1 - 2 - 3 - 6 - 7 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W
session
Click on the red underlined text to get to the source
... mechanism, use is only required during Extensible Authentication
Protocol (EAP) sessions. While attribute-hiding is supported,
[RADIUS] does not provide support for per-packet ...
... DNS, Diameter
enables dynamic discovery of peers. Derivation of dynamic session
keys is enabled via transmission-level security.
...
... - Basic services necessary for applications, such as handling of
user sessions or accounting
...
... An accounting record represents a summary of the resource
consumption of a user over the entire session. Accounting servers
creating the accounting ...
... hop-by-hop security does not protect the entire Diameter user
session. End-to-end security is security between two Diameter
nodes ...
... An interim accounting message provides a snapshot of usage during
a user's session. It is typically implemented in order to provide
for partial accounting of a user's session ...
... session. It is typically implemented in order to provide
for partial accounting of a user's session in the case of a device
reboot or other network problem prevents the reception of a
...
... reboot or other network problem prevents the reception of a
session summary message or session record.
...
... network problem prevents the reception of a
session summary message or session record.
Local Realm
...
... home realm for others.
Multi-session
A multi-session represents a logical linking of several sessions ...
... Multi-session
A multi-session represents a logical linking of several sessions.
Multi-sessions ...
... session
A multi-session represents a logical linking of several sessions.
Multi-sessions are tracked by using the Acct-Multi-Session-Id ...
... session represents a logical linking of several sessions.
Multi-sessions are tracked by using the Acct-Multi-Session-Id. An
example of a multi-session ...
... sessions.
Multi-sessions are tracked by using the Acct-Multi-Session-Id. An
example of a multi-session would be a Multi-link ...
... sessions are tracked by using the Acct-Multi-Session-Id. An
example of a multi-session would be a Multi-link PPP bundle. Each
...
... link PPP bundle. Each
leg of the bundle would be a session while the entire bundle would
be a multi-session.
...
... leg of the bundle would be a session while the entire bundle would
be a multi-session.
Network Access Identifier ...
... Session
A session is a related progression of events devoted to a
particular activity. Each application SHOULD provide guidelines
as to when a session ...
... session is a related progression of events devoted to a
particular activity. Each application SHOULD provide guidelines
as to when a session begins and ends. All Diameter packets with
the same Session ...
... session begins and ends. All Diameter packets with
the same Session-Identifier are considered to be part of the same
session ...
... state
A stateful agent is one that maintains session state information,
by keeping track of all authorized active ...
... state information,
by keeping track of all authorized active sessions. Each
authorized session is bound to a particular service ...
... service (e.g., QoS or data
characteristics) provided to a given session. These services may
happen concurrently (e.g., simultaneous voice ...
... voice and data transfer
during the same session) or serially. These changes in sessions
are tracked with the Accounting-Sub-Session-Id ...
... data transfer
during the same session) or serially. These changes in sessions
are tracked with the Accounting-Sub-Session-Id.
...
... session) or serially. These changes in sessions
are tracked with the Accounting-Sub-Session-Id.
Transaction ...
... Diameter application. One AVP
that is included to reference a user's session is the Session-Id.
...
... AVP
that is included to reference a user's session is the Session-Id.
The initial request for authentication ...
... authentication and/or authorization of a user
would include the Session-Id. The Session-Id is then used in all
subsequent messages to identify the user's session ...
... authorization of a user
would include the Session-Id. The Session-Id is then used in all
subsequent messages to identify the user's session (see Section 8 for
...
... Session-Id. The Session-Id is then used in all
subsequent messages to identify the user's session (see Section 8 for
more information). The communicating party may accept the request,
or reject it by returning an answer message ...
... Diameter
application employed.
Session state (associated with a Session-Id) MUST be freed upon
...
... Session state (associated with a Session-Id) MUST be freed upon
receipt of the Session-Termination-Request, Session ...
... state (associated with a Session-Id) MUST be freed upon
receipt of the Session-Termination-Request, Session-Termination-
Answer, expiration of authorized service ...
... Session-Id) MUST be freed upon
receipt of the Session-Termination-Request, Session-Termination-
Answer, expiration of authorized service time in the Session-Timeout ...
... Session-Termination-
Answer, expiration of authorized service time in the Session-Timeout
AVP, and according to rules established in a particular Diameter
application ...
