1 - 2 - 3 - 6 - 7 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W
agent
Click on the red underlined text to get to the source
... Agent support
[RADIUS] does not provide for explicit support for agents,
including Proxies, Redirects and Relays. Since the expected
...
... behavior is not defined, it varies between implementations.
Diameter defines agent behavior explicitly; this is described in
Section 2.8.
...
... RADIUS
devices and Diameter agents. This capability, described in
[NASREQ], enables Diameter ...
... services for the user. A Diameter
agent is a node that does not authenticate and/or authorize messages
...
... node that does not authenticate and/or authorize messages
locally; agents include proxies, redirects and relay agents. A
...
... locally; agents include proxies, redirects and relay agents. A
Diameter server performs authentication ...
... authorization of the
user. A Diameter node MAY act as an agent for certain requests while
acting as a server for others.
...
... AAA infrastructures.
A broker is either a relay, proxy or redirect agent, and MAY be
operated by roaming consortiums. Depending on the business model,
...
... operated by roaming consortiums. Depending on the business model,
a broker may either choose to deploy relay agents or proxy
agents ...
... host process that implements the Diameter
protocol, and acts either as a Client, Agent or Server.
Diameter ...
... security between two Diameter
nodes, possibly communicating through Diameter Agents. This
security protects the entire Diameter ...
... typically imposed in order to limit financial risk.
Relay Agent or Relay
Relays forward requests and responses based on routing-related
...
... sessions in progress.
Redirect Agent
Rather than forwarding requests and responses between clients and
servers, redirect agents ...
... Agent
Rather than forwarding requests and responses between clients and
servers, redirect agents refer clients to servers and allow them
to communicate directly. Since redirect agents ...
... agents refer clients to servers and allow them
to communicate directly. Since redirect agents do not sit in the
forwarding path, they do not alter any AVPs transiting between
...
... AVPs transiting between
client and server. Redirect agents do not originate messages and
are capable of handling any message type, although they may be
...
... redirect messages of certain types, while
acting as relay or proxy agents for other types. As with proxy
agents ...
... agents for other types. As with proxy
agents, redirect agents do not keep state with respect to sessions ...
... state is released upon receipt
of the answer. A stateless agent is one that only maintains
transaction state ...
... Translation Agent
A translation agent is a stateful Diameter node that performs
protocol translation ...
...
Diameter Relays and redirect agents are, by definition, protocol
transparent, and MUST transparently support the Diameter base
protocol ...
... clients MUST support either TCP or SCTP, while agents and
servers MUST support both. Future versions of this specification MAY
...
... Network Access Servers (NASes) and Mobility
Agents MUST support IP Security [SECARCH], and MAY support TLS ...
... Relay 0xffffffff
Relay and redirect agents MUST advertise the Relay Application
Identifier, while all other Diameter nodes MUST advertise locally
...
... Diameter relay and proxy agents are responsible for finding an
upstream server that supports the application of a particular
...
...
It is important to note that Diameter agents MUST support at least
one of the LOCAL, RELAY, PROXY or REDIRECT modes of operation.
...
... one of the LOCAL, RELAY, PROXY or REDIRECT modes of operation.
Agents do not need to support all modes of operation in order to
conform with the protocol specification, but MUST follow the protocol
...
... conform with the protocol specification, but MUST follow the protocol
compliance guidelines in Section 2. Relay agents MUST NOT reorder
AVPs, and proxies ...
... Application Identifier (see Section 2.4) for the given message, or
have advertised itself as a relay or proxy agent. Otherwise, an
error is returned with the Result-Code AVP ...
... Diameter protocol introduces
relay, proxy, redirect, and translation agents, each of which is
defined in Section 1.3. These Diameter agents ...
... agents, each of which is
defined in Section 1.3. These Diameter agents are useful for several
reasons:
...
... state is released upon receipt of the
answer. A stateless agent is one that only maintains transaction
state ...
... state will be
present in the answer. However, the protocol's failover procedures
require that agents maintain a copy of pending requests.
A stateful agent ...
... agents maintain a copy of pending requests.
A stateful agent is one that maintains session state information; by
...
...
A Diameter agent MAY act in a stateful manner for some requests and
be stateless for others. A Diameter ...
... stateless for others. A Diameter implementation MAY act as one
type of agent for some requests, and as another type of agent for
others.
...
... Diameter implementation MAY act as one
type of agent for some requests, and as another type of agent for
others.
...
