idnits 2.17.1 

draft-calhoun-diameter-res-mgmt-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** Missing expiration date.  The document expiration date should appear on
     the first and last page.

  ** The document seems to lack a 1id_guidelines paragraph about
     Internet-Drafts being working documents. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  == The page length should not exceed 58 lines per page, but there was 18
     longer pages, the longest (page 2) being 60 lines

  == It seems as if not all pages are separated by form feeds - found 0 form
     feeds but 19 pages


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack a Security Considerations section.

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** There are 4 instances of too long lines in the document, the longest one
     being 6 characters in excess of 72.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 125: '...   MUST      This word, or the adjecti...'
     RFC 2119 keyword, line 129: '...   MUST NOT  This phrase means that th...'
     RFC 2119 keyword, line 132: '...   SHOULD    This word, or the adjecti...'
     RFC 2119 keyword, line 138: '...   MAY       This word, or the adjecti...'
     RFC 2119 keyword, line 140: '...hich does not include this option MUST...'
     (59 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- Couldn't find a document date in the document -- date freshness check
     skipped.


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '3' is defined on line 777, but no explicit reference
     was found in the text

  == Outdated reference: A later version (-18) exists of
     draft-calhoun-diameter-08

  -- Possible downref: Normative reference to a draft: ref. '1' 

  -- No information found for draft-calhoun-diameter-auth - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. '2' 

  == Outdated reference: A later version (-09) exists of
     draft-calhoun-diameter-framework-02

  -- Possible downref: Normative reference to a draft: ref. '3' 


     Summary: 10 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET DRAFT                                            Pat R. Calhoun
3	Category: Standards Track                         Sun Microsystems, Inc.
4	Title: draft-calhoun-diameter-res-mgmt-03.txt               Nancy Greene
5	Date: February 1999                                               Nortel

7	                               DIAMETER
8	                     Resource Management Extensions

10	Status of this Memo

12	   This document is an individual contribution for consideration by the
13	   AAA Working Group of the Internet Engineering Task Force.  Comments
14	   should be submitted to the diameter@ipass.com mailing list.

16	   Distribution of this memo is unlimited.

18	   This document is an Internet-Draft and is in full conformance with
19	   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
20	   documents of the Internet Engineering Task Force (IETF), its areas,
21	   and its working groups.  Note that other groups may also distribute
22	   working documents as Internet-Drafts.

24	   Internet-Drafts are draft documents valid for a maximum of six months
25	   and may be updated, replaced, or obsoleted by other documents at any
26	   time.  It is inappropriate to use Internet-Drafts as reference
27	   material or to cite them other than as "work in progress."

29	   The list of current Internet-Drafts can be accessed at:

31	      http://www.ietf.org/ietf/1id-abstracts.txt

33	   The list of Internet-Draft Shadow Directories can be accessed at:

35	      http://www.ietf.org/shadow.html.

37	Abstract

39	   DIAMETER is a policy protocol used between a client and a server for
40	   authentication, authorization and accounting of various services.
41	   Examples of such services are for dial-up users (ROAMOPS), RSVP
42	   Admission Policies (RAP), FAX Over IP (FAXIP), Voice over IP (IP
43	   Tel), Integrated services, etc.

45	   This document defines a set of commands which allow DIAMETER servers
46	   to maintain session state information. An example of the use of
47	   Resource Management would be to limit the number of sessions for a
48	   given user.

50	Table of Contents

52	   1.0 Introduction
53	       1.1 Specification of Requirements
54	       1.2 Concept of a session
55	   2.0 Command Codes
56	       2.1 Session-Free-Request
57	       2.2 Session-Free-Answer
58	       2.3 Session-Resource-Query
59	       2.4 Session-Resource-Reply
60	       2.5 Resource-Reclaim-Request
61	       2.6 Resource-Reclaim-Answer
62	   3.0 DIAMETER AVPs
63	       3.1 Query-Index
64	       3.2 Resource-Token
65	   4.0 Protocol Definition
66	       4.1 Feature Advertisement/Discovery
67	       4.2 Session Free
68	       4.3 Relinquish Session
69	       4.4 Interaction with Device-Reboot-Indication
70	       4.5 State Resync
71	   5.0 References
72	   6.0 Authors' Addresses

74	1.0  Introduction

76	   Many services requiring Policy Server Support require the server to
77	   maintain session state information. This can only be achieved if the
78	   protocol has built-in mechanism to allow both the client and the
79	   server to resync its state information. A message set is also
80	   required to allow the client to inform the server when a session has
81	   terminated.

