Internet Engineering Task Force (IETF) L. Morand, Ed.
Request for Comments: 7423 Orange Labs
BCP: 193 V. Fajardo
Category: Best Current Practice Fluke Networks
ISSN: 2070-1721 H. Tschofenig
November 2014
Internet Engineering Task Force (IETF) L. Morand, Ed.
Request for Comments: 7423 Orange Labs
BCP: 193 V. Fajardo
Category: Best Current Practice Fluke Networks
ISSN: 2070-1721 H. Tschofenig
November 2014
Diameter Applications Design Guidelines
直径应用设计指南
Abstract
摘要
The Diameter base protocol provides facilities for protocol extensibility enabling the definition of new Diameter applications or modification of existing applications. This document is a companion document to the Diameter base protocol that further explains and clarifies the rules to extend Diameter. Furthermore, this document provides guidelines to Diameter application designers reusing/ defining Diameter applications or creating generic Diameter extensions.
Diameter基本协议为协议扩展提供了便利,允许定义新的Diameter应用程序或修改现有应用程序。本文件是Diameter基础协议的配套文件,进一步解释和澄清了扩展Diameter的规则。此外,本文档还为Diameter应用程序设计者提供了重用/定义Diameter应用程序或创建通用Diameter扩展的指南。
Status of This Memo
关于下段备忘
This memo documents an Internet Best Current Practice.
本备忘录记录了互联网最佳实践。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关BCP的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7423.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7423.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Reusing Existing Diameter Applications . . . . . . . . . . . 6
4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 7
4.2. Deleting an Existing Command . . . . . . . . . . . . . . 8
4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 8
4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 8
4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 10
4.3.3. Changing the Flag Settings of AVP in Existing
Commands . . . . . . . . . . . . . . . . . . . . . . 11
4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 11
4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 11
4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 12
5. Defining New Diameter Applications . . . . . . . . . . . . . 12
5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 12
5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 12
5.3. Use of Application Id in a Message . . . . . . . . . . . 13
5.4. Application-Specific Session State Machines . . . . . . . 14
5.5. Session-Id AVP and Session Management . . . . . . . . . . 14
5.6. Use of Enumerated Type AVPs . . . . . . . . . . . . . . . 15
5.7. Application-Specific Message Routing . . . . . . . . . . 17
5.8. Translation Agents . . . . . . . . . . . . . . . . . . . 18
5.9. End-to-End Application Capabilities Exchange . . . . . . 18
5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 19
5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 21
6. Defining Generic Diameter Extensions . . . . . . . . . . . . 21
7. Guidelines for Registrations of Diameter Values . . . . . . . 23
8. Security Considerations . . . . . . . . . . . . . . . . . . . 25
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.1. Normative References . . . . . . . . . . . . . . . . . . 25
9.2. Informative References . . . . . . . . . . . . . . . . . 25
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Reusing Existing Diameter Applications . . . . . . . . . . . 6
4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 7
4.2. Deleting an Existing Command . . . . . . . . . . . . . . 8
4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 8
4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 8
4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 10
4.3.3. Changing the Flag Settings of AVP in Existing
Commands . . . . . . . . . . . . . . . . . . . . . . 11
4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 11
4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 11
4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 12
5. Defining New Diameter Applications . . . . . . . . . . . . . 12
5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 12
5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 12
5.3. Use of Application Id in a Message . . . . . . . . . . . 13
5.4. Application-Specific Session State Machines . . . . . . . 14
5.5. Session-Id AVP and Session Management . . . . . . . . . . 14
5.6. Use of Enumerated Type AVPs . . . . . . . . . . . . . . . 15
5.7. Application-Specific Message Routing . . . . . . . . . . 17
5.8. Translation Agents . . . . . . . . . . . . . . . . . . . 18
5.9. End-to-End Application Capabilities Exchange . . . . . . 18
5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 19
5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 21
6. Defining Generic Diameter Extensions . . . . . . . . . . . . 21
7. Guidelines for Registrations of Diameter Values . . . . . . . 23
8. Security Considerations . . . . . . . . . . . . . . . . . . . 25
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.1. Normative References . . . . . . . . . . . . . . . . . . 25
9.2. Informative References . . . . . . . . . . . . . . . . . 25
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29
The Diameter base protocol [RFC6733] is intended to provide an Authentication, Authorization, and Accounting (AAA) framework for applications such as network access or IP mobility in both local and roaming situations. This protocol provides the ability for Diameter peers to exchange messages carrying data in the form of Attribute-Value Pairs (AVPs).
Diameter基本协议[RFC6733]旨在为本地和漫游情况下的网络访问或IP移动等应用程序提供身份验证、授权和计费(AAA)框架。该协议使Diameter对等方能够交换以属性值对(AVP)形式承载数据的消息。
The Diameter base protocol provides facilities to extend Diameter (see Section 1.3 of [RFC6733]) to support new functionality. In the context of this document, extending Diameter means one of the following:
Diameter基本协议提供了扩展Diameter的设施(见[RFC6733]第1.3节)以支持新功能。在本文件的上下文中,延伸直径是指以下之一:
1. The addition of new functionality to an existing Diameter application without defining a new application.
1. 向现有Diameter应用程序添加新功能而不定义新应用程序。
2. The addition of new functionality to an existing Diameter application that requires the definition of a new application.
2. 向现有Diameter应用程序添加新功能,需要定义新应用程序。
3. The definition of an entirely new Diameter application to offer functionality not supported by existing applications.
3. 定义全新的Diameter应用程序,以提供现有应用程序不支持的功能。
4. The definition of a new generic functionality that can be reused across different applications.
4. 可在不同应用程序之间重用的新通用功能的定义。
All of these extensions are design decisions that can be carried out by any combination of reusing existing or defining new commands, AVPs, or AVP values. However, application designers do not have complete freedom when making their design. A number of rules have been defined in [RFC6733] that place constraints on when an extension requires the allocation of a new Diameter application identifier or a new command code value. The objective of this document is the following:
所有这些扩展都是设计决策,可以通过重用现有命令或定义新命令、AVP或AVP值的任意组合来执行。然而,应用程序设计者在进行设计时并没有完全的自由。[RFC6733]中定义了许多规则,这些规则对扩展需要分配新的Diameter应用程序标识符或新的命令代码值的时间进行了限制。本文件的目标如下:
o Clarify the Diameter extensibility rules as defined in the Diameter base protocol.
o 阐明Diameter基本协议中定义的Diameter扩展性规则。
o Discuss design choices and provide guidelines when defining new applications.
o 讨论设计选择,并在定义新应用程序时提供指导。
o Present trade-off choices.
o 提出权衡选择。
This document reuses the terminology defined in [RFC6733]. Additionally, the following terms and acronyms are used in this application:
本文件重复使用了[RFC6733]中定义的术语。此外,本应用程序中使用了以下术语和首字母缩略词:
Application: Extension of the Diameter base protocol [RFC6733] via the addition of new commands or AVPs. Each application is uniquely identified by an IANA-allocated application identifier value.
