< draft-ietf-dime-app-design-guide-17.txt   draft-ietf-dime-app-design-guide-18.txt >
Diameter Maintenance and Extensions (DIME) L. Morand, Ed. Diameter Maintenance and Extensions (DIME) L. Morand, Ed.
Internet-Draft Orange Labs Internet-Draft Orange Labs
Intended status: Informational V. Fajardo Intended status: Informational V. Fajardo
Expires: November 30, 2013 H. Tschofenig Expires: December 08, 2013
H. Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
May 29, 2013 June 06, 2013
Diameter Applications Design Guidelines Diameter Applications Design Guidelines
draft-ietf-dime-app-design-guide-17 draft-ietf-dime-app-design-guide-18
Abstract Abstract
The Diameter Base protocol provides facilities for protocol The Diameter base protocol provides facilities for protocol
extensibility enabling to define new Diameter applications or modify extensibility enabling to define new Diameter applications or modify
existing applications. This document is a companion document to the existing applications. This document is a companion document to the
Diameter base protocol that further explains and clarifies the rules Diameter Base protocol that further explains and clarifies the rules
to extend the Diameter base protocol. It is meant as a guidelines to extend Diameter. It is meant as a guidelines document and
document and therefore it does not add, remove or change existing therefore as informative in nature.
rules.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 30, 2013. This Internet-Draft will expire on December 08, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 18
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Reusing Existing Diameter Applications . . . . . . . . . . . 5 4. Reusing Existing Diameter Applications . . . . . . . . . . . 5
4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 5 4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 5
4.2. Deleting an Existing Command . . . . . . . . . . . . . . 6 4.2. Deleting an Existing Command . . . . . . . . . . . . . . 6
4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 6 4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 6
4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 7 4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 6
4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 8 4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 8
4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 9 4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 9
4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 9 4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 9
4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 9 4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 9
5. Defining New Diameter Applications . . . . . . . . . . . . . 9 5. Defining New Diameter Applications . . . . . . . . . . . . . 9
5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 9 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 9
5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 10 5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 10
5.3. Use of Application-Id in a Message . . . . . . . . . . . 11 5.3. Use of Application-Id in a Message . . . . . . . . . . . 10
5.4. Application-Specific Session State Machines . . . . . . . 11 5.4. Application-Specific Session State Machines . . . . . . . 11
5.5. Session-Id AVP and Session Management . . . . . . . . . . 11 5.5. Session-Id AVP and Session Management . . . . . . . . . . 11
5.6. AVPs Defined as Boolean Flag . . . . . . . . . . . . . . 12 5.6. Use of Enumerated Type AVPs . . . . . . . . . . . . . . . 12
5.7. Application-Specific Message Routing . . . . . . . . . . 13 5.7. Application-Specific Message Routing . . . . . . . . . . 12
5.8. About Translation Agent . . . . . . . . . . . . . . . . . 13 5.8. Translation Agents . . . . . . . . . . . . . . . . . . . 13
5.9. End-to-End Application Capabilities Exchange . . . . . . 14 5.9. End-to-End Application Capabilities Exchange . . . . . . 14
5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 15 5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 14
5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 16 5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 16
6. Defining Generic Diameter Extensions . . . . . . . . . . . . 17 6. Defining Generic Diameter Extensions . . . . . . . . . . . . 16
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 11. Informative References . . . . . . . . . . . . . . . . . . . 18
11.1. Normative References . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
11.2. Informative References . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction 1. Introduction
The Diameter base protocol provides facilities to extend the Diameter
base protocol (see Section 1.3 of [RFC6733]) for supporting new
functionalities. In the context of this document, extending Diameter
means one of the following:
1. Addition of a new functionality to an existing Diameter The Diameter base protocol provides facilities to extend Diameter
application without defining a new application. (see Section 1.3 of [RFC6733]) to support new functionality. In the
context of this document, extending Diameter means one of the
following:
2. Addition of a new functionality to an existing Diameter 1. Addition of new functionality to an existing Diameter application
application that requires the definition of a new application. without defining a new application.
3. The definition of a new Diameter application to provide a set of 2. Addition of new functionality to an existing Diameter application
functionalities not supported by existing applications. that requires the definition of a new application.
3. The definition of an entirely new Diameter application to offer
functionality not supported by existing applications.
4. The definition of a new generic functionality that can be reused 4. The definition of a new generic functionality that can be reused
across different applications. across different applications.
All of these choices are design decisions that can be done by any All of these choices are design decisions that can be done by any
combination of reusing existing or defining new commands, AVPs or AVP combination of reusing existing or defining new commands, AVPs or AVP
values. However, application designers do not have total freedom values. However, application designers do not have complete freedom
when making their design. A number of rules have been defined in when making their design. A number of rules have been defined in
[RFC6733] and place constraints on when an extension requires the [RFC6733] that place constraints on when an extension requires the
allocation of a new Diameter application identifier or a new command allocation of a new Diameter application identifier or a new command
code value. The objective of this document is the following: code value. The objective of this document is the following:
o Clarify updated Diameter extensibility rules in the Diameter base o Clarify the Diameter extensibility rules as defined in the
protocol. Diameter base protocol.
o Clarify usage of certain Diameter functionalities that are not
explicitly described in the Diameter Base specification.
o Discuss design choices and provide guidelines when defining new o Discuss design choices and provide guidelines when defining new
applications. applications.
o Present trade-off of design choices. o Present trade-off choices.
2. Terminology 2. Terminology
This document reuses the terminology used in [RFC6733]. This document reuses the terminology defined in [RFC6733].
3. Overview 3. Overview
As designed, the Diameter base protocol [RFC6733] can be seen as a As designed, the Diameter base protocol [RFC6733] can be seen as a
two-layer protocol. The lower layer is mainly responsible for two-layer protocol. The lower layer is mainly responsible for
managing connections between neighboring peers and for message managing connections between neighboring peers and for message
routing. The upper layer is where the Diameter applications reside. routing. The upper layer is where the Diameter applications reside.
This model is in line with a Diameter node having an application This model is in line with a Diameter node having an application
layer and a peer-to-peer delivery layer. The Diameter base protocol layer and a peer-to-peer delivery layer. The Diameter base protocol
document defines the architecture and behavior of the message document defines the architecture and behavior of the message
delivery layer and then provides the framework for designing Diameter delivery layer and then provides the framework for designing Diameter
applications on the application layer. This framework includes applications on the application layer. This framework includes
definitions of application sessions and accounting support (see definitions of application sessions and accounting support (see
Section 8 and 9 of [RFC6733]). Accordingly, a Diameter node is seen Section 8 and Section 9 of [RFC6733]). Accordingly, a Diameter node
in this document as a single instance of a Diameter message delivery is seen in this document as a single instance of a Diameter message
layer and one or more Diameter applications using it. delivery layer and one or more Diameter applications using it.
The Diameter base protocol is designed to be extensible and the The Diameter base protocol is designed to be extensible and the
principles are described in the section 1.3 of [RFC6733]. Extending principles are described in the Section 1.3 of [RFC6733]. As a
Diameter can mean either the definition of a completely new Diameter summary, Diameter can be extended by:
application or the reuse of commands, AVPs and AVP values in any
combination for the purpose of inheriting the features of an existing
Diameter application. The recommendation for re-using as much as
possible existing implementations is meaningful as most of the
requirements defined for a new application are likely already
fulfilled by existing applications.
However, when reusing existing applications, there is a greater 1. Defining new AVP values
likelihood of ambiguity on how much of the existing application can
be enhanced without being distorted too much and therefore requiring
the definition of a new application.
