idnits 2.17.00 (12 Aug 2021) /tmp/idnits38740/draft-ietf-dime-app-design-guide-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 06, 2013) is 3270 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC2407' is defined on line 869, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 2407 (Obsoleted by RFC 4306) -- Obsolete informational reference (is this intentional?): RFC 2409 (Obsoleted by RFC 4306) -- Obsolete informational reference (is this intentional?): RFC 3588 (Obsoleted by RFC 6733) -- Obsolete informational reference (is this intentional?): RFC 4005 (Obsoleted by RFC 7155) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Diameter Maintenance and Extensions (DIME) L. Morand, Ed. 3 Internet-Draft Orange Labs 4 Intended status: Informational V. Fajardo 5 Expires: December 08, 2013 6 H. Tschofenig 7 Nokia Siemens Networks 8 June 06, 2013 10 Diameter Applications Design Guidelines 11 draft-ietf-dime-app-design-guide-18 13 Abstract 15 The Diameter base protocol provides facilities for protocol 16 extensibility enabling to define new Diameter applications or modify 17 existing applications. This document is a companion document to the 18 Diameter Base protocol that further explains and clarifies the rules 19 to extend Diameter. It is meant as a guidelines document and 20 therefore as informative in nature. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on December 08, 2013. 39 Copyright Notice 41 Copyright (c) 2013 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 4. Reusing Existing Diameter Applications . . . . . . . . . . . 5 60 4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 5 61 4.2. Deleting an Existing Command . . . . . . . . . . . . . . 6 62 4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 6 63 4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 6 64 4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 8 65 4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 9 66 4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 9 67 4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 9 68 5. Defining New Diameter Applications . . . . . . . . . . . . . 9 69 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 9 70 5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 10 71 5.3. Use of Application-Id in a Message . . . . . . . . . . . 10 72 5.4. Application-Specific Session State Machines . . . . . . . 11 73 5.5. Session-Id AVP and Session Management . . . . . . . . . . 11 74 5.6. Use of Enumerated Type AVPs . . . . . . . . . . . . . . . 12 75 5.7. Application-Specific Message Routing . . . . . . . . . . 12 76 5.8. Translation Agents . . . . . . . . . . . . . . . . . . . 13 77 5.9. End-to-End Application Capabilities Exchange . . . . . . 14 78 5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 14 79 5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 16 80 6. Defining Generic Diameter Extensions . . . . . . . . . . . . 16 81 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 82 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17 83 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 84 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 85 11. Informative References . . . . . . . . . . . . . . . . . . . 18 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 88 1. Introduction 90 The Diameter base protocol provides facilities to extend Diameter 91 (see Section 1.3 of [RFC6733]) to support new functionality. In the 92 context of this document, extending Diameter means one of the 93 following: 95 1. Addition of new functionality to an existing Diameter application 96 without defining a new application. 98 2. Addition of new functionality to an existing Diameter application 99 that requires the definition of a new application. 101 3. The definition of an entirely new Diameter application to offer 102 functionality not supported by existing applications. 104 4. The definition of a new generic functionality that can be reused 105 across different applications. 107 All of these choices are design decisions that can be done by any 108 combination of reusing existing or defining new commands, AVPs or AVP 109 values. However, application designers do not have complete freedom 110 when making their design. A number of rules have been defined in 111 [RFC6733] that place constraints on when an extension requires the 112 allocation of a new Diameter application identifier or a new command 113 code value. The objective of this document is the following: 115 o Clarify the Diameter extensibility rules as defined in the 116 Diameter base protocol. 118 o Discuss design choices and provide guidelines when defining new 119 applications. 121 o Present trade-off choices. 123 2. Terminology 125 This document reuses the terminology defined in [RFC6733]. 127 3. Overview 129 As designed, the Diameter base protocol [RFC6733] can be seen as a 130 two-layer protocol. The lower layer is mainly responsible for 131 managing connections between neighboring peers and for message 132 routing. The upper layer is where the Diameter applications reside. 