TMCnews

SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community


TMCnews Featured Article


November 08, 2007

The Role of DIAMETER in IMS

By Richard Grigonis, Executive Editor, IP Communications Group


In a world of IP Communications under siege by hackers, crackers, and disgruntled employees, the science of Authentication, Authorization, and Accounting (AAA) has evolved considerably as VoIP has gone from a hobbyist concoction to a revenue-generating service that must rely on rock-solid, secure ways to authenticate, authorize, and establish accounting records for billing user time on networks. For example, the earliest services needed a protocol to communicate AAA information between voice gateways and their associated billing application.
 
First came RADIUS (Remote Access Dial-In User Service), a protocol used to deliver a lot of audit information for access control for AAA services. Back in the 1980s, if you dialed into an ISP, you were using a RADIUS service. It’s a server-based, distributed security system that secures remote access to networks and network services against unauthorized access. RADIUS comprises three components: a protocol with a frame format that utilizes User Datagram Protocol (UDP)/IP, a server and a client.
 
Transactions between the client and RADIUS server are authenticated via a “shared secret,” which never actually travels over the network. User passwords are sent encrypted between the client and RADIUS server. The actual authentication methods for RADIUS servers vary: PPP, Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), UNIX login, and other mechanisms.
 
Vendors such as Cisco and Nortel (News - Alert) adopted the RADIUS protocol so they could use it for reporting various attributes and other events regarding their equipment. Software companies used RADIUS to configure equipment. One problem was that the core set of attributes which could be accommodated by RADIUS messages were not broad enough for the jobs that RADIUS was taking on. So at the back end of the protocol, variable attributes—the Vendor-Specific Attributes (VSAs)—were heavily adopted by equipment vendors for particular uses of the protocol on each one of their respective pieces of equipment. (For example, the Cisco (News - Alert) Access Registrar uses VSAs to extend the standard RADIUS protocol so it can carry information not normally present in a standard RADIUS packet.)
 
This approach worked (even though RADIUS support for vendor-specific attributes didn’t also include vendor-specific commands) and the protocol became heavily used. Still, it had a lot of weaknesses in the areas of reliability, security, scalability, and above all, flexibility; networks were evolving faster than what RADIUS was capable of handling.
 
And RADIUS Begat DIAMETER
 
Hence, an even better protocol was needed to provide authentication or authorization to network resources and capture accounting for billing voice calls and other forms of network resource usage. The result was the DIAMETER protocol (which, unlike RADIUS, is not an acronym, just wordplay on the aspects of a circle).
 
The original DIAMETER request for comments (RFC) states: “The basic concept behind DIAMETER is to provide a base protocol that can be extended in order to provide AAA services to new access technologies. Currently, the protocol only concerns itself with Internet access, both in the traditional PPP sense as well as taking into account the ROAMOPS [Roaming Operations] model, and Mobile-IP.” This is why, unlike RADIUS, DIAMETER allows peers to exchange a great variety of messages. Still, DIAMETER’s protocol data unit is backward compatible with RADIUS so as to ease migration.
 
The DIAMETER base protocol provides various facilities: Connection and session management; user authentication and capabilities negotiation; reliable delivery of attribute value pairs (AVPs); agent support for proxy, redirect, and relay servers; extensibility, through addition of new commands and AVPs; and basic accounting services. DIAMETER sessions are based on exchanging commands and AVPs between authorized DIAMETER clients and servers.
 
“In terms of the control layer, DIAMETER has been heavily adopted by the 3GPP in the IMS standards set,” said Joe Hogan, founder and CTO of Openet (News - Alert). “Ironically, it wasn’t the 3GPP but the IETF that developed DIAMETER. The specification in RFC 3588 is the base DIAMETER protocol. The approaches they took were, first of all, to move it from using UDP (News - Alert) ports to TCP and then SCTP.”
 
“The second thing they did was to layer the uses and variety of uses for which this protocol would be used in the future,” Hogan continued. “These were compartmentalized so that if you’re going to use this for charging, then there will likely be a charging application built on top of it. So one of the first things they did with DIAMETER was to spec out some applications of the base protocol. With RFC 4006 they specified the credit control application. That’s the use of the base protocol plus additional capabilities — mainly transactional stuff. They did another version of the protocol for NASREQ.”
 
(The DIAMETER NASREQ application provides AAA services for dial-in PPP.)
 
Hogan went on: “Without the charging specification – the credit control specification – charge requests would be made in all sorts of different formats over the base protocol,” says Hogan. “Essentially, every equipment vendor would have probably been making up the same stuff, but in a proprietary, ad hoc way. Instead, they’ve got the benefit of the DCCA [Diameter Credit-Control Application], RFC 4006, which is on top of and uses the base DIAMETER protocol and, together, there’s a lot more structure to the common purpose of credit control for a device.”
 
