1 - 2 - 3 - 6 - 7 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W
client
Click on the red underlined text to get to the source
... error messages, capability negotiation, or
a mandatory/non-mandatory flag for attributes. Since RADIUS
clients and servers are not aware of each other's capabilities,
they may not be able to successfully negotiate a mutually
acceptable service ...
... RADIUS implementations typically require that the name or address
of servers or clients be manually configured, along with the
corresponding shared secrets. This results in a large
...
... service specific authorization information,
between client and servers, allowing the peers to decide whether a
user's access request should be granted.
...
... Diameter is a peer-
to-peer protocol. In this document, a Diameter Client is a device at
the edge of the network ...
... FA). A Diameter
client generates Diameter messages to request authentication,
authorization, and accounting services ...
... Diameter node is a host process that implements the Diameter
protocol, and acts either as a Client, Agent or Server.
...
... NAS
devices. While proxies typically do not respond to client
Requests prior to receiving a Response from the server, they may
originate Reject messages in cases where policies are violated.
...
... Redirect Agent
Rather than forwarding requests and responses between clients and
servers, redirect agents refer clients to servers and allow them
...
... Rather than forwarding requests and responses between clients and
servers, redirect agents refer clients to servers and allow them
to communicate directly. Since redirect agents do not sit in the
...
... forwarding path, they do not alter any AVPs transiting between
client and server. Redirect agents do not originate messages and
are capable of handling any message type ...
... entity requesting or using some resource, in support of which
a Diameter client has generated a request.
...
... accounting. In addition, they MUST fully support each Diameter
application that is needed to implement the client's service, e.g.,
NASREQ ...
... NASREQ and/or Mobile IPv4. A Diameter Client that does not support
both NASREQ and Mobile IPv4 ...
... Mobile IPv4, MUST be referred to as "Diameter X
Client" where X is the application which it supports, and not a
"Diameter Client ...
... set to indicate an error occurred. The specific behavior of the
Diameter server or client receiving a request depends on the Diameter
application employed.
...
... servers MUST support both. Future versions of this specification MAY
mandate that clients support SCTP.
...
...
+--------+ +-------+ +--------+
| Client | | Relay | | Server |
+--------+ +-------+ +--------+
<----------> <---------->
...
... In the example provided in Figure 1, peer connection A is established
between the Client and its local Relay. Peer connection B is
established between the Relay and the Server. User session ...
... established between the Relay and the Server. User session X spans
from the Client via the Relay to the Server. Each "user" of a
service causes an auth request to be sent, with a unique session
identifier ...
... service causes an auth request to be sent, with a unique session
identifier. Once accepted by the server, both the client and the
server are aware of the session. It is important to note that there
...
... error
message MUST be sent within the accounting request; a Diameter client
receiving an authorization ...
... Diameter peer discovery may be performed.
The first is when a Diameter client needs to discover a first-hop
Diameter agent ...
... service value. As per RFC 2915(-> 3404prop | 3403prop | 3402prop | 3401) [NAPTR], the client
discards any records whose services ...
... service whose value is not "D2X", for values of X
that indicate transport protocols supported by the client.
The NAPTR processing as described in RFC 2915(-> 3404prop | 3403prop | 3402prop | 3401) ...
... discovery of the most preferred transport protocol of the
server that is supported by the client, as well as an SRV
record for the server.
...
... DNS records to contain replacement
values in a different domain, and the client could not validate
that this was the desired behavior, or the result of an attack ...
... agent with the T flag set. On booting
a Diameter client or agent, the T flag is also set on any records
still remaining to be transmitted in non-volatile storage ...
... - Server initiated messages that MUST be received by a specific
Diameter client (e.g., access device), such as the Abort-Session-
Request message ...
... network,
the Diameter client issues an auth request to its local server. The
auth request is defined in a service specific Diameter application ...
... Session-Id AVP is a means
for the client and servers to correlate a Diameter message with a
user session ...
... AVP (or its absence). One
describes the session from a client perspective, the other from a
server perspective. The second two state machines are used when the
...
... state. Here again, one describes
the session from a client perspective, the other from a server
perspective.
...
... State
-------------------------------------------------------------
Idle Client or Device Requests Send Pending
access service
...
... authorization answer received
Open User or client device Send Open
requests access to service service ...
... ASR Received, Send ASA Discon
client will comply with with
request to end the session Result-Code
...
... ASR Received, Send ASA Open
client will not comply with with
request to end the session Result-Code
...
...
The following state machine is observed by a client when state is not
maintained on the server:
...
... State
-------------------------------------------------------------
Idle Client or Device Requests Send Pending
access service
...
... services.
The first state machine is to be observed by clients.
See Section 9.7 for Accounting ...
... accounting connectivity problems are required to cause the serviced
user to be disconnected. Otherwise, records produced by the client
may be lost by the server ...
... state table, the event 'Failure to send' means that the
Diameter client is unable to communicate with the desired
destination. This could be due to the peer being down, or due to the
...
...
The event 'Failed answer' means that the Diameter client received a
non-transient failure notification in the Accounting ...
... State
-------------------------------------------------------------
Idle Client or device requests Send PendingS
access accounting
...
