idnits 2.17.00 (12 Aug 2021) /tmp/idnits36937/draft-ietf-dime-app-design-guide-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 30, 2012) is 3581 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: draft-ietf-dime-rfc3588bis has been published as RFC 6733 ** Obsolete normative reference: RFC 3588 (Obsoleted by RFC 6733) -- Obsolete informational reference (is this intentional?): RFC 2407 (Obsoleted by RFC 4306) -- Obsolete informational reference (is this intentional?): RFC 2409 (Obsoleted by RFC 4306) -- Obsolete informational reference (is this intentional?): RFC 4005 (Obsoleted by RFC 7155) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Diameter Maintenance and Extensions L. Morand, Ed. 3 (DIME) Orange Labs 4 Internet-Draft V. Fajardo 5 Intended status: Informational 6 Expires: January 31, 2013 H. Tschofenig 7 Nokia Siemens Networks 8 July 30, 2012 10 Diameter Applications Design Guidelines 11 draft-ietf-dime-app-design-guide-15 13 Abstract 15 The Diameter Base protocol provides facilities for protocol 16 extensibility enabling to define new Diameter applications or modify 17 existing applications. This document is a companion document to the 18 Diameter Base protocol that further explains and clarifies the rules 19 to extend the Diameter Base protocol. It is meant as a guidelines 20 document and therefore it does not add, remove or change existing 21 rules. 23 Requirements Language 25 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 26 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 27 document are to be interpreted as described in [RFC2119]. 29 Status of this Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on January 31, 2013. 46 Copyright Notice 48 Copyright (c) 2012 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 65 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 66 4. Reusing existing Diameter applications . . . . . . . . . . . . 8 67 4.1. Adding a new command . . . . . . . . . . . . . . . . . . . 8 68 4.2. Deleting a command . . . . . . . . . . . . . . . . . . . . 9 69 4.3. Reusing existing commands . . . . . . . . . . . . . . . . 9 70 4.3.1. Adding AVPs to a ommand . . . . . . . . . . . . . . . 9 71 4.3.2. Deleting AVPs from a command . . . . . . . . . . . . . 11 72 4.4. Reusing existing AVPs . . . . . . . . . . . . . . . . . . 12 73 4.4.1. Setting of the AVP flags . . . . . . . . . . . . . . . 12 74 4.4.2. Reuse of AVP of type Enumerated . . . . . . . . . . . 12 75 5. Defining new Diameter applications . . . . . . . . . . . . . . 13 76 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 13 77 5.2. Defining new commands . . . . . . . . . . . . . . . . . . 13 78 5.3. Use of Application-Id in a message . . . . . . . . . . . . 14 79 5.4. Application specific Session State Machine . . . . . . . . 14 80 5.5. Session-Id AVP and session management . . . . . . . . . . 15 81 5.6. AVPs defined as Boolean flag . . . . . . . . . . . . . . . 15 82 5.7. Application-specific message routing . . . . . . . . . . . 16 83 5.8. About Translation Agent . . . . . . . . . . . . . . . . . 17 84 5.9. End-to-End applications capabilities exchange . . . . . . 17 85 5.10. Diameter accounting support . . . . . . . . . . . . . . . 18 86 5.11. Diameter security mechanisms . . . . . . . . . . . . . . . 20 87 6. Defining Generic Diameter Extensions . . . . . . . . . . . . . 22 88 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 89 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 90 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 26 91 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 92 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 93 11.1. Normative References . . . . . . . . . . . . . . . . . . . 28 94 11.2. Informative References . . . . . . . . . . . . . . . . . . 28 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 97 1. Introduction 99 The Diameter Base protocol provides facilities to extend the Diameter 100 Base protocol (see Section 1.3 of [I-D.ietf-dime-rfc3588bis]) for 101 supporting new functionalities. In the context of this document, 102 extending Diameter means one of the following: 104 1. Addition of a new functionality to an existing Diameter 105 application without defining a new application. 107 2. Addition of a new functionality to an existing Diameter 108 application that requires the definition of a new application. 110 3. The definition of a new Diameter application to provide a set of 111 functionalities not supported by existing applications. 113 4. The definition of a new generic functionality that can be reused 114 across different applications. 116 All of these choices are design decisions that can be done by any 117 combination of reusing existing or defining new commands, AVPs or AVP 118 values. However, application designers do not have total freedom 119 when making their design. A number of rules have been defined in 120 [I-D.ietf-dime-rfc3588bis] and place constraints on when an extension 121 requires the allocation of a new Diameter application identifier or a 122 new command code value. The objective of this document is the 123 following: 125 o Clarify updated Diameter extensibility rules in the Diameter Base 126 Protocol. 128 o Clarify usage of certain Diameter functionalities that are not 129 explicitly described in the Diameter Base specification. 131 o Discuss design choices and provide guidelines when defining new 132 applications. 134 o Present tradeoffs of design choices. 136 2. Terminology 138 This document reuses the terminology used in 139 [I-D.ietf-dime-rfc3588bis]. 141 3. Overview 143 As designed, the Diameter Base protocol [I-D.ietf-dime-rfc3588bis] 144 can be seen as a two-layer protocol. The lower layer is mainly 145 responsible for managing connections between neighboring peers and 146 for message routing. The upper layer is where the Diameter 147 applications reside. This model is in line with a Diameter node 148 having an application layer and a peer-to-peer delivery layer. The 149 Diameter Base protocol document defines the architecture and behavior 150 of the message delivery layer and then provides the framework for 151 designing Diameter applications on the application layer. This 152 framework includes definitions of application sessions and accounting 153 support (see Section 8 and 9 of [I-D.ietf-dime-rfc3588bis]). 