The impacts of extending existing applications can be categorized as 2. Creating new AVPs
follow:
3. Creating new commands
4. Creating new applications
As a main guiding principle, the recommendation is: "try to re-use as
much as possible!". It will reduce the time to finalize
specification writing, and it will lead to a smaller implementation
effort as well as reduce the need for testing. In general, it is
clever to avoid duplicate effort when possible.
However, re-use is not appropriate when the existing functionality
does not fit the new requirement and/or the re-use leads to
ambiguity.
The impact on extending existing applications can be categorized into
two groups:
Minor Extension: Enhancing the functional scope of an existing Minor Extension: Enhancing the functional scope of an existing
application by the addition of optional features to support. Such application by the addition of optional features to support. Such
enhancement has no backward compatibility issue with the existing enhancement has no backward compatibility issue with the existing
application. A typical example would be the definition of a new application.
optional AVP to use in an existing command. Diameter
implementations supporting the existing application but not the
new AVP will simply ignore it, without major consequences on the
Diameter message handling. In general, this includes everything
that is not covered by the next category. The standardization
effort will be fairly small.
Major Extension: Enhancing the functional scope of an existing A typical example would be the definition of a new optional AVP
application in such a way that this implies backward compatible for use in an existing command. Diameter implementations
change to the existing application and then requires the supporting the existing application but not the new AVP will
definition of a new Diameter application. Typical examples would simply ignore it, without consequences for the Diameter message
be the creation of a new command for providing functionality not handling. The standardization effort will be fairly small.
supported by existing applications or the definition of a new AVP
with M-bit set to carry in an existing command. For such
extension, a significant specification effort is required and a
careful approach is recommended.
The rules outlined in the section 1.3 of [RFC6733] indicate when an Major Extension: Enhancing an application that requires the
extension requires a new command code to be registered and when new definition of a new Diameter application.
Diameter applications have to be defined. The subsequent sections
further explain and clarify the rules to extend the Diameter base Typical examples would be the creation of a new command for
protocol. It is meant as a guidelines document and therefore it does providing functionality not supported by existing applications or
not add, remove or change existing rules. the definition of a new AVP with the M-bit set to be carried in an
existing command. For such extension, a significant specification
effort is required and a careful approach is recommended.
We would also like to remind that the definition of a new Diameter
application and the definition of a new command should be something
to avoid as much as possible. In the past, there has been some
reluctance to define new commands and new applications. With the
modified extensibility rules provided by [RFC6733], registering new
commands and new applications does not lead to additional overhead
for the specification author in terms of standardization process.
Registering new functionality (new commands, new AVPs, new
applications, etc.) with IANA remains important to avoid namespace
collisions, which will likely lead to deployment problems.
4. Reusing Existing Diameter Applications 4. Reusing Existing Diameter Applications
When selecting the Diameter base protocol to support new An existing application may need to be enhanced to fulfill new
functionalities, protocol designers are advised to reuse as much as requirements and these modifications can be at the command level and/
possible existing Diameter applications in order to simplify or at the AVP level. The following sections describe the possible
standardization, implementation and avoid potential interoperability modifications that can be performed on existing applications and
issues. However, existing application needs to be adapted to support their related impact.
new requirements and these modifications can be at the command level
and/or at the AVP level. The following sections describe the
possible modifications that can be performed on existing applications
and their related impacts.
4.1. Adding a New Command 4.1. Adding a New Command
Adding a new command is considered as a major extension and requires Adding a new command is considered as a major extension and requires
a new Diameter application to be defined. Adding a new command to an a new Diameter application to be defined. Adding a new command to an
application means either defining a completely new command or application means either defining a completely new command or
importing the command's CCF syntax specification from another importing the command's Command Code Format (CCF) syntax from another
application whereby the new application inherits some or all of the application whereby the new application inherits some or all of the
functionality of the application where the command came from. In the functionality of the application where the command came from. In the
former case, the decision to create a new application is former case, the decision to create a new application is
straightforward since this is typically a result of adding a new straightforward since this is typically a result of adding a new
functionality that does not exist yet. For the latter, the decision functionality that does not exist yet. For the latter, the decision
to create a new application will depend on whether importing the to create a new application will depend on whether importing the
command in a new application is more suitable than simply using the command in a new application is more suitable than simply using the
existing application as it is in conjunction with any other existing application as it is in conjunction with any other
application. Therefore, a case by case study of each application application. Therefore, a case by case study of each application
requirement should be applied. requirement should be applied.
An illustrative example is the command pair defined in Diameter EAP An example considers the Diameter EAP application [RFC4072] and the
application [RFC4072] that can be re-used conjointly with any other Diameter NASREQ application [RFC4005]. When network access
application (e.g. the Diameter NASREQ application [RFC4005]) as soon authentication using EAP is required, the Diameter EAP commands
as standard EAP-based authentication procedures need to be supported (Diameter-EAP-Request/Diameter-EAP-Answer) are used; otherwise the
by the implementation. It may therefore not be required to import NASREQ application will be used. When the Diameter EAP application
the command pair in the new defined application. is used, the accounting exchanges defined in Diameter NASREQ may be
used.
However, in general, it is difficult to come to a hard guideline, and However, in general, it is difficult to come to a hard guideline, and
so a case-by-case study of each application requirement should be so a case-by-case study of each application requirement should be
applied. Before adding or importing a command, application designers applied. Before adding or importing a command, application designers
should consider the following: should consider the following:
o Can the new functionality be fulfilled by creating a new command o Can the new functionality be fulfilled by creating a new command
independent from any existing command? In this case, the independent from any existing command? In this case, the
resulting new application and the existing application can work resulting new application and the existing application can work
independent of, but cooperating with each other. independent of, but cooperating with each other.
o Can the existing command be reused without major extensions and o Can the existing command be reused without major extensions and
therefore without the need for the definition of a new therefore without the need for the definition of a new
application, e.g. new functionality introduced by the creation of application, e.g., new functionality introduced by the creation of
new optional AVPs. new optional AVPs.
o Care should be taken to avoid a liberal method of importing an Note: Importing commands too liberally could result in a monolithic
existing command's CCF syntax specification. This would result in and hard to manage application supporting too many different
a monolithic and hard to manage application supporting too many features.
different functionalities and can cause interoperability issues
between the different applications.
4.2. Deleting an Existing Command 4.2. Deleting an Existing Command
Although this process is not typical, removing a command from an Although this process is not typical, removing a command from an
application requires a new Diameter application to be defined. This application requires a new Diameter application to be defined. This
is due to the fact that the reception of the deleted command would is due to the fact that the reception of the deleted command would
systematically result in a protocol error systematically result in a protocol error (i.e.,
(DIAMETER_COMMAND_UNSUPPORTED). DIAMETER_COMMAND_UNSUPPORTED).
It is unusual to delete an existing command from an application for It is unusual to delete an existing command from an application for
the sake of deleting it or the functionality it represents. This the sake of deleting it or the functionality it represents. This
normally indicates of a flawed design. An exception might be if the normally indicates of a flawed design. An exception might be if the
intent of the deletion is to create a newer version of the same intent of the deletion is to create a newer version of the same
application that is somehow simpler than the previous version. application that is somehow simpler than the previous version.
4.3. Reusing Existing Commands 4.3. Reusing Existing Commands
This section discusses rules in adding and/or deleting AVPs from an This section discusses rules in adding and/or deleting AVPs from an
existing command of an existing application. The cases described in existing command of an existing application. The cases described in
this section may not necessarily result in the creation of new this section may not necessarily result in the creation of new
applications. applications.