... Connections vs. Sessions ...
... This section attempts to provide the reader with an understanding of
the difference between connection and session, which are terms used
extensively throughout this document.
...
... connection between two peers, used
to send and receive Diameter messages. A session is a logical
concept at the application layer, and is shared between an access
...
... concept at the application layer, and is shared between an access
device and a server, and is identified via the Session-Id AVP
...
... Figure 1: Diameter connections and sessions
In the example provided in Figure 1, peer connection ...
... Client and its local Relay. Peer connection B is
established between the Relay and the Server. User session X spans
from the Client via the Relay to the Server. Each "user" of a
...
... Client via the Relay to the Server. Each "user" of a
service causes an auth request to be sent, with a unique session
identifier. Once accepted by the server, both the client and the
...
... by the server, both the client and the
server are aware of the session. It is important to note that there
is no relationship between a connection and a session ...
... session. It is important to note that there
is no relationship between a connection and a session, and that
Diameter messages for multiple sessions ...
... session, and that
Diameter messages for multiple sessions are all multiplexed through a
single connection.
...
...
A stateful agent is one that maintains session state information; by
keeping track of all authorized active ...
... state information; by
keeping track of all authorized active sessions. Each authorized
session is bound to a particular service ...
... active sessions. Each authorized
session is bound to a particular service, and its state is considered
...
... active either until it is notified otherwise, or by expiration. Each
authorized session has an expiration, which is communicated by
Diameter servers via the Session-Timeout ...
... session has an expiration, which is communicated by
Diameter servers via the Session-Timeout AVP.
...
... removing routing
information, but do not modify any other portion of a message.
Relays SHOULD NOT maintain session state but MUST maintain
transaction ...
... agents do not receive answer messages, they cannot maintain session
state. Further, since redirect agents ...
... Given that the Diameter protocol introduces the concept of long-lived
authorized sessions, translation agents MUST be session stateful and
...
... authorized sessions, translation agents MUST be session stateful and
MUST maintain transaction state ...
... connection, each connection as
well as the entire session MUST also be authorized. Before
initiating a connection, a Diameter ...
... Diameter applications are supported by each peer. Diameter sessions
MUST be routed only through authorized nodes that have advertised
...
... nodes that have advertised
support for the Diameter application required by the session.
As noted in Section 6.1.8, a relay or proxy ...
... accounting request
message corresponds to a Diameter response authorizing the session.
Accounting requests without corresponding authorization ...
... receiving a Diameter response
authorizing a session, MUST check the Route-Record AVPs to make sure
...
... step, forwarding of an authorization response is considered evidence
of a willingness to take on financial risk relative to the session.
A local realm may wish to limit this exposure, for example, by
establishing credit limits for intermediate realms and refusing to
...
... Command-Name Abbrev. Code Reference
--------------------------------------------------------
Abort-Session-Request ASR 274 8.5.1
Abort-Session-Answer ...
... and answer is also normally provided.
An example is a message set used to terminate a session. The command
name is Session-Terminate-Request and Session ...
... An example is a message set used to terminate a session. The command
name is Session-Terminate-Request and Session-Terminate-Answer, while
the acronyms ...
... session. The command
name is Session-Terminate-Request and Session-Terminate-Answer, while
the acronyms are STR ...
... Diameter header set to one (1), to ask that a particular action be
performed, such as authorizing a user or terminating a session. Once
the receiver has completed the request it issues the corresponding
...
...
An access device that is unable to interpret or apply a deny rule
MUST terminate the session. An access device that is unable to
interpret or apply a permit rule MAY apply a more restrictive
rule. An access device MAY apply deny rules of its own before the
...
... effort. An access device that is unable to interpret or apply a
QoS rule SHOULD NOT terminate the session.
QoSFilterRule filters ...
... Origin-Host = "example.com".
One or more Session-Ids must follow. Here there are two:
Session-Id ...
... Session-Ids must follow. Here there are two:
Session-Id =
"grump.example.com:33041;23432;893;0AF3B81"
...
... "grump.example.com:33041;23432;893;0AF3B81"
Session-Id =
"grump.example.com:33054;23561;2358;0AF3B82"
...
