommended, protocol | still recommended, protocol designers can consider defining a new | |||
| designers can consider defining a new command when it provides a | command when it provides a solution more suitable than the twisting | |||
| solution more suitable than the twisting of an existing command's use | of an existing command's use and applications. | |||
| and applications. | ||||
| 4.3.1. Adding AVPs to a Command | 4.3.1. Adding AVPs to a Command | |||
| Based on the rules in [I-D.ietf-dime-rfc3588bis], AVPs that are added | Based on the rules in [RFC6733], AVPs that are added to an existing | |||
| to an existing command can be categorized into: | command can be categorized into: | |||
| o Mandatory (to understand) AVPs. As defined in | o Mandatory (to understand) AVPs. As defined in [RFC6733], these | |||
| [I-D.ietf-dime-rfc3588bis], these are AVPs with the M-bit flag | are AVPs with the M-bit flag set, which means that a Diameter node | |||
| set, which means that a Diameter node receiving them is required | receiving them is required to understand not only their values but | |||
| to understand not only their values but their semantics. Failure | their semantics. Failure to do so will cause an message handling | |||
| to do so will cause an message handling error. This is regardless | error. This is regardless of whether these AVPs are required or | |||
| of whether these AVPs are required or optional as specified by the | optional as specified by the command's CCF syntax specification. | |||
| command's CCF syntax specification. | ||||
| o Optional (to understand) AVPs. As defined in | o Optional (to understand) AVPs. As defined in [RFC6733], these are | |||
| [I-D.ietf-dime-rfc3588bis], these are AVPs with the M-bit flag | AVPs with the M-bit flag cleared, which mean that a Diameter node | |||
| cleared, which mean that a Diameter node receiving these AVPs can | receiving these AVPs can simply ignore them if not supported in | |||
| simply ignore them if not supported in the process of the received | the process of the received command. | |||
| command. | ||||
| The rules are strict in the case where the AVPs to be added are | The rules are strict in the case where the AVPs to be added are | |||
| mandatory to understand i.e. with the M-bit set. A mandatory AVP | mandatory to understand i.e. with the M-bit set. A mandatory AVP | |||
| cannot be added to an existing command without defining a new | cannot be added to an existing command without defining a new | |||
| Diameter application, as stated in [I-D.ietf-dime-rfc3588bis]. This | Diameter application, as stated in [RFC6733]. This falls into the | |||
| falls into the "Major Extensions" category. Despite the clarity of | "Major Extensions" category. Despite the clarity of the rule, | |||
| the rule, ambiguity still arises when evaluating whether a new AVP | ambiguity still arises when evaluating whether a new AVP being added | |||
| being added should be mandatory to begin with. Application designers | should be mandatory to begin with. Application designers should | |||
| should consider the following questions when deciding to set the | consider the following questions when deciding to set the M-bit for a | |||
| M-bit for a new AVP: | new AVP: | |||
| o Would it be required for the receiving side to be able to process | o Would it be required for the receiving side to be able to process | |||
| and understand the AVP and its content? | and understand the AVP and its content? | |||
| o Would the new AVPs change the state machine of the application? | o Would the new AVPs change the state machine of the application? | |||
| o Would the presence of the new AVP lead to a different number of | o Would the presence of the new AVP lead to a different number of | |||
| round-trips, effectively changing the state machine of the | round-trips, effectively changing the state machine of the | |||
| application? | application? | |||
| o Would the new AVP be used to differentiate between old and new | o Would the new AVP be used to differentiate between old and new | |||
| versions of the same application whereby the two versions are not | versions of the same application whereby the two versions are not | |||
| backward compatible? | backward compatible? | |||
| o Would the new AVP have duality in meaning i.e. be used to carry | o Would the new AVP have duality in meaning i.e. be used to carry | |||
| application-related information as well as be used to indicate | application-related information as well as be used to indicate | |||