It is worth to note that the strong recommendation to re-use existing From a historical point of view, it is worth to note that there was a
commands in the [RFC3588] was to prevent rapid scarcity of code strong recommendation to re-use existing commands in the [RFC3588] to
values available for vendor-specific commands. [RFC6733] relaxes the prevent rapid depletion of code values available for vendor-specific
policy with respect to the allocation of command codes for vendor- commands. However, [RFC6733] has relaxed the allocation policy and
specific uses and enlarges the range of available code values for enlarged the range of available code values for vendor-specific
vendor-specific applications. Although reuse of existing commands is applications. Although reuse of existing commands is still
still recommended, protocol designers can consider defining a new recommended, protocol designers can consider defining a new command
command when it provides a solution more suitable than the twisting when it provides a solution more suitable than the twisting of an
of an existing command's use and applications. existing command's use and applications.
4.3.1. Adding AVPs to a Command 4.3.1. Adding AVPs to a Command
Based on the rules in [RFC6733], AVPs that are added to an existing Based on the rules in [RFC6733], AVPs that are added to an existing
command can be categorized into: command can be categorized into:
o Mandatory (to understand) AVPs. As defined in [RFC6733], these o Mandatory (to understand) AVPs. As defined in [RFC6733], these
are AVPs with the M-bit flag set, which means that a Diameter node are AVPs with the M-bit flag set, which means that a Diameter node
receiving them is required to understand not only their values but receiving them is required to understand not only their values but
their semantics. Failure to do so will cause an message handling also their semantics. Failure to do so will cause an message
error. This is regardless of whether these AVPs are required or handling error. This is regardless of whether these AVPs are
optional as specified by the command's CCF syntax specification. required or optional as specified by the command's Command Code
Format (CCF) syntax .
o Optional (to understand) AVPs. As defined in [RFC6733], these are o Optional (to understand) AVPs. As defined in [RFC6733], these are
AVPs with the M-bit flag cleared, which mean that a Diameter node AVPs with the M-bit flag cleared. A Diameter node receiving these
receiving these AVPs can simply ignore them if not supported in AVPs can simply ignore them if it does not support them.
the process of the received command.
The rules are strict in the case where the AVPs to be added are The rules are strict in the case where the AVPs to be added are
mandatory to understand i.e. with the M-bit set. A mandatory AVP mandatory to understand, i.e., they have the M-bit set. A mandatory
cannot be added to an existing command without defining a new AVP cannot be added to an existing command without defining a new
Diameter application, as stated in [RFC6733]. This falls into the Diameter application, as stated in [RFC6733]. This falls into the
"Major Extensions" category. Despite the clarity of the rule, "Major Extensions" category. Despite the clarity of the rule,
ambiguity still arises when evaluating whether a new AVP being added ambiguity still arises when evaluating whether a new AVP being added
should be mandatory to begin with. Application designers should should be mandatory to begin with. Application designers should
consider the following questions when deciding to set the M-bit for a consider the following questions when deciding about the M-bit for a
new AVP: new AVP:
o Would it be required for the receiving side to be able to process o Would it be required for the receiving side to be able to process
and understand the AVP and its content? and understand the AVP and its content?
o Would the new AVPs change the state machine of the application? o Would the new AVPs change the state machine of the application?
o Would the presence of the new AVP lead to a different number of o Would the presence of the new AVP lead to a different number of
round-trips, effectively changing the state machine of the round-trips, effectively changing the state machine of the
application? application?
o Would the new AVP be used to differentiate between old and new o Would the new AVP be used to differentiate between old and new
versions of the same application whereby the two versions are not versions of the same application whereby the two versions are not
backward compatible? backward compatible?
o Would the new AVP have duality in meaning i.e. be used to carry o Would the new AVP have duality in meaning, i.e., be used to carry
application-related information as well as be used to indicate application-related information as well as to indicate that the
that the message is for a new application? message is for a new application?
When one of the above questions can be answered in the affirmative If the answer to at least one of the questions is "yes" then the
then the M-bit has to be set for the new AVP. This list of questions M-bit has to be set for the new AVP. This list of questions is non-
is non-exhaustive and other criteria can be taken into account in the exhaustive and other criteria can be taken into account in the
decision process. decision process.
If application designers are instead contemplating the use of If application designers are instead contemplating the use of
optional AVPs i.e. with the M-bit cleared, then the following are optional AVPs, i.e., with the M-bit cleared, then the following are
some of the pitfalls that should be avoided: some of the pitfalls that should be avoided:
o Use of optional AVPs with intersecting meaning. One AVP has o Use of optional AVPs with intersecting meaning. One AVP has
partially the same usage and meaning as another AVP. The presence partially the same usage and meaning as another AVP. The presence
of both can lead to confusion. of both can lead to confusion.
o An optional AVPs with dual purpose, i.e. to carry application o An optional AVPs with dual purpose, i.e., to carry application
data as well as to indicate support for one or more features. data as well as to indicate support for one or more features.
This has a tendency to introduce interpretation issues. This has a tendency to introduce interpretation issues.
o Adding one or more optional AVPs and indicating (usually within o Adding one or more optional AVPs and indicating (usually within
descriptive text for the command) that at least one of them has to descriptive text for the command) that at least one of them has to
be present in the command. This essentially circumventing the be present in the command. This essentially circumventing the
ABNF and is equivalent to adding a mandatory AVP to the command. ABNF and is equivalent to adding a mandatory AVP to the command.
These practices generally result in interoperability issues and These practices generally result in interoperability issues and
should be avoided as much as possible. should be avoided as much as possible.
4.3.2. Deleting AVPs from a Command 4.3.2. Deleting AVPs from a Command
The impacts of deleting an AVP from a command depend on its command The impacts of deleting an AVP from a command depends on its command
code format specification and M-bit setting: code format specification and M-bit setting:
o Deleting an AVP that is indicated as { AVP } in the command's CCF o Deleting an AVP that is indicated as { AVP } in the command's CCF
syntax specification, whatever the setting of the M-bit set. This syntax specification (regardless of the M-bit setting).
means the definition of a new command. In this case, a new
command code and subsequently a new Diameter application have to
be specified.
o Deleting an AVP with M-bit set that is indicated as [ AVP ] in the In this case, a new command code and subsequently a new Diameter
command's CCF syntax specification. No new command code has to be application have to be specified.
specified but the definition of a new Diameter application is
required.
o Deleting an AVP with the M-bit cleared that is indicated as [ AVP o Deleting an AVP, which has the M-bit set, and is indicated as [
] in the command's CCF syntax specification. In this case, the AVP ] in the command's CCF syntax specification.
AVP can be deleted without consequences.
If possible application designers should attempt the reuse the No new command code has to be specified but the definition of a
new Diameter application is required.
o Deleting an AVP, which has the M-bit cleared, and is indicated as
[ AVP ] in the command's CCF syntax specification.
In this case, the AVP can be deleted without consequences.
If possible, application designers should attempt the reuse the
command's CCF syntax specification without modification and simply command's CCF syntax specification without modification and simply
ignore (but not delete) any optional AVP that will not be used. This ignore (but not delete) any optional AVP that will not be used. This
is to maintain compatibility with existing applications that will not is to maintain compatibility with existing applications that will not
know about the new functionality as well as maintain the integrity of know about the new functionality as well as maintain the integrity of
existing dictionaries. existing dictionaries.
4.4. Reusing Existing AVPs 4.4. Reusing Existing AVPs
This section discusses rules in reusing existing AVP when reusing an This section discusses rules in reusing existing AVP when reusing an
existing command or defining a new command in a new application. existing command or defining a new command in a new application.