133 This model is in line with a Diameter node having an application 134 layer and a peer-to-peer delivery layer. The Diameter base protocol 135 document defines the architecture and behavior of the message 136 delivery layer and then provides the framework for designing Diameter 137 applications on the application layer. This framework includes 138 definitions of application sessions and accounting support (see 139 Section 8 and Section 9 of [RFC6733]). Accordingly, a Diameter node 140 is seen in this document as a single instance of a Diameter message 141 delivery layer and one or more Diameter applications using it. 143 The Diameter base protocol is designed to be extensible and the 144 principles are described in the Section 1.3 of [RFC6733]. As a 145 summary, Diameter can be extended by: 147 1. Defining new AVP values 149 2. Creating new AVPs 151 3. Creating new commands 153 4. Creating new applications 155 As a main guiding principle, the recommendation is: "try to re-use as 156 much as possible!". It will reduce the time to finalize 157 specification writing, and it will lead to a smaller implementation 158 effort as well as reduce the need for testing. In general, it is 159 clever to avoid duplicate effort when possible. 161 However, re-use is not appropriate when the existing functionality 162 does not fit the new requirement and/or the re-use leads to 163 ambiguity. 165 The impact on extending existing applications can be categorized into 166 two groups: 168 Minor Extension: Enhancing the functional scope of an existing 169 application by the addition of optional features to support. Such 170 enhancement has no backward compatibility issue with the existing 171 application. 173 A typical example would be the definition of a new optional AVP 174 for use in an existing command. Diameter implementations 175 supporting the existing application but not the new AVP will 176 simply ignore it, without consequences for the Diameter message 177 handling. The standardization effort will be fairly small. 179 Major Extension: Enhancing an application that requires the 180 definition of a new Diameter application. 182 Typical examples would be the creation of a new command for 183 providing functionality not supported by existing applications or 184 the definition of a new AVP with the M-bit set to be carried in an 185 existing command. For such extension, a significant specification 186 effort is required and a careful approach is recommended. 188 We would also like to remind that the definition of a new Diameter 189 application and the definition of a new command should be something 190 to avoid as much as possible. In the past, there has been some 191 reluctance to define new commands and new applications. With the 192 modified extensibility rules provided by [RFC6733], registering new 193 commands and new applications does not lead to additional overhead 194 for the specification author in terms of standardization process. 195 Registering new functionality (new commands, new AVPs, new 196 applications, etc.) with IANA remains important to avoid namespace 197 collisions, which will likely lead to deployment problems. 199 4. Reusing Existing Diameter Applications 201 An existing application may need to be enhanced to fulfill new 202 requirements and these modifications can be at the command level and/ 203 or at the AVP level. The following sections describe the possible 204 modifications that can be performed on existing applications and 205 their related impact. 207 4.1. Adding a New Command 209 Adding a new command is considered as a major extension and requires 210 a new Diameter application to be defined. Adding a new command to an 211 application means either defining a completely new command or 212 importing the command's Command Code Format (CCF) syntax from another 213 application whereby the new application inherits some or all of the 214 functionality of the application where the command came from. In the 215 former case, the decision to create a new application is 216 straightforward since this is typically a result of adding a new 217 functionality that does not exist yet. For the latter, the decision 218 to create a new application will depend on whether importing the 219 command in a new application is more suitable than simply using the 220 existing application as it is in conjunction with any other 221 application. Therefore, a case by case study of each application 222 requirement should be applied. 224 An example considers the Diameter EAP application [RFC4072] and the 225 Diameter NASREQ application [RFC4005]. When network access 226 authentication using EAP is required, the Diameter EAP commands 227 (Diameter-EAP-Request/Diameter-EAP-Answer) are used; otherwise the 228 NASREQ application will be used. When the Diameter EAP application 229 is used, the accounting exchanges defined in Diameter NASREQ may be 230 used. 232 However, in general, it is difficult to come to a hard guideline, and 233 so a case-by-case study of each application requirement should be 234 applied. Before adding or importing a command, application designers 235 should consider the following: 237 o Can the new functionality be fulfilled by creating a new command 238 independent from any existing command? In this case, the 239 resulting new application and the existing application can work 240 independent of, but cooperating with each other. 242 o Can the existing command be reused without major extensions and 243 therefore without the need for the definition of a new 244 application, e.g., new functionality introduced by the creation of 245 new optional AVPs. 247 Note: Importing commands too liberally could result in a monolithic 248 and hard to manage application supporting too many different 249 features. 