| that the message is for a new application? | that the message is for a new application? | |||
| When one of the above questions can be answered in the affirmative | When one of the above questions can be answered in the affirmative | |||
| then the M-bit has to be set for the new AVP. This list of questions | then the M-bit has to be set for the new AVP. This list of questions | |||
| is non-exhaustive and other criteria can be taken into account in the | is non-exhaustive and other criteria can be taken into account in the | |||
| decision process. | decision process. | |||
| If application designers are instead contemplating the use of | If application designers are instead contemplating the use of | |||
| optional AVPs i.e. with the M-bit cleared, then the following are | optional AVPs i.e. with the M-bit cleared, then the following are | |||
| some of the pitfalls that should be avoided: | some of the pitfalls that should be avoided: | |||
| o Use of optional AVPs with intersecting meaning. One AVP has | o Use of optional AVPs with intersecting meaning. One AVP has | |||
| partially the same usage and meaning as another AVP. The presence | partially the same usage and meaning as another AVP. The presence | |||
| of both can lead to confusion. | of both can lead to confusion. | |||
| o An optional AVPs with dual purpose, i.e. to carry application data | o An optional AVPs with dual purpose, i.e. to carry application | |||
| as well as to indicate support for one or more features. This has | data as well as to indicate support for one or more features. | |||
| a tendency to introduce interpretation issues. | This has a tendency to introduce interpretation issues. | |||
| o Adding one or more optional AVPs and indicating (usually within | o Adding one or more optional AVPs and indicating (usually within | |||
| descriptive text for the command) that at least one of them has to | descriptive text for the command) that at least one of them has to | |||
| be present in the command. This essentially circumventing the | be present in the command. This essentially circumventing the | |||
| ABNF and is equivalent to adding a mandatory AVP to the command. | ABNF and is equivalent to adding a mandatory AVP to the command. | |||
| These practices generally result in interoperability issues and | These practices generally result in interoperability issues and | |||
| should be avoided as much as possible. | should be avoided as much as possible. | |||
| 4.3.2. Deleting AVPs from a Command | 4.3.2. Deleting AVPs from a Command | |||
| skipping to change at page 14, line 10 ¶ | skipping to change at page 10, line 45 ¶ | |||
| introducing too much flexibility in the protocol. The protocol | introducing too much flexibility in the protocol. The protocol | |||
| designers are only advised to clearly state the condition of presence | designers are only advised to clearly state the condition of presence | |||
| of these AVPs and properly define the corresponding behaviour of the | of these AVPs and properly define the corresponding behaviour of the | |||
| Diameter nodes when these AVPs are absent from the command. | Diameter nodes when these AVPs are absent from the command. | |||
| In the same way, the CCF should be defined in a way that it will be | In the same way, the CCF should be defined in a way that it will be | |||
| possible to add any arbitrary optional AVPs with the M-bit cleared | possible to add any arbitrary optional AVPs with the M-bit cleared | |||
| (including vendor-specific AVPs) without modifying the application. | (including vendor-specific AVPs) without modifying the application. | |||
| For this purpose, it is strongly recommended to add "* [AVP]" in the | For this purpose, it is strongly recommended to add "* [AVP]" in the | |||
| command's CCF that will allow the addition of any arbitrary AVP as | command's CCF that will allow the addition of any arbitrary AVP as | |||
| described in [I-D.ietf-dime-rfc3588bis]. | described in [RFC6733]. | |||
| 5.3. Use of Application-Id in a Message | 5.3. Use of Application-Id in a Message | |||
| When designing new applications, designers should specify that the | When designing new applications, designers should specify that the | |||
| application ID carried in all session-level messages must be the | application ID carried in all session-level messages must be the | |||
| application ID of the application using those messages. This | application ID of the application using those messages. This | |||
| includes the session-level messages defined in Diameter base | includes the session-level messages defined in Diameter base | |||
