Beruflich Dokumente
Kultur Dokumente
for LTE
By: Samuel Dratwa
Samuel.dratwa@gmail.com
Copyright © 2011 LOGTEL
Logtel’s Activities
Software
Training Consulting
Development
Logtel’s fields
Computer
Telecom Hardware
Tech. Skills
Product Training
Israel Hi Tech Companies
Outsourcing
Introduction
Overview of Diameter protocol and usage
Diameter message flow and message format
The need for DRA
The role of Diameter in EPC
The role of Diameter in IMS
The role of Diameter in roaming and hand-off
The role of Diameter in QoS and policies
Final exerciser (end to end flow)
customer satisfaction !
The Diameter protocol was initially developed by Pat R. Calhoun, Glen Zorn, and
Ping Pan in 1998 to provide a framework for authentication, authorization and
accounting (AAA) that could overcome the limitations of RADIUS.
Flags
• "R" (Request) bit – If set, the message is a request.
If cleared, the message is an answer.
• "P" (Proxiable) bit – If set, the message MAY be proxied, relayed or redirected.
• "E" (Error) bit – If set, the message contains a protocol error.
• "T" (Potentially re-transmitted message) bit – This flag is set after a link failover procedure,
to aid the removal of duplicate requests.
3002 DIAMETER_UNABLE_TO_DELIVER This error is given when Diameter can not deliver the
message to the destination.
3006 DIAMETER_REDIRECT_INDICATION A redirect agent has determined that the request could
not be satisfied locally.
3009 DIAMETER_INVALID_AVP_BITS A request was received that included an AVP whose flag
bits are set to an unrecognized value.
• Protocols
– Certain nodes MUST support at least SCTP or TCP (i.e. Diameter
Client)
– Others MUST support SCTP and TCP (i.e. Diameter Servers and
Agents)
• Security
– TLS and IPSec
• Selection Process (in order of execution)
– IPSec, SCTP, TCP, TLS
• SCTP or TCP is always attempted prior to capabilities exchange
• TLS tried after capability negotiation
• IPSec and TLS maybe used exclusively
• Capabilities Exchange
– Use of Capabilities-Exchange (CER/CEA) messages
– Message exchange advertises:
• Peer Identity
• Security schemes – Indicates the use of TLS
• SCTP host addresses if used
– CER/CEA may or may not be protected
• Peer Table Creation
– Lists all peers that passes capabilities negotiation
– Indicates the connection status of each peers
– Also used for message routing
• Liveness Test
– Use of Device-Watchdog exchange (DWR/DWA)
– Aid in Failover performance: pro-active detection of failure
• Disconnection
– Use of Disconnect-Peer exchange (DPR/DPA)
– Provides hints for future reconnection attempts
– Routing table updates
Peer Discovery
Discovery via DNS or Static Configuration
Peer Discovery
Capabilities
Exchange Request
A Capabilities Exchange message carries a peer's
Capabilities
Exchange Request identity and its capabilities (protocol version number,
Capabilities supported Diameter applications, etc.). A Diameter node
Capabilities Exchange Answer only transmits commands to peers that have advertised
Exchange Answer
support for the Diameter application associated with the
given command.
Device Watchdog
Request Application-level heartbeat messages are used to
Device Watchdog proactively detect transport failures. These messages
Answer are sent periodically when a peer connection is idle and
when a timely response has not been received for an
Request
outstanding request.
Request
Each Diameter process running on a host generates, or is configured with, a Diameter Identity.
The Diameter Identity is a URI-syntax string with substrings representing the host's fully qualified
domain name (FQDN), one of the ports used to listen for incoming connections, the transport used
to listen for incoming connections (i.e. TCP or SCTP), the AAA protocol (i.e. Diameter), and the
transport security (i.e. none or TLS).
The following is an example of a valid Diameter host identity:
aaa://host.abc.com:1812;transport=tcp;protocol=diameter
Sessions Sessions
AF PCRF AGW
TCP or SCTP Transport TCP or SCTP Transport
A Diameter message pertaining to a specific user session includes a Session-Id AVP, the value of
which is constant throughout the life of a session. The value of the Session-Id AVP is a globally
and eternally unique text string, intended to uniquely identify a user session without reference to
any other information.
The Diameter client initiating the session creates the Session-Id. The Session-Id begins with the
originator's Diameter Identity string and is followed by any sequence guaranteeing both topological
and temporal uniqueness.