... Session-Id is delimited by a ";" character, and MAY be any sequence
that the client can guarantee to be eternally unique; however, the
following format is recommended, (square brackets [] indicate an
optional element ...
... Diameter application initiating the
session, which in most cases is done by the client. Note that a
Session-Id MAY be used for both the authorization ...
... lifetime that it is willing to accept. However, the server MAY
return a value that is equal to, or smaller, than the one provided by
the client.
...
... state is maintained for a particular session. The
client MAY include this AVP in requests as a hint to the server, but
...
... AVP Code 285) is of type Enumerated and
is included in application-specific auth answers to inform the client
of the action expected upon expiration of the Authorization-Lifetime.
...
...
This AVP MAY be provided by the client as a hint of the maximum
timeout that it is willing to accept. However, the server MAY return
...
... hint of the maximum
timeout that it is willing to accept. However, the server MAY return
a value that is equal to, or smaller, than the one provided by the
client.
...
... present, this AVP MAY inform the Diameter client that all future
application-specific re-auth messages for this session ...
... delivery problem, the Diameter
client SHOULD issue a subsequent message without the Destination-Host
AVP ...
... AVPs that require more than
4096 bytes of storage on the Diameter client. A Diameter client that
...
... AVPs to
control the operation of the Diameter peer operating as a client.
The Acct-Interim-Interval AVP ...
... Acct-Interim-Interval AVP, when present, instructs the Diameter
node acting as a client to produce accounting records continuously
even during a session ...
... Accounting-Realtime-Required AVP is used to
control the behavior of the client when the transfer of accounting
records from the Diameter ...
...
Diameter peers acting as clients MUST implement the use of failover
to guard against server failures and certain network failures.
...
...
Diameter clients MAY have non-volatile memory for the safe storage of
accounting records over reboots or extended network ...
... partitions, and server failures. If such memory is available, the
client SHOULD store new accounting records there as soon as the
records are created ...
... reception from the Diameter Server has been received. Upon a reboot,
the client MUST starting sending the records in the non-volatile
memory to the accounting ...
... accounting records may at most be stored in the Diameter
client without committing them to the non-volatile memory or
transferring them to the Diameter server.
...
... memory areas before the correct Accounting-Answer has been received.
The client MAY remove oldest, undelivered or yet unacknowledged
accounting ...
... accounting data if it runs out of resources such as memory. It is an
implementation dependent matter for the client to accept new sessions
under this condition.
...
... AVP MUST be present if it is available to the Diameter
client. If strong authentication across agents is required, end-to-
...
... accounting to be
enabled, the Diameter client MUST produce additional records between
the START_RECORD and STOP_RECORD, marked INTERIM_RECORD. The
...
... session. The
Diameter client MUST overwrite any previous interim accounting
records that are locally stored for delivery ...
... one sequence of accounting records from a DIAMETER client, except for
the purposes of retransmission. The one sequence that is sent MUST
...
... bit set, is sent by a
Diameter node, acting as a client, in order to exchange accounting
information with a peer.
...
... authorization server to the Diameter
client. The client uses information in this AVP to decide how and
...
... Diameter
client. The client uses information in this AVP to decide how and
when to produce accounting ...
... Diameter node that originates the accounting information, known as
the client, MUST produce the first INTERIM_RECORD record roughly
at the time when this nominal interval has elapsed from the
START ...
... produced.
The client MUST ensure that the interim record production times
are randomized so that large accounting message storms are not
...
... Accounting-Answer from the accounting
server. The client uses information in this AVP to decide what to do
if the sending of accounting ...
... process of selecting an appropriate server to communicate with. A
Diameter client can request specific Diameter servers based on
characteristics of the Diameter ...
... Security Considerations:
Diameter clients and servers use various cryptographic mechanisms
to protect communication integrity ...
...
As an example, consider a client that wishes to resolve aaa:ex.com.
The client performs a NAPTR ...
... As an example, consider a client that wishes to resolve aaa:ex.com.
The client performs a NAPTR query for that domain ...
... SCTP, and TCP, in that order.
If the client supports over SCTP, SCTP will be used, targeted to a
...
... thresholds need to be kept low
and this may lead to an increased likelihood of duplicates.
Failover can occur at the client or within Diameter agents.
...
... and deletion of the record. record to be sent. This will result
in retransmission of the record soon after the client or agent has
rebooted.
...
... It is defined only for request messages sent by Diameter clients or
agents. For instance, after a reboot, a client ...
... clients or
agents. For instance, after a reboot, a client may not know whether
it has already tried to send the accounting records in its non-
...
... where no answer has been received from the Server for a request and
the request is sent again, (e.g., due to a failover to an alternate
peer, due to a recovered primary peer or due to a client re-sending a
stored record from non-volatile memory such as after reboot of a
client ...
... client re-sending a
stored record from non-volatile memory such as after reboot of a
client or agent).
...
... non-volatile storage can be reliably detected
by Diameter clients or agents. In such cases the Diameter client ...
... clients or agents. In such cases the Diameter client or
agents can mark the message as possible duplicate by setting the T
...
... interoperability, and may not be needed by some servers, generation
of the T flag is REQUIRED for Diameter clients and agents, but MAY be
implemented by Diameter ...