| protocol, i.e., RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the | protocol, i.e., RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the | |||
| coupled accounting model, see Section 5.10. Existing specifications | coupled accounting model, see Section 5.10. Existing specifications | |||
| may not adhere to this rule for historical or other reasons. | may not adhere to this rule for historical or other reasons. | |||
| However, this scheme should be followed to avoid possible routing | However, this scheme should be followed to avoid possible routing | |||
| problems for these messages. | problems for these messages. | |||
| In general, when a new application has been allocated with a new | In general, when a new application has been allocated with a new | |||
| application id and it also reuses existing commands with or without | application id and it also reuses existing commands with or without | |||
| modifications (Sec 4.1), it must use the newly allocated application | modifications (Sec 4.1), it must use the newly allocated application | |||
| id in the header and in all relevant application id AVPs (Auth- | id in the header and in all relevant application id AVPs (Auth- | |||
| Application-Id or Acct-Application-Id) present in the commands | Application-Id or Acct-Application-Id) present in the commands | |||
| message body. | message body. | |||
| Additionally, application designs using | Additionally, application designs using Vendor-Specific-Application- | |||
| Vendor-Specific-Application-Id AVP should not use the Vendor-Id AVP | Id AVP should not use the Vendor-Id AVP to further dissect or | |||
| to further dissect or differentiate the vendor-specification | differentiate the vendor-specification application id. Diameter | |||
| application id. Diameter routing is not based on the Vendor-Id. As | routing is not based on the Vendor-Id. As such, the Vendor-ID should | |||
| such, the Vendor-ID should not be used as an additional input for | not be used as an additional input for routing or delivery of | |||
| routing or delivery of messages. In general, the Vendor-Id AVP is an | messages. In general, the Vendor-Id AVP is an informational AVP only | |||
| informational AVP only and kept for backward compatibility reasons. | and kept for backward compatibility reasons. | |||
| 5.4. Application-Specific Session State Machines | 5.4. Application-Specific Session State Machines | |||
| Section 8 of [I-D.ietf-dime-rfc3588bis] provides session state | Section 8 of [RFC6733] provides session state machines for | |||
| machines for authentication, authorization and accounting (AAA) | authentication, authorization and accounting (AAA) services and these | |||
| services and these session state machines are not intended to cover | session state machines are not intended to cover behavior outside of | |||
| behavior outside of AAA. If a new application cannot clearly be | AAA. If a new application cannot clearly be categorized into any of | |||
| categorized into any of these AAA services, it is recommended that | these AAA services, it is recommended that the application define its | |||
| the application define its own session state machine. Support for | own session state machine. Support for server-initiated request is a | |||
| server-initiated request is a clear example where an application- | clear example where an application-specific session state machine | |||
| specific session state machine would be needed, for example, the Rw | would be needed, for example, the Rw interface for ITU-T push model | |||
| interface for ITU-T push model (cf.[Q.3303.3]). | (cf.[Q.3303.3]). | |||
| 5.5. Session-Id AVP and Session Management | 5.5. Session-Id AVP and Session Management | |||
| Diameter applications are usually designed with the aim of managing | Diameter applications are usually designed with the aim of managing | |||
| user sessions, e.g. network access session (NASREQ application | user sessions, e.g. network access session (NASREQ application | |||
| [RFC4005]) or specific service access session (Diameter SIP | [RFC4005]) or specific service access session (Diameter SIP | |||
| application [RFC4740]). In the Diameter base protocol, the session | application [RFC4740]). In the Diameter base protocol, the session | |||
| management is based on the Session-Id AVP that it used to identify a | management is based on the Session-Id AVP that it used to identify a | |||