83	   An example of such a requirement is in the dial-up PPP world. With
84	   the introduction of flat-rate internet access, there has been a surge
85	   in fraud that allows a user to provide his username/password pair to
86	   other people. The end result is that a single username can have
87	   simultaneous concurrent sessions.

89	   It is desirable for the Policy Server to maintain a list of the
90	   active sessions so it can detect whether a user is attempting
91	   fraudulent activities, and restrict the user to a single login.

93	   Internet Service Providers have had to implement this functionality
94	   using other less-reliable schemes in the past. Unfortunately, those
95	   schemes are known to be problematic and therefore a standard method
96	   of maintaining state information is desired.

98	   The DIAMETER Resource Management extensions are intended to provide
99	   the functionality required to have stateful Policy Servers. This
100	   document does not specify what resources can be managed by a server
101	   since it is service specific, but it does provide the tools required
102	   for the services that require it.

104	   When reading this document the reader should keep in mind that the
105	   authorization of a session by the server is analogous to the
106	   allocation of resources. This document does not deal with the
107	   allocation of any resources and is simply a complement to the service
108	   extension that requires stateful servers.

110	   Message sets and the AVPs used for session setup and resource
111	   allocation vary depending on the type of service a session is being
112	   created for. The general concept of a session is described in this
113	   document, and specific message sets for session setup and resource
114	   allocation are found in other extension documents, for example, in
115	   [2].

117	   The Extension number for this draft is two (2). This value is used in
118	   the Extension-Id AVP as defined in [2].

120	1.1  Specification of Requirements

122	   In this document, several words are used to signify the requirements
123	   of the specification.  These words are often capitalized.

125	   MUST      This word, or the adjective "required", means that the
126	             definition is an absolute requirement of the
127	             specification.

129	   MUST NOT  This phrase means that the definition is an absolute
130	             prohibition of the specification.

132	   SHOULD    This word, or the adjective "recommended", means that
133	             there may exist valid reasons in particular circumstances
134	             to ignore this item, but the full implications must be
135	             understood and carefully weighed before choosing a
136	             different course.

138	   MAY       This word, or the adjective "optional", means that this
139	             item is one of an allowed set of alternatives.  An
140	             implementation which does not include this option MUST
141	             be prepared to interoperate with another implementation
142	             which does include the option.

144	1.2  Concept of a session

146	   A session defines a thread of Diameter messages. All messages related
147	   to a particular session MUST include a Session-Id. (Session-Id is
148	   described in [1]). A session can be established by either a client or
149	   a server. The Session-Id is assigned by the initiator of the session.
150	   Resources can be added to, deleted from, or modified in a session.
151	   How this is done for a particular service is described in the
152	   relevant extensions document. For example, [2] describes session
153	   setup and resource allocation for user authentication and
154	   authorization.

156	   This document describes the more general functions of querying for
157	   information on allocated resources, and freeing a session.

159	2.0  Command Codes

161	   This document defines the following DIAMETER Commands. All DIAMETER
162	   implementations supporting this extension MUST support all of the
163	   following commands:

165	      Command Name          Command Code
166	      -----------------------------------
167	      Session-Free-Request      266
168	      Session-Free-Answer       267
169	      Session-Resource-Query    268
170	      Session-Resource-Reply    269
171	      Resource-Reclaim-Request  270
172	      Resource-Reclaim-Answer   271

174	2.1  Session-Free-Request (SFR)

176	   Description

178	      The Session-Free-Request message is normally sent by a DIAMETER
179	      client to a server, and provides information on specific resources
180	      which have been released.