应用:通过添加新命令或AVP扩展Diameter基本协议[RFC6733]。每个应用程序都由IANA分配的应用程序标识符值唯一标识。
Command: Diameter request or answer carrying AVPs between Diameter endpoints. Each command is uniquely identified by an IANA-allocated Command Code value and is described by a Command Code Format (CCF) for an application.
命令:直径请求或应答,在直径端点之间携带AVP。每个命令由IANA分配的命令代码值唯一标识,并由应用程序的命令代码格式(CCF)描述。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
As designed, the Diameter base protocol [RFC6733] can be seen as a two-layer protocol. The lower layer is mainly responsible for managing connections between neighboring peers and for message routing. The upper layer is where the Diameter applications reside. This model is in line with a Diameter node having an application layer and a peer-to-peer delivery layer. The Diameter base protocol document defines the architecture and behavior of the message delivery layer and then provides the framework for designing Diameter applications on the application layer. This framework includes definitions of application sessions and accounting support (see Sections 8 and 9 of [RFC6733]). Accordingly, a Diameter node is seen in this document as a single instance of a Diameter message delivery layer and one or more Diameter applications using it.
按照设计,Diameter基本协议[RFC6733]可以看作是一个两层协议。下层主要负责管理相邻节点之间的连接和消息路由。上层是Diameter应用程序所在的位置。该模型与具有应用层和对等交付层的Diameter节点一致。Diameter基本协议文档定义了消息传递层的体系结构和行为,然后提供了在应用层上设计Diameter应用程序的框架。该框架包括应用程序会话和会计支持的定义(见[RFC6733]第8节和第9节)。因此,在本文档中,Diameter节点被视为Diameter消息传递层的单个实例以及使用它的一个或多个Diameter应用程序。
The Diameter base protocol is designed to be extensible and the principles are described in Section 1.3 of [RFC6733]. In summary, Diameter can be extended by the following:
Diameter base协议设计为可扩展,其原理在[RFC6733]的第1.3节中进行了描述。总之,直径可以通过以下方式扩展:
1. Defining new AVP values
1. 定义新的AVP值
2. Creating new AVPs
2. 创建新的AVP
3. Creating new commands
3. 创建新命令
4. Creating new applications
4. 创建新的应用程序
As a main guiding principle, application designers SHOULD comply with the following recommendation: "try to reuse as much as possible!". It will reduce the time to finalize specification writing, and it will lead to a smaller implementation effort as well as reduce the need for testing. In general, it is clever to avoid duplicate effort when possible.
作为一个主要的指导原则,应用程序设计者应该遵循以下建议:“尽可能多地重用!”。它将减少完成规范编写的时间,并将减少实现工作量,同时减少测试需求。一般来说,在可能的情况下避免重复工作是明智的。
However, reuse is not appropriate when the existing functionality does not fit the new requirement and/or the reuse leads to ambiguity.
然而,当现有功能不适合新需求和/或重用导致歧义时,重用是不合适的。
The impact on extending existing applications can be categorized into two groups:
对扩展现有应用程序的影响可分为两类:
Minor Extension: Enhancing the functional scope of an existing application by the addition of optional features to support it. Such enhancement has no backward-compatibility issue with the existing application.
次要扩展:通过添加可选功能来支持现有应用程序,从而增强其功能范围。这种增强与现有应用程序没有向后兼容性问题。
A typical example would be the definition of a new optional AVP for use in an existing command. Diameter implementations supporting the existing application but not the new AVP will simply ignore it, without consequences for the Diameter message handling, as described in [RFC6733]. The standardization effort will be fairly small.
一个典型的例子是在现有命令中定义一个新的可选AVP。支持现有应用程序但不支持新AVP的Diameter实现将简单地忽略它,不会对Diameter消息处理产生影响,如[RFC6733]中所述。标准化工作将相当小。
Major Extension: Enhancing an application that requires the definition of a new Diameter application. Such enhancement causes a backward-compatibility issue with existing implementations supporting the application.
主要扩展:增强需要定义新直径应用程序的应用程序。这种增强会导致与支持应用程序的现有实现的向后兼容性问题。
Typical examples would be the creation of a new command for providing functionality not supported by existing applications or the definition of a new AVP to be carried in an existing command with the M-bit set in the AVP flags (see Section 4.1 of [RFC6733] for definition of "M-bit"). For such an extension, a significant specification effort is required, and a careful approach is recommended.
典型示例包括创建新命令以提供现有应用程序不支持的功能,或在AVP标志中设置M位的现有命令中定义新AVP(有关“M位”的定义,请参见[RFC6733]第4.1节)。对于这种扩展,需要进行大量的规范工作,建议采用谨慎的方法。
An existing application may need to be enhanced to fulfill new requirements, and these modifications can be at the command level and/or at the AVP level. The following sections describe the possible modifications that can be performed on existing applications and their related impact.
现有应用程序可能需要增强以满足新的需求,这些修改可以在命令级别和/或AVP级别进行。以下各节描述了可对现有应用程序执行的可能修改及其相关影响。
Adding a new command to an existing application is considered to be a major extension and requires a new Diameter application to be defined, as stated in Section 1.3.4 of [RFC6733]. The need for a new application is because a Diameter node that is not upgraded to support the new command(s) within the (existing) application would reject any unknown command with the protocol error DIAMETER_COMMAND_UNSUPPORTED and cause the failure of the transaction. The new application ensures that Diameter nodes only receive commands within the context of applications they support.
如[RFC6733]第1.3.4节所述,向现有应用程序添加新命令被视为主要扩展,需要定义新的Diameter应用程序。需要新应用程序是因为未升级以支持(现有)应用程序中的新命令的Diameter节点将拒绝任何协议错误Diameter_command_不受支持的未知命令,并导致事务失败。新应用程序确保Diameter节点仅在其支持的应用程序上下文中接收命令。
Adding a new command means either defining a completely new command or importing the command's Command Code Format (CCF) syntax from another application whereby the new application inherits some or all of the functionality of the application from which the command came. In the former case, the decision to create a new application is straightforward, since this is typically a result of adding a new functionality that does not exist yet. For the latter, the decision to create a new application will depend on whether importing the command in a new application is more suitable than simply using the existing application as it is in conjunction with any other application.
添加一个新命令意味着定义一个全新的命令,或者从另一个应用程序导入命令的命令代码格式(CCF)语法,新应用程序由此继承该命令来源的应用程序的部分或全部功能。在前一种情况下,创建新应用程序的决定很简单,因为这通常是添加一个尚不存在的新功能的结果。对于后者,创建新应用程序的决定将取决于在新应用程序中导入命令是否比简单地使用现有应用程序更合适,因为它与任何其他应用程序结合使用。
An example considers the Diameter Extensible Authentication Protocol (EAP) application [RFC4072] and the Diameter Network Access Server application [RFC7155]. When network access authentication using EAP is required, the Diameter EAP commands (Diameter-EAP-Request/ Diameter-EAP-Answer) are used; otherwise, the Diameter Network Access Server application will be used. When the Diameter EAP application is used, the accounting exchanges defined in the Diameter Network Access Server may be used.