251 4.2. Deleting an Existing Command 253 Although this process is not typical, removing a command from an 254 application requires a new Diameter application to be defined. This 255 is due to the fact that the reception of the deleted command would 256 systematically result in a protocol error (i.e., 257 DIAMETER_COMMAND_UNSUPPORTED). 259 It is unusual to delete an existing command from an application for 260 the sake of deleting it or the functionality it represents. This 261 normally indicates of a flawed design. An exception might be if the 262 intent of the deletion is to create a newer version of the same 263 application that is somehow simpler than the previous version. 265 4.3. Reusing Existing Commands 267 This section discusses rules in adding and/or deleting AVPs from an 268 existing command of an existing application. The cases described in 269 this section may not necessarily result in the creation of new 270 applications. 272 From a historical point of view, it is worth to note that there was a 273 strong recommendation to re-use existing commands in the [RFC3588] to 274 prevent rapid depletion of code values available for vendor-specific 275 commands. However, [RFC6733] has relaxed the allocation policy and 276 enlarged the range of available code values for vendor-specific 277 applications. Although reuse of existing commands is still 278 recommended, protocol designers can consider defining a new command 279 when it provides a solution more suitable than the twisting of an 280 existing command's use and applications. 282 4.3.1. Adding AVPs to a Command 283 Based on the rules in [RFC6733], AVPs that are added to an existing 284 command can be categorized into: 286 o Mandatory (to understand) AVPs. As defined in [RFC6733], these 287 are AVPs with the M-bit flag set, which means that a Diameter node 288 receiving them is required to understand not only their values but 289 also their semantics. Failure to do so will cause an message 290 handling error. This is regardless of whether these AVPs are 291 required or optional as specified by the command's Command Code 292 Format (CCF) syntax . 294 o Optional (to understand) AVPs. As defined in [RFC6733], these are 295 AVPs with the M-bit flag cleared. A Diameter node receiving these 296 AVPs can simply ignore them if it does not support them. 298 The rules are strict in the case where the AVPs to be added are 299 mandatory to understand, i.e., they have the M-bit set. A mandatory 300 AVP cannot be added to an existing command without defining a new 301 Diameter application, as stated in [RFC6733]. This falls into the 302 "Major Extensions" category. Despite the clarity of the rule, 303 ambiguity still arises when evaluating whether a new AVP being added 304 should be mandatory to begin with. Application designers should 305 consider the following questions when deciding about the M-bit for a 306 new AVP: 308 o Would it be required for the receiving side to be able to process 309 and understand the AVP and its content? 311 o Would the new AVPs change the state machine of the application? 313 o Would the presence of the new AVP lead to a different number of 314 round-trips, effectively changing the state machine of the 315 application? 317 o Would the new AVP be used to differentiate between old and new 318 versions of the same application whereby the two versions are not 319 backward compatible? 321 o Would the new AVP have duality in meaning, i.e., be used to carry 322 application-related information as well as to indicate that the 323 message is for a new application? 325 If the answer to at least one of the questions is "yes" then the 326 M-bit has to be set for the new AVP. This list of questions is non- 327 exhaustive and other criteria can be taken into account in the 328 decision process. 330 If application designers are instead contemplating the use of 331 optional AVPs, i.e., with the M-bit cleared, then the following are 332 some of the pitfalls that should be avoided: 334 o Use of optional AVPs with intersecting meaning. One AVP has 335 partially the same usage and meaning as another AVP. The presence 336 of both can lead to confusion. 338 o An optional AVPs with dual purpose, i.e., to carry application 339 data as well as to indicate support for one or more features. 340 This has a tendency to introduce interpretation issues. 342 o Adding one or more optional AVPs and indicating (usually within 343 descriptive text for the command) that at least one of them has to 344 be present in the command. This essentially circumventing the 345 ABNF and is equivalent to adding a mandatory AVP to the command. 347 These practices generally result in interoperability issues and 348 should be avoided as much as possible. 350 4.3.2. Deleting AVPs from a Command 352 The impacts of deleting an AVP from a command depends on its command 353 code format specification and M-bit setting: 355 o Deleting an AVP that is indicated as { AVP } in the command's CCF 356 syntax specification (regardless of the M-bit setting). 358 In this case, a new command code and subsequently a new Diameter 359 application have to be specified. 361 o Deleting an AVP, which has the M-bit set, and is indicated as [ 362 AVP ] in the command's CCF syntax specification. 364 No new command code has to be specified but the definition of a 365 new Diameter application is required. 367 o Deleting an AVP, which has the M-bit cleared, and is indicated as 368 [ AVP ] in the command's CCF syntax specification. 370 In this case, the AVP can be deleted without consequences. 