“These applications are layered across the top of the DIAMETER protocol,” said Hogan. “To support DIAMETER, your device must support the base protocol, RFC 3588. That may be sufficient, if your device can get along solely with the base protocol. It reports information. But you may have a device that’s looking for a charge request to be answered. It sends an official Charge Request out and it receives a Charge Answer back. The system providing the answers — the charging platform, like our FusionWorks IMS online charging system — decides who you are, what service you’re trying to use, if your payment plan is prepaid or postpaid, if this is a service that’s a subscription-based service so you should be charged a monthly fee, if there are spending controls to stop kids playing with your account, and so forth. The charging platform is thus responsible for many decisions. Interestingly, this functionality isn’t built into the DIAMETER protocol itself.”
 
Interestingly, a DIAMETER Application is not a software application in the conventional sense, but a protocol based on the DIAMETER Base protocol defined in RFC 3588.
 
DIAMETER and IMS
 
Early on, the 3GPP standards body adopted DIAMETER as the primary signaling protocol for AAA and mobility management in IMS. The Home Subscriber Server (HSS), or User Profile Server Function (UPSF), is essentially a more advanced IMS version of a GSM Home Location Register (HLR) and Authentication Center (AUC). Thus, the HSS is the master user database supporting the IMS network entities that handle calls. It contains subscription-related information (user profile data) and control information for user authentication and authorization. It also performs authentication and authorization of the user, and can provide information about the user’s physical location. If multiple HSSs must be called upon then a Subscriber Location Function (SLF) is used to map user addresses. Both the HSS and the SLF communicate via DIAMETER.
 
The Call Session Control Function (CSCF) performs SIP session management for any user or SIP client requesting access to IMS services. SIP signaling is used to register with the Serving CSCF in the user’s home network. The S-CSCF uses the DIAMETER “Cx” interface both to request authorization information from the HSS in response to a SIP registration request and to retrieve subscriber information. The CSCF uses another DIAMETER interface, the “Dx” to locate the particular HSS serving the subscriber using a Service Location Feature.
 
Yet another DIAMETER interface, “Sh” is used by the Application Servers or an OSA/Parlay Gateway to retrieve and update subscriber profiles and shared database information such as call directories, screening lists, or presence information made accessible for authorized application platforms.
 
Finally, IMS charging is performed via the DIAMETER “Ro” and “Rf” interfaces, which support both on-line charging and off-line collection and forwarding of Call Detail Records (CDRs) using a DIAMETER protocol interface. The Ro interface is a 3GPP extension to the Diameter Credit-Control specification.
 
“Right now we support the Ro interface as it’s called,” said Openet’s Hogan. “It’s the DIAMETER credit control application interface in IMS. That is the RFC 4006 with some small changes. They’ve changed one or two of the attributes. But overall it’s pretty much the same protocol.”
 
Hogan’s company, Openet sells FusionWorks IMS, a platform that supports revenue-critical IMS charging and service control functions, including FusionWorks PCRF, a combined policy and charging rules management component.
 
What’s Next, CIRCUMFERENCE or CHORD?
 
Although a vast improvement over RADIUS, DIAMETER isn’t perfect, either.
 
In last month’s editorial, Yours Truly related a discussion with Ben Volkow, the COO of Traffix Systems whose company provides AAA products and solutions for network equipment providers and operators moving to next generation networks (NGNs) and IMS. The company’s AAA NG Gateway helps network operators migrate to IMS cost efficiently, using existing functionality embedded in their legacy network. The NG Gateway also enables the operator to offer advanced IMS AAA DIAMETER-based functionality.
 
“AAA in IMS is more important than it was in IP Centrex or other legacy network services,” said Volkow. “DIAMETER is used here, but, it’s not just about security. It deals with QoS too, as well as bandwidth, rating and policies. Every ‘W’ question [who, what, where, when, why] in the network is communicated using DIAMETER. It’s much more complex than RADIUS and involves more infrastructure. RADIUS was something that was used with billing and OSS, but DIAMETER is appearing everywhere. It’s in softswitches, application servers, policies, GGSNs [Gateway GPRS Support Nodes], everywhere. Almost every network component needs to know about and communicate using DIAMETER.”
 
So perhaps one day additional ‘applications’ (protocols) will be written for DIAMETER, or else yet another protocol shall arise.
 

Want to learn more about the topic covered in this article? Check out TMCnet’s White Paper Library, a collection of in-depth information on relevant topics affecting the IP communications industry. This information is free to registered users.

 
Richard Grigonis is Executive Editor of TMC’s (News - Alert) IP Communications Group.



blog comments powered by Disqus

Technology Marketing Corporation

800 Connecticut Ave, 1st Floor East, Norwalk, CT 06854 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.

STAY CURRENT YOUR WAY

© 2014 Technology Marketing Corporation. All rights reserved.