... Relay Agents ...
... Relay Agents are Diameter agents that accept requests and route
messages to other Diameter nodes ...
... Redirect Agents ...
... routing
configuration needs to be centralized. An example is a redirect
agent that provides services to all members of a consortium, but does
not wish to be burdened with relaying all messages between realms.
...
... made to a member's infrastructure.
Since redirect agents do not relay messages, and only return an
answer with the information necessary for Diameter agents ...
... agents do not relay messages, and only return an
answer with the information necessary for Diameter agents to
communicate directly, they do not modify messages. Since redirect
agents ...
... agents to
communicate directly, they do not modify messages. Since redirect
agents do not receive answer messages, they cannot maintain session
...
... session
state. Further, since redirect agents never relay requests, they are
not required to maintain transaction state ...
... Routing Table for example.com. DRL has a
default route configured to DRD, which is a redirect agent that
returns a redirect notification to DRL, as well as HMS' contact
...
... Diameter Message
Since redirect agents do not perform any application level
processing, they provide relaying services for all Diameter
applications ...
... Translation Agents ...
...
A translation agent is a device that provides translation between two
protocols (e.g., RADIUS<->Diameter ...
... TACACS+<->Diameter). Translation
agents are likely to be used as aggregation servers to communicate
with a Diameter ...
... Diameter protocol introduces the concept of long-lived
authorized sessions, translation agents MUST be session stateful and
MUST maintain transaction ...
... state.
Translation of messages can only occur if the agent recognizes the
application of a particular request, and therefore translation agents
...
... Translation of messages can only occur if the agent recognizes the
application of a particular request, and therefore translation agents
MUST only advertise their locally supported applications.
...
... integrity and confidentiality between two peers, communicating
through agents.
End-to-end security ...
... the sender MUST set this flag. Diameter agents
only need to be concerned about the number of
requests they send based on a single received
...
... retransmissions by other entities need
not be tracked. Diameter agents that receive a
request with the T flag set, MUST keep the T flag
set in the forwarded request. This flag MUST NOT
...
... Identifier
MUST NOT be modified by Diameter agents of any kind. The
combination of the Origin-Host (see Section 6.3) and this field is
...
... Diameter client, server, proxy, or translation agent
and either the AVP or its value is unrecognized, the message MUST
...
... AVP or its value is unrecognized, the message MUST
be rejected. Diameter Relay and redirect agents MUST NOT reject
messages with unrecognized AVPs.
...
... AVP is to be sent via a Diameter agent (proxy, redirect or relay)
then the message MUST NOT be sent unless there is end-to-end security ...
... that AVP is to be sent via a Diameter agent (proxy, redirect or
relay) then the message MUST NOT be sent unless there is end-to-end
security ...
...
Allowing for dynamic Diameter agent discovery will make it possible
for simpler and more robust deployment of Diameter ...
... client needs to discover a first-hop
Diameter agent. The second case is when a Diameter agent needs to
...
... Diameter agent. The second case is when a Diameter agent needs to
discover another agent - for further handling of a Diameter ...
... Diameter agent needs to
discover another agent - for further handling of a Diameter
operation. In both cases, the following 'search ...
... Diameter implementation consults its list of static (manually)
configured Diameter agent locations. These will be used if they
exist and respond.
...
... security be deployed (this requires
distributing keys to SLPv2 agents). This is discussed further in
Appendix A. SLPv2 security ...
... security SHOULD be used (requiring distribution
of keys to SLPv2 agents) in order to ensure that discovered peers
are authorized for their roles. SLPv2 ...
... Diameter implementation has to know in
advance which realm to look for a Diameter agent in. This could
be deduced, for example, from the 'realm' in a NAI that a Diameter ...
... CER/CEA messages cannot be proxied, it is still possible
that an upstream agent receives a message for which it has no
available peers to handle the application that corresponds to the
Command-Code ...
... failures will minimize the occurrence of messages sent to unavailable
agents, resulting in unnecessary delays, and will provide better
failover performance. The Device-Watchdog-Request and Device-
...
... necessary for all pending request messages to be forwarded to an
alternate agent, if possible. This is commonly referred to as
failover.
...
... transport failure is detected, if possible all messages in the
queue are sent to an alternate agent with the T flag set. On booting
a Diameter client ...
... a Diameter client or agent, the T flag is also set on any records
still remaining to be transmitted in non-volatile storage. An
...
... Destination-Host AVP). Such an error requires that the agent return
an answer message with the 'E' bit ...