4.4.1. Setting of the AVP Flags 4.4.1. Setting of the AVP Flags
When reusing AVPs in a new application, the AVP flag setting, such as When reusing AVPs in a new application, the AVP flag setting, such as
the mandatory flag ('M'-bit), has to be re-evaluated for a new the mandatory flag ('M'-bit), has to be re-evaluated for a new
Diameter application and, if necessary, even for every command within Diameter application and, if necessary, even for every command within
the application. In general, for AVPs defined outside of the the application. In general, for AVPs defined outside of the
Diameter base protocol, its mandatory characteristics are tied to its Diameter base protocol, the characteristics of an AVP are tied to its
role within an application and command. role within an application and the commands.
All other AVP flags shall remain unchanged. All other AVP flags shall remain unchanged.
4.4.2. Reuse of AVP of Type Enumerated 4.4.2. Reuse of AVP of Type Enumerated
When modifying the set of values supported by an AVP of type When modifying the set of values supported by an AVP of type
Enumerated, this means defining a new AVP. Modifying the set of Enumerated, this means defining a new AVP. Modifying the set of
Enumerated values includes adding a value or deprecating the use of a Enumerated values includes adding a value or deprecating the use of a
value defined initially for the AVP. Defining a new AVP will avoid value defined initially for the AVP. Defining a new AVP will avoid
interoperability issues. interoperability issues.
5. Defining New Diameter Applications 5. Defining New Diameter Applications
5.1. Introduction 5.1. Introduction
The general recommendation for Diameter extensibility is to reuse
commands, AVPs and AVP values as much as possible. However, some of
the extensibility rules described in the previous sections also apply
to scenarios where a designer is trying to define a completely new
Diameter application.
This section discusses the case where new applications have This section discusses the case where new applications have
requirements that cannot be filled by existing applications and would requirements that cannot be fulfilled by existing applications and
require definition of completely new commands, AVPs and/or AVP would require definition of completely new commands, AVPs and/or AVP
values. Typically, there is little ambiguity about the decision to values. Typically, there is little ambiguity about the decision to
create these types of applications. Some examples are the interfaces create these types of applications. Some examples are the interfaces
defined for the IP Multimedia Subsystem of 3GPP, i.e. Cx/Dx defined for the IP Multimedia Subsystem of 3GPP, e.g., Cx/Dx
([TS29.228] and [TS29.229]), Sh ([TS29.328] and [TS29.329]) etc. ([TS29.228] and [TS29.229]), Sh ([TS29.328] and [TS29.329]) etc.
Application designers should also follow the theme of Diameter Application designers should try to import existing AVPs and AVP
extensibility, which in this case means to import existing AVPs and values for any newly defined commands. In certain cases where
AVP values for any newly defined commands. In certain cases where
accounting will be used, the models described in Section 5.10 should accounting will be used, the models described in Section 5.10 should
also be considered. Though some decisions may be clear, designers also be considered.
should also consider certain aspects of defining a new application.
Some of these aspects are described in following sections. Additional considerations are described in the following sections.
5.2. Defining New Commands 5.2. Defining New Commands
As a general recommendation, reusing as much as possible of existing As a general recommendation, commands should not be defined from
material is encouraged when defining new commands. Protocol scratch. It is instead recommend to re-use an existing command
designers can thus usefully benefit from the experience gained with offering similar functionality and use it as a starting point.
the implementation of existing commands. This includes good
practices to reuse but also known mistakes not to repeat. Therefore
it is advisable to avoid the definition of a command from scratch and
rather take as an example an existing command that would be
functionally close to command under definition.
Moreover, the new command's CCF should be carefully defined when Moreover, the new command's CCF syntax specification should be
considering applicability and extensibility of the application. If carefully defined when considering applicability and extensibility of
most of the AVPs contained in the command are indicated as fixed or the application. If most of the AVPs contained in the command are
required, it might be difficult to reuse the same command and indicated as fixed or required, it might be difficult to reuse the
therefore the same application if the context has slightly changed same command and therefore the same application in a slighly changed
and some AVPs become obsolete. Defining a command with most of the environment. Defining a command with most of the AVPs indicated as
AVPs indicated as optional must not be seen as a sub-optimal design optional must not be seen as a sub-optimal design introducing too
introducing too much flexibility in the protocol. The protocol much flexibility in the protocol. The protocol designers are only
designers are only advised to clearly state the condition of presence advised to clearly state the condition of presence of these AVPs and
of these AVPs and properly define the corresponding behaviour of the properly define the corresponding behaviour of the Diameter nodes
Diameter nodes when these AVPs are absent from the command. when these AVPs are absent from the command.
In the same way, the CCF should be defined in a way that it will be Note: As a hint for protocol designers, it is not sufficient to just
possible to add any arbitrary optional AVPs with the M-bit cleared look at the command's CCF syntax specification. It is also necessary
(including vendor-specific AVPs) without modifying the application. to carefully read through the accompanying text in the specification.
For this purpose, it is strongly recommended to add "* [AVP]" in the
command's CCF that will allow the addition of any arbitrary AVP as In the same way, the CCF syntax specification should be defined such
described in [RFC6733]. that it will be possible to add any arbitrary optional AVPs with the
M-bit cleared (including vendor-specific AVPs) without modifying the
application. For this purpose, it is strongly recommended to add "*
[AVP]" in the command's CCF, which allows the addition of any
arbitrary AVP as described in [RFC6733].
5.3. Use of Application-Id in a Message 5.3. Use of Application-Id in a Message
When designing new applications, designers should specify that the When designing new applications, designers should specify that the
application ID carried in all session-level messages must be the Application Id carried in all session-level messages must be the
application ID of the application using those messages. This Application Id of the application using those messages. This
includes the session-level messages defined in Diameter base includes the session-level messages defined in Diameter base
protocol, i.e., RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the protocol, i.e., RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the
coupled accounting model, see Section 5.10. Existing specifications coupled accounting model, see Section 5.10. Some existing
may not adhere to this rule for historical or other reasons. specifications do not adhere to this rule for historical reasons.
However, this scheme should be followed to avoid possible routing However, this guidance should be followed to avoid routing problems.
problems for these messages.
In general, when a new application has been allocated with a new In general, when a new application has been allocated with a new
application id and it also reuses existing commands with or without Application Id and it also reuses existing commands with or without
modifications (Sec 4.1), it must use the newly allocated application modifications, it must use the newly allocated Application Id in the
id in the header and in all relevant application id AVPs (Auth- header and in all relevant Application Id AVPs (Auth-Application-Id
Application-Id or Acct-Application-Id) present in the commands or Acct-Application-Id) present in the commands message body.
message body.
Additionally, application designs using Vendor-Specific-Application- Additionally, application designs using Vendor-Specific-Application-
Id AVP should not use the Vendor-Id AVP to further dissect or Id AVP should not use the Vendor-Id AVP to further dissect or
differentiate the vendor-specification application id. Diameter differentiate the vendor-specification Application Id. Diameter
routing is not based on the Vendor-Id. As such, the Vendor-ID should routing is not based on the Vendor-Id. As such, the Vendor-Id should
not be used as an additional input for routing or delivery of not be used as an additional input for routing or delivery of
messages. In general, the Vendor-Id AVP is an informational AVP only messages. The Vendor-Id AVP is an informational AVP only and kept
and kept for backward compatibility reasons. for backward compatibility reasons.