示例考虑Diameter可扩展身份验证协议(EAP)应用程序[RFC4072]和Diameter网络访问服务器应用程序[RFC7155]。当需要使用EAP进行网络访问身份验证时,使用Diameter EAP命令(Diameter EAP Request/Diameter EAP Answer);否则,将使用Diameter网络访问服务器应用程序。使用Diameter EAP应用程序时,可以使用Diameter网络访问服务器中定义的记帐交换。
However, in general, it is difficult to come to a hard guideline, and so a case-by-case study of each application requirement should be applied. Before adding or importing a command, application designers should consider the following:
然而,一般来说,很难得出一个硬性的指导方针,因此应该对每个应用程序需求进行个案研究。在添加或导入命令之前,应用程序设计器应考虑以下内容:
o Can the new functionality be fulfilled by creating a new command independent from any existing command? In this case, the resulting new application and the existing application can work independent of, but cooperating with, each other.
o 是否可以通过创建独立于任何现有命令的新命令来实现新功能?在这种情况下,生成的新应用程序和现有应用程序可以相互独立但相互协作地工作。
o Can the existing command be reused without major extensions and, therefore, without the need for the definition of a new application, e.g., new functionality introduced by the creation of new optional AVPs.
o 现有命令是否可以在没有主要扩展的情况下重用,因此不需要定义新的应用程序,例如,创建新的可选AVP引入的新功能。
It is important to note that importing commands too liberally could result in a monolithic and hard-to-manage application supporting too many different features.
需要注意的是,过于宽松地导入命令可能会导致一个单一的、难以管理的应用程序支持太多不同的功能。
Although this process is not typical, removing a command from an application requires a new Diameter application to be defined, and then it is considered as a major extension. This is due to the fact that the reception of the deleted command would systematically result in a protocol error (i.e., DIAMETER_COMMAND_UNSUPPORTED).
尽管此过程并不典型,但从应用程序中删除命令需要定义新的Diameter应用程序,然后将其视为主要扩展。这是因为接收已删除命令会系统性地导致协议错误(即DIAMETER_command_不受支持)。
It is unusual to delete an existing command from an application for the sake of deleting it or the functionality it represents. An exception might be if the intent of the deletion is to create a newer variance of the same application that is somehow simpler than the application initially specified.
从应用程序中删除现有命令以删除它或它所代表的功能是不常见的。如果删除的目的是为同一应用程序创建一个新的变体,而该变体在某种程度上比最初指定的应用程序更简单,则可能会出现例外情况。
This section discusses rules in adding and/or deleting AVPs from an existing command of an existing application. The cases described in this section may not necessarily result in the creation of new applications.
本节讨论从现有应用程序的现有命令中添加和/或删除AVP的规则。本节中描述的情况不一定会导致创建新的应用程序。
From a historical point of view, it is worth noting that there was a strong recommendation to reuse existing commands in [RFC3588] to prevent rapid depletion of code values available for vendor-specific commands. However, [RFC6733] has relaxed the allocation policy and enlarged the range of available code values for vendor-specific applications. Although reuse of existing commands is still RECOMMENDED, protocol designers can consider defining a new command when it provides a solution more suitable than the twisting of an existing command's use and applications.
从历史的角度来看,值得注意的是,[RFC3588]中强烈建议重用现有命令,以防止供应商特定命令可用的代码值迅速耗尽。然而,[RFC6733]放宽了分配政策,并扩大了供应商特定应用程序的可用代码值范围。虽然仍然建议重用现有命令,但是当它提供比现有命令的使用和应用扭曲更合适的解决方案时,协议设计者可以考虑定义新的命令。
Based on the rules in [RFC6733], AVPs that are added to an existing command can be categorized as either:
根据[RFC6733]中的规则,添加到现有命令中的AVP可分类为:
o Mandatory (to understand) AVPs. As defined in [RFC6733], these are AVPs with the M-bit flag set in this command, which means that the Diameter node receiving them is required to understand not only their values but also their semantics. Failure to do so will cause a message handling error: either an error message with the result-code set to DIAMETER_AVP_UNSUPPORTED if the AVP is not understood in a request or an application-specific error handling if the given AVP is in an answer.
o 强制(理解)AVP。如[RFC6733]中所定义,这些AVP在该命令中设置了M位标志,这意味着接收它们的Diameter节点不仅需要了解它们的值,还需要了解它们的语义。否则将导致消息处理错误:如果请求中未理解AVP,则返回结果代码设置为DIAMETER_AVP_的错误消息;如果给定AVP在应答中,则返回特定于应用程序的错误处理。
o Optional (to understand) AVPs. As defined in [RFC6733], these are AVPs with the M-bit flag cleared in this command. A Diameter node receiving these AVPs can simply ignore them if it does not support them.
o 可选(理解)AVPs。如[RFC6733]中所定义,这些是在该命令中清除M位标志的AVP。如果接收这些AVP的Diameter节点不支持这些AVP,则可以忽略它们。
It is important to note that the definitions given above are independent of whether these AVPs are required or optional in the command as specified by the command's CCF syntax [RFC6733].
需要注意的是,上面给出的定义与命令的CCF语法[RFC6733]指定的命令中这些AVP是必需的还是可选的无关。
NOTE: As stated in [RFC6733], the M-bit setting for a given AVP is relevant to an application and each command within that application that includes the AVP.
注:如[RFC6733]所述,给定AVP的M位设置与应用程序以及该应用程序中包含AVP的每个命令相关。
The rules are strict in the case where the AVPs to be added in an exiting command are mandatory to understand, i.e., they have the M-bit set. A mandatory AVP MUST NOT be added to an existing command without defining a new Diameter application, as stated in [RFC6733]. This falls into the "Major Extensions" category. Despite the clarity of the rule, ambiguity still arises when evaluating whether a new AVP being added should be mandatory to begin with. Application designers should consider the following questions when deciding about the M-bit for a new AVP:
如果要在退出命令中添加的AVP是必须理解的,即它们具有M位集,则规则是严格的。如[RFC6733]所述,在未定义新直径应用程序的情况下,不得将强制AVP添加到现有命令中。这属于“主要扩展”类别。尽管规则很明确,但在评估是否应强制添加新的AVP时,仍然会出现歧义。应用程序设计者在考虑新AVP的M位时应考虑以下问题:
o Would it be required for the receiving side to be able to process and understand the AVP and its content?
o 接收方是否需要能够处理和理解AVP及其内容?
o Would the new AVPs change the state machine of the application?
o 新的AVP会改变应用程序的状态机吗?
o Would the presence of the new AVP lead to a different number of round trips, effectively changing the state machine of the application?
o 新AVP的出现是否会导致不同数量的往返,从而有效地改变应用程序的状态机?
o Would the new AVP be used to differentiate between old and new variances of the same application whereby the two variances are not backward compatible?
o 新的AVP是否会用于区分同一应用程序的新旧差异,因为这两个差异不向后兼容?
o Would the new AVP have duality in meaning, i.e., be used to carry application-related information as well as to indicate that the message is for a new application?
o 新的AVP在意义上是否具有双重性,即用于承载应用程序相关信息以及指示消息是针对新应用程序的?
