Introduction to Diameter

                The Diameter protocol was derived from the RADIUS protocol with a lot of improvements in different aspects, and is generally believed to be the next generation Authentication, Authorization, and Accounting (AAA) protocol. The Diameter protocol was widely used in the IMS architecture for IMS entities to exchange AAA-related information. Because the IMS system might be the next big thing in the telecom industry, we believe a clear understanding of the Diameter protocol is necessary for understanding the essence of the IMS architecture. This article offers an overview of Diameter and how it works. For developers interested in how AAA in IMS works, or who want to implement Diameter applications, this article is a good starting page.

With the emergence of new technologies and applications such as wireless networks and mobile IPs, the requirements for authentication and authorization have greatly increased, and access control mechanisms are more complex than ever. The existing RADIUS (Remote Authentication Dial-In User Service) protocol can be insufficient to cope with these new requirements; what's needed is a new protocol that is capable of fulfilling new access control features while keeping the flexibility for further extension. This is where the Diameter protocol comes into play.

Please note that this article provides an overview of Diameter and does not cover all the protocol details. If you want to go further and implement the Diameter base protocol, refer to RFC3588 in Resources for more details. So, because this article mainly addresses the base protocol, Diameter will refer to the Diameter Base Protocol.

AAA and Diameter

            Before immersing ourselves in protocol details, let's see what drives the requirement for AAA protocol. In the old days, people tried to dial into their Internet Service providers (ISPs) by providing their ID and password to an access server, which then authenticated the user before granting Internet access. In most cases, a user's credential information is not stored directly in the access server, but in a more secure location such as a Lightweight Directory Access Protocol (LDAP) server behind a boundary firewall. Therefore, a standardized protocol is required between the access server and the user information repository in order to exchange authentication-, authorization-, and accounting-related information.

                The RADIUS protocol was designed to provide a simple, but efficient, way to deliver such AAA capability. As with the evolution of network applications and protocols, new requirements and mechanisms are required to authenticate users. These requirements are summarized in RFC2989 (see Resources), which includes such topics as failover, security, and audit ability. Although there are some subsidiary protocols intended to extend the capability of the RADIUS protocol, a more extensible and general protocol was expected. The Diameter protocol was then derived from that of RADIUS, and designed to be a general framework for future AAA applications. The Diameter protocol is not a brand-new one for AAA, but rather, as its name implies, is an enhanced version of the RADIUS protocol. It includes numerous enhancements in all aspects, such as error handling and message delivery reliability. It extracts the essence of the AAA protocol from RADIUS and defines a set of messages that are general enough to be the core of the Diameter Base protocol. The various applications that require AAA functions can define their own extensions on top of the Diameter base protocol, and can benefit from the general capabilities provided by the Diameter base protocol. Figure 1 illustrates the relationship between the Diameter base protocol and various Diameter applications.