5.4. Application-Specific Session State Machines 5.4. Application-Specific Session State Machines
Section 8 of [RFC6733] provides session state machines for Section 8 of [RFC6733] provides session state machines for
authentication, authorization and accounting (AAA) services and these authentication, authorization and accounting (AAA) services and these
session state machines are not intended to cover behavior outside of session state machines are not intended to cover behavior outside of
AAA. If a new application cannot clearly be categorized into any of AAA. If a new application cannot clearly be categorized into any of
these AAA services, it is recommended that the application define its these AAA services, it is recommended that the application defines
own session state machine. Support for server-initiated request is a its own session state machine. Support for server-initiated request
clear example where an application-specific session state machine is a clear example where an application-specific session state
would be needed, for example, the Rw interface for ITU-T push model machine would be needed, for example, the Rw interface for ITU-T push
(cf.[Q.3303.3]). model (cf.[Q.3303.3]).
5.5. Session-Id AVP and Session Management 5.5. Session-Id AVP and Session Management
Diameter applications are usually designed with the aim of managing Diameter applications are usually designed with the aim of managing
user sessions, e.g. network access session (NASREQ application user sessions (e.g., Diameter network access session (NASREQ)
[RFC4005]) or specific service access session (Diameter SIP application [RFC4005]) or specific service access session (e.g.,
application [RFC4740]). In the Diameter base protocol, the session Diameter SIP application [RFC4740]). In the Diameter base protocol,
management is based on the Session-Id AVP that it used to identify a session state is referenced using the Session-Id AVP. All Diameter
given session and all the Diameter messages including the same messages that use the same Session-Id will be bound to the same
Session-Id will be bound to the same session. Diameter-based session session. Diameter-based session management also implies that both
management also implies that both Diameter client and server (and Diameter client and server (and potentially proxy agents along the
potentially proxy agents in the diameter path) are maintaining path) maintain session state information.
session state information associated with the Session-Id contained in
the Diameter messages.
However, some applications may not need to rely on the Session-Id to However, some applications may not need to rely on the Session-Id to
identify and manage user sessions because other information can be identify and manage sessions because other information can be used
used instead to correlate Diameter messages. Indeed, the User-Name instead to correlate Diameter messages. Indeed, the User-Name AVP or
AVP or any other specific AVP can be present in every Diameter any other specific AVP can be present in every Diameter message and
message and used therefore for message correlation. There might even used therefore for message correlation. Some applications might not
be applications for which the notion of Diameter session management require the notion of Diameter session concept at all. For such
would not be required at all. For such applications, the Auth- applications, the Auth-Session-State AVP is usually set to
Session-State AVP is usually set to NO_STATE_MAINTAINED in all the NO_STATE_MAINTAINED in all Diameter messages and these applications
Diameter messages and these applications are therefore designed as a are therefore designed as a set of stand-alone transactions. Even if
set of stand-alone transactions. Even if an explicit access session an explicit access session termination is required, application-
termination is required, application-specific commands are defined specific commands are defined and used instead of the Session-
and used instead of the Session-Termination-Request/Answer (STR/STA) Termination-Request/Answer (STR/STA) or Abort-Session-Request/Answer
or Abort-Session-Request/Answer (ASR/ASA) defined in the Diameter (ASR/ASA) defined in the Diameter base protocol. In such a case, the
base protocol. In such a case, the Session-Id is not significant. Session-Id is not significant.
Based on these considerations, protocol designers should carefully Based on these considerations, protocol designers should carefully
appraise whether the application currently defined relies on the appraise whether the application currently defined relies on it's own
concept of session management and whether the Session-Id defined in session management concept or whether the Session-Id defined in the
the Diameter base protocol would be used for correlation of messages Diameter base protocol would be used for correlation of messages
related to the same session. If not, the protocol designers could related to the same session. If not, the protocol designers could
decide to define application commands without the Session-Id AVP. If decide to define application commands without the Session-Id AVP. If
any session management concept is supported by the application, the any session management concept is supported by the application, the
application documentation must clearly specify how the session is application documentation must clearly specify how the session is
handled between client and server (as possibly Diameter agents in the handled between client and server (as possibly Diameter agents in the
path). path).
5.6. AVPs Defined as Boolean Flag 5.6. Use of Enumerated Type AVPs
The type Enumerated was initially defined to provide a list of valid The type Enumerated was initially defined to provide a list of valid
values for an AVP with their respective interpretation described in values for an AVP with their respective interpretation described in
the specification. For instance, AVPs of type Enumerated can be used the specification. For instance, AVPs of type Enumerated can be used
to provide further information on the reason for the termination of a to provide further information on the reason for the termination of a
session or a specific action to perform upon the reception of the session or a specific action to perform upon the reception of the
request. request.
However, AVPs of type Enumerated are too often used as a simple However, AVPs of type Enumerated are too often used as a simple
Boolean flag, indicating for instance a specific permission or Boolean flag, indicating for instance a specific permission or
capability, and therefore only two values are defined e.g. TRUE/ capability, and therefore only two values are defined, e.g., TRUE/
FALSE, AUTORIZED/UNAUTHORIZED or SUPPORTED/UNSUPPORTED. This is a FALSE, AUTORIZED/UNAUTHORIZED or SUPPORTED/UNSUPPORTED. This is a
sub-optimal design since it limits the extensibility of the sub-optimal design since it limits the extensibility of the
application: any new capability/permission would have to be supported application: any new capability/permission would have to be supported
by a new AVP or new Enumerated value of the already defined AVP, by a new AVP or new Enumerated value of the already defined AVP,
causing backwards compatibility issues with existing implementations. causing backwards compatibility issues with existing implementations.
Instead of using an Enumerated AVP for a Boolean flag, protocol Instead of using an Enumerated AVP for a Boolean flag, protocol
designers are encouraged to use Unsigned32 or Unsigned64 AVP type as designers are encouraged to use Unsigned32 or Unsigned64 AVP type as
bit mask whose bit settings are described in the relevant Diameter bit mask whose bit settings are described in the relevant Diameter
application specification. Such AVPs can be reused and extended application specification. Such AVPs can be reused and extended
without major impact on the Diameter application. The bit mask without major impact on the Diameter application. The bit mask
should leave room for future additions. Examples of bit mask AVP are should leave room for future additions. Examples of AVPs that use
the Session-Binding AVP defined in [RFC6733] and the MIP6-Feature- bit masks are the Session-Binding AVP defined in [RFC6733] and the
Vector AVP defined in [RFC5447] MIP6-Feature-Vector AVP defined in [RFC5447].
5.7. Application-Specific Message Routing 5.7. Application-Specific Message Routing
Diameter request message routing usually relies on the Destination- Diameter request message routing usually relies on the Destination-
Realm AVP and the Application Id present in the request message Realm AVP and the Application Id present in the request message
header. However, some applications may need to rely on the User-Name header. However, some applications may need to rely on the User-Name
AVP or any other application-specific AVP present in the request to AVP or any other application-specific AVP present in the request to
determine the final destination of a request e.g. find the target determine the final destination of a request, e.g., to find the
AAA server hosting the authorization information for a given user target AAA server hosting the authorization information for a given
when multiple AAA servers are addressable in the realm. user when multiple AAA servers are addressable in the realm.
In such a context, basic routing mechanisms described in [RFC6733] In such a context, basic routing mechanisms described in [RFC6733]
are not fully suitable, and additional application-level routing are not fully suitable, and additional application-level routing
mechanisms have to be described in the application documentation to mechanisms have to be described in the application documentation to
provide such specific AVP-based routing. Such functionality will be provide such specific AVP-based routing. Such functionality will be
basically hosted by an application-specific Proxy agent that will be basically hosted by an application-specific proxy agent that will be
responsible for routing decisions based on the received specific responsible for routing decisions based on the received specific
AVPs. AVPs.
Example of such application-specific routing functions can be found Examples of such application-specific routing functions can be found
in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP
Multimedia Subsystem, in which the proxy agent (Subscriber Location Multimedia Subsystem, in which the proxy agent (Subscriber Location
Function aka SLF) uses specific application-level identities found in Function aka SLF) uses specific application-level identities found in
the request to determine the final destination of the message. the request to determine the final destination of the message.