If the answer to at least one of the questions is "yes", then the M-bit MUST be set for the new AVP, and a new Diameter application MUST be defined. This list of questions is non-exhaustive, and other criteria MAY be taken into account in the decision process.
如果至少一个问题的答案为“是”,则必须为新AVP设置M位,并且必须定义新的直径应用。该问题清单并非详尽无遗,决策过程中可能会考虑其他标准。
If application designers are instead contemplating the use of optional AVPs, i.e., with the M-bit cleared, there are still pitfalls that will cause interoperability problems; therefore, they must be avoided. Some examples of these pitfalls are as follows:
如果应用程序设计者转而考虑使用可选的AVP,即在清除M位的情况下,仍然存在会导致互操作性问题的陷阱;因此,必须避免它们。这些陷阱的一些例子如下:
o Use of optional AVPs with intersecting meaning. One AVP has partially the same usage and meaning as another AVP. The presence of both can lead to confusion.
o 使用具有交叉含义的可选AVP。一个AVP与另一个AVP具有部分相同的用法和含义。两者的存在可能导致混淆。
o Optional AVPs with dual purpose, i.e., to carry application data as well as to indicate support for one or more features. This has a tendency to introduce interpretation issues.
o 具有双重用途的可选AVP,即携带应用程序数据以及指示支持一个或多个功能。这有一种倾向,即引入解释问题。
o Adding one or more optional AVPs and indicating (usually within descriptive text for the command) that at least one of them has to be understood by the receiver of the command. This would be equivalent to adding a mandatory AVP, i.e., an AVP with the M-bit set, to the command.
o 添加一个或多个可选AVP,并指示(通常在命令的描述性文本中)命令接收者必须理解其中至少一个AVP。这相当于向命令添加一个强制AVP,即设置了M位的AVP。
Application designers may want to reuse an existing command, but some of the AVPs present in the command's CCF syntax specification may be irrelevant for the functionality foreseen to be supported by this command. It may be then tempting to delete those AVPs from the command.
应用程序设计者可能希望重用现有命令,但该命令的CCF语法规范中存在的一些AVP可能与该命令预计支持的功能无关。然后可能会从命令中删除这些AVP。
The impacts of deleting an AVP from a command depends on its Command Code format specification and M-bit setting:
从命令中删除AVP的影响取决于其命令代码格式规范和M位设置:
o Case 1: Deleting an AVP that is indicated as a required AVP (noted as {AVP}) in the command's CCF syntax specification (regardless of the M-bit setting).
o 情况1:删除命令的CCF语法规范中指示为必需AVP(注为{AVP})的AVP(无论M位设置如何)。
In this case, a new Command Code, and subsequently a new Diameter application, MUST be specified.
在这种情况下,必须指定新的命令代码,然后指定新的直径应用程序。
o Case 2: Deleting an AVP, which has the M-bit set, and is indicated as an optional AVP (noted as [AVP] in the command CCF) in the command's CCF syntax specification.
o 情况2:删除AVP,该AVP具有M位集,并在命令的CCF语法规范中指示为可选AVP(在命令CCF中标记为[AVP])。
In this case, no new Command Code has to be specified, but the definition of a new Diameter application is REQUIRED.
在这种情况下,不必指定新的命令代码,但需要定义新的直径应用程序。
o Case 3: Deleting an AVP, which has the M-bit cleared, and is indicated as [AVP] in the command's CCF syntax specification.
o 情况3:删除一个AVP,该AVP清除了M位,并在命令的CCF语法规范中指示为[AVP]。
In this case, the AVP can be deleted without consequences.
在这种情况下,可以删除AVP而不产生任何后果。
Application designers SHOULD attempt to reuse the command's CCF syntax specification without modification and simply ignore (but not delete) any optional AVPs that will not be used. This is to maintain compatibility with existing applications that will not know about the new functionality as well as to maintain the integrity of existing dictionaries.
应用程序设计人员应该尝试重用命令的CCF语法规范,而不进行修改,并忽略(但不删除)任何不使用的可选AVP。这是为了保持与不了解新功能的现有应用程序的兼容性,以及保持现有词典的完整性。
Although unusual, implementors may want to change the setting of the AVP flags a given AVP used in a command.
虽然不常见,但实现者可能希望更改命令中使用的给定AVP的AVP标志设置。
Into an existing command, an AVP that was initially defined as a mandatory AVP to understand, i.e., an AVP with the M-bit flag set in the command MAY be safely turned to an optional AVP, i.e., with the M-bit cleared. Any node supporting the existing application will still understand the AVP, whatever the setting of the M-bit. On the contrary, an AVP initially defined as an optional AVP to understand, i.e., an AVP with the M-bit flag cleared in the command MUST NOT be changed into a mandatory AVP with the M-bit flag set without defining a new Diameter application. Setting the M-bit for an AVP that was defined as an optional AVP is equivalent to adding a new mandatory AVP to an existing command, and the rules given in Section 4.3.1 apply.
在现有命令中,最初定义为必须理解的AVP(即,在命令中设置了M位标志的AVP)可以安全地转换为可选AVP(即,清除M位)。无论M位的设置如何,支持现有应用程序的任何节点仍将理解AVP。相反,在没有定义新的直径应用的情况下,最初定义为可选AVP的AVP(即命令中清除了M位标志的AVP)不得更改为设置了M位标志的强制AVP。为定义为可选AVP的AVP设置M位相当于向现有命令添加新的强制AVP,第4.3.1节中给出的规则适用。
All other AVP flags (V-bit, P-bit, reserved bits) MUST remain unchanged.
所有其他AVP标志(V位、P位、保留位)必须保持不变。
This section discusses rules in reusing existing AVPs when reusing an existing command or defining a new command in a new application.
本节讨论在重用现有命令或在新应用程序中定义新命令时重用现有AVP的规则。
When reusing existing AVPs in a new application, application designers MUST specify the setting of the M-bit flag for a new Diameter application and, if necessary, for every command of the application that can carry these AVPs. In general, for AVPs defined outside of the Diameter base protocol, the characteristics of an AVP are tied to its role within a given application and the commands used in this application.
在新应用程序中重用现有AVP时,应用程序设计人员必须为新的Diameter应用程序指定M位标志的设置,如有必要,还必须为可携带这些AVP的应用程序的每个命令指定M位标志的设置。一般来说,对于Diameter base协议之外定义的AVP,AVP的特性与其在给定应用程序中的角色以及在此应用程序中使用的命令有关。
All other AVP flags (V-bit, P-bit, reserved bits) MUST remain unchanged.
所有其他AVP标志(V位、P位、保留位)必须保持不变。
When reusing an AVP of type Enumerated in a command for a new application, it is RECOMMENDED to avoid modifying the set of valid values defined for this AVP. Modifying the set of Enumerated values includes adding a value or deprecating the use of a value defined initially for the AVP. Modifying the set of values will impact the application defining this AVP and all the applications using this AVP, causing potential interoperability issues: a value used by a peer that will not be recognized by all the nodes between the client and the server will cause an error response with the Result-Code AVP set to DIAMETER_INVALID_AVP_VALUE. When the full range of values defined for this Enumerated AVP is not suitable for the new application, it is RECOMMENDED that a new AVP be defined to avoid backward-compatibility issues with existing implementations.