... 16 | 'e' | 'x' | 'a' | 'm' | 'p' | 'l' | 'e' | '.' |
+-------+-------+-------+-------+-------+-------+-------+-------+
24 | 'c' | 'o' | 'm' |Padding| Session-Id AVP Header |
...
... 64 | 'A' | 'F' | '3' | 'B' | '8' | '1' |Padding|Padding|
+-------+-------+-------+-------+-------+-------+-------+-------+
72 | Session-Id AVP Header (AVP Code ...
... Realtime-Required | | | | | |
Acct- 50 9.8.5 UTF8String | M | P | | V | Y |
Multi-Session-Id | | | | | |
Accounting- 485 9.8.3 Unsigned32 ...
... Accounting- 44 9.8.4 OctetString| M | P | | V | Y |
Session-Id | | | | | |
Accounting- 287 9.8.6 Unsigned64 ...
... Accounting- 287 9.8.6 Unsigned64 | M | P | | V | Y |
Sub-Session-Id | | | | | |
Acct- 259 6.9 Unsigned32 | M | P | | V | N |
...
... Unsigned32 | M | P | | V | N |
Period | | | | | |
Auth-Session- 277 8.11 Enumerated | M | P | | V | N |
State | | | | | |
...
... Route-Record 282 6.7.1 DiamIdent | M | | | P,V | N |
Session-Id 263 8.8 UTF8String | M | P | | V | Y |
Session-Timeout 27 8.13 Unsigned32 ...
... Session-Id 263 8.8 UTF8String | M | P | | V | Y |
Session-Timeout 27 8.13 Unsigned32 | M | P | | V | N |
Session ...
... Session-Timeout 27 8.13 Unsigned32 | M | P | | V | N |
Session-Binding 270 8.17 Unsigned32 | M | P | | V | Y |
...
... Binding 270 8.17 Unsigned32 | M | P | | V | Y |
Session-Server- 271 8.18 Enumerated | M | P | | V | Y |
Failover | | | | | |
Supported- 265 5.3.6 Unsigned32 ...
... Diameter message that uses a security mechanism that makes use
of a pre-established session key shared between the source and the
final destination of the message.
...
... Diameter client (e.g., access device), such as the Abort-Session-
Request message, which is used to request that a particular user's
...
... Request message, which is used to request that a particular user's
session be terminated.
Note that an agent ...
... failure.
- If the Session-Id is present in the request, it MUST be included
in the answer.
...
... default value.
ALL_SESSION 1
All messages within the same session, as defined by the same value
...
... ALL_SESSION 1
All messages within the same session, as defined by the same value
of the Session-ID AVP ...
... All messages within the same session, as defined by the same value
of the Session-ID AVP MAY be sent to the host specified in the
...
... Diameter application
(e.g., NASREQ). The request contains a Session-Id AVP, which is used
in subsequent messages (e.g., subsequent authorization ...
... authorization, accounting,
etc) relating to the user's session. The Session-Id AVP is a means
...
... accounting,
etc) relating to the user's session. The Session-Id AVP is a means
for the client and servers ...
... client and servers to correlate a Diameter message with a
user session.
When a Diameter server ...
... the server will release all state information related to the user's
session. Note that if payment for services is expected by the
...
... Auth-Grace-Period AVP, implies the maximum
length of the session the home realm is willing to be fiscally
responsible for. Services ...
... An access device that does not expect to send a re-authorization or a
session termination request to the server MAY include the Auth-
Session-State ...
... session termination request to the server MAY include the Auth-
Session-State AVP with the value set to NO ...
... to the server. If the server accepts the hint, it agrees that since
no session termination message will be received once service to the
user is terminated, it cannot maintain state ...
... service to the
user is terminated, it cannot maintain state for the session. If the
answer message from the server contains a different value in the
...
... answer message from the server contains a different value in the
Auth-Session-State AVP (or the default value if the AVP ...
... Diameter application document. However, the base
protocol does define a set of messages that is used to terminate user
sessions. These are used to allow servers that maintain state
information to free resources.
...
... Diameter protocol, even in combination with an application, the
Session-Id is still used to identify user sessions. However, the
session termination ...
... Diameter protocol, even in combination with an application, the
Session-Id is still used to identify user sessions. However, the
session termination messages are not used, since a session ...