154 Accordingly, a Diameter node is seen in this document as a single 155 instance of a Diameter message delivery layer and one or more 156 Diameter applications using it. 158 The Diameter Base protocol is designed to be extensible and the 159 principles are described in the section 1.3 of 160 [I-D.ietf-dime-rfc3588bis]. Extending Diameter can mean either the 161 definition of a completly new Diameter application or the reuse of 162 commands, AVPs and AVP values in any combination for the purpose of 163 inheriting the features of an existing Diameter application. The 164 recommendation for re-using as much as possible existing 165 implementations is meaningful as most of the requirements defined for 166 a new application are likely already fulfilled by existing 167 applications. 169 However, when reusing existing applications, there is a greater 170 likelihood of ambiguity on how much of the existing application can 171 be enhanced without being distorted too much and therefore requiring 172 the definition of a new application. 174 The impacts of extending existing applications can be categorized as 175 follow: 177 Minor Extension: Enhancing the functional scope of an existing 178 application by the addition of optional features to support. Such 179 enhancement has no backward compatibility issue with the existing 180 application. A typical example would be the definition of a new 181 optional AVP to use in an existing command. Diameter 182 implementations supporting the existing application but not the 183 new AVP will simply ignore it, without major consequences on the 184 Diameter message handling. In general, this includes everything 185 that is not covered by the next category. The standardization 186 effort will be fairly small. 188 Major Extension: Enhancing the functional scope of an existing 189 application in such a way that this implies backward compatible 190 change to the existing application and then requires the 191 definition of a new Diameter application. Typical examples would 192 be the creation of a new command for providing functionality not 193 supported by existing applications or the definition of a new AVP 194 with M-bit set to carry in an existing command. For such 195 extension, a significant specification effort is required and a 196 careful approach is recommended. 198 The rules outlined in the section 1.3 of [I-D.ietf-dime-rfc3588bis] 199 indicate when an extension requires a new command code to be 200 registered and when new Diameter applications have to be defined. 201 The subsequent sections further explain and clarify the rules to 202 extend the Diameter Base protocol. It is meant as a guidelines 203 document and therefore it does not add, remove or change existing 204 rules. 206 4. Reusing existing Diameter applications 208 When selecting the Diameter Base protocol to support new 209 functionalities, protocol designers are advised to try to re-use as 210 much as possible existing Diameter applications to simplify 211 standardization, implementation and avoid potential interoperability 212 issues. However, existing application needs to be adapted to support 213 new requirements and these modifications can be at the command level 214 and/or at the AVP level. The following sections describe the 215 possible modifications that can be performed on existing applications 216 and their related impacts. 218 4.1. Adding a new command 220 Adding a new command is considered as a major extension and requires 221 a new Diameter application to be defined. Adding a new command to an 222 application means either defining a completely new command or 223 importing the command's CCF syntax specification from another 224 application whereby the new application inherits some or all of the 225 functionality of the application where the command came from. In the 226 former case, the decision to create an new application is 227 straightforward since this is typically a result of adding a new 228 functionality that does not exist yet. For the latter, the decision 229 to create a new application will depend on whether importing the 230 command in a new application is more suitable than simply using the 231 existing application as it is in conjunction with any other 232 application. Therefore, a case by case study of each application 233 requirement should be applied. 235 An illustrative example is the command pair defined in Diameter EAP 236 application [RFC4072] that can be re-used conjointly with any other 237 application (e.g. the Diameter NASREQ application [RFC4005]) as soon 238 as standard EAP-based authentication procedures need to be supported 239 by the implementation. It may therefore not be required to import 240 the command pair in the new defined application. 242 However, in general, it is difficult to come to a hard guideline, and 243 so a case by case study of each application requirement should be 244 applied. Before adding or importing a command, application designers 245 should consider the following: 247 o Can the new functionality be fulfilled by creating a new command 248 independent from any existing command? In this case, the 249 resulting new application and the existing application can work 250 independent of, but cooperating with each other. 252 o Can the existing command be reused without major extensions and 253 therefore without the need for the definition of a new 254 application, e.g. new functionality introduced by the creation of 255 new optional AVPs. 257 o Care should be taken to avoid a liberal method of importing 258 existing command's CCF syntax specification. This would result in 259 a monolithic and hard to manage applications supporting too many 260 different functionalities and can cause interoperability issues 261 between the different applications. . 