在为新应用程序重用命令中枚举的AVP类型时,建议避免修改为此AVP定义的有效值集。修改枚举值集包括添加值或禁止使用最初为AVP定义的值。修改值集将影响定义此AVP的应用程序和使用此AVP的所有应用程序,导致潜在的互操作性问题:客户端和服务器之间的所有节点都无法识别对等方使用的值将导致错误响应,结果代码AVP设置为DIAMETER\u INVALID\u AVP\u value。当为该枚举AVP定义的全部值不适用于新应用程序时,建议定义一个新的AVP,以避免与现有实现的向后兼容性问题。
This section discusses the case where new applications have requirements that cannot be fulfilled by existing applications and would require definition of completely new commands, AVPs, and/or AVP values. Typically, there is little ambiguity about the decision to create these types of applications. Some examples are the interfaces defined for the IP Multimedia Subsystem of 3GPP, e.g., Cx/Dx ([TS29.228] and [TS29.229]), Sh ([TS29.328] and [TS29.329]), etc.
本节讨论了新应用程序具有现有应用程序无法满足的需求,并且需要定义全新的命令、AVP和/或AVP值的情况。通常,关于创建这些类型的应用程序的决策几乎没有什么含糊不清的地方。一些示例是为3GPP的IP多媒体子系统定义的接口,例如Cx/Dx([TS29.228]和[TS29.229])、Sh([TS29.328]和[TS29.329])等。
Application designers SHOULD try to import existing AVPs and AVP values for any newly defined commands. In certain cases where accounting will be used, the models described in Section 5.10 SHOULD also be considered.
应用程序设计者应尝试为任何新定义的命令导入现有AVP和AVP值。在使用会计的某些情况下,还应考虑第5.10节中描述的模型。
Additional considerations are described in the following sections.
以下各节介绍了其他注意事项。
As a general recommendation, commands SHOULD NOT be defined from scratch. It is instead RECOMMENDED to reuse an existing command offering similar functionality and use it as a starting point. Code reuse leads to a smaller implementation effort as well as reduces the need for testing.
一般建议不要从头定义命令。相反,建议重用提供类似功能的现有命令,并将其用作起点。代码重用减少了实现工作量,并减少了测试需求。
Moreover, the new command's CCF syntax specification SHOULD be carefully defined when considering applicability and extensibility of the application. If most of the AVPs contained in the command are indicated as fixed or required, it might be difficult to reuse the same command and, therefore, the same application in a slightly
此外,在考虑应用程序的适用性和可扩展性时,应仔细定义新命令的CCF语法规范。如果命令中包含的大多数AVP被指示为固定的或必需的,则可能很难以较小的速度重用同一命令,从而重用同一应用程序
changed environment. Defining a command with most of the AVPs indicated as optional is considered as a good design choice in many cases, despite the flexibility it introduces in the protocol. Protocol designers MUST clearly state the reasons why these optional AVPs might or might not be present and properly define the corresponding behavior of the Diameter nodes when these AVPs are absent from the command.
改变了环境。尽管协议中引入了灵活性,但在许多情况下,将大多数AVP指示为可选的命令定义为良好的设计选择。协议设计者必须明确说明这些可选AVP可能存在或不存在的原因,并在命令中缺少这些AVP时正确定义Diameter节点的相应行为。
NOTE: As a hint for protocol designers, it is not sufficient to just look at the command's CCF syntax specification. It is also necessary to carefully read through the accompanying text in the specification.
注意:作为协议设计者的提示,仅仅查看命令的CCF语法规范是不够的。还需要仔细阅读规范中的随附文本。
In the same way, the CCF syntax specification SHOULD be defined such that it will be possible to add any arbitrary optional AVPs with the M-bit cleared (including vendor-specific AVPs) without modifying the application. For this purpose, "* [AVP]" SHOULD be added in the command's CCF, which allows the addition of any arbitrary number of optional AVPs as described in [RFC6733].
同样,CCF语法规范的定义应确保可以在不修改应用程序的情况下添加任意可选AVP,并清除M位(包括特定于供应商的AVP)。为此,应在命令的CCF中添加“*[AVP]”,这允许添加任意数量的可选AVP,如[RFC6733]中所述。
When designing new applications, application designers SHOULD specify that the Application Id carried in all session-level messages is the Application Id of the application using those messages. This includes the session-level messages defined in the Diameter base protocol, i.e., Re-Auth-Request (RAR) / Re-Auth-Answer (RAA), Session-Termination-Request (STR) / Session-Termination-Answer (STA), Abort-Session-Request (ASR) / Abort-Session-Answer (ASA), and possibly Accounting-Request (ACR) / Accounting Answer (ACA) in the coupled accounting model; see Section 5.10. Some existing specifications do not adhere to this rule for historical reasons. However, this guidance SHOULD be followed by new applications to avoid routing problems.
在设计新的应用程序时,应用程序设计者应指定所有会话级消息中包含的应用程序Id是使用这些消息的应用程序的应用程序Id。这包括Diameter基本协议中定义的会话级消息,即重新身份验证请求(RAR)/重新身份验证应答(RAA)、会话终止请求(STR)/会话终止应答(STA)、中止会话请求(ASR)/中止会话应答(ASA),以及可能的记帐请求(ACR)/记帐应答(ACA)在耦合会计模型中;见第5.10节。由于历史原因,一些现有规范不遵守此规则。但是,新应用程序应遵循此指南,以避免路由问题。
When a new application has been allocated with a new Application Id and it also reuses existing commands with or without modifications, the commands SHOULD use the newly allocated Application Id in the header and in all relevant Application-Id AVPs (Auth-Application-Id or Acct-Application-Id) present in the commands message body.
当为新应用程序分配了一个新的应用程序Id,并且该应用程序还重用了现有命令(无论有无修改),这些命令应在标头和命令消息体中存在的所有相关应用程序Id AVP(Auth application Id或Acct application Id)中使用新分配的应用程序Id。
Additionally, application designers using a vendor-specific Application-Id AVP SHOULD NOT use the Vendor-Id AVP to further dissect or differentiate the vendor-specification Application Id. Diameter routing is not based on the Vendor Id. As such, the Vendor Id SHOULD NOT be used as an additional input for routing or delivery of messages. The Vendor-Id AVP is an informational AVP only and kept for backward compatibility reasons.
此外,使用供应商特定应用程序Id AVP的应用程序设计师不应使用供应商Id AVP进一步剖析或区分供应商规范应用程序Id。直径路由不基于供应商Id。因此,供应商Id不应用作路由或消息传递的附加输入。供应商Id AVP仅为信息性AVP,出于向后兼容的原因而保留。
Section 8 of [RFC6733] provides session state machines for AAA services, and these session state machines are not intended to cover behavior outside of AAA. If a new application cannot clearly be categorized into any of these AAA services, it is RECOMMENDED that the application define its own session state machine. Support for a server-initiated request is a clear example where an application-specific session state machine would be needed, for example, the Rw interface for the ITU-T push model (cf. [Q.3303.3]).