Copyright © 2011 LOGTEL
Failover-Failback Procedure
Relay 3. Request
T-bit set
Request
Queue
4. Answer
2. Request
T-bit set
5. Answer
Server
1. Request 2. Request
Client Relay
3. Answer
Request Request
Queue Queue
4. Answer
• Event Based
– A single CCR/CCA exchange in each session
– Used when it is sure that requested service event will be
successful
• Session Based
– Multiple CCR/CCA exchanges in a session
– Required when there is a need to reserve credits before
providing the service
– Requires state maintenance on the server side
– Server first reserves the credits and debits them after receiving
the subsequent CCR
• CC-Request-Type AVP
– Indicates type of the request for a CCR
– Possible values are INITIAL_REQUEST, UPDATE_REQUEST,
TERMINATION_REQUEST for session based scenarios and
EVENT_REQUEST for event based scenarios
• CC-Request-Number AVP
– Identifies a request within a session
• Requested-Action AVP
– Used to indicate type of the requested action for event based
scenarios. Possible values are DIRECT_DEBITING,
REFUND_ACCOUNT, CHECK_BALANCE and PRICE_ENQUIRY
Client Server
CCR, Session-Id = S-Id1, Service-Identifier
CC-Request-Type = EVENT_BASED
Requested-Action = PRICE_ENQUIRY
CCA, Session-Id = S-Id1
Cost-Information
CCR, Session-Id = S-Id2, Subscription-Id,
CC-Request-Type = EVENT_BASED
Requested-Action = BALANCE_CHECK,
Service-Identifier
CCA, Session-Id = S-Id2
Check-Balance-Result
CCR, Session-Id = S-Id3, Service-Identifier
CC-Request-Type = EVENT_BASED
Requested-Action = DIRECT_DEBITING
Subscription-Id
CCA, Session-Id = S-Id3
Granted-Service-Unit
Client Server
CCR, Session-Id = S-Id1, Requested-Service-Unit
CC-Request-Type = INITIAL_REQUEST
Subscription-Id
CCA, Session-Id = S-Id1
Granted-Service-Unit, Validity-Time
CCR, Session-Id = S-Id1, Requested-Service-Unit,
CC-Request-Type = UPDATE_REQUEST
Subscription-Id
CCA, Session-Id = S-Id1
Granted-Service-Unit, Validity-Time
Tx timer
Used by client to guard against non-receipt of CCA after a CCR is
sent
Can’t rely on Tw, configuring Tw to a low value may be undesirable
and Tw on the whole message path may not be under control of the
client administrating entity
Tcc timer
Used by server to guard against non-receipt of CCR for session
based scenarios
RAN
?
Copyright © 2011 LOGTEL 77
Command-Code for S6a/S6d
Command-Name Abbreviation Code
Update-Location-Request ULR 316
Update-Location-Answer ULA 316
Cancel-Location-Request CLR 317
Cancel-Location-Answer CLA 317
Authentication-Information-Request AIR 318
Diameter on S6a
Update Location Request
IMS
TAS SCC-AS
4
ENUM 3 2
5
CSG* S/I-CSCF
6
BGCF
SBC w P-CSCF HSS(IMS)
7
HSS(CSPS)
7
PDN GW/GGSN
PCR
PCEF
PSTN F
GMSC
S-GW
SAE GW
B
3G
3G CSG*
MSC/VLR
EPC MME SGSN
E-UTRAN UTRAN
3G
7
1
A
IMS 5
TAS SCC-AS
3
4 6
CSG* S/I-CSCF
2 BGCF
1
SBC w P-CSCF HSS(IMS)
7
HSS(CSPS)
7
PDN GW/GGSN
PCR
PCEF
PSTN F
GMSC
S-GW
SAE GW
B
3G
3G CSG*
MSC/VLR
EPC MME SGSN
E-UTRAN UTRAN
3G
7 A
6
IMS-Information: Called-Asserted-Identity Bob’s URI, set from ’P-Asserted-Identity’ header of the received
18x or 200 OK INVITE response. The number of AVPs depends on
the number of ‘P-Asserted-Identity’ headers received in the
INVITE response. ( step 8 or 12)
TAS
Alice
Term
S-CSCF
Alice TAS
Alice
Orig
S-CSCF
Bob TAS
Bob
Term
5. INVITE Carol
[Call-id=2,To-Tag=2,From-Tag=2]
6. INVITE
TAS2
7. re-INVITE(Hold) 8.re-INVITE(Hold)
(Alice Orig)
21. re-INVITE
22. BYE MRF’s SDP
Resource List Server (RLS) Manages publications from one or multiple presence •
handles subscriptions to presence source(s) of a certain presentity. This includes refreshing
lists. It creates and manages presence information, replacing existing presence information
back-end subscriptions to all with newly-published information, or removing presence
resources in the presence list. information.
The list content is retrieved from Manages subscriptions from watchers to presence information •
the XDM Server. and generates notifications about presence information state
changes, retrieving the presence authorization rules from
the XDM Server.
Roaming border
Visited network Home network
MME PCRF PCRF HSS
1 Attach
2 Authenticate 2 Authenticate
3 Update Location
Subscriber Data 4
Policy exchange 5
Home
network
V-PCRF
Visited
network eUTRAN eUTRAN eUTRAN eUTRAN