Whatever the criteria used to establish the routing path of the Whatever the criteria used to establish the routing path of the
request, the routing of the answer should follow the reverse path of request, the routing of the answer has to follow the reverse path of
the request, as described in [RFC6733], with the answer being sent to the request, as described in [RFC6733], with the answer being sent to
the source of the received request, using transaction states and hop- the source of the received request, using transaction states and hop-
by-hop identifier matching. In particular, this ensures that the by-hop identifier matching. In particular, this ensures that the
Diameter Relay or Proxy agents in the request routing path will be Diameter Relay or Proxy agents in the request routing path will be
able to release the transaction state upon receipt of the able to release the transaction state upon receipt of the
corresponding answer, avoiding unnecessary failover. Application corresponding answer, avoiding unnecessary failover. Application
designers are strongly dissuaded from modifying the answer-routing designers are strongly dissuaded from modifying the answer-routing
principles described in [RFC6733] when defining a new application. principles described in [RFC6733] when defining a new application.
5.8. About Translation Agent 5.8. Translation Agents
As defined in [RFC6733], a translation agent is a device that As defined in [RFC6733], a translation agent is a device that
provides interworking between Diameter and another protocol (e.g. provides interworking between Diameter and another protocol (e.g.,
RADIUS, TACACS+). RADIUS).
In the case of RADIUS, it was initially thought that defining the In the case of RADIUS, it was initially thought that defining the
translation function would be straightforward by adopting few basic translation function would be straightforward by adopting few basic
principles e.g. use of a shared range of code values for RADIUS principles, e.g., by the use of a shared range of code values for
attributes and Diameter AVPs. Guidelines for implementing a RADIUS- RADIUS attributes and Diameter AVPs. Guidelines for implementing a
Diameter translation agent were put into RFC 4005 ([RFC4005]). RADIUS-Diameter translation agent were put into RFC 4005 ([RFC4005]).
However, it was acknowledged that such translation mechanism was not However, it was acknowledged that such translation mechanism was not
so obvious and deeper protocol analysis was required to ensure so obvious and deeper protocol analysis was required to ensure
efficient interworking between RADIUS and Diameter. Moreover, the efficient interworking between RADIUS and Diameter. Moreover, the
interworking requirements depend on the functionalities provided by interworking requirements depend on the functionalities provided by
the Diameter application under specification, and a case-by-case the Diameter application under specification, and a case-by-case
analysis will be required. analysis will be required.
Therefore, protocol designers cannot assume the availability of a Therefore, protocol designers cannot assume the availability of a
"standard" Diameter-to-RADIUS gateways agent when planning to "standard" Diameter-to-RADIUS gateways agent when planning to
interoperate with the RADIUS infrastructure. They should specify the interoperate with the RADIUS infrastructure. They should specify the
required translation mechanism along with the Diameter application. required translation mechanism along with the Diameter application,
This recommendation applies for any kind of translation (e.g. if needed. This recommendation applies for any kind of translation.
Diameter/MAP).
5.9. End-to-End Application Capabilities Exchange 5.9. End-to-End Application Capabilities Exchange
New Diameter applications can rely on optional AVPs to exchange New Diameter applications can rely on optional AVPs to exchange
application-specific capabilities and features. These AVPs can be application-specific capabilities and features. These AVPs can be
exchanged on an end-to-end basis at the application layer. Examples exchanged on an end-to-end basis at the application layer. Examples
of this can be found in [RFC5447] and [RFC5777]. of this can be found with the MIP6-Feature-Vector AVP in [RFC5447]
and the QoS-Capability AVP in [RFC5777].
The end-to-end capabilities AVPs formalize the addition of new The end-to-end capabilities AVPs formalize the addition of new
optional functionality to existing applications by announcing support optional functionality to existing applications by announcing support
for it. Applications that do not understand these AVPs can discard for it. Applications that do not understand these AVPs can discard
them upon receipt. Recevers of these AVPs can discover the addional them upon receipt. Receivers of these AVPs can discover the
functionalities supported the end-point orignating the request and additional functionality supported by the end-point originating the
behave accordingly when processing the request. Senders of these request and behave accordingly when processing the request. Senders
AVPs can safely assume the receiving end-point does not support any of these AVPs can safely assume the receiving end-point does not
functionality carried by the AVP if it is not present in support any functionality carried by the AVP if it is not present in
corresponding response. This is useful in cases where deployment corresponding response. This is useful in cases where deployment
choices are offered, and the generic design can be made available for choices are offered, and the generic design can be made available for
a number of applications. a number of applications.
When used in a new application, protocol designers should clearly When used in a new application, protocol designers should clearly
specify this end-to-end capabilities exchange and the corresponding specify this end-to-end capabilities exchange and the corresponding
behaviour of the Diameter nodes supporting the application. behaviour of the Diameter nodes supporting the application.
It is also important to note that this end-to-end capabilities It is also important to note that this end-to-end capabilities
exchange relying on the use of optional AVPs is not meant as a exchange relies on the use of optional AVPs is not meant as a generic
generic mechanism to support extensibility of Diameter applications mechanism to support extensibility of Diameter applications with
with arbitrary functionalities. When the added features drastically arbitrary functionality. When the added features drastically change
change the Diameter application or when Diameter agents have to be the Diameter application or when Diameter agents have to be upgraded
upgraded to support the new features, a new application should be to support the new features, a new application should be defined.
defined.
5.10. Diameter Accounting Support 5.10. Diameter Accounting Support
Accounting can be treated as an auxiliary application that is used in Accounting can be treated as an auxiliary application that is used in
support of other applications. In most cases, accounting support is support of other applications. In most cases, accounting support is
required when defining new applications. This document provides required when defining new applications. This document provides two
two(2) possible models for using accounting: possible models for using accounting:
Split Accounting Model:
Split Accounting Model
In this model, the accounting messages will use the Diameter base In this model, the accounting messages will use the Diameter base
accounting application ID (value of 3). The design implication accounting Application Id (value of 3). The design implication
for this is that the accounting is treated as an independent for this is that the accounting is treated as an independent
application, especially during Diameter routing. This means that application, especially for Diameter routing. This means that
accounting commands emanating from an application may be routed accounting commands emanating from an application may be routed
separately from the rest of the other application messages. This separately from the rest of the other application messages. This
may also imply that the messages end up in a central accounting may also imply that the messages end up in a central accounting
server. A split accounting model is a good design choice when: server. A split accounting model is a good design choice when:
* The application itself will not define its own unique * The application itself does not define its own accounting
accounting commands. commands.
* The overall system architecture permits the use of centralized * The overall system architecture permits the use of centralized
accounting for one or more Diameter applications. accounting for one or more Diameter applications.
Centralizing accounting may have advantages but there are also Centralizing accounting may have advantages but there are also
drawbacks. The model assumes that the accounting server can drawbacks. The model assumes that the accounting server can
differentiate received accounting messages. Since the received differentiate received accounting messages. Since the received
accounting messages can be for any application and/or service, the accounting messages can be for any application and/or service, the
accounting server has to have a method to match accounting accounting server has to have a method to match accounting
messages with applications and/or services being accounted for. messages with applications and/or services being accounted for.
This may mean defining new AVPs, checking the presence, absence or This may mean defining new AVPs, checking the presence, absence or
contents of existing AVPs, or checking the contents of the contents of existing AVPs, or checking the contents of the
accounting record itself. But in general, there is no clean and accounting record itself. But in general, there is no clean and
generic scheme for sorting these messages. Therefore, the use of generic scheme for sorting these messages. Therefore, the use of
this model is recommended only when all received accounting this model is recommended only when all received accounting
messages can be clearly identified and sorted. For most cases, messages can be clearly identified and sorted. For most cases,
the use of Coupled Accounting Model is recommended. the use of Coupled Accounting Model is recommended.