[RFC6733]的第8节为AAA服务提供了会话状态机,这些会话状态机不打算涵盖AAA之外的行为。如果一个新的应用程序不能清楚地归类到这些AAA服务中,建议该应用程序定义自己的会话状态机。支持服务器发起的请求是一个明显的例子,其中需要特定于应用程序的会话状态机,例如,ITU-T推送模型的Rw接口(参见[Q.3303.3])。
Diameter applications are usually designed with the aim of managing user sessions (e.g., Diameter Network Access Server (NAS) application [RFC4005]) or a specific service access session (e.g., Diameter SIP application [RFC4740]). In the Diameter base protocol, session state is referenced using the Session-Id AVP. All Diameter messages that use the same Session-Id will be bound to the same session. Diameter-based session management also implies that both the Diameter client and server (and potentially proxy agents along the path) maintain session state information.
Diameter应用程序通常设计用于管理用户会话(例如Diameter网络访问服务器(NAS)应用程序[RFC4005])或特定服务访问会话(例如Diameter SIP应用程序[RFC4740])。在Diameter基本协议中,使用会话Id AVP引用会话状态。使用相同会话Id的所有Diameter消息都将绑定到同一会话。基于Diameter的会话管理还意味着Diameter客户端和服务器(以及路径上的潜在代理)都维护会话状态信息。
However, some applications may not need to rely on the Session-Id to identify and manage sessions because other information can be used instead to correlate Diameter messages. Indeed, the User-Name AVP or any other specific AVP can be present in every Diameter message and used, therefore, for message correlation. Some applications might not require the notion of the Diameter-session concept at all. For such applications, the Auth-Session-State AVP is usually set to NO_STATE_MAINTAINED in all Diameter messages, and these applications are, therefore, designed as a set of stand-alone transactions. Even if an explicit access session termination is required, application-specific commands are defined and used instead of the STR/STA or ASR/ ASA defined in the Diameter base protocol [RFC6733]. In such a case, the Session-Id is not significant.
但是,有些应用程序可能不需要依赖会话Id来识别和管理会话,因为可以使用其他信息来关联Diameter消息。实际上,用户名AVP或任何其他特定AVP可以出现在每个Diameter消息中,并因此用于消息关联。有些应用程序可能根本不需要Diameter会话概念。对于此类应用程序,通常将AUH会话状态AVP设置为在所有Diameter消息中维护的NO_状态,因此,这些应用程序被设计为一组独立事务。即使需要显式访问会话终止,也会定义和使用特定于应用程序的命令,而不是Diameter base协议[RFC6733]中定义的STR/STA或ASR/ASA。在这种情况下,会话Id不重要。
Based on these considerations, protocol designers should carefully appraise whether the Diameter application being defined relies on the session management specified in the Diameter base protocol:
基于这些考虑,协议设计者应仔细评估所定义的Diameter应用程序是否依赖Diameter基本协议中指定的会话管理:
o If it is, the Diameter command defined for the new application MUST include the Session-Id AVP defined in the Diameter base protocol [RFC6733], and the Session-Id AVP MUST be used for correlation of messages related to the same session. Guidance on the use of the Auth-Session-State AVP is given in the Diameter base protocol [RFC6733].
o 如果是,为新应用程序定义的Diameter命令必须包括Diameter基本协议[RFC6733]中定义的会话Id AVP,并且会话Id AVP必须用于与同一会话相关的消息的关联。Diameter基本协议[RFC6733]中给出了有关使用身份验证会话状态AVP的指导。
o Otherwise, because session management is not required or the application relies on its own session management mechanism, Diameter commands for the application need not include the Session-Id AVP. If any specific session management concept is supported by the application, the application documentation MUST clearly specify how the session is handled between the client and server (and possibly Diameter agents in the path). Moreover, because the application is not maintaining session state at the Diameter base protocol level, the Auth-Session-State AVP MUST be included in all Diameter commands for the application and MUST be set to NO_STATE_MAINTAINED.
o 否则,由于不需要会话管理,或者应用程序依赖于自己的会话管理机制,因此应用程序的Diameter命令不需要包括会话Id AVP。如果应用程序支持任何特定的会话管理概念,则应用程序文档必须明确指定如何在客户机和服务器(可能还有路径中的Diameter代理)之间处理会话。此外,由于应用程序未在Diameter基本协议级别维护会话状态,因此应用程序的所有Diameter命令中必须包含身份验证会话状态AVP,并且必须将其设置为NO_state_mainted。
The type Enumerated was initially defined to provide a list of valid values for an AVP with their respective interpretation described in the specification. For instance, AVPs of type Enumerated can be used to provide further information on the reason for the termination of a session or a specific action to perform upon the reception of the request.
枚举的类型最初定义为提供AVP的有效值列表,以及规范中描述的各自解释。例如,枚举类型的avp可用于提供关于会话终止原因或在接收到请求时执行的特定操作的进一步信息。
As described in Section 4.4.2 above, defining an AVP of type Enumerated presents some limitations in terms of extensibility and reusability. Indeed, the finite set of valid values defined in the definition of the AVP of type Enumerated cannot be modified in practice without causing backward-compatibility issues with existing implementations. As a consequence, AVPs of type Enumerated MUST NOT be extended by adding new values to support new capabilities. Diameter protocol designers SHOULD carefully consider before defining an Enumerated AVP whether the set of values will remain unchanged or new values may be required in the near future. If such an extension is foreseen or cannot be avoided, it is RECOMMENDED to define AVPs of type Unsigned32 or Unsigned64 in which the data field would contain an address space representing "values" that would have the same use of Enumerated values. Whereas only the initial values defined at the definition of the AVP of type Enumerated are valid as described in Section 4.4.2, any value from the address space from 0 to 2^32 - 1 for AVPs of type Unsigned32 or from 0 to 2^64 - 1 for AVPs of type Unsigned64 is valid at the Diameter base protocol level and will not cause interoperability issues for intermediary nodes between clients and servers. Only clients and servers will be able to process the values at the application layer.