372 If possible, application designers should attempt the reuse the 373 command's CCF syntax specification without modification and simply 374 ignore (but not delete) any optional AVP that will not be used. This 375 is to maintain compatibility with existing applications that will not 376 know about the new functionality as well as maintain the integrity of 377 existing dictionaries. 379 4.4. Reusing Existing AVPs 381 This section discusses rules in reusing existing AVP when reusing an 382 existing command or defining a new command in a new application. 384 4.4.1. Setting of the AVP Flags 386 When reusing AVPs in a new application, the AVP flag setting, such as 387 the mandatory flag ('M'-bit), has to be re-evaluated for a new 388 Diameter application and, if necessary, even for every command within 389 the application. In general, for AVPs defined outside of the 390 Diameter base protocol, the characteristics of an AVP are tied to its 391 role within an application and the commands. 393 All other AVP flags shall remain unchanged. 395 4.4.2. Reuse of AVP of Type Enumerated 397 When modifying the set of values supported by an AVP of type 398 Enumerated, this means defining a new AVP. Modifying the set of 399 Enumerated values includes adding a value or deprecating the use of a 400 value defined initially for the AVP. Defining a new AVP will avoid 401 interoperability issues. 403 5. Defining New Diameter Applications 405 5.1. Introduction 407 This section discusses the case where new applications have 408 requirements that cannot be fulfilled by existing applications and 409 would require definition of completely new commands, AVPs and/or AVP 410 values. Typically, there is little ambiguity about the decision to 411 create these types of applications. Some examples are the interfaces 412 defined for the IP Multimedia Subsystem of 3GPP, e.g., Cx/Dx 413 ([TS29.228] and [TS29.229]), Sh ([TS29.328] and [TS29.329]) etc. 415 Application designers should try to import existing AVPs and AVP 416 values for any newly defined commands. In certain cases where 417 accounting will be used, the models described in Section 5.10 should 418 also be considered. 420 Additional considerations are described in the following sections. 422 5.2. Defining New Commands 424 As a general recommendation, commands should not be defined from 425 scratch. It is instead recommend to re-use an existing command 426 offering similar functionality and use it as a starting point. 428 Moreover, the new command's CCF syntax specification should be 429 carefully defined when considering applicability and extensibility of 430 the application. If most of the AVPs contained in the command are 431 indicated as fixed or required, it might be difficult to reuse the 432 same command and therefore the same application in a slighly changed 433 environment. Defining a command with most of the AVPs indicated as 434 optional must not be seen as a sub-optimal design introducing too 435 much flexibility in the protocol. The protocol designers are only 436 advised to clearly state the condition of presence of these AVPs and 437 properly define the corresponding behaviour of the Diameter nodes 438 when these AVPs are absent from the command. 440 Note: As a hint for protocol designers, it is not sufficient to just 441 look at the command's CCF syntax specification. It is also necessary 442 to carefully read through the accompanying text in the specification. 444 In the same way, the CCF syntax specification should be defined such 445 that it will be possible to add any arbitrary optional AVPs with the 446 M-bit cleared (including vendor-specific AVPs) without modifying the 447 application. For this purpose, it is strongly recommended to add "* 448 [AVP]" in the command's CCF, which allows the addition of any 449 arbitrary AVP as described in [RFC6733]. 451 5.3. Use of Application-Id in a Message 453 When designing new applications, designers should specify that the 454 Application Id carried in all session-level messages must be the 455 Application Id of the application using those messages. This 456 includes the session-level messages defined in Diameter base 457 protocol, i.e., RAR/RAA, STR/STA, ASR/ASA and possibly ACR/ACA in the 458 coupled accounting model, see Section 5.10. Some existing 459 specifications do not adhere to this rule for historical reasons. 460 However, this guidance should be followed to avoid routing problems. 462 In general, when a new application has been allocated with a new 463 Application Id and it also reuses existing commands with or without 464 modifications, it must use the newly allocated Application Id in the 465 header and in all relevant Application Id AVPs (Auth-Application-Id 466 or Acct-Application-Id) present in the commands message body. 468 Additionally, application designs using Vendor-Specific-Application- 469 Id AVP should not use the Vendor-Id AVP to further dissect or 470 differentiate the vendor-specification Application Id. Diameter 471 routing is not based on the Vendor-Id. As such, the Vendor-Id should 472 not be used as an additional input for routing or delivery of 473 messages. The Vendor-Id AVP is an informational AVP only and kept 474 for backward compatibility reasons. 