263 4.2. Deleting a command 265 Although this process is not typical, removing a command to an 266 application requires a new Diameter application to be defined. this 267 is due to the fact that the reception of the deleted command would 268 systematically result in a protocol error 269 (DIAMETER_COMMAND_UNSUPPORTED). 271 It is unusual to delete an existing command from an application for 272 the sake of deleting it or the functionality it represents. This 273 normally indicates of a flawed design. An exception might be if the 274 intent of the deletion is to create a newer version of the same 275 application which is somehow simpler than the previous version. 277 4.3. Reusing existing commands 279 This section discusses rules in adding and/or deleting AVPs from an 280 existing command of an existing application. The cases described in 281 this section may not necessarily result in the creation of new 282 applications. 284 It is worth to note that the strong recommendation to re-use existing 285 commands in the [RFC3588] was to prevent rapid scarcity of code 286 values available for vendor-specific commands. 287 [I-D.ietf-dime-rfc3588bis] relaxes the policy with respect to the 288 allocation of command codes for vendor-specific uses and enlarges the 289 range of available code values for vendor-specific applications. 290 Therefore, if it is still recommended to re-use as much as possible 291 existing commands, protocol designers can consider more easily the 292 definition of a new command when it is a solution more suitable than 293 twisting existing command use and applications. 295 4.3.1. Adding AVPs to a ommand 297 Based on the rules in [I-D.ietf-dime-rfc3588bis], AVPs that are added 298 to an existing command can be categorized into: 300 o Mandatory (to understand) AVPs. As defined in 301 [I-D.ietf-dime-rfc3588bis], these are AVPs with the M-bit flag 302 set, which means that a Diameter node receiving are required to 303 understand not only their values but their semantics. Failure to 304 do so will cause an message handling error. This is regardless of 305 whether these AVPs are required or optional as specified by the 306 command's CCF syntax specification. 308 o Optional (to understand) AVPs. As defined in 309 [I-D.ietf-dime-rfc3588bis], these are AVPs with the M-bit flag 310 cleared, which mean that a Diameter node receiving these AVP can 311 simply ignore them if not supported in the process of the received 312 command. 314 The rules are strict in the case where the AVPs to be added are 315 mandatory to understand i.e. with the M-bit set. A mandatory AVP 316 cannot be added to an existing command without defining a new 317 Diameter application, as stated in [I-D.ietf-dime-rfc3588bis]. This 318 falls into the "Major Extensions" category. Despite the clarity of 319 the rule, ambiguity still arises when evaluating whether a new AVP 320 being added should be mandatory to begin with. Here is a list of few 321 common questions that application designers should wonder when trying 322 to decide: 324 o Would it be required for the receiving side to be able to process 325 and understand the AVP and its content? 327 o Would the new AVPs change the state machine of the application? 329 o Would the presence of the new AVP lead to a different number of 330 roundtrips, effectively changing the state machine of the 331 application? 333 o Would the new AVP be used to differentiate between old and new 334 versions of the same application whereby the two versions are not 335 backward compatible? 337 o Would the new AVP have duality in meaning i.e. be used to carry 338 application related information as well as be used to indicate 339 that the message is for a new application? 341 When one of the above questions can be answered in the affirmative 342 then the M-bit has to be set for the new AVP. 344 If application designers are instead contemplating on the use of 345 optional AVPs i.e. with the M-bit cleared, then the following are 346 some of the pitfalls that should be avoided: 348 o Use of optional AVPs with intersecting meaning. One AVP has 349 partially the same usage and meaning as another AVP. The presence 350 of both can lead to confusion. 352 o An optional AVPs with dual purpose, i.e. to carry applications 353 data as well as to indicate support for one or more features. 354 This has a tendency to introduce interpretation issues. 356 o Adding one or more optional AVPs and indicating (usually within 357 descriptive text for the command) that at least one of them has to 358 be present in the command. This essentially circumventing the 359 ABNF and is equivalent to adding a mandatory AVPs to the command. 361 These practices generally result in interoperability issues and 362 should be avoided as much as possible. 364 4.3.2. Deleting AVPs from a command 366 When deleting an AVP from a command, the following cases need to be 367 differentiated: 369 o Deleting an AVP that is indicated as { AVP } in the command's CCF 370 syntax specification, whatever the setting of the M-bit set. This 371 means the definition of a new command. In this case, a new 372 command code and subsequently a new Diameter application have to 373 be specified. 375 o Deleting an AVP with M-bit set that is indicated as [ AVP ] in the 376 command's CCF syntax specification. No new command code has to be 377 specified but the definition of a new Diameter application is 378 required. 380 o Deleting an AVP with the M-bit cleared that is indicated as [ AVP 381 ] in the command's CCF syntax specification. In this case, the 382 AVP can be deleted without consequences. 384 If possible application designers should attempt the reuse the 385 command's CCF syntax specification without modification and simply 386 ignore (but not delete) any optional AVP that will not be used. This 387 is to maintain compatibility with existing applications that will not 388 know about the new functionality as well as maintain the integrity of 389 existing dictionaries. 