如上文第4.4.2节所述,定义枚举类型的AVP在可扩展性和可重用性方面存在一些限制。实际上,枚举类型的AVP定义中定义的有限有效值集在实践中无法修改,而不会导致与现有实现的向后兼容性问题。因此,枚举类型的AVP不能通过添加新值来扩展以支持新功能。在定义一个枚举AVP之前,直径协议设计者应该仔细考虑是否该值集将保持不变或者在不久的将来可能需要新的值。如果可以预见或无法避免这种扩展,建议定义类型为Unsigned32或Unsigned64的AVP,其中数据字段将包含一个表示“值”的地址空间,该地址空间将具有与枚举值相同的用途。鉴于只有在枚举类型的AVP定义中定义的初始值有效,如第4.4.2节所述,对于Unsigned32类型的AVP,从0到2^32-1的地址空间中的任何值,或者对于Unsigned64类型的AVP,从0到2^64-1的地址空间中的任何值都在Diameter基本协议级别上有效,并且不会导致客户端和服务器之间的中间节点出现互操作性问题。只有客户端和服务器才能在应用层处理这些值。
For illustration, an AVP describing possible access networks would be defined as follows:
为了便于说明,描述可能接入网络的AVP将定义如下:
Access-Network-Type AVP (XXX) is of type Unsigned32 and contains a 32-bit address space representing types of access networks. This application defines the following classes of access networks, all identified by the thousands digit in the decimal notation:
访问网络类型AVP(XXX)的类型为Unsigned32,包含表示访问网络类型的32位地址空间。此应用程序定义了以下接入网络类别,所有类别均以十进制表示法中的千位数字标识:
o 1xxx (Mobile Access Networks)
o 1xx(移动接入网络)
o 2xxx (Fixed Access Networks)
o 2xxx(固定接入网络)
o 3xxx (Wireless Access Networks)
o 3xxx(无线接入网络)
Values that fall within the Mobile Access Networks category are used to inform a peer that a request has been sent for a user attached to a mobile access network. The following values are defined in this application:
属于移动接入网络类别的值用于通知对等方已为连接到移动接入网络的用户发送请求。此应用程序中定义了以下值:
1001: 3GPP-GERAN
1001:3GPP-GERAN
The user is attached to a Global System for Mobile Communications (GSM) Enhanced Data rates for GSM Evolution (EDGE) Radio Access Network.
用户连接到GSM演进(EDGE)无线接入网络的全球移动通信系统(GSM)增强数据速率。
1002: 3GPP-UTRAN-FDD
1002:3GPP-UTRAN-FDD
The user is attached to a Universal Mobile Telecommunications System (UMTS) access network that uses frequency-division duplexing for duplexing.
用户连接到使用频分双工进行双工的通用移动通信系统(UMTS)接入网络。
Unlike Enumerated AVP, any new value can be added in the address space defined by this Unsigned32 AVP without modifying the definition of the AVP. There is, therefore, no risk of backward-compatibility issues, especially when intermediate nodes may be present between Diameter endpoints.
与枚举AVP不同,可以在该无符号32 AVP定义的地址空间中添加任何新值,而无需修改AVP的定义。因此,不存在向后兼容性问题的风险,特别是当Diameter端点之间可能存在中间节点时。
Along the same line, AVPs of type Enumerated are too often used as a simple Boolean flag, indicating, for instance, a specific permission or capability; therefore, only three values are defined, e.g., TRUE/ FALSE, AUTHORIZED/UNAUTHORIZED, or SUPPORTED/UNSUPPORTED. This is a sub-optimal design since it limits the extensibility of the application: any new capability/permission would have to be supported by a new AVP or new Enumerated value of the already-defined AVP, with the backward-compatibility issues described above. Instead of using an Enumerated AVP for a Boolean flag, protocol designers SHOULD use AVPs of type Unsigned32 or Unsigned64 in which the data field would
同样,枚举类型的AVP经常被用作简单的布尔标志,例如,指示特定的权限或能力;因此,仅定义了三个值,例如,真/假、授权/未授权或支持/不支持。这是一种次优设计,因为它限制了应用程序的可扩展性:任何新功能/权限都必须由新的AVP或已定义AVP的新枚举值支持,并存在上述向后兼容性问题。协议设计者不应使用枚举AVP作为布尔标志,而应使用类型为Unsigned32或Unsigned64的AVP,其中的数据字段
be defined as a bit mask whose bit settings are described in the relevant Diameter application specification. Such AVPs can be reused and extended without major impact on the Diameter application. The bit mask SHOULD leave room for future additions. Examples of AVPs that use bit masks are the Session-Binding AVP defined in [RFC6733] and the MIP6-Feature-Vector AVP defined in [RFC5447].
定义为位掩码,其位设置在相关直径应用规范中描述。这样的AVP可以重用和扩展,而不会对Diameter应用产生重大影响。位掩码应该为将来的添加留出空间。使用位掩码的AVP示例包括[RFC6733]中定义的会话绑定AVP和[RFC5447]中定义的MIP6特征向量AVP。
As described in [RFC6733], a Diameter request that needs to be sent to a home server serving a specific realm, but not to a specific server (such as the first request of a series of round trips), will contain a Destination-Realm AVP and no Destination-Host AVP.
如[RFC6733]所述,需要发送到服务于特定领域的家庭服务器,但不发送到特定服务器的Diameter请求(例如一系列往返的第一个请求)将包含目标领域AVP,而不包含目标主机AVP。
For such a request, the message routing usually relies only on the Destination-Realm AVP and the Application Id present in the request message header. However, some applications may need to rely on the User-Name AVP or any other application-specific AVPs present in the request to determine the final destination of a request, e.g., to find the target AAA server hosting the authorization information for a given user when multiple AAA servers are addressable in the realm.
对于这样的请求,消息路由通常仅依赖于目标域AVP和请求消息头中存在的应用程序Id。然而,一些应用程序可能需要依赖用户名AVP或请求中存在的任何其他特定于应用程序的AVP来确定请求的最终目的地,例如,当域中的多个AAA服务器可寻址时,查找承载给定用户的授权信息的目标AAA服务器。
In such a context, basic routing mechanisms described in [RFC6733] are not fully suitable, and additional application-level routing mechanisms MUST be described in the application documentation to provide such specific AVP-based routing. Such functionality will be basically hosted by an application-specific proxy agent that will be responsible for routing decisions based on the received specific AVPs.
在这种情况下,[RFC6733]中描述的基本路由机制并不完全适用,必须在应用程序文档中描述附加的应用程序级路由机制,以提供这种基于AVP的特定路由。此类功能基本上由特定于应用程序的代理托管,该代理将负责根据收到的特定AVP进行路由决策。
Examples of such application-specific routing functions can be found in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP Multimedia Subsystem, in which the proxy agent (Subscriber Location Function, aka SLF) uses specific application-level identities found in the request to determine the final destination of the message.
此类特定于应用程序的路由功能的示例可在3GPP IP多媒体子系统的Cx/Dx应用程序([TS29.228]和[TS29.229])中找到,其中代理(订户定位功能,又称SLF)使用在请求中找到的特定应用程序级标识来确定消息的最终目的地。
Whatever the criteria used to establish the routing path of the request, the routing of the answer MUST follow the reverse path of the request, as described in [RFC6733], with the answer being sent to the source of the received request, using transaction states and hop-by-hop identifier matching. This ensures that the Diameter relay or proxy agents in the request routing path will be able to release the transaction state upon receipt of the corresponding answer, avoiding unnecessary failover. Moreover, especially in roaming cases, proxy agents in the path must be able to apply local policies when receiving the answer from the server during authentication/ authorization and/or accounting procedures and maintain up-to-date session state information by keeping track of all authorized active
无论用于建立请求路由路径的标准是什么,应答路由必须遵循[RFC6733]中所述的请求反向路径,并使用事务状态和逐跳标识符匹配将应答发送到所接收请求的源。这将确保请求路由路径中的Diameter中继或代理在收到相应的应答后能够释放事务状态,从而避免不必要的故障切换。此外,特别是在漫游情况下,路径中的代理必须能够在身份验证/授权和/或记帐过程中从服务器接收应答时应用本地策略,并通过跟踪所有授权的活动会话来维护最新的会话状态信息
sessions. Therefore, application designers MUST NOT modify the answer-routing principles described in [RFC6733] when defining a new application.