... session be terminated.
Note that an agent can forward a request to a host described in the
Destination-Host ...
... proxiable. Request messages that may be forwarded by Diameter agents
(proxies, redirects or relays) MUST also contain an Acct-
...
... AVP. A message that MUST NOT be forwarded by Diameter
agents (proxies, redirects or relays) MUST not include the
Destination-Realm ...
... Other actions to perform on the message based on the particular role
the agent is playing are described in the following sections.
...
...
A relay or proxy agent MUST check for forwarding loops when receiving
requests. A loop is detected if the server finds its own identity ...
... a Route-Record AVP. When such an event occurs, the agent MUST answer
with the Result-Code AVP ...
... A Diameter message that may be forwarded by Diameter agents (proxies,
redirects or relays) MUST include the target ...
...
Diameter agents MAY have a list of locally supported realms and
applications, and MAY have a list of externally supported realms and
applications. When a request is received that includes a realm
...
...
When a redirect agent receives a request whose routing entry is set
to REDIRECT, it MUST reply with an answer message ...
... | Relay | | Diameter |
| Agent |<-------------| Server |
+-------------+ 4. Answer +-------------+
...
... message queue (see Section 5.3) that is to be redirected. If
no transport connection exists with the new agent, one is created,
and the request is sent directly to it.
...
...
If the answer is for a request which was proxied or relayed, the
agent MUST restore the original value of the Diameter header's Hop-
...
... reflected in the Result-Code AVP. If the agent receives an answer
message with a Result-Code AVP ...
... STR on behalf of the access device.
The agent MUST then send the answer to the host that it received the
original request from.
...
... AVP Code 293) is of type DiameterIdentity.
This AVP MUST be present in all unsolicited agent initiated messages,
MAY be present in request messages, and MUST NOT be present in Answer
messages ...
... AVPs change as Diameter messages are processed by
agents, and therefore MUST NOT be protected by end-to-end security.
...
... protocol error value. As the answer is sent
back towards the originator of the request, each proxy or relay agent
MAY take action on the message.
...
... AVP with the proper value. Application
errors do not require any proxy or relay agent involvement, and
therefore the message would be forwarded back to the originator of
the request.
...
... DIAMETER_LOOP_DETECTED 3005
An agent detected a loop while trying to get the message to the
intended recipient. The message MAY be sent to an alternate peer,
if one is available, but the peer reporting the error has
...
... DIAMETER_REDIRECT_INDICATION 3006
A redirect agent has determined that the request could not be
satisfied locally and the initiator of the request should direct
...
... state table, the event 'Failure to send X' means that the
Diameter agent is unable to send command X to the desired
destination. This could be due to the peer being down, or due to the
...
... longer active, both for tracking purposes as well as to allow
stateful agents to release any resources that they may have provided
for the user's session. For sessions ...
... session or not is implementation- and/or
configuration-dependent. For example, an access device may honor
ASRs from certain agents only. In any case, the access device MUST
respond with an Abort-Session-Answer, including a Result-Code ...
... ASR, it issues an STR to the authorizing server (which may or may
not be the agent issuing the ASR) just as it would if the session
...
... traffic, which could congest both the
network and the agents.
A value of zero (0) means that immediate re-auth is necessary by the
...
... transfer strategy, based on its knowledge of the user and
relationships of roaming partnerships. The server (or agents) uses
the Acct-Interim-Interval and Accounting-Realtime-Required ...
... network failures.
Diameter peers acting as agents or related off-line processing
systems MUST detect duplicate accounting ...
... client. If strong authentication across agents is required, end-to-
end security may be used for authentication ...
... security mechanism is acceptable in
environments where there is no untrusted third party agent. In other
situations, end-to-end security is needed.
...
... Network Access Servers (NASes) and Mobility
Agents MUST support IP Security [SECARCH] and MAY support TLS ...
...
- Failure of a client or agent after sending of a record from non-
volatile memory, but prior to receipt of an application layer ...
... Diameter clients or
agents. For instance, after a reboot, a client may not know whether
it has already tried to send the accounting ...
... stored record from non-volatile memory such as after reboot of a
client or agent).
In some cases the Diameter ...
... Diameter client or
agents can mark the message as possible duplicate by setting the T
flag. Since the Diameter server is responsible for duplicate
...
... of the T flag is REQUIRED for Diameter clients and agents, but MAY be
implemented by Diameter servers.
...