| given session and all the Diameter messages including the same | given session and all the Diameter messages including the same | |||
| Session-Id will be bound to the same session. Diameter-based session | Session-Id will be bound to the same session. Diameter-based session | |||
| management also implies that both Diameter client and server (and | management also implies that both Diameter client and server (and | |||
| potentially proxy agents in the diameter path) are maintaining | potentially proxy agents in the diameter path) are maintaining | |||
| session state information associated with the Session-Id contained in | session state information associated with the Session-Id contained in | |||
| the Diameter messages. | the Diameter messages. | |||
| skipping to change at page 16, line 20 ¶ | skipping to change at page 13, line 11 ¶ | |||
| application: any new capability/permission would have to be supported | application: any new capability/permission would have to be supported | |||
| by a new AVP or new Enumerated value of the already defined AVP, | by a new AVP or new Enumerated value of the already defined AVP, | |||
| causing backwards compatibility issues with existing implementations. | causing backwards compatibility issues with existing implementations. | |||
| Instead of using an Enumerated AVP for a Boolean flag, protocol | Instead of using an Enumerated AVP for a Boolean flag, protocol | |||
| designers are encouraged to use Unsigned32 or Unsigned64 AVP type as | designers are encouraged to use Unsigned32 or Unsigned64 AVP type as | |||
| bit mask whose bit settings are described in the relevant Diameter | bit mask whose bit settings are described in the relevant Diameter | |||
| application specification. Such AVPs can be reused and extended | application specification. Such AVPs can be reused and extended | |||
| without major impact on the Diameter application. The bit mask | without major impact on the Diameter application. The bit mask | |||
| should leave room for future additions. Examples of bit mask AVP are | should leave room for future additions. Examples of bit mask AVP are | |||
| the Session-Binding AVP defined in [I-D.ietf-dime-rfc3588bis] and the | the Session-Binding AVP defined in [RFC6733] and the MIP6-Feature- | |||
| MIP6-Feature-Vector AVP defined in [RFC5447] | Vector AVP defined in [RFC5447] | |||
| 5.7. Application-Specific Message Routing | 5.7. Application-Specific Message Routing | |||
| Diameter request message routing usually relies on the Destination- | Diameter request message routing usually relies on the Destination- | |||
| Realm AVP and the Application Id present in the request message | Realm AVP and the Application Id present in the request message | |||
| header. However, some applications may need to rely on the User-Name | header. However, some applications may need to rely on the User-Name | |||
| AVP or any other application-specific AVP present in the request to | AVP or any other application-specific AVP present in the request to | |||
| determine the final destination of a request e.g. find the target AAA | determine the final destination of a request e.g. find the target | |||
| server hosting the authorization information for a given user when | AAA server hosting the authorization information for a given user | |||
| multiple AAA servers are addressable in the realm. | when multiple AAA servers are addressable in the realm. | |||
| In such a context, basic routing mechanisms described in | In such a context, basic routing mechanisms described in [RFC6733] | |||
| [I-D.ietf-dime-rfc3588bis] are not fully suitable, and additional | are not fully suitable, and additional application-level routing | |||
| application-level routing mechanisms have to be described in the | mechanisms have to be described in the application documentation to | |||
| application documentation to provide such specific AVP-based routing. | provide such specific AVP-based routing. Such functionality will be | |||
| Such functionality will be basically hosted by an application- | basically hosted by an application-specific Proxy agent that will be | |||
| specific Proxy agent that will be responsible for routing decisions | responsible for routing decisions based on the received specific | |||
| based on the received specific AVPs. | AVPs. | |||
| Example of such application-specific routing functions can be found | Example of such application-specific routing functions can be found | |||
| in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP | in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP | |||