Coupled Accounting Model Coupled Accounting Model:
In this model, the accounting messages will use the application ID
In this model, the accounting messages will use the Application Id
of the application using the accounting service. The design of the application using the accounting service. The design
implication for this is that the accounting messages are tightly implication for this is that the accounting messages are tightly
coupled with the application itself; meaning that accounting coupled with the application itself; meaning that accounting
messages will be routed like any other application messages. It messages will be routed like the other application messages. It
would then be the responsibility of the application server would then be the responsibility of the application server
(application entity receiving the ACR message) to send the (application entity receiving the ACR message) to send the
accounting records carried by the accounting messages to the accounting records carried by the accounting messages to the
proper accounting server. The application server is also proper accounting server. The application server is also
responsible for formulating a proper response (ACA). A coupled responsible for formulating a proper response (ACA). A coupled
accounting model is a good design choice when: accounting model is a good design choice when:
* The system architecture or deployment will not provide an * The system architecture or deployment does not provide an
accounting server that supports Diameter. accounting server that supports Diameter. Consequently, the
application server has to be provisioned to use a different
protocol to access the accounting server, e.g., via LDAP, SOAP
etc. This case includes the support of older accounting
systems that are not Diameter aware.
* The system architecture or deployment requires that the * The system architecture or deployment requires that the
accounting service for the specific application should be accounting service for the specific application should be
handled by the application itself. handled by the application itself.
* The application server is provisioned to use a different
protocol to access the accounting server; e.g., via LDAP, SOAP
etc. This includes attempting to support older accounting
systems that are not Diameter aware.
In all cases above, there will generally be no direct Diameter In all cases above, there will generally be no direct Diameter
access to the accounting server. access to the accounting server.
These models provide a basis for using accounting messages. These models provide a basis for using accounting messages.
Application designers may obviously deviate from these models Application designers may obviously deviate from these models
provided that the factors being addressed here have also been taken provided that the factors being addressed here have also been taken
into account. Though it is not recommended, examples of other into account. Although it is not recommended, an application may
methods might be defining a new set of commands to carry application- define a new set of commands to carry application-specific accounting
specific accounting records. records.
5.11. Diameter Security Mechanisms 5.11. Diameter Security Mechanisms
As specified in [RFC6733], the Diameter message exchange should be As specified in [RFC6733], the Diameter message exchange should be
secured by using TLS/TCP or DTLS/SCTP. However, IPsec can also be secured between neighboring Diameter peers using TLS/TCP or DTLS/
deployed to secure connections between Diameter peers. When IPsec is SCTP. However, IPsec can also be deployed to secure communication
used instead of TLS or DTLS, the following recommendations apply. between Diameter peers. When IPsec is used instead of TLS or DTLS,
the following recommendations apply.
IPsec ESP 5.3 [RFC4301] in transport mode with non-null encryption IPsec ESP [RFC4301] in transport mode with non-null encryption and
and authentication algorithms is used to provide per-packet authentication algorithms is used to provide per-packet
authentication, integrity protection and confidentiality, and support authentication, integrity protection and confidentiality, and support
the replay protection mechanisms of IPsec. The version 2 of IKE the replay protection mechanisms of IPsec. IKEv2 [RFC5996] is
(IKEv2) [RFC5996] is recommended for performing mutual authentication recommended for performing mutual authentication and for establishing
and establishing and maintaining security associations (SAs). and maintaining security associations (SAs).
IKEv1 [RFC2409] was used in [RFC3588] and for easier migration from IKEv1 [RFC2409] was used with RFC 3588 [RFC3588] and for easier
IKEv1 based implementations both RSA Digital Signatures and pre- migration from IKEv1 based implementations both RSA digital
shared keys should be used in IKEv2. However, if IKEv1 is used, signatures and pre-shared keys should be supported in IKEv2.
implementers should follow the guidelines given in section 13.1 in However, if IKEv1 is used, implementers should follow the guidelines
RFC3588 [RFC3588]. given in Section 13.1 of RFC 3588 [RFC3588].
6. Defining Generic Diameter Extensions 6. Defining Generic Diameter Extensions
Generic Diameter extensions are AVPs, commands or applications that Generic Diameter extensions are AVPs, commands or applications that
are designed to support other Diameter applications. They are are designed to support other Diameter applications. They are
auxiliary applications meant to improve or enhance the Diameter auxiliary applications meant to improve or enhance the Diameter
protocol itself or Diameter applications/functionality. Some protocol itself or Diameter applications/functionality. Some
examples include the extensions to support auditing and redundancy examples include the extensions to support auditing and redundancy
(see [I-D.calhoun-diameter-res-mgmt]), improvements in duplicate (see [I-D.calhoun-diameter-res-mgmt]), improvements in duplicate
detection scheme (see [I-D.asveren-dime-dupcons]), and piggybacking detection scheme (see [I-D.asveren-dime-dupcons]), and the support
of QoS attributes (see [RFC5777]). for QoS AVPs (see [RFC5777]).
Since generic extensions can cover many aspects of Diameter and Since generic extensions may cover many aspects of Diameter and
Diameter applications, it is not possible to enumerate all the Diameter applications, it is not possible to enumerate all scenarios.
probable scenarios in this document. However, some of the most However, some of the most common considerations are as follows:
common considerations are as follows:
o Backward compatibility: Dealing with existing applications that do Backward Compatibility:
not understand the new extension. Designers also have to make
sure that new extensions do not break expected message delivery
layer behavior.
o Forward compatibility: Making sure that the design will not With the design of generic extensions an protocol designer has to
introduce undue restrictions for future applications. Future consider with potential concerns about how existing applications
applications attempting to support this feature should not have to deal with the new extension they do not understand. Designers
go through great lengths to implement any new extensions. also have to make sure that new extensions do not break expected
message delivery layer behavior.
o Trade-off in signaling: Designers may have to choose between the Forward Compatibility:
use of optional AVPs piggybacked onto existing commands versus
defining new commands and applications. Optional AVPs are simpler Protocol designers need to make sure that their design will not
to implement and may not need changes to existing applications. introduce undue restrictions for future applications.
However, this ties the sending of extension data to the
application's transmission of a message. This has consequences if Trade-off in Signaling:
the application and the extensions have different timing
requirements. The use of commands and applications solves this Designers may have to choose between the use of optional AVPs
issue, but the trade-off is the additional complexity of defining piggybacked onto existing commands versus defining new commands
and deploying a new application. It is left up to the designer to and applications. Optional AVPs are simpler to implement and may
find a good balance among these trade-offs based on the not need changes to existing applications. However, this ties the
requirements of the extension. sending of extension data to the application's transmission of a
message. This has consequences if the application and the
extensions have different timing requirements. The use of
commands and applications solves this issue, but the trade-off is
the additional complexity of defining and deploying a new
application. It is left up to the designer to find a good balance
among these trade-offs based on the requirements of the extension.