182	      The Session-Free-Request message MUST include the Host-IP-Address
183	      or the Host-Name as well as the Session-Id AVPs. The Session-Id is
184	      used by the server to identify a specific session that was
185	      previously authorized.

187	      Upon receipt of this message the server MUST free any resources
188	      that were previously allocated to the session during the session
189	      authorization and respond with the Session-Free-Answer.

191	      The Session-Free-Request MAY contain the Result-Code AVP if it is
192	      a result of a Session-Reclaim-Request.

194	   Message Format

196	      <Session-Free-Request>  ::= <DIAMETER Header>
197	                                  <Session-Free-Request Command AVP>
198	                                  <Session-Id AVP>
199	                                  <Timestamp AVP>
200	                                  <Nonce AVP>
201	                                  {<Integrity-Check-Vector AVP> ||
202	                                   <Digital-Signature AVP }

204	   AVP Format

206	      A summary of the Session-Free-Request packet format is shown
207	      below. The fields are transmitted from left to right.

209	       0                   1                   2                   3
210	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
211	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
212	       |                           AVP Code                            |
213	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
214	       |          AVP Length           |     Reserved      |U|T|V|E|H|M|
215	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
216	       |                         Command Code                          |
217	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

219	      AVP Code

221	         256     DIAMETER Command

223	      AVP Length

225	         The length of this attribute MUST be 12.

227	      AVP Flags

229	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
230	         upon the security model used. The 'V', 'T' and the 'P' bits
231	         MUST NOT be set.

233	      Command Code

235	         The Command Code field MUST be set to 266 (Session-Free-
236	         Request).

238	2.2  Session-Free-Answer (SFA)

240	   Description

242	      The Session-Free-Answer message is sent by the DIAMETER Server to
243	      the client to acknowledge the receipt of the Session-Free-Request
244	      message. The Result-Code AVP, which MUST be present in the
245	      Session-Free-Answer, is used in order to identify whether the
246	      Server was able to free the resources associated with the
247	      Session-Id. The Host-IP-Address or the Host-Name AVP MUST be
248	      present in this message.

250	      The following Error Codes are defined for the Session-Free-Answer
251	      message:

253	         DIAMETER_ERROR_ALREADY_FREE             1
254	            The Session Identifier has already been freed.

256	   Message Format

258	      <Session-Free-Answer>  ::= <DIAMETER Header>
259	                                 <Session-Free-Answer Command AVP>
260	                                 <Result-Code AVP>
261	                                 [<Error-Code AVP>]
262	                                 <Timestamp AVP>
263	                                 <Nonce AVP>
264	                                 {<Integrity-Check-Vector AVP> ||
265	                                  <Digital-Signature AVP }

267	   AVP Format

269	      A summary of the Session-Free-Answer packet format is shown below.
270	      The fields are transmitted from left to right.

272	       0                   1                   2                   3
273	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
274	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
275	       |                           AVP Code                            |
276	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
277	       |          AVP Length           |     Reserved      |U|T|V|E|H|M|
278	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
279	       |                         Command Code                          |
280	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

282	      AVP Code

284	         256     DIAMETER Command

286	      AVP Length

288	         The length of this attribute MUST be 12.

290	      AVP Flags

292	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
293	         upon the security model used. The 'V', 'T' and the 'P' bits
294	         MUST NOT be set.

296	      Command Code

298	         The Command Code field MUST be set to 267 (Session-Free-
299	         Answer).

301	2.3  Session-Resource-Query (SRQ)

303	   Description

305	      The Session-Resource-Query message is sent by a DIAMETER Server to
306	      a client. This event MAY occur when a Server has lost its state
307	      information and wishes to rebuild the information. However, it is
308	      valid for a server to send a request periodically to clients to
309	      refresh its state information.

311	      The presence of one or more  Session-Id AVP in the Session-
312	      Resource-Query indicates that the server only wants to receive the
313	      Resource-Token for the specified session(s).

315	      The initial Session-Resource-Query message MUST contain the Host-
316	      IP-Address and the Host-Name AVPs and a Query-Index AVP with a
317	      value of zero (see section 4.4 for more info). The Query-Index AVP
318	      is used by the client as a placeholder in subsequent Query-
319	      Resource-Requests in order to identify which Resource-Token to
320	      send to the server.