391 4.4. Reusing existing AVPs 393 This section discusses rules in reusing existing AVP when reusing an 394 existing command or defining a new command in a new application. 396 4.4.1. Setting of the AVP flags 398 When reusing AVPs in a new application, the AVP flag setting, such as 399 the mandatory flag ('M'-bit), has to be re-evaluated for a new 400 Diameter application and, if necessary, even for every command within 401 the application. In general, for AVPs defined outside of the base 402 protocol, its mandatory characteristics are tied to its role within 403 an application and command. 405 All other AVP flags shall remain unchanged 407 4.4.2. Reuse of AVP of type Enumerated 409 When modifying the set of values supported by an AVP of type 410 Enumerated, this means defining a new AVP. Modifying the set of 411 Enumerated values includes adding a value or deprecating the use of a 412 value defined initially for the AVP. Defining a new AVP will avoid 413 interoperability issues. 415 5. Defining new Diameter applications 417 5.1. Introduction 419 The general recommendation for Diameter extensibility is to reuse 420 commands, AVPs and AVP values as much as possible. However, some of 421 the extensibility rules described in the previous sections also apply 422 to scenarios where a designer is trying to define a completely new 423 Diameter application. 425 This section discusses the case where new applications have 426 requirements that cannot be filled by existing applications and would 427 require definition of completely new commands, AVPs and/or AVP 428 values. Typically, there is little ambiguity about the decision to 429 create these types of applications. Some examples are the interfaces 430 defined for the IP Multimedia Subsystem of 3GPP, i.e. Cx/Dx 431 ([TS29.228] and [TS29.229]), Sh ([TS29.328] and [TS29.329]) etc. 433 Application designers should also follow the theme of Diameter 434 extensibility which in this case means to import existing AVPs and 435 AVP values for any newly defined commands. In certain cases where 436 accounting will be used, the models described in Section 5.10 should 437 also be considered. Though some decisions may be clear, designers 438 should also consider certain aspects of defining a new application. 439 Some of these aspects are described in following sections. 441 5.2. Defining new commands 443 As a general recommendation, Reusing as much as possible of existing 444 material is encouraged when defining new commands. Protocol 445 designers can thus usefully benefit from the experience gained with 446 the implementation of existing commands. This includes good pratices 447 to reuse but also known mistakes not to repeat. Therefore it is 448 advisable to avoid the definition of a command from scratch and 449 rather take as an example an existing command that would be 450 functionally close to command under definition. 452 Moreover, the new command's CCF should be carefully defined when 453 considering applicability and extensibility of the application. If 454 most of the AVPs contained in the command are indicated as fixed or 455 required, it might be difficult to reuse the same command and 456 therefore the same application if the context has slightly changed 457 and some AVPs become obsolete. Defining a command with most of the 458 AVPs indicated as optional must not be seen as a sub-optimal design 459 introducing too much flexibility in the protocol. The protocol 460 designers are only advised to clearly state the condition of presence 461 of these AVPs and properly define the corresponding behaviour of the 462 Diameter nodes when these AVPs are absent from the command. 464 In the same way, the CCF should be defined in a way that it will be 465 possible to add any arbitrary optional AVPs with the M-bit cleared 466 (including vendor-specific AVPs) without modifying the application. 467 For this purpose, it is strongly recommended to add "* [AVP]" in the 468 command's CCF that will allow the addition of any arbitrary AVP as 469 described in [I-D.ietf-dime-rfc3588bis]. 471 5.3. Use of Application-Id in a message 473 When designing new applications, designers should specify that the 474 application ID carried in all session level messages must be the 475 application ID of the application using those messages. This 476 includes the session level messages defined in base protocol, i.e., 477 RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the coupled 478 accounting model, see Section 5.10. Existing specifications may not 479 adhere to this rule for historical or other reasons. However, this 480 scheme should be followed to avoid possible routing problems for 481 these messages. 483 In general, when a new application has been allocated with a new 484 application id and it also reuses existing commands with or without 485 modifications (Sec 4.1), it must use the newly allocated application 486 id in the header and in all relevant application id AVPs (Auth- 487 Application-Id or Acct-Application-Id) present in the commands 488 message body. 490 Additionally, application designs using 491 Vendor-Specific-Application-Id AVP should not use the Vendor-Id AVP 492 to further dissect or differentiate the vendor-specification 493 application id. Diameter routing is not based on the Vendor-Id. As 494 such, the Vendor-ID should not be used as an additional input for 495 routing or delivery of messages. In general, the Vendor-Id AVP is an 496 informational AVP only and kept for backward compatibility reasons. 498 5.4. Application specific Session State Machine 500 Section 8 of [I-D.ietf-dime-rfc3588bis] provides session state 501 machines for authentication, authorization and accounting (AAA) 502 services. When a new application is being defined that cannot 503 clearly be categorized into any of these services it is recommended 504 that the application itself define its own session state machine. 