476 5.4. Application-Specific Session State Machines 478 Section 8 of [RFC6733] provides session state machines for 479 authentication, authorization and accounting (AAA) services and these 480 session state machines are not intended to cover behavior outside of 481 AAA. If a new application cannot clearly be categorized into any of 482 these AAA services, it is recommended that the application defines 483 its own session state machine. Support for server-initiated request 484 is a clear example where an application-specific session state 485 machine would be needed, for example, the Rw interface for ITU-T push 486 model (cf.[Q.3303.3]). 488 5.5. Session-Id AVP and Session Management 490 Diameter applications are usually designed with the aim of managing 491 user sessions (e.g., Diameter network access session (NASREQ) 492 application [RFC4005]) or specific service access session (e.g., 493 Diameter SIP application [RFC4740]). In the Diameter base protocol, 494 session state is referenced using the Session-Id AVP. All Diameter 495 messages that use the same Session-Id will be bound to the same 496 session. Diameter-based session management also implies that both 497 Diameter client and server (and potentially proxy agents along the 498 path) maintain session state information. 500 However, some applications may not need to rely on the Session-Id to 501 identify and manage sessions because other information can be used 502 instead to correlate Diameter messages. Indeed, the User-Name AVP or 503 any other specific AVP can be present in every Diameter message and 504 used therefore for message correlation. Some applications might not 505 require the notion of Diameter session concept at all. For such 506 applications, the Auth-Session-State AVP is usually set to 507 NO_STATE_MAINTAINED in all Diameter messages and these applications 508 are therefore designed as a set of stand-alone transactions. Even if 509 an explicit access session termination is required, application- 510 specific commands are defined and used instead of the Session- 511 Termination-Request/Answer (STR/STA) or Abort-Session-Request/Answer 512 (ASR/ASA) defined in the Diameter base protocol. In such a case, the 513 Session-Id is not significant. 515 Based on these considerations, protocol designers should carefully 516 appraise whether the application currently defined relies on it's own 517 session management concept or whether the Session-Id defined in the 518 Diameter base protocol would be used for correlation of messages 519 related to the same session. If not, the protocol designers could 520 decide to define application commands without the Session-Id AVP. If 521 any session management concept is supported by the application, the 522 application documentation must clearly specify how the session is 523 handled between client and server (as possibly Diameter agents in the 524 path). 526 5.6. Use of Enumerated Type AVPs 528 The type Enumerated was initially defined to provide a list of valid 529 values for an AVP with their respective interpretation described in 530 the specification. For instance, AVPs of type Enumerated can be used 531 to provide further information on the reason for the termination of a 532 session or a specific action to perform upon the reception of the 533 request. 535 However, AVPs of type Enumerated are too often used as a simple 536 Boolean flag, indicating for instance a specific permission or 537 capability, and therefore only two values are defined, e.g., TRUE/ 538 FALSE, AUTORIZED/UNAUTHORIZED or SUPPORTED/UNSUPPORTED. This is a 539 sub-optimal design since it limits the extensibility of the 540 application: any new capability/permission would have to be supported 541 by a new AVP or new Enumerated value of the already defined AVP, 542 causing backwards compatibility issues with existing implementations. 544 Instead of using an Enumerated AVP for a Boolean flag, protocol 545 designers are encouraged to use Unsigned32 or Unsigned64 AVP type as 546 bit mask whose bit settings are described in the relevant Diameter 547 application specification. Such AVPs can be reused and extended 548 without major impact on the Diameter application. The bit mask 549 should leave room for future additions. Examples of AVPs that use 550 bit masks are the Session-Binding AVP defined in [RFC6733] and the 551 MIP6-Feature-Vector AVP defined in [RFC5447]. 553 5.7. Application-Specific Message Routing 555 Diameter request message routing usually relies on the Destination- 556 Realm AVP and the Application Id present in the request message 557 header. However, some applications may need to rely on the User-Name 558 AVP or any other application-specific AVP present in the request to 559 determine the final destination of a request, e.g., to find the 560 target AAA server hosting the authorization information for a given 561 user when multiple AAA servers are addressable in the realm. 563 In such a context, basic routing mechanisms described in [RFC6733] 564 are not fully suitable, and additional application-level routing 565 mechanisms have to be described in the application documentation to 566 provide such specific AVP-based routing. Such functionality will be 567 basically hosted by an application-specific proxy agent that will be 568 responsible for routing decisions based on the received specific 569 AVPs. 571 Examples of such application-specific routing functions can be found 572 in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP 573 Multimedia Subsystem, in which the proxy agent (Subscriber Location 574 Function aka SLF) uses specific application-level identities found in 575 the request to determine the final destination of the message. 