322	      When the client receives a non-zero Query-Index AVP, it MUST
323	      include Resource-Tokens beginning at the placeholder associated
324	      with the value of the Query-Index AVP.

326	      A non-zero Query-Index AVP is sent to the DIAMETER Server in the
327	      Session-Resource-Query-Reply when the client is unable to include
328	      all of the Resource-Tokens within a single response.

330	      Once a DIAMETER Server has rebooted or lost its state information
331	      for any reason, it is recommended that the Server issue a
332	      Session-Resource-Query and receive a valid response from a
333	      specific client prior to processing any authorization messages
334	      from the client.

336	   Message Format

338	      Session-Resource-Query  ::= <DIAMETER Header>
339	                                  <Session-Resource-Query Command AVP>
340	                                  [<Session-Id AVP #1>]
341	                                  [<Session-Id AVP #2>]
342	                                  [<Session-Id AVP #n>]
343	                                  <Timestamp AVP>
344	                                  <Nonce AVP>
345	                                  {<Integrity-Check-Vector AVP> ||
346	                                   <Digital-Signature AVP }

348	   AVP Format

350	      A summary of the Session-Resource-Query packet format is shown
351	      below. The fields are transmitted from left to right.

353	       0                   1                   2                   3
354	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
355	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
356	       |                           AVP Code                            |
357	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
358	       |          AVP Length           |     Reserved      |U|T|V|E|H|M|
359	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
360	       |                         Command Code                          |
361	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

363	      AVP Code

365	         256     DIAMETER Command

367	      AVP Length

369	         The length of this attribute MUST be 12.

371	      AVP Flags

373	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
374	         upon the security model used. The 'V', 'T' and the 'P' bits
375	         MUST NOT be set.

377	      Command Code

379	         The Command Code field MUST be set to 268 (Session-Resource-
380	         Query).

382	2.4  Session-Resource-Query-Reply (SRQR)

384	   Description

386	      Upon receipt of a Session-Resource-Query, each client is
387	      responsible to respond with all of the Resource-Tokens for active
388	      sessions that were previously allocated by the requesting server.
389	      The message MUST include the Query-Index, a Result-Code AVP, a
390	      Host-IP-Address or Host-Name AVPs and one or more Resource-Token
391	      AVPs.

393	      Since more than one Resource-Token AVP may be returned within a
394	      Session-Resource-Query-Reply, it is likely that the total packet
395	      length would exceed the interface's MTU. It is required to make
396	      use of the Query-Index AVP in order to request that the server
397	      issue a subsequent Session-Resource-Query. The value of the
398	      Query-Index MUST be duplicated in the subsequent Session-
399	      Resource-Query by the Server in order for the client to know which
400	      Resource-Token to start sending in the following response.

402	      If the client was able to fit all of the Resource-Tokens within
403	      the Session-Resource-Query-Reply it MUST include a Query-Index AVP
404	      with a zero value. A zero Query-Index will inform the Server that
405	      it SHOULD NOT issue another Session-Resource-Query.

407	   Message Format

409	      Session-Resource-Query-Reply  ::= <DIAMETER Header>
410	                                     <Session-Res-Qry-Reply Command AVP>
411	                                     <Result-Code AVP>
412	                                     [<Error-Code AVP>]
413	                                     [<Resource-Token AVP #1>]
414	                                     [<Resource-Token AVP #2>]
415	                                     [<Resource-Token AVP #n>]
416	                                     <Timestamp AVP>
417	                                     <Nonce AVP>
418	                                     {<Integrity-Check-Vector AVP> ||
419	                                      <Digital-Signature AVP }
420	   AVP Format

422	      A summary of the Session-Resource-Query-Reply packet format is
423	      shown below. The fields are transmitted from left to right.