505 The existing session state machines defined by 506 [I-D.ietf-dime-rfc3588bis] is not intended for general use beyond AAA 507 services, therefore any behavior not covered by that category would 508 not fit well. Support for server initiated request is a clear 509 example where an application specific session state machine would be 510 needed, for example, the Rw interface for ITU-T push model ( 511 cf.[Q.3303.3]). 513 5.5. Session-Id AVP and session management 515 Diameter applications are usually designed with the aim of managing 516 user sessions, e.g. network access session (NASREQ application 517 [RFC4005]) or specific service access session (Diameter SIP 518 application [RFC4740]). In the Diameter base protocol, the session 519 management is based on the Session-Id AVP that it used to identify a 520 given session and all the Diameter messages including the same 521 Session-Id will be bound to the same session. Diameter-based session 522 management also implies that both Diameter client and server (and 523 potentially proxy agents in the diameter path) are maintaining 524 session state information associated with the Session-Id contained in 525 the Diameter messages. 527 However, some applications may not need to rely on the Session-Id to 528 identify and manage user sessions because other information can be 529 used instead to correlate Diameter messages. Indeed, the User-Name 530 AVP or any other specific AVP can be present in every Diameter 531 message and used therefore for message correlation. There might even 532 be applications for which the notion of Diameter session management 533 would not be required at all. For such applications, the Auth- 534 Session-State AVP is usually set to NO_STATE_MAINTAINED in all the 535 Diameter messages and these applications are therefore designed as a 536 set of stand-alone transactions. Even if an explicit access session 537 termination is required, application-specific commands are defined 538 and used instead of the Session-Termination-Request/Answer (STR/STA) 539 or Abort-Session-Request/Answer (ASR/ASA) defined in the Diameter 540 base protocol. In such a case, the Session-Id is not significant. 542 Based on these considerations, protocol designers should carefully 543 appraise whether the application currently defined relies on the 544 concept of session management and whether the Session-Id defined in 545 the Diameter Base protocol would be really used for correlation of 546 messages related to the same session. If not, the protocol designers 547 could decide to define application commands without the Session-Id 548 AVP. If any session management concept is supported by the 549 application the application documentation must clearly specify how 550 the session is handled between client and server (as possibly 551 Diameter agents in the path). 553 5.6. AVPs defined as Boolean flag 555 The type Enumerated was initially defined to provide list of valid 556 values for an AVP with their respective interpretation described in 557 the specification. For instance, AVPs of type Enumerated can be used 558 to provide further information on the reason for the termination of a 559 session or a specific action to perform on the reception of the 560 request. 562 However, AVPs of type Enumerated are too often used as simple Boolean 563 flag, indicating for instance a specific permission or capability, 564 and therefore only two values are defined e.g. TRUE/FALSE, 565 AUTORIZED/UNAUTHORIZED or SUPPORTED/UNSUPPORTED. This has to be 566 considered as a sub-optimal design as this limits the extensibility 567 of the application: any new capability/permission would have to be 568 supported by a new AVP or new Enumerated value of the already defined 569 AVP that would cause in consequence backwards compatibility issues 570 with existing implementations. 572 Instead of defining Enumerated AVP when the AVP simply used as a 573 Boolean flag, protocol designers are encouraged to rely on AVP 574 defined in the form of a bit mask with the interpretation of the 575 setting of each bit described in the relevant Diameter application 576 specification. Such AVPs can be reused and extended to multiplex 577 several indications without major impact on the Diameter application. 578 The bit-mask should be therefore long enough to leave room for future 579 additions. Examples of AVP defined as bit mask are the Session- 580 Binding AVP defined in [I-D.ietf-dime-rfc3588bis] and the MIP6- 581 Feature-Vector AVP defined in [RFC5447] 583 5.7. Application-specific message routing 585 Diameter request message routing usually relies on the Destination- 586 Realm AVP and the Application Id present in the request message 587 header. However, some applications may need to rely on the User-Name 588 AVP or any other application-specific AVP present in the request to 589 determine the final destination of a request e.g. find the target AAA 590 server hosting the authorization information for a given user when 591 multiple AAA servers are addressable in the realm. 593 In such a context, basic routing mechanisms described in 594 [I-D.ietf-dime-rfc3588bis] are not fully suitable and additional 595 application-level routing mechanisms have to be described in the 596 application documentation to provide such specific AVP-based routing. 597 Such functionality will be basically hosted by an application- 598 specific Proxy agent that will be responsible for routing decisions 599 based on the received specific AVPs. 601 Example of such specific routing function can be found the 602 applications defined for the IP Multimedia Subsystem of 3GPP, i.e. 603 Cx/Dx applications ([TS29.228] and [TS29.229]) in which the 604 Subscriber Location Function (SLF) is defined a proxy agent (or 605 enhanced Redirect agent) using specific application-level identities 606 found in the request to determine the final destination of the 607 message. 