577 Whatever the criteria used to establish the routing path of the 578 request, the routing of the answer has to follow the reverse path of 579 the request, as described in [RFC6733], with the answer being sent to 580 the source of the received request, using transaction states and hop- 581 by-hop identifier matching. In particular, this ensures that the 582 Diameter Relay or Proxy agents in the request routing path will be 583 able to release the transaction state upon receipt of the 584 corresponding answer, avoiding unnecessary failover. Application 585 designers are strongly dissuaded from modifying the answer-routing 586 principles described in [RFC6733] when defining a new application. 588 5.8. Translation Agents 590 As defined in [RFC6733], a translation agent is a device that 591 provides interworking between Diameter and another protocol (e.g., 592 RADIUS). 594 In the case of RADIUS, it was initially thought that defining the 595 translation function would be straightforward by adopting few basic 596 principles, e.g., by the use of a shared range of code values for 597 RADIUS attributes and Diameter AVPs. Guidelines for implementing a 598 RADIUS-Diameter translation agent were put into RFC 4005 ([RFC4005]). 600 However, it was acknowledged that such translation mechanism was not 601 so obvious and deeper protocol analysis was required to ensure 602 efficient interworking between RADIUS and Diameter. Moreover, the 603 interworking requirements depend on the functionalities provided by 604 the Diameter application under specification, and a case-by-case 605 analysis will be required. 607 Therefore, protocol designers cannot assume the availability of a 608 "standard" Diameter-to-RADIUS gateways agent when planning to 609 interoperate with the RADIUS infrastructure. They should specify the 610 required translation mechanism along with the Diameter application, 611 if needed. This recommendation applies for any kind of translation. 613 5.9. End-to-End Application Capabilities Exchange 615 New Diameter applications can rely on optional AVPs to exchange 616 application-specific capabilities and features. These AVPs can be 617 exchanged on an end-to-end basis at the application layer. Examples 618 of this can be found with the MIP6-Feature-Vector AVP in [RFC5447] 619 and the QoS-Capability AVP in [RFC5777]. 621 The end-to-end capabilities AVPs formalize the addition of new 622 optional functionality to existing applications by announcing support 623 for it. Applications that do not understand these AVPs can discard 624 them upon receipt. Receivers of these AVPs can discover the 625 additional functionality supported by the end-point originating the 626 request and behave accordingly when processing the request. Senders 627 of these AVPs can safely assume the receiving end-point does not 628 support any functionality carried by the AVP if it is not present in 629 corresponding response. This is useful in cases where deployment 630 choices are offered, and the generic design can be made available for 631 a number of applications. 633 When used in a new application, protocol designers should clearly 634 specify this end-to-end capabilities exchange and the corresponding 635 behaviour of the Diameter nodes supporting the application. 637 It is also important to note that this end-to-end capabilities 638 exchange relies on the use of optional AVPs is not meant as a generic 639 mechanism to support extensibility of Diameter applications with 640 arbitrary functionality. When the added features drastically change 641 the Diameter application or when Diameter agents have to be upgraded 642 to support the new features, a new application should be defined. 644 5.10. Diameter Accounting Support 646 Accounting can be treated as an auxiliary application that is used in 647 support of other applications. In most cases, accounting support is 648 required when defining new applications. This document provides two 649 possible models for using accounting: 651 Split Accounting Model: 653 In this model, the accounting messages will use the Diameter base 654 accounting Application Id (value of 3). The design implication 655 for this is that the accounting is treated as an independent 656 application, especially for Diameter routing. This means that 657 accounting commands emanating from an application may be routed 658 separately from the rest of the other application messages. This 659 may also imply that the messages end up in a central accounting 660 server. A split accounting model is a good design choice when: 662 * The application itself does not define its own accounting 663 commands. 665 * The overall system architecture permits the use of centralized 666 accounting for one or more Diameter applications. 668 Centralizing accounting may have advantages but there are also 669 drawbacks. The model assumes that the accounting server can 670 differentiate received accounting messages. Since the received 671 accounting messages can be for any application and/or service, the 672 accounting server has to have a method to match accounting 673 messages with applications and/or services being accounted for. 674 This may mean defining new AVPs, checking the presence, absence or 675 contents of existing AVPs, or checking the contents of the 676 accounting record itself. But in general, there is no clean and 677 generic scheme for sorting these messages. Therefore, the use of 678 this model is recommended only when all received accounting 679 messages can be clearly identified and sorted. For most cases, 680 the use of Coupled Accounting Model is recommended. 