425	       0                   1                   2                   3
426	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
427	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
428	       |                           AVP Code                            |
429	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
430	       |          AVP Length           |     Reserved      |U|T|V|E|H|M|
431	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
432	       |                         Command Code                          |
433	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

435	      AVP Code

437	         256     DIAMETER Command

439	      AVP Length

441	         The length of this attribute MUST be 12.

443	      AVP Flags

445	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
446	         upon the security model used. The 'V', 'T' and the 'P' bits
447	         MUST NOT be set.

449	      Command Code

451	         The Command Code field MUST be set to 269 (Session-Resource-
452	         Query-Reply).

454	2.5  Session-Reclaim-Request (SRR)

456	   Description

458	      The Session-Reclaim-Request message is sent by the DIAMETER Server
459	      to the client to request that a previously authorized session be
460	      freed immediately. This allows the server to free used resources
461	      on the client without any manual intervention.

463	      The Session-Reclaim-Request message MUST include a Host-IP-Address
464	      and the Host-Name AVP and the Session-Id AVP that was used during
465	      the session's authorization phase.

467	   Message Format
468	      Session-Reclaim-Request ::= <DIAMETER Header>
469	                                  <Session-Reclaim-Request Command AVP>
470	                                  <Session-ID AVP>
471	                                  <Timestamp AVP>
472	                                  <Nonce AVP>
473	                                  {<Integrity-Check-Vector AVP> ||
474	                                   <Digital-Signature AVP }

476	   AVP Format

478	      A summary of the Session-Reclaim-Request packet format is shown
479	      below. The fields are transmitted from left to right.

481	       0                   1                   2                   3
482	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
483	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
484	       |                           AVP Code                            |
485	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
486	       |          AVP Length           |     Reserved      |U|T|V|E|H|M|
487	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
488	       |                         Command Code                          |
489	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

491	      AVP Code

493	         256     DIAMETER Command

495	      AVP Length

497	         The length of this attribute MUST be 12.

499	      AVP Flags

501	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
502	         upon the security model used. The 'V', 'T' and the 'P' bits
503	         MUST NOT be set.

505	      Command Code

507	         The Command Code field MUST be set to 270 (Session-Reclaim-
508	         Request).

510	2.6  Session-Reclaim-Answer (SRA)

512	   Description

514	      The Session-Reclaim-Answer message is sent by the DIAMETER client
515	      to acknowledge the Session-Reclaim-Request. The Result-Code AVP
516	      indicates wether the request was successfully completed or not.

518	   Message Format

520	      Session-Reclaim-Answer ::= <DIAMETER Header>
521	                                 <Session-Reclaim-Answer Command AVP>
522	                                 <Result-Code AVP>
523	                                 [<Error-Code AVP>]
524	                                 <Timestamp AVP>
525	                                 <Nonce AVP>
526	                                 {<Integrity-Check-Vector AVP> ||
527	                                  <Digital-Signature AVP }

529	   AVP Format

531	      A summary of the Session-Reclaim-Answer packet format is shown
532	      below. The fields are transmitted from left to right.

534	       0                   1                   2                   3
535	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
536	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
537	       |                           AVP Code                            |
538	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
539	       |          AVP Length           |     Reserved      |U|T|V|E|H|M|
540	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
541	       |                         Command Code                          |
542	       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

544	      AVP Code

546	         256     DIAMETER Command

548	      AVP Length

550	         The length of this attribute MUST be 12.

552	      AVP Flags

554	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
555	         upon the security model used. The 'V', 'T' and the 'P' bits
556	         MUST NOT be set.

558	      Command Code

560	         The Command Code field MUST be set to 271 (Session-Reclaim-
561	         Answer).

563	3.0  DIAMETER AVPs

565	   This section will define the mandatory AVPs which MUST be supported
566	   by all DIAMETER implementations supporting this extension. The
567	   following AVPs are defined in this document:

569	      Attribute Name       Attribute Code
570	      -----------------------------------
571	      Query-Index               290
572	      Resource-Token            291

574	3.1  Query-Index

576	   Description

578	      This attribute is used in conjunction with the Resource Query
579	      mechanism and allows the client to exchange resource information
580	      through more than one message exchange.