| Multimedia Subsystem, in which the proxy agent (Subscriber Location | Multimedia Subsystem, in which the proxy agent (Subscriber Location | |||
| Function aka SLF) uses specific application-level identities found in | Function aka SLF) uses specific application-level identities found in | |||
| the request to determine the final destination of the message. | the request to determine the final destination of the message. | |||
| Whatever the criteria used to establish the routing path of the | Whatever the criteria used to establish the routing path of the | |||
| request, the routing of the answer should follow the reverse path of | request, the routing of the answer should follow the reverse path of | |||
| the request, as described in [I-D.ietf-dime-rfc3588bis], with the | the request, as described in [RFC6733], with the answer being sent to | |||
| answer being sent to the source of the received request, using | the source of the received request, using transaction states and hop- | |||
| transaction states and hop-by-hop identifier matching. In | by-hop identifier matching. In particular, this ensures that the | |||
| particular, this ensures that the Diameter Relay or Proxy agents in | Diameter Relay or Proxy agents in the request routing path will be | |||
| the request routing path will be able to release the transaction | able to release the transaction state upon receipt of the | |||
| state upon receipt of the corresponding answer, avoiding unnecessary | corresponding answer, avoiding unnecessary failover. Application | |||
| failover. Application designers are strongly dissuaded from | designers are strongly dissuaded from modifying the answer-routing | |||
| modifying the answer-routing principles described in | principles described in [RFC6733] when defining a new application. | |||
| [I-D.ietf-dime-rfc3588bis] when defining a new application. | ||||
| 5.8. About Translation Agent | 5.8. About Translation Agent | |||
| As defined in [RFC6733], a translation agent is a device that | ||||
| As defined in [I-D.ietf-dime-rfc3588bis], a translation agent is a | provides interworking between Diameter and another protocol (e.g. | |||
| device that provides interworking between Diameter and another | RADIUS, TACACS+). | |||
| protocol (e.g. RADIUS, TACACS+). | ||||
| In the case of RADIUS, it was initially thought that defining the | In the case of RADIUS, it was initially thought that defining the | |||
| translation function would be straightforward by adopting few basic | translation function would be straightforward by adopting few basic | |||
| principles e.g. use of a shared range of code values for RADIUS | principles e.g. use of a shared range of code values for RADIUS | |||
| attributes and Diameter AVPs. Guidelines for implementing a RADIUS- | attributes and Diameter AVPs. Guidelines for implementing a RADIUS- | |||
| Diameter translation agent were put into RFC 4005 ([RFC4005]). | Diameter translation agent were put into RFC 4005 ([RFC4005]). | |||
| However, it was acknowledged that such translation mechanism was not | However, it was acknowledged that such translation mechanism was not | |||
| so obvious and deeper protocol analysis was required to ensure | so obvious and deeper protocol analysis was required to ensure | |||
| efficient interworking between RADIUS and Diameter. Moreover, the | efficient interworking between RADIUS and Diameter. Moreover, the | |||
| interworking requirements depend on the functionalities provided by | interworking requirements depend on the functionalities provided by | |||
| the Diameter application under specification, and a case-by-case | the Diameter application under specification, and a case-by-case | |||
| analysis will be required. | analysis will be required. | |||
| skipping to change at page 20, line 9 ¶ | skipping to change at page 16, line 40 ¶ | |||
| These models provide a basis for using accounting messages. | These models provide a basis for using accounting messages. | |||
| Application designers may obviously deviate from these models | Application designers may obviously deviate from these models | |||
| provided that the factors being addressed here have also been taken | provided that the factors being addressed here have also been taken | |||
| into account. Though it is not recommended, examples of other | into account. Though it is not recommended, examples of other | |||
| methods might be defining a new set of commands to carry application- | methods might be defining a new set of commands to carry application- | |||