609 Whatever the criteria used to establish the routing path of the 610 request, the routing of the answer should follow the reverse path of 611 the request, as described in [I-D.ietf-dime-rfc3588bis], the answer 612 being sent to the source of the received request, using transaction 613 states and Hop-by-hop identifier matching. In particular, this 614 ensures that Diameter agents in the request routing path (Relay or 615 Proxy agents) will be able to correctly release the transaction state 616 associated to the request upon receipt of the answer, avoiding thus 617 unnecessary failover triggering due to non reception of the answer 618 corresponding to the request. Application designers are strongly 619 recommended to not attempt to modify the answer routing principles 620 described in [I-D.ietf-dime-rfc3588bis] when defining a new 621 application. 623 5.8. About Translation Agent 625 As defined in [I-D.ietf-dime-rfc3588bis], a translation agent is a 626 device that provides interworking between Diameter and another 627 protocol (e.g. RADIUS, TACACS+). 629 In the specific case of RADIUS, it was initially foreseen that the 630 translation function would have been straightforward to define and 631 deploy by adopting few basic principles e.g. use of a shared range of 632 code values for RADIUS attributes and Diameter AVPs, some guidelines 633 on translation and management of key information (such as 634 authentication parameter, routing/accounting or states), etc. And 635 all this material was put in the RFC 4005 ([RFC4005]) to be used as 636 generic guideline for implementation of RADIUS-Diameter translation 637 agent. 639 However, it was acknowledged that such translation mechanism was not 640 so obvious and deeper protocol analysis was required to ensure 641 efficient interworking between RADIUS and Diameter. Moreover, the 642 interworking requirements will likely depend on the functionalities 643 provided by the Diameter application under specification and a case- 644 by-case analysis will be required. 646 Therefore, when interoperability with RADIUS infrastructure is 647 foreseen, protocol designers are advised that they cannot assume the 648 availability of "standard" Diameter-to-RADIUS gateways agent and the 649 required translation mechanism should be then specified along with 650 the Diameter application. And the recommendation in the case of 651 RADIUS-Diameter interworking applies of course for any other kind of 652 translation (e.g. Diameter/MAP). 654 5.9. End-to-End applications capabilities exchange 656 New Diameter applications can rely on optional AVPs to exchange 657 application specific capabilities and features. These AVPs can be 658 exchanged on an end-to-end basis at the application layer. Examples 659 of this can be found in [RFC5447] and [RFC5777]. 661 The end-to-end capabilities AVPs can aid in the following cases: 663 o Formalizing the way new functionality is added to existing 664 applications by announcing support for it. 666 o Applications that do not understand these AVP can discard it upon 667 receipt. In such case, senders of the AVP can also safely assume 668 the receiving end-point does not support any functionality carried 669 by the AVP if it is not present in subsequent responses. 671 o Useful in cases where deployment choices are offered and the 672 generic design can be made available for a number of applications. 674 Note that this list is not meant to be comprehensive. 676 When used in a new application, protocol designers should clearly 677 specify this end-to-end capabilities exchange and the corresponding 678 behaviour of the Diameter nodes supporting the application. 680 5.10. Diameter accounting support 682 Accounting can be treated as an auxiliary application which is used 683 in support of other applications. In most cases, accounting support 684 is required when defining new applications. This document provides 685 two(2) possible models for using accounting: 687 Split Accounting Model 689 In this model, the accounting messages will use the Diameter base 690 accounting application ID (value of 3). The design implication 691 for this is that the accounting is treated as an independent 692 application, especially during Diameter routing. This means that 693 accounting commands emanating from an application may be routed 694 separately from the rest of the other application messages. This 695 may also imply that the messages generally end up in a central 696 accounting server. A split accounting model is a good design 697 choice when: 699 * The application itself will not define its own unique 700 accounting commands. 702 * The overall system architecture permits the use of centralized 703 accounting for one or more Diameter applications. 705 Centralizing accounting may have advantages but there are also 706 drawbacks. The model assumes that the accounting server can 707 somehow differentiate received accounting messages. Since the 708 received accounting messages can be for any application and/or 709 service, the accounting server has to be have a method to uniquely 710 match accounting messages with applications and/or services being 711 accounted for. This may mean defining new AVPs, checking the 712 presence, absence or contents of existing AVPs or checking the 713 contents of the accounting records itself. But in general, there 714 is no clean and generic scheme for sorting these messages. 715 Therefore, the use of this model is recommended only when all 716 received accounting messages can be clearly identified and sorted. 717 For most cases, the use of Coupled Accounting Model is 718 recommended. 