582	      In the initial Session-Resource-Query, this attribute MUST be
583	      present with a value of zero. Upon receipt of a Session-Resource-
584	      Query-Reply command, the DIAMETER server must check if the
585	      attribute is still set to zero. If the value is a non-zero, the
586	      DIAMETER server MUST return a Session-Resource-Query with a
587	      Query-Index value equal to the value which was set in the
588	      response. Upon receipt of a zero, the DIAMETER Server MUST assume
589	      that this is the last message exchange.

591	   AVP Format

593	      0                   1                   2                   3
594	      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
595	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
596	      |                           AVP Code                            |
597	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
598	      |          AVP Length           |     Reserved      |U|T|V|E|H|M|
599	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
600	      |                           Integer32                           |
601	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

603	      AVP Code

605	         290     Query-Index

607	      AVP Length

609	         The length of this attribute MUST be at least 12.

611	      AVP Flags

613	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
614	         upon the security model used. The 'V', 'T' and the 'P' bits
615	         MUST NOT be set.

617	      Integer32

619	         The Integer32 field contains a value that has local
620	         significance to client in order to identify which Resource-
621	         Token to send in the subsequent Session-Resource-Query.

623	3.2  Resource-Token

625	   Description

627	      The Resource-Token AVP is returned by the DIAMETER Server to the
628	      client during authorization (or session setup). The Resource-Token
629	      is subsequently used during the Session-Resource-Query-Reply in
630	      order to hand the Server with enough information to rebuild its
631	      state information.

633	      The data portion of this AVP should be considered as opaque data
634	      to all systems other than the creator of the token. One could
635	      easily imagine that the token would include AVPs, such as the
636	      Session Id, Host-IP-Address or Host-Name AVP and the Extension-Id
637	      AVP. Each service SHOULD define the set of AVPs that are necessary
638	      for the creation of session state information, however given that
639	      this is only used by the creator, it will remain largely
640	      implementation specific.

642	      NOTE: The above may not be true in cases where a DIAMETER server
643	      farm exists and these servers must exchange session state
644	      information. Therefore, it may be desirable to simply require that
645	      the token consists of DIAMETER AVPs.

647	      It is likely that more than one of these attributes exist in a
648	      Session-Resource-Reponse.

650	   AVP Format
651	      0                   1                   2                   3
652	      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
653	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
654	      |                           AVP Code                            |
655	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
656	      |          AVP Length           |     Reserved      |U|T|V|E|H|M|
657	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
658	      |    Data ...
659	      +-+-+-+-+-+-+-+-+

661	      AVP Code

663	         291     Resource-Token

665	      AVP Length

667	         The length of this attribute MUST be at least 9.

669	      AVP Flags

671	         The 'M' bit MUST be set. The 'H' and 'E' MAY be set depending
672	         upon the security model used. The 'V', 'T' and the 'P' bits
673	         MUST NOT be set.

675	      Data

677	         The Data field contains the Resource-Token that was returned by
678	         the DIAMETER Server during the authorization phase.

680	4.0  Protocol Definition

682	   This section will outline how the DIAMETER Resource Management
683	   Extension can be used.

685	4.1  Feature Advertisement/Discovery

687	   As defined in [2], the Reboot-Ind and Device-Feature-Query messages
688	   can be used to inform a peer about locally supported DIAMETER
689	   Extensions. In order to advertise support of this extension, the
690	   Extension-Id AVP must be transmitted with a value of two (2).

692	4.2  Session Free

694	   Upon session termination, a Session-Free-Request message is issue by
695	   the client to the DIAMETER Server and MUST contain the Session-Id AVP
696	   that was used during the authorization phase of the session.

698	4.3  Relinquish Session

700	   When the server wants the client to relinquish an existing session,
701	   the Server issues a Session-Reclaim-Request to the client. The
702	   request MUST contain the Session-Id AVP that was used during the
703	   authorization phase of the session.

705	   The client MUST respond with a Session-Reclaim-Answer message. The
706	   response indicates whether the request was successfully processed
707	   through the Result-Code AVP.