... Session-Id is still used to identify user sessions. However, the
session termination messages are not used, since a session is
signaled as being terminated by issuing an accounting ...
... sessions. However, the
session termination messages are not used, since a session is
signaled as being terminated by issuing an accounting stop message.
...
... finite state machines, representing
the life cycle of Diameter sessions, and which MUST be observed by
all Diameter implementations that make use of the authentication ...
... Diameter base protocol. The first two describe a
session in which the server is maintaining session state, indicated
...
... base protocol. The first two describe a
session in which the server is maintaining session state, indicated
by the value of the Auth-Session-State ...
... session state, indicated
by the value of the Auth-Session-State AVP (or its absence). One
describes the session ...
... Auth-Session-State AVP (or its absence). One
describes the session from a client perspective, the other from a
server perspective. The second two state machines ...
... server perspective. The second two state machines are used when the
server does not maintain session state. Here again, one describes
the session ...
... session state. Here again, one describes
the session from a client perspective, the other from a server
perspective.
...
... perspective.
When a session is moved to the Idle state, any resources that were
allocated for the particular session ...
... session is moved to the Idle state, any resources that were
allocated for the particular session must be released. Any event not
listed in the state machines MUST be considered as an error
condition ...
... authorization answer Access
received with default
Auth-Session-State value
Pending Successful Service-specific ...
... received.
Open Session-Timeout Expires on Send STR Discon
Access Device
...
... client will not comply with with
request to end the session Result-Code
!= SUCCESS
...
... state machine is observed by a server when it is
maintaining state for the session:
SERVER, STATEFUL
...
... received
Open Session-Timeout Expires on Discon. Idle
Access Device user/device
...
... state machine is observed by a server when it is not
maintaining state for the session:
SERVER, STATELESS ...
... state machine that MAY be followed by applications that require
keeping track of the session state at the accounting server. Note
...
... state machine in this section. The state machine is supervised by a
supervision session timer Ts, which the value should be reasonably
higher than the Acct_Interim_Interval value. Ts MAY be set to two
...
... times the value of the Acct_Interim_Interval so as to avoid the
accounting session in the Diameter server to change to Idle state in
...
... Note that the action 'Disconnect user/dev' MUST have an effect also
to the authorization session state table, e.g., cause the STR message
...
... services, the Diameter server that
originally authorized a session may need some confirmation that the
user is still using the services.
...
...
An access device that receives a RAR message with Session-Id equal to
a currently active session ...
... Session-Id equal to
a currently active session MUST initiate a re-auth towards the user,
if the service supports this particular feature. Each Diameter
application ...
... and the message flags' 'R' bit set, may be sent by any server to the
access device that is providing session service, to request that the
user be re-authenticated ...
... Session Termination ...
...
It is necessary for a Diameter server that authorized a session, for
which it is maintaining state, to be notified when that session ...
... session, for
which it is maintaining state, to be notified when that session is no
longer active, both for tracking purposes as well as to allow
...
... stateful agents to release any resources that they may have provided
for the user's session. For sessions whose state is not being
...
... agents to release any resources that they may have provided
for the user's session. For sessions whose state is not being
maintained, this section is not used.
...
... maintained, this section is not used.
When a user session that required Diameter authorization terminates,
...
... authorization terminates,
the access device that provided the service MUST issue a Session-
Termination-Request (STR) message to the Diameter server ...
... Diameter server that
authorized the service, to notify it that the session is no longer
active. An STR ...
... active. An STR MUST be issued when a user session terminates for any
reason, including user logoff, expiration of Session-Timeout,
...
... STR MUST be issued when a user session terminates for any
reason, including user logoff, expiration of Session-Timeout,
administrative action, termination upon receipt of an Abort-Session-
...
... reason, including user logoff, expiration of Session-Timeout,
administrative action, termination upon receipt of an Abort-Session-
Request (see below), orderly shutdown of the access device, etc.
...
...
The access device also MUST issue an STR for a session that was
authorized but never actually started. This could occur, for
example, due to a sudden resource shortage in the access device, or
...
... authorization, etc.
It is also possible that a session that was authorized is never
actually started due to action of a proxy. For example, a proxy ...
... authorization answer, converting the result from success to
failure, prior to forwarding the message to the access device. If
the answer did not contain an Auth-Session-State AVP with the value
...