| specific accounting records. | specific accounting records. | |||
| 5.11. Diameter Security Mechanisms | 5.11. Diameter Security Mechanisms | |||
| As specified in [I-D.ietf-dime-rfc3588bis], the Diameter message | As specified in [RFC6733], the Diameter message exchange should be | |||
| exchange should be secured by using TLS/TCP or DTLS/SCTP. However, | secured by using TLS/TCP or DTLS/SCTP. However, IPsec can also be | |||
| IPsec can also be deployed to secure connections between Diameter | deployed to secure connections between Diameter peers. When IPsec is | |||
| peers. When IPsec is used instead of TLS or DTLS, the following | used instead of TLS or DTLS, the following recommendations apply. | |||
| recommendations apply. | ||||
| IPsec ESP 5.3 [RFC4301] in transport mode with non-null encryption | IPsec ESP 5.3 [RFC4301] in transport mode with non-null encryption | |||
| and authentication algorithms is used to provide per-packet | and authentication algorithms is used to provide per-packet | |||
| authentication, integrity protection and confidentiality, and support | authentication, integrity protection and confidentiality, and support | |||
| the replay protection mechanisms of IPsec. IKE is used for peer | the replay protection mechanisms of IPsec. The version 2 of IKE | |||
| authentication, negotiation of security associations, and key | (IKEv2) [RFC5996] is recommended for performing mutual authentication | |||
| management, using the IPsec DOI [RFC2407]. Peer authentication can | and establishing and maintaining security associations (SAs). | |||
| be achieved by using a pre-shared key, or certificate-based peer | ||||
| authentication using digital signatures can be used as alternative. | ||||
| Peer authentication using the public key encryption methods outlined | ||||
| in IKE's Sections 5.2 and 5.3 [RFC2409] should not be used. | ||||
| Diameter implementations using IPsec as the security mechanism must | ||||
| support both IKE Main Mode and Aggressive Mode. When pre-shared keys | ||||
| are used for authentication, IKE Aggressive Mode should be used | ||||
| instead of IKE Main Mode. When digital signatures are used for | ||||
| authentication, either IKE Main Mode or IKE Aggressive Mode can be | ||||
| used. | ||||
| When digital signatures are used to achieve authentication, an IKE | ||||
| negotiator should use IKE Certificate Request Payload(s) to specify | ||||
| the certificate authority (or authorities) that are trusted in | ||||
| accordance with its local policy. IKE negotiators should use | ||||
| pertinent certificate revocation checks before accepting a PKI | ||||
| certificate for use in IKE's authentication procedures. | ||||
| The Phase 2 Quick Mode exchanges used to negotiate protection for | ||||
| Diameter connections must explicitly carry the Identity Payload | ||||
| fields (IDci and IDcr). The DOI provides for several types of | ||||
| identification data. However, when used in conformant | ||||
| implementations, each ID Payload must carry a single IP address and a | ||||
| single non-zero port number, and must not use the IP Subnet or IP | ||||
| Address Range formats. This allows the Phase 2 security association | ||||
| to correspond to specific TCP and SCTP connections. | ||||
| Since IPsec acceleration hardware may only be able to handle a | IKEv1 [RFC2409] was used in [RFC3588] and for easier migration from | |||
| limited number of active IKE Phase 2 SAs, Phase 2 delete messages may | IKEv1 based implementations both RSA Digital Signatures and pre- | |||
| be sent for idle SAs, as a means of keeping the number of active | shared keys should be used in IKEv2. However, if IKEv1 is used, | |||
| Phase 2 SAs to a minimum. The receipt of an IKE Phase 2 delete | implementers should follow the guidelines given in section 13.1 in | |||
| message should not be interpreted as a reason for tearing down a | RFC3588 [RFC3588]. | |||
| Diameter connection. Rather, it is preferable to leave the | ||||
| connection up, and if additional traffic is sent on it, to bring up | ||||
| another IKE Phase 2 SA to protect it. This avoids the potential for | ||||
| continually bringing connections up and down. | ||||
| 6. Defining Generic Diameter Extensions | 6. Defining Generic Diameter Extensions | |||
| Generic Diameter extensions are AVPs, commands or applications that | Generic Diameter extensions are AVPs, commands or applications that | |||
| are designed to support other Diameter applications. They are | are designed to support other Diameter applications. They are | |||