In practice, generic extensions often use optional AVPs because they In practice, generic extensions often use optional AVPs because they
are simple and non-intrusive to the application that would carry are simple and non-intrusive to the application that would carry
them. Peers that do not support the generic extensions need not them. Peers that do not support the generic extensions need not
understand nor recognize these optional AVPs. However, it is understand nor recognize these optional AVPs. However, it is
recommended that the authors of the extension specify the context or recommended that the authors of the extension specify the context or
usage of the optional AVPs. As an example, in the case that the AVP usage of the optional AVPs. As an example, in the case that the AVP
can be used only by a specific set of applications then the can be used only by a specific set of applications then the
specification must enumerate these applications and the scenarios specification must enumerate these applications and the scenarios
when the optional AVPs will be used. In the case where the optional when the optional AVPs will be used. In the case where the optional
skipping to change at page 18, line 26 skipping to change at page 18, line 4
functionality of the generic extension. In practice, it is not functionality of the generic extension. In practice, it is not
uncommon that the Grouped AVP will encapsulate an existing AVP that uncommon that the Grouped AVP will encapsulate an existing AVP that
has previously been defined as mandatory ('M'-bit set) e.g., 3GPP IMS has previously been defined as mandatory ('M'-bit set) e.g., 3GPP IMS
Cx/Dx interfaces ([TS29.228] and [TS29.229]). Cx/Dx interfaces ([TS29.228] and [TS29.229]).
7. IANA Considerations 7. IANA Considerations
This document does not require actions by IANA. This document does not require actions by IANA.
8. Security Considerations 8. Security Considerations
This document provides guidelines and considerations for extending This document provides guidelines and considerations for extending
Diameter and Diameter applications. It does not define nor address Diameter and Diameter applications. Although such an extension may
security-related protocols or schemes. related to a security functionality, the document does not explicitly
give guidance on enhancing Diameter with respect to security.
9. Contributors 9. Contributors
The content of this document was influenced by a design team created The content of this document was influenced by a design team created
to revisit the Diameter extensibility rules. The team consisting of to revisit the Diameter extensibility rules. The team consisting of
the members listed below was formed in February 2008 and finished its the members listed below was formed in February 2008 and finished its
work in June 2008. work in June 2008.
o Avi Lior o Avi Lior
skipping to change at page 19, line 4 skipping to change at page 18, line 29
o Jari Arkko o Jari Arkko
o Lionel Morand o Lionel Morand
o Mark Jones o Mark Jones
o Victor Fajardo o Victor Fajardo
o Tolga Asveren o Tolga Asveren
o Jouni Korhonen o Jouni Korhonen
o Glenn McGregor o Glenn McGregor
o Hannes Tschofenig o Hannes Tschofenig
o Dave Frascone o Dave Frascone
We would like to thank Tolga Asveren, Glenn McGregor, and John We would like to thank Tolga Asveren, Glenn McGregor, and John
Loughney for their contributions as co-authors to earlier versions of Loughney for their contributions as co-authors to earlier versions of
this document. this document.
10. Acknowledgments 10. Acknowledgments
We greatly appreciate the insight provided by Diameter implementers We greatly appreciate the insight provided by Diameter implementers
who have highlighted the issues and concerns being addressed by this who have highlighted the issues and concerns being addressed by this
document. The authors would also like to thank A. Jean Mahoney and document. The authors would also like to thank Jean Mahoney and Ben
Ben Campbell for their invaluable detailed review and comments on Campbell for their invaluable detailed review and comments on this
this document. document.
11. References
11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn,
"Diameter Base Protocol", RFC 6733, October 2012.
11.2. Informative References 11. Informative References
[I-D.asveren-dime-dupcons] [I-D.asveren-dime-dupcons]
Asveren, T., "Diameter Duplicate Detection Cons.", draft- Asveren, T., "Diameter Duplicate Detection Cons.", draft-
asveren-dime-dupcons-00 (work in progress), August 2006. asveren-dime-dupcons-00 (work in progress), August 2006.
[I-D.calhoun-diameter-res-mgmt] [I-D.calhoun-diameter-res-mgmt]
Calhoun, P., "Diameter Resource Management Extensions", Calhoun, P., "Diameter Resource Management Extensions",
draft-calhoun-diameter-res-mgmt-08.txt (work in progress), draft-calhoun-diameter-res-mgmt-08.txt (work in progress),
March 2001. March 2001.
[Q.3303.3] [Q.3303.3]
3rd Generation Partnership Project, "ITU-T Recommendation 3rd Generation Partnership Project, "ITU-T Recommendation
Q.3303.3, "Resource control protocol no. 3 (rcp3): Q.3303.3, "Resource control protocol no. 3 (rcp3):
Protocol at the Rw interface between the Policy Decision Protocol at the Rw interface between the Policy Decision
Physical Entity (PD-PE) and the Policy Enforcement Physical Entity (PD-PE) and the Policy Enforcement
Physical Entity (PE-PE): Diameter"", 2008. Physical Entity (PE-PE): Diameter"", 2008.
[RFC2407] Piper, D., "The Internet IP Security Domain of
Interpretation for ISAKMP", RFC 2407, November 1998.
[RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998. (IKE)", RFC 2409, November 1998.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton,
"Diameter Network Access Server Application", RFC 4005, "Diameter Network Access Server Application", RFC 4005,
August 2005. August 2005.
[RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application", RFC 4072, Authentication Protocol (EAP) Application", RFC 4072,
August 2005. August 2005.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, December 2005.
skipping to change at page 20, line 40 skipping to change at page 20, line 11
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M.,
and A. Lior, "Traffic Classification and Quality of and A. Lior, "Traffic Classification and Quality of
Service (QoS) Attributes for Diameter", RFC 5777, February Service (QoS) Attributes for Diameter", RFC 5777, February
2010. 2010.
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
"Internet Key Exchange Protocol Version 2 (IKEv2)", RFC "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC
5996, September 2010. 5996, September 2010.
[RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn,
"Diameter Base Protocol", RFC 6733, October 2012.
[TS29.228] [TS29.228]
3rd Generation Partnership Project, "3GPP TS 29.228; 3rd Generation Partnership Project, "3GPP TS 29.228;
Technical Specification Group Core Network and Terminals; Technical Specification Group Core Network and Terminals;
IP Multimedia (IM) Subsystem Cx and Dx Interfaces; IP Multimedia (IM) Subsystem Cx and Dx Interfaces;
Signalling flows and message contents", , Signalling flows and message contents", ,
<http://www.3gpp.org/ftp/Specs/html-info/29272.htm>. <http://www.3gpp.org/ftp/Specs/html-info/29272.htm>.
[TS29.229] [TS29.229]
3rd Generation Partnership Project, "3GPP TS 29.229; 3rd Generation Partnership Project, "3GPP TS 29.229;
Technical Specification Group Core Network and Terminals; Technical Specification Group Core Network and Terminals;
skipping to change at page 21, line 28 skipping to change at page 20, line 46
3rd Generation Partnership Project, "3GPP TS 29.329; 3rd Generation Partnership Project, "3GPP TS 29.329;
Technical Specification Group Core Network and Terminals; Technical Specification Group Core Network and Terminals;
Sh Interface based on the Diameter protocol; Protocol Sh Interface based on the Diameter protocol; Protocol
details", , details", ,
<http://www.3gpp.org/ftp/Specs/html-info/29329.htm>. <http://www.3gpp.org/ftp/Specs/html-info/29329.htm>.
Authors' Addresses Authors' Addresses
Lionel Morand (editor) Lionel Morand (editor)
Orange Labs Orange Labs
38/40 rue du General Leclerc
Issy-Les-Moulineaux Cedex 9 92794
France
Phone: +33145296257
Email: lionel.morand@orange.com Email: lionel.morand@orange.com
Victor Fajardo Victor Fajardo
Email: vf0213@gmail.com Email: vf0213@gmail.com
Hannes Tschofenig Hannes Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
Linnoitustie 6 Linnoitustie 6
Espoo 02600 Espoo 02600
Finland Finland
 End of changes. 113 change blocks. 
352 lines changed or deleted 341 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/