709	   In the roaming scenario the Session-Reclaim-Request message is
710	   problematic since it is difficult to identify the target client's
711	   proxy chain. This can be achieved by including the Host Name of the
712	   client that was found in the authorization request within the Host-
713	   Name AVP.

715	4.4  Interaction with Device-Reboot-Indication

717	   When a DIAMETER Server receives a Device-Reboot-Indication it MUST
718	   assume that all resources currently allocated to the rebooted peer
719	   MUST be freed.

721	4.5  State Resync

723	   Upon receipt of a Reboot-Ack message from a client that contains an
724	   Extension-Id AVP with the value set to 1 (Resource-Management), a
725	   DIAMETER entity SHOULD issue a Session-Resource-Query to the peer.
726	   All requests from the peer MUST be ignored until the peer has
727	   successfully responded to the Session-Resource-Query message.

729	   Upon receipt of a Session-Resource-Query a response MUST be returned
730	   which contains all of the active Resource-Tokens that have previously
731	   been allocated by the requesting node. Since the number of active
732	   Resource-Tokens MAY be larger than the interface's MTU, it is
733	   required to make use of the Query-Index AVP.

735	   The following is an example of an exchange between a Server and a
736	   Client that has 26 Resource-Tokens which is too many to fit within a
737	   single response.

739	      DIAMETER Server                                    DIAMETER Client
740	      ---------------                                    ---------------
741	      Reboot-Ind                         -->
742	                                         <-- Reboot-Ack (w/ Res-Mgmt Ext. Id)
743	      Session-Resource-Query (Index = 0) -->
744	                                 <-- Session-Resource-Query-Reply (Index = 10)
745	      Session-Resource-Query (Index = 10) -->
746	                                 <-- Session-Resource-Query-Reply (Index = 20)
747	      Session-Resource-Query (Index = 20) -->
748	                                 <-- Session-Resource-Query-Reply (Index = 0)

750	   In the above scenario, the Server issues the initial Session-
751	   Resource-Query with a zero Query-Index. The client responds but since
752	   it can only fit Resource-Tokens 1 through 9, it sets the Query-Index
753	   to 10 in the Session-Resource-Query-Reply.

755	   Upon receipt of the response the server processes the message and
756	   issues another Session-Resource-Query with the Query-Index value set
757	   to 10. The client, upon receipt of the request, knows that it needs
758	   to include the Resource-Tokens starting at 10. Again, since the
759	   client can only include the Resource-Tokens up to 19, it sets the
760	   Query-Index to 20.

762	   The Server issues another Session-Resource-Query with the Query-Index
763	   set to 20. At this point the client can fit the remaining Resource-
764	   Tokens (20 through 26) and therefore sets the Query-Index to zero to
765	   indicate that it has sent all of it's active Resource-Tokens.

767	5.0  References

769	    [1]   Calhoun, Rubens, "DIAMETER Base Protocol",
770	          draft-calhoun-diameter-08.txt, Work in Progress,
771	          February 1999.

773	    [2]   Calhoun, Bulley, "DIAMETER Autentication Extensions",
774	          draft-calhoun-diameter-auth-04.txt, Work in Progress,
775	          July 1998.

777	    [3]   Calhoun, Zorn, Pan, "DIAMETER Framework",
778	          draft-calhoun-diameter-framework-02.txt, Work in Progress,
779	          December 1998.

781	6.0  Authors' Addresses

783	   Questions about this memo can be directed to:

785	      Pat R. Calhoun
786	      Network and Security Research Center, Sun Labs
787	      Sun Microsystems, Inc.
788	      15 Network Circle
789	      Menlo Park, California, 94025
790	      USA

792	       Phone:  1-650-786-7733
793	         Fax:  1-650-786-6445
794	      E-mail:  pcalhoun@eng.sun.com

796	      Nancy Greene
797	      Public Data Networks
798	      Nortel (Northern Telecom)
799	      PO Box 3511 Station C
800	      Ottawa, Ontario K1Y 4H7
801	      Canada

803	       Phone: 1-613-763-9789
804	         Fax: 1-613-763-8904
805	      E-mail: ngreene@nortel.ca