... NO_STATE_MAINTAINED, a proxy that causes an authorized session not to
be started MUST issue an STR to the Diameter server ...
... STR to the Diameter server that authorized
the session, since the access device has no way of knowing that the
session had been authorized.
...
... the session, since the access device has no way of knowing that the
session had been authorized.
A Diameter server ...
... Diameter server that receives an STR message MUST clean up
resources (e.g., session state) associated with the Session-Id
...
... resources (e.g., session state) associated with the Session-Id
specified in the STR, and return a Session-Termination-Answer ...
...
A Diameter server also MUST clean up resources when the Session-
Timeout expires, or when the Authorization-Lifetime and the Auth-
...
... authorization
request, regardless of whether an STR for that session is received.
The access device is not expected to provide service beyond the
...
... Session-Termination-Request ...
... Diameter Server that an authenticated and/or
authorized session is being terminated.
Message Format ...
... Session-Termination-Answer ...
... Diameter Server to acknowledge the notification that the session has
been terminated. The Result-Code AVP ...
... STA, the Diameter Server MUST release
all resources for the session indicated by the Session-Id AVP. Any
...
... Diameter Server MUST release
all resources for the session indicated by the Session-Id AVP. Any
intermediate server in the Proxy ...
... Aborting a Session ...
... Diameter server may request that the access device stop providing
service for a particular session by issuing an Abort-Session-Request
(ASR ...
... For example, the Diameter server that originally authorized the
session may be required to cause that session to be stopped for
credit or other reasons that were not anticipated when the session ...
... Diameter server that originally authorized the
session may be required to cause that session to be stopped for
credit or other reasons that were not anticipated when the session
...
... session may be required to cause that session to be stopped for
credit or other reasons that were not anticipated when the session
was first authorized. On the other hand, an operator may maintain a
management ...
... session. Whether the access
device stops the session or not is implementation- and/or
configuration-dependent. For example, an access device may honor
ASRs from certain agents ...
... ASRs from certain agents only. In any case, the access device MUST
respond with an Abort-Session-Answer, including a Result-Code AVP to
...
... indicate what action it took.
Note that if the access device does stop the session upon receipt of
an ASR, it issues an STR ...
... not be the agent issuing the ASR) just as it would if the session
were terminated for any other reason.
...
... Abort-Session-Request ...
... 274 and the message flags' 'R' bit set, may be sent by any server to
the access device that is providing session service, to request that
the session ...
... service, to request that
the session identified by the Session-Id be stopped.
Message Format ...
... Abort-Session-Answer ...
... disposition of the request.
If the session identified by Session-Id in the ASR was successfully
...
... terminated, Result-Code is set to DIAMETER_SUCCESS. If the session
is not currently active, Result-Code ...
... Result-Code is set to
DIAMETER_UNKNOWN_SESSION_ID. If the access device does not stop the
session for any other reason, Result-Code ...
... DIAMETER_UNKNOWN_SESSION_ID. If the access device does not stop the
session for any other reason, Result-Code is set to
DIAMETER ...
... Inferring Session Termination from Origin-State-Id ...
... Origin-State-Id is used to allow rapid detection of terminated
sessions for which no STR would have been issued, due to
unanticipated shutdown of an access device.
...
... next-hop server to determine immediately upon connection
whether the device has lost its sessions since the last connection.
...
... issuer has lost state since the previous message
and that all sessions that were active under the lower Origin-State-
...
... Id have been terminated. The Diameter server MAY clean up all
session state associated with such lost sessions, and MAY also issues
...
... session state associated with such lost sessions, and MAY also issues
STRs for all such lost sessions that were authorized on upstream ...
... state associated with such lost sessions, and MAY also issues
STRs for all such lost sessions that were authorized on upstream
servers, to allow session ...
... sessions that were authorized on upstream
servers, to allow session state to be cleaned up globally.
...
... Session-Id AVP ...
... AVP (AVP Code 263) is of type UTF8String and is used
to identify a specific session (see Section 8). All messages
pertaining to a specific session MUST include only one Session-Id ...
... to identify a specific session (see Section 8). All messages
pertaining to a specific session MUST include only one Session-Id AVP
...
... session (see Section 8). All messages
pertaining to a specific session MUST include only one Session-Id AVP
and the same value MUST be used throughout the life of a session ...