682 Coupled Accounting Model: 684 In this model, the accounting messages will use the Application Id 685 of the application using the accounting service. The design 686 implication for this is that the accounting messages are tightly 687 coupled with the application itself; meaning that accounting 688 messages will be routed like the other application messages. It 689 would then be the responsibility of the application server 690 (application entity receiving the ACR message) to send the 691 accounting records carried by the accounting messages to the 692 proper accounting server. The application server is also 693 responsible for formulating a proper response (ACA). A coupled 694 accounting model is a good design choice when: 696 * The system architecture or deployment does not provide an 697 accounting server that supports Diameter. Consequently, the 698 application server has to be provisioned to use a different 699 protocol to access the accounting server, e.g., via LDAP, SOAP 700 etc. This case includes the support of older accounting 701 systems that are not Diameter aware. 703 * The system architecture or deployment requires that the 704 accounting service for the specific application should be 705 handled by the application itself. 707 In all cases above, there will generally be no direct Diameter 708 access to the accounting server. 710 These models provide a basis for using accounting messages. 711 Application designers may obviously deviate from these models 712 provided that the factors being addressed here have also been taken 713 into account. Although it is not recommended, an application may 714 define a new set of commands to carry application-specific accounting 715 records. 717 5.11. Diameter Security Mechanisms 719 As specified in [RFC6733], the Diameter message exchange should be 720 secured between neighboring Diameter peers using TLS/TCP or DTLS/ 721 SCTP. However, IPsec can also be deployed to secure communication 722 between Diameter peers. When IPsec is used instead of TLS or DTLS, 723 the following recommendations apply. 725 IPsec ESP [RFC4301] in transport mode with non-null encryption and 726 authentication algorithms is used to provide per-packet 727 authentication, integrity protection and confidentiality, and support 728 the replay protection mechanisms of IPsec. IKEv2 [RFC5996] is 729 recommended for performing mutual authentication and for establishing 730 and maintaining security associations (SAs). 732 IKEv1 [RFC2409] was used with RFC 3588 [RFC3588] and for easier 733 migration from IKEv1 based implementations both RSA digital 734 signatures and pre-shared keys should be supported in IKEv2. 735 However, if IKEv1 is used, implementers should follow the guidelines 736 given in Section 13.1 of RFC 3588 [RFC3588]. 738 6. Defining Generic Diameter Extensions 740 Generic Diameter extensions are AVPs, commands or applications that 741 are designed to support other Diameter applications. They are 742 auxiliary applications meant to improve or enhance the Diameter 743 protocol itself or Diameter applications/functionality. Some 744 examples include the extensions to support auditing and redundancy 745 (see [I-D.calhoun-diameter-res-mgmt]), improvements in duplicate 746 detection scheme (see [I-D.asveren-dime-dupcons]), and the support 747 for QoS AVPs (see [RFC5777]). 749 Since generic extensions may cover many aspects of Diameter and 750 Diameter applications, it is not possible to enumerate all scenarios. 751 However, some of the most common considerations are as follows: 753 Backward Compatibility: 755 With the design of generic extensions an protocol designer has to 756 consider with potential concerns about how existing applications 757 deal with the new extension they do not understand. Designers 758 also have to make sure that new extensions do not break expected 759 message delivery layer behavior. 761 Forward Compatibility: 763 Protocol designers need to make sure that their design will not 764 introduce undue restrictions for future applications. 766 Trade-off in Signaling: 768 Designers may have to choose between the use of optional AVPs 769 piggybacked onto existing commands versus defining new commands 770 and applications. Optional AVPs are simpler to implement and may 771 not need changes to existing applications. However, this ties the 772 sending of extension data to the application's transmission of a 773 message. This has consequences if the application and the 774 extensions have different timing requirements. The use of 775 commands and applications solves this issue, but the trade-off is 776 the additional complexity of defining and deploying a new 777 application. It is left up to the designer to find a good balance 778 among these trade-offs based on the requirements of the extension. 780 In practice, generic extensions often use optional AVPs because they 781 are simple and non-intrusive to the application that would carry 782 them. Peers that do not support the generic extensions need not 783 understand nor recognize these optional AVPs. However, it is 784 recommended that the authors of the extension specify the context or 785 usage of the optional AVPs. As an example, in the case that the AVP 786 can be used only by a specific set of applications then the 787 specification must enumerate these applications and the scenarios 788 when the optional AVPs will be used. In the case where the optional 789 AVPs can be carried by any application, it is should be sufficient to 790 specify such a use case and perhaps provide specific examples of 791 applications using them. 793 In most cases, these optional AVPs piggybacked by applications would 794 be defined as a Grouped AVP and it would encapsulate all the 795 functionality of the generic extension. In practice, it is not 796 uncommon that the Grouped AVP will encapsulate an existing AVP that 797 has previously been defined as mandatory ('M'-bit set) e.g., 3GPP IMS 798 Cx/Dx interfaces ([TS29.228] and [TS29.229]). 