720 Coupled Accounting Model 722 In this model, the accounting messages will use the application ID 723 of the application using the accounting service. The design 724 implication for this is that the accounting messages are tightly 725 coupled with the application itself; meaning that accounting 726 messages will be routed like any other application messages. It 727 would then be the responsibility of the application server 728 (application entity receiving the ACR message) to send the 729 accounting records carried by the accounting messages to the 730 proper accounting server. The application server is also 731 responsible for formulating a proper response (ACA). A coupled 732 accounting model is a good design choice when: 734 * The system architecture or deployment will not provide an 735 accounting server that supports Diameter. 737 * The system architecture or deployment requires that the 738 accounting service for the specific application should be 739 handled by the application itself. 741 * The application server is provisioned to use a different 742 protocol to access the accounting server; e.g., via LDAP, SOAP 743 etc. This includes attempting to support older accounting 744 systems that are not Diameter aware. 746 In all cases above, there will generally be no direct Diameter 747 access to the accounting server. 749 These models provide a basis for using accounting messages. 750 Application designers may obviously deviate from these models 751 provided that the factors being addressed here have also been taken 752 into account. Though it is not recommended, examples of other 753 methods might be defining a new set of commands to carry application 754 specific accounting records. 756 5.11. Diameter security mechanisms 758 As specified in [I-D.ietf-dime-rfc3588bis], the Diameter message 759 exchange should be secured by using TLS/TCP or DTLS/SCTP. However, 760 IPsec Additional security mechanisms such as IPsec can also be 761 deployed to secure connections between Diameter peers. When IPsec is 762 used instead of TLS or DTLS, the following recommendations apply. 764 IPsec ESP 5.3 [RFC4301] in transport mode with non-null encryption 765 and authentication algorithms is used to provide per-packet 766 authentication, integrity protection and confidentiality, and support 767 the replay protection mechanisms of IPsec. IKE is used for peer 768 authentication, negotiation of security associations, and key 769 management, using the IPsec DOI [RFC2407]. Peer authentication can 770 be achieved by using a pre-shared key or certificate-based peer 771 authentication using digital signatures can be used as alternative. 772 Peer authentication using the public key encryption methods outlined 773 in IKE's Sections 5.2 and 5.3 [RFC2409] should not be used. 775 Diameter implementations using IPsec as security mechanisms must 776 support both IKE Main Mode and Aggressive Mode. When pre-shared keys 777 are used for authentication, IKE Aggressive Mode should be used 778 instead of IKE Main Mode. When digital signatures are used for 779 authentication, either IKE Main Mode or IKE Aggressive Mode can be 780 used. 782 When digital signatures are used to achieve authentication, an IKE 783 negotiator should use IKE Certificate Request Payload(s) to specify 784 the certificate authority (or authorities) that are trusted in 785 accordance with its local policy. IKE negotiators should use 786 pertinent certificate revocation checks before accepting a PKI 787 certificate for use in IKE's authentication procedures. 789 The Phase 2 Quick Mode exchanges used to negotiate protection for 790 Diameter connections must explicitly carry the Identity Payload 791 fields (IDci and IDcr). The DOI provides for several types of 792 identification data. However, when used in conformant 793 implementations, each ID Payload must carry a single IP address and a 794 single non-zero port number, and must not use the IP Subnet or IP 795 Address Range formats. This allows the Phase 2 security association 796 to correspond to specific TCP and SCTP connections. 798 Since IPsec acceleration hardware may only be able to handle a 799 limited number of active IKE Phase 2 SAs, Phase 2 delete messages may 800 be sent for idle SAs, as a means of keeping the number of active 801 Phase 2 SAs to a minimum. The receipt of an IKE Phase 2 delete 802 message should not be interpreted as a reason for tearing down a 803 Diameter connection. Rather, it is preferable to leave the 804 connection up, and if additional traffic is sent on it, to bring up 805 another IKE Phase 2 SA to protect it. This avoids the potential for 806 continually bringing connections up and down. 808 6. Defining Generic Diameter Extensions 810 Generic Diameter extensions are AVPs, commands or applications that 811 are designed to support other Diameter applications. They are 812 auxiliary applications meant to improve or enhance the Diameter 813 protocol itself or Diameter applications/functionality. Some 814 examples include the extensions to support auditing and redundancy 815 (see [I-D.calhoun-diameter-res-mgmt]), improvements in duplicate 816 detection scheme (see [I-D.asveren-dime-dupcons]), and piggybacking 817 of QoS attributes (see [RFC5777]). 819 Since generic extensions can cover many aspects of Diameter and 820 Diameter applications, it is not possible to enumerate all the 821 probable scenarios in this document. However, some of the most 822 common considerations are as follows: 824 o Backward compatibility: Dealing with existing applications that do 825 not understand the new extension. Designers also have to make 826 sure that new extensions do not break expected message delivery 827 layer behavior. 829 o Forward compatibility: Making sure that the design will not 830 introduce undue restrictions for future applications. Future 831 applications attempting to support this feature should not have to 832 go through great lengths to implement any new extensions. 834 o Tradeoffs in signaling: Designers may have to choose between the 835 use of optional AVPs piggybacked onto existing commands versus 836 defining new commands and applications. Optional AVPs are simpler 837 to implement and may not need changes to existing applications; 838 However, the drawback is that the timing of sending extension data 839 will be tied to when the application would be sending a message. 