... Session-Id AVP
and the same value MUST be used throughout the life of a session.
When present, the Session-Id SHOULD appear immediately following the
...
... and the same value MUST be used throughout the life of a session.
When present, the Session-Id SHOULD appear immediately following the
Diameter Header ...
... Header (see Section 3).
The Session-Id MUST be globally and eternally unique, as it is meant
to uniquely identify a user session without reference to any other
...
... The Session-Id MUST be globally and eternally unique, as it is meant
to uniquely identify a user session without reference to any other
information, and may be needed to correlate historical authentication
information with accounting ...
... information, and may be needed to correlate historical authentication
information with accounting information. The Session-Id includes a
mandatory portion and an implementation-defined portion; a
...
... identity encoded in the
DiameterIdentity type (see Section 4.4). The remainder of the
Session-Id is delimited by a ";" character, and MAY be any sequence
that the client can guarantee to be eternally unique; however, the
...
... 32 bits MAY be initialized to
zero. This will for practical purposes eliminate the possibility of
overlapping Session-Ids after a reboot, assuming the reboot process
takes longer than a second. Alternatively, an implementation MAY
keep track of the increasing value in non-volatile memory.
...
... accesspoint7.acme.com;1876543210;523;mobile@200.1.1.88
The Session-Id is created by the Diameter application initiating the
...
... created by the Diameter application initiating the
session, which in most cases is done by the client. Note that a
Session-Id ...
... session, which in most cases is done by the client. Note that a
Session-Id MAY be used for both the authorization and accounting
...
...
If both this AVP and the Session-Timeout AVP are present in a
message, the value of the latter MUST NOT be smaller than the
...
... Auth-Session-State AVP ...
... AVP Code 277) is of type Enumerated and
specifies whether state is maintained for a particular session. The
client MAY include this AVP ...
... STATE_MAINTAINED 0
This value is used to specify that session state is being
maintained, and the access device MUST issue a session termination ...
... session state is being
maintained, and the access device MUST issue a session termination
message when service to the user is terminated. This is the
...
... NO_STATE_MAINTAINED 1
This value is used to specify that no session termination messages
will be sent by the access device upon expiration of the
Authorization-Lifetime ...
... Session-Timeout AVP ...
... and contains the maximum number of seconds of service to be provided
to the user before termination of the session. When both the
Session-Timeout and the Authorization-Lifetime ...
... to the user before termination of the session. When both the
Session-Timeout and the Authorization-Lifetime AVPs are present in an
...
... of the latter.
A session that terminates on an access device due to the expiration
of the Session-Timeout MUST cause an STR ...
... A session that terminates on an access device due to the expiration
of the Session-Timeout MUST cause an STR to be issued, unless both
the access device and the home server ...
... the access device and the home server had previously agreed that no
session termination messages would be sent (see Section 8.9).
A Session-Timeout ...
... session termination messages would be sent (see Section 8.9).
A Session-Timeout AVP MAY be present in a re-authorization answer
message ...
...
A value of zero, or the absence of this AVP, means that this session
has an unlimited number of seconds before termination.
...
... AVP (AVP Code 295) is of type Enumerated, and
is used to indicate the reason why a session was terminated on the
access device. The following values are defined:
...
... DIAMETER_ADMINISTRATIVE 4
The user was not granted access, or was disconnected, due to
administrative reasons, such as the receipt of a Abort-Session-
Request message.
...
... DIAMETER_AUTH_EXPIRED 6
The user's access was terminated since its authorized session time
has expired.
...
... DIAMETER_SESSION_TIMEOUT 8
The user's session has timed out, and service has been terminated.
...
... Origin-State-Id in a
message, it allows other Diameter entities to infer that sessions
associated with a lower Origin-State-Id are no longer active ...
... client that all future
application-specific re-auth messages for this session MUST be sent
to the same authorization server. This AVP ...
... authorization server. This AVP MAY also specify that a
Session-Termination-Request message for this session MUST be sent to
the same authorizing server.
...
... AVP MAY also specify that a
Session-Termination-Request message for this session MUST be sent to
the same authorizing server.
...
... RE_AUTH 1
When set, future re-auth messages for this session MUST NOT
include the Destination-Host AVP ...