会议。因此,在定义新应用程序时,应用程序设计者不得修改[RFC6733]中描述的应答路由原则。
As defined in [RFC6733], a translation agent is a device that provides interworking between Diameter and another AAA protocol, such as RADIUS.
如[RFC6733]中所定义,翻译代理是一种在Diameter和其他AAA协议(如RADIUS)之间提供互通的设备。
In the case of RADIUS, it was initially thought that defining the translation function would be straightforward by adopting a few basic principles, e.g., by the use of a shared range of code values for RADIUS attributes and Diameter AVPs. Guidelines for implementing a RADIUS-Diameter translation agent were put into the Diameter NAS Application [RFC4005].
在RADIUS的情况下,最初认为通过采用一些基本原则(例如,通过使用RADIUS属性和Diameter AVP的共享代码值范围),定义转换函数将是简单的。Diameter NAS应用程序[RFC4005]中加入了实施RADIUS Diameter转换代理的指南。
However, it was acknowledged that such a translation mechanism was not so obvious and deeper protocol analysis was required to ensure efficient interworking between RADIUS and Diameter. Moreover, the interworking requirements depend on the functionalities provided by the Diameter application under specification, and a case-by-case analysis is required. As a consequence, all the material related to RADIUS-to-Diameter translation is removed from the new version of the Diameter NAS Application specification [RFC7155], which deprecates RFC 4005 [RFC4005].
然而,人们承认,这种转换机制并不明显,需要进行更深入的协议分析,以确保半径和直径之间的有效互通。此外,互通要求取决于规范下Diameter应用程序提供的功能,需要进行个案分析。因此,与半径到直径转换相关的所有材料都从新版的Diameter NAS应用规范[RFC7155]中删除,该规范反对RFC 4005[RFC4005]。
Therefore, protocol designers SHOULD NOT assume the availability of a "standard" Diameter-to-RADIUS gateway agent when planning to interoperate with the RADIUS infrastructure. They SHOULD specify the required translation mechanism along with the Diameter application, if needed. This recommendation applies for any kind of translation.
因此,协议设计者在计划与RADIUS基础设施进行互操作时,不应假定RADIUS网关代理具有“标准”直径。如果需要,他们应指定所需的平移机制以及直径应用。本建议适用于任何类型的翻译。
Diameter applications can rely on optional AVPs to exchange application-specific capabilities and features. These AVPs can be exchanged on an end-to-end basis at the application layer. Examples of this can be found with the MIP6-Feature-Vector AVP in [RFC5447] and the QoS-Capability AVP in [RFC5777].
Diameter应用程序可以依靠可选的AVP来交换特定于应用程序的功能。这些AVP可以在应用层进行端到端交换。可以在[RFC5447]中的MIP6特征向量AVP和[RFC5777]中的QoS能力AVP中找到这方面的示例。
End-to-end capabilities AVPs can be added as optional AVPs with the M-bit cleared to existing applications to announce support of new functionality. Receivers that do not understand these AVPs or the AVP values can simply ignore them, as stated in [RFC6733]. When supported, receivers of these AVPs can discover the additional functionality supported by the Diameter endpoint originating the request and behave accordingly when processing the request. Senders
端到端功能AVP可以作为可选AVP添加,M位清除到现有应用程序中,以宣布支持新功能。如[RFC6733]所述,不了解这些AVP或AVP值的接收器可以忽略它们。支持时,这些AVP的接收器可以发现发起请求的Diameter端点所支持的附加功能,并在处理请求时做出相应的行为。寄件人
of these AVPs can safely assume the receiving endpoint does not support any functionality carried by the AVP if it is not present in the corresponding response. This is useful in cases where deployment choices are offered, and the generic design can be made available for a number of applications.
如果AVP在相应的响应中不存在,这些AVP中的任何一个都可以安全地假定接收端点不支持AVP所携带的任何功能。这在提供部署选择的情况下非常有用,并且通用设计可用于许多应用程序。
When used in a new application, these end-to-end capabilities AVPs SHOULD be added as an optional AVP into the CCF of the commands used by the new application. Protocol designers SHOULD clearly specify this end-to-end capabilities exchange and the corresponding behavior of the Diameter nodes supporting the application.
在新应用程序中使用时,这些端到端功能AVP应作为可选AVP添加到新应用程序所用命令的CCF中。协议设计者应明确指定此端到端功能交换以及支持应用程序的Diameter节点的相应行为。
It is also important to note that this end-to-end capabilities exchange relying on the use of optional AVPs is not meant as a generic mechanism to support extensibility of Diameter applications with arbitrary functionality. When the added features drastically change the Diameter application or when Diameter agents must be upgraded to support the new features, a new application SHOULD be defined, as recommended in [RFC6733].
还需要注意的是,这种依赖于使用可选AVP的端到端功能交换并不意味着作为一种通用机制来支持具有任意功能的Diameter应用程序的可扩展性。当添加的功能大幅改变Diameter应用程序时,或者当Diameter代理程序必须升级以支持新功能时,应按照[RFC6733]中的建议定义新的应用程序。
Accounting can be treated as an auxiliary application that is used in support of other applications. In most cases, accounting support is required when defining new applications. This document provides two possible models for using accounting:
会计可以被视为辅助应用程序,用于支持其他应用程序。在大多数情况下,定义新应用程序时需要会计支持。本文件提供了两种使用会计的可能模式:
Split Accounting Model:
拆分会计模式:
In this model, the accounting messages will use the Diameter base accounting Application Id (value of 3). The design implication for this is that the accounting is treated as an independent application, especially for Diameter routing. This means that accounting commands emanating from an application may be routed separately from the rest of the other application messages. This may also imply that the messages end up in a central accounting server. A split accounting model is a good design choice when:
在此模型中,记帐消息将使用Diameter基础记帐应用程序Id(值3)。其设计含义是,会计被视为一个独立的应用程序,尤其是直径布线。这意味着从应用程序发出的记帐命令可以与其他应用程序消息分开路由。这也可能意味着消息最终会出现在中央记帐服务器中。在以下情况下,拆分会计模型是一个很好的设计选择:
* The application itself does not define its own accounting commands.
* 应用程序本身不定义自己的记帐命令。
* The overall system architecture permits the use of centralized accounting for one or more Diameter applications.
* 整个系统架构允许对一个或多个Diameter应用程序使用集中计费。
Centralizing accounting may have advantages, but there are also drawbacks. The model assumes that the accounting server can differentiate received accounting messages. Since the received accounting messages can be for any application and/or service, the
集中核算可能有好处,但也有缺点。该模型假设记帐服务器可以区分收到的记帐消息。由于收到的记帐消息可用于任何应用程序和/或服务,因此
accounting server MUST have a method to match accounting messages with applications and/or services being accounted for. This may mean defining new AVPs; checking the presence, absence