840 This has consequences if the application and the extensions have 841 different timing requirements. The use of commands and 842 applications solves this issue but the tradeoff is the additional 843 complexity of defining and deploying a new application. It is 844 left up to the designer to find a good balance among these 845 tradeoffs based on the requirements of the extension. 847 In practice, it is often the case that the generic extensions use 848 optional AVPs because it's simple and not intrusive to the 849 application that would carry it. Peers that do not support the 850 generic extensions need not understand nor recognize these optional 851 AVPs. However, it is recommended that the authors of the extension 852 specify the context or usage of the optional AVPs. As an example, in 853 the case that the AVP can be used only by a specific set of 854 applications then the specification must enumerate these applications 855 and the scenarios when the optional AVPs will be used. In the case 856 where the optional AVPs can be carried by any application, it is 857 should be sufficient to specify such a use case and perhaps provide 858 specific examples of applications using them. 860 In most cases, these optional AVPs piggybacked by applications would 861 be defined as a Grouped AVP and it would encapsulate all the 862 functionality of the generic extension. In practice, it is not 863 uncommon that the Grouped AVP will encapsulate an existing AVP that 864 has previously been defined as mandatory ('M'-bit set) e.g., 3GPP IMS 865 Cx/Dx interfaces ([TS29.228] and [TS29.229]). 867 7. IANA Considerations 869 This document does not require actions by IANA. 871 8. Security Considerations 873 This document does provides guidelines and considerations for 874 extending Diameter and Diameter applications. It does not define nor 875 address security related protocols or schemes. 877 9. Contributors 879 The content of this document was influenced by a design team created 880 to revisit the Diameter extensibility rules. The team consisting of 881 the members listed below was formed in February 2008 and finished its 882 work in June 2008. 884 o Avi Lior 886 o Glen Zorn 888 o Jari Arkko 890 o Lionel Morand 892 o Mark Jones 894 o Victor Fajardo 896 o Tolga Asveren 898 o Jouni Korhonen 900 o Glenn McGregor 902 o Hannes Tschofenig 904 o Dave Frascone 906 We would like to thank Tolga Asveren, Glenn McGregor, and John 907 Loughney for their contributions as co-authors to earlier versions of 908 this document. 910 10. Acknowledgments 912 We greatly appreciate the insight provided by Diameter implementers 913 who have highlighted the issues and concerns being addressed by this 914 document. 916 11. References 918 11.1. Normative References 920 [I-D.ietf-dime-rfc3588bis] 921 Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, 922 "Diameter Base Protocol", draft-ietf-dime-rfc3588bis-34 923 (work in progress), June 2012. 925 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 926 Requirement Levels", BCP 14, RFC 2119, March 1997. 928 [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. 929 Arkko, "Diameter Base Protocol", RFC 3588, September 2003. 931 11.2. Informative References 933 [I-D.asveren-dime-dupcons] 934 Asveren, T., "Diameter Duplicate Detection Cons.", 935 draft-asveren-dime-dupcons-00 (work in progress), 936 August 2006. 938 [I-D.calhoun-diameter-res-mgmt] 939 Calhoun, P., "Diameter Resource Management Extensions", 940 draft-calhoun-diameter-res-mgmt-08.txt (work in progress), 941 March 2001. 943 [Q.3303.3] 944 3rd Generation Partnership Project, "ITU-T Recommendation 945 Q.3303.3, "Resource control protocol no. 3 (rcp3): 946 Protocol at the Rw interface between the Policy Decision 947 Physical Entity (PD-PE) and the Policy Enforcement 948 Physical Entity (PE-PE): Diameter"", 2008. 950 [RFC2407] D. Piper, "The Internet IP Security Domain of 951 Interpretation for ISAKMP", 1998. 953 [RFC2409] D. Harkins and D. Carrel, "The Internet Key Exchange 954 (IKE)", 1998. 956 [RFC4005] P. Calhoun et al., "Diameter Network Access Server 957 Application", August 2005, 958 . 960 [RFC4072] P. Eronen et al., "Diameter Extensible Authentication 961 Protocol (EAP) Application", August 2005, 962 . 964 [RFC4301] S. Kent and K. Seo, "Security Architecture for the 965 Internet Protocol", 2005. 967 [RFC4740] M. Garcia-Martin et al., "Diameter Session Initiation 968 Protocol (SIP) Application", November 2006, 969 . 971 [RFC5447] J. Korhonen et al., "Diameter Mobile IPv6: Support for 972 Network Access Server to Diameter Server Interaction", 973 February 2009, 974 . 976 [RFC5777] J. Korhonen et al., "Traffic Classification and Quality of 977 Service (QoS) Attributes for Diameter", 2010. 979 [TS29.228] 980 3rd Generation Partnership Project, "3GPP TS 29.228; 981 Technical Specification Group Core Network and Terminals; 982 IP Multimedia (IM) Subsystem Cx and Dx Interfaces; 983 Signalling flows and message contents", 984 . 986 [TS29.229] 987 3rd Generation Partnership Project, "3GPP TS 29.229; 988 Technical Specification Group Core Network and Terminals; 989 Cx and Dx interfaces based on the Diameter protocol; 990 Protocol details", 991 . 993 [TS29.328] 994 3rd Generation Partnership Project, "3GPP TS 29.328; 995 Technical Specification Group Core Network and Terminals; 996 IP Multimedia (IM) Subsystem Sh interface; signalling 997 flows and message content", 998 . 1000 [TS29.329] 1001 3rd Generation Partnership Project, "3GPP TS 29.329; 1002 Technical Specification Group Core Network and Terminals; 1003 Sh Interface based on the Diameter protocol; Protocol 1004 details", 1005 . 1007 Authors' Addresses 1009 Lionel Morand (editor) 1010 Orange Labs 1012 Email: lionel.morand@orange.com 1014 Victor Fajardo 1016 Email: vf0213@gmail.com 1018 Hannes Tschofenig 1019 Nokia Siemens Networks 1020 Linnoitustie 6 1021 Espoo 02600 1022 Finland 1024 Phone: +358 (50) 4871445 1025 Email: Hannes.Tschofenig@gmx.net 1026 URI: http://www.tschofenig.priv.at