800 7. IANA Considerations 802 This document does not require actions by IANA. 804 8. Security Considerations 805 This document provides guidelines and considerations for extending 806 Diameter and Diameter applications. Although such an extension may 807 related to a security functionality, the document does not explicitly 808 give guidance on enhancing Diameter with respect to security. 810 9. Contributors 812 The content of this document was influenced by a design team created 813 to revisit the Diameter extensibility rules. The team consisting of 814 the members listed below was formed in February 2008 and finished its 815 work in June 2008. 817 o Avi Lior 819 o Glen Zorn 821 o Jari Arkko 823 o Lionel Morand 825 o Mark Jones 827 o Victor Fajardo 829 o Tolga Asveren 831 o Jouni Korhonen 833 o Glenn McGregor 835 o Hannes Tschofenig 837 o Dave Frascone 839 We would like to thank Tolga Asveren, Glenn McGregor, and John 840 Loughney for their contributions as co-authors to earlier versions of 841 this document. 843 10. Acknowledgments 845 We greatly appreciate the insight provided by Diameter implementers 846 who have highlighted the issues and concerns being addressed by this 847 document. The authors would also like to thank Jean Mahoney and Ben 848 Campbell for their invaluable detailed review and comments on this 849 document. 851 11. Informative References 853 [I-D.asveren-dime-dupcons] 854 Asveren, T., "Diameter Duplicate Detection Cons.", draft- 855 asveren-dime-dupcons-00 (work in progress), August 2006. 857 [I-D.calhoun-diameter-res-mgmt] 858 Calhoun, P., "Diameter Resource Management Extensions", 859 draft-calhoun-diameter-res-mgmt-08.txt (work in progress), 860 March 2001. 862 [Q.3303.3] 863 3rd Generation Partnership Project, "ITU-T Recommendation 864 Q.3303.3, "Resource control protocol no. 3 (rcp3): 865 Protocol at the Rw interface between the Policy Decision 866 Physical Entity (PD-PE) and the Policy Enforcement 867 Physical Entity (PE-PE): Diameter"", 2008. 869 [RFC2407] Piper, D., "The Internet IP Security Domain of 870 Interpretation for ISAKMP", RFC 2407, November 1998. 872 [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange 873 (IKE)", RFC 2409, November 1998. 875 [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. 876 Arkko, "Diameter Base Protocol", RFC 3588, September 2003. 878 [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, 879 "Diameter Network Access Server Application", RFC 4005, 880 August 2005. 882 [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible 883 Authentication Protocol (EAP) Application", RFC 4072, 884 August 2005. 886 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 887 Internet Protocol", RFC 4301, December 2005. 889 [RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., 890 Canales-Valenzuela, C., and K. Tammi, "Diameter Session 891 Initiation Protocol (SIP) Application", RFC 4740, November 892 2006. 894 [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., 895 and K. Chowdhury, "Diameter Mobile IPv6: Support for 896 Network Access Server to Diameter Server Interaction", RFC 897 5447, February 2009. 899 [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., 900 and A. Lior, "Traffic Classification and Quality of 901 Service (QoS) Attributes for Diameter", RFC 5777, February 902 2010. 904 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 905 "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 906 5996, September 2010. 908 [RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, 909 "Diameter Base Protocol", RFC 6733, October 2012. 911 [TS29.228] 912 3rd Generation Partnership Project, "3GPP TS 29.228; 913 Technical Specification Group Core Network and Terminals; 914 IP Multimedia (IM) Subsystem Cx and Dx Interfaces; 915 Signalling flows and message contents", , 916 . 918 [TS29.229] 919 3rd Generation Partnership Project, "3GPP TS 29.229; 920 Technical Specification Group Core Network and Terminals; 921 Cx and Dx interfaces based on the Diameter protocol; 922 Protocol details", , 923 . 925 [TS29.328] 926 3rd Generation Partnership Project, "3GPP TS 29.328; 927 Technical Specification Group Core Network and Terminals; 928 IP Multimedia (IM) Subsystem Sh interface; signalling 929 flows and message content", , 930 . 932 [TS29.329] 933 3rd Generation Partnership Project, "3GPP TS 29.329; 934 Technical Specification Group Core Network and Terminals; 935 Sh Interface based on the Diameter protocol; Protocol 936 details", , 937 . 939 Authors' Addresses 941 Lionel Morand (editor) 942 Orange Labs 943 38/40 rue du General Leclerc 944 Issy-Les-Moulineaux Cedex 9 92794 945 France 947 Phone: +33145296257 948 Email: lionel.morand@orange.com 949 Victor Fajardo 951 Email: vf0213@gmail.com 953 Hannes Tschofenig 954 Nokia Siemens Networks 955 Linnoitustie 6 956 Espoo 02600 957 Finland 959 Phone: +358 (50) 4871445 960 Email: Hannes.Tschofenig@gmx.net 961 URI: http://www.tschofenig.priv.at