| auxiliary applications meant to improve or enhance the Diameter | auxiliary applications meant to improve or enhance the Diameter | |||
| protocol itself or Diameter applications/functionality. Some | protocol itself or Diameter applications/functionality. Some | |||
| examples include the extensions to support auditing and redundancy | examples include the extensions to support auditing and redundancy | |||
| (see [I-D.calhoun-diameter-res-mgmt]), improvements in duplicate | (see [I-D.calhoun-diameter-res-mgmt]), improvements in duplicate | |||
| detection scheme (see [I-D.asveren-dime-dupcons]), and piggybacking | detection scheme (see [I-D.asveren-dime-dupcons]), and piggybacking | |||
| skipping to change at page 26, line 25 ¶ | skipping to change at page 19, line 4 ¶ | |||
| o Jari Arkko | o Jari Arkko | |||
| o Lionel Morand | o Lionel Morand | |||
| o Mark Jones | o Mark Jones | |||
| o Victor Fajardo | o Victor Fajardo | |||
| o Tolga Asveren | o Tolga Asveren | |||
| o Jouni Korhonen | o Jouni Korhonen | |||
| o Glenn McGregor | o Glenn McGregor | |||
| o Hannes Tschofenig | o Hannes Tschofenig | |||
| o Dave Frascone | o Dave Frascone | |||
| We would like to thank Tolga Asveren, Glenn McGregor, and John | We would like to thank Tolga Asveren, Glenn McGregor, and John | |||
| Loughney for their contributions as co-authors to earlier versions of | Loughney for their contributions as co-authors to earlier versions of | |||
| this document. | this document. | |||
| 10. Acknowledgments | 10. Acknowledgments | |||
| We greatly appreciate the insight provided by Diameter implementers | We greatly appreciate the insight provided by Diameter implementers | |||
| who have highlighted the issues and concerns being addressed by this | who have highlighted the issues and concerns being addressed by this | |||
| document. The authors would also like to thank A. Jean Mahoney and | document. The authors would also like to thank A. Jean Mahoney and | |||
| Ben Campbell for their invaluable detailed review and comments on | Ben Campbell for their invaluable detailed review and comments on | |||
| this document. | this document. | |||
| 11. References | 11. References | |||
| 11.1. Normative References | 11.1. Normative References | |||
| [I-D.ietf-dime-rfc3588bis] | ||||
| Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, | ||||
| "Diameter Base Protocol", draft-ietf-dime-rfc3588bis-34 | ||||
| (work in progress), June 2012. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. | [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. | |||
| Arkko, "Diameter Base Protocol", RFC 3588, September 2003. | Arkko, "Diameter Base Protocol", RFC 3588, September 2003. | |||
| [RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, | ||||
| "Diameter Base Protocol", RFC 6733, October 2012. | ||||
| 11.2. Informative References | 11.2. Informative References | |||
| [I-D.asveren-dime-dupcons] | [I-D.asveren-dime-dupcons] | |||
| Asveren, T., "Diameter Duplicate Detection Cons.", | Asveren, T., "Diameter Duplicate Detection Cons.", draft- | |||
| draft-asveren-dime-dupcons-00 (work in progress), | asveren-dime-dupcons-00 (work in progress), August 2006. | |||
| August 2006. | ||||
| [I-D.calhoun-diameter-res-mgmt] | [I-D.calhoun-diameter-res-mgmt] | |||
| Calhoun, P., "Diameter Resource Management Extensions", | Calhoun, P., "Diameter Resource Management Extensions", | |||
| draft-calhoun-diameter-res-mgmt-08.txt (work in progress), | draft-calhoun-diameter-res-mgmt-08.txt (work in progress), | |||
| March 2001. | March 2001. | |||
| [Q.3303.3] | [Q.3303.3] | |||
| 3rd Generation Partnership Project, "ITU-T Recommendation | 3rd Generation Partnership Project, "ITU-T Recommendation | |||
| Q.3303.3, "Resource control protocol no. 3 (rcp3): | Q.3303.3, "Resource control protocol no. 3 (rcp3): | |||
| Protocol at the Rw interface between the Policy Decision | Protocol at the Rw interface between the Policy Decision | |||
| Physical Entity (PD-PE) and the Policy Enforcement | Physical Entity (PD-PE) and the Policy Enforcement | |||
| Physical Entity (PE-PE): Diameter"", 2008. | Physical Entity (PE-PE): Diameter"", 2008. | |||
| [RFC2407] D. Piper, "The Internet IP Security Domain of | [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange | |||
| Interpretation for ISAKMP", 1998. | (IKE)", RFC 2409, November 1998. | |||
| [RFC2409] D. Harkins and D. Carrel, "The Internet Key Exchange | [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, | |||
| (IKE)", 1998. | "Diameter Network Access Server Application", RFC 4005, | |||
| August 2005. | ||||
| [RFC4005] P. Calhoun et al., "Diameter Network Access Server | [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | |||
| Application", August 2005, | Authentication Protocol (EAP) Application", RFC 4072, | |||
| <http://www.rfc-editor.org/rfc/rfc4005.txt>. | August 2005. | |||
| [RFC4072] P. Eronen et al., "Diameter Extensible Authentication | [RFC4301] Kent, S. and K. Seo, "Security Architecture for the | |||
| Protocol (EAP) Application", August 2005, | Internet Protocol", RFC 4301, December 2005. | |||
| <http://www.rfc-editor.org/rfc/rfc4072.txt>. | ||||
| [RFC4301] S. Kent and K. Seo, "Security Architecture for the | [RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., | |||
| Internet Protocol", 2005. | Canales-Valenzuela, C., and K. Tammi, "Diameter Session | |||
| Initiation Protocol (SIP) Application", RFC 4740, November | ||||
| 2006. | ||||
| [RFC4740] M. Garcia-Martin et al., "Diameter Session Initiation | [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., | |||
| Protocol (SIP) Application", November 2006, | and K. Chowdhury, "Diameter Mobile IPv6: Support for | |||
| <http://www.rfc-editor.org/rfc/rfc4740.txt>. | Network Access Server to Diameter Server Interaction", RFC | |||
| 5447, February 2009. | ||||
| [RFC5447] J. Korhonen et al., "Diameter Mobile IPv6: Support for | [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., | |||
| Network Access Server to Diameter Server Interaction", | and A. Lior, "Traffic Classification and Quality of | |||
| February 2009, | Service (QoS) Attributes for Diameter", RFC 5777, February | |||
| <http://www.rfc-editor.org/rfc/rfc5447.txt>. | 2010. | |||
| [RFC5777] J. Korhonen et al., "Traffic Classification and Quality of | [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, | |||
| Service (QoS) Attributes for Diameter", 2010. | "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC | |||
| 5996, September 2010. | ||||
| [TS29.228] | [TS29.228] | |||
| 3rd Generation Partnership Project, "3GPP TS 29.228; | 3rd Generation Partnership Project, "3GPP TS 29.228; | |||
| Technical Specification Group Core Network and Terminals; | Technical Specification Group Core Network and Terminals; | |||
| IP Multimedia (IM) Subsystem Cx and Dx Interfaces; | IP Multimedia (IM) Subsystem Cx and Dx Interfaces; | |||
| Signalling flows and message contents", | Signalling flows and message contents", , | |||
| <http://www.3gpp.org/ftp/Specs/html-info/29272.htm>. | <http://www.3gpp.org/ftp/Specs/html-info/29272.htm>. | |||
| [TS29.229] | [TS29.229] | |||
| 3rd Generation Partnership Project, "3GPP TS 29.229; | 3rd Generation Partnership Project, "3GPP TS 29.229; | |||
| Technical Specification Group Core Network and Terminals; | Technical Specification Group Core Network and Terminals; | |||
| Cx and Dx interfaces based on the Diameter protocol; | Cx and Dx interfaces based on the Diameter protocol; | |||
| Protocol details", | Protocol details", , | |||
| <http://www.3gpp.org/ftp/Specs/html-info/29229.htm>. | <http://www.3gpp.org/ftp/Specs/html-info/29229.htm>. | |||
| [TS29.328] | [TS29.328] | |||
| 3rd Generation Partnership Project, "3GPP TS 29.328; | 3rd Generation Partnership Project, "3GPP TS 29.328; | |||
| Technical Specification Group Core Network and Terminals; | Technical Specification Group Core Network and Terminals; | |||
| IP Multimedia (IM) Subsystem Sh interface; signalling | IP Multimedia (IM) Subsystem Sh interface; signalling | |||
| flows and message content", | flows and message content", , | |||
| <http://www.3gpp.org/ftp/Specs/html-info/29328.htm>. | <http://www.3gpp.org/ftp/Specs/html-info/29328.htm>. | |||
| [TS29.329] | [TS29.329] | |||
| 3rd Generation Partnership Project, "3GPP TS 29.329; | 3rd Generation Partnership Project, "3GPP TS 29.329; | |||
| Technical Specification Group Core Network and Terminals; | Technical Specification Group Core Network and Terminals; | |||
| Sh Interface based on the Diameter protocol; Protocol | Sh Interface based on the Diameter protocol; Protocol | |||
| details", | details", , | |||
| <http://www.3gpp.org/ftp/Specs/html-info/29329.htm>. | <http://www.3gpp.org/ftp/Specs/html-info/29329.htm>. | |||
| Authors' Addresses | Authors' Addresses | |||
| Lionel Morand (editor) | Lionel Morand (editor) | |||
| Orange Labs | Orange Labs | |||
| Email: lionel.morand@orange.com | Email: lionel.morand@orange.com | |||
| Victor Fajardo | Victor Fajardo | |||
| End of changes. 55 change blocks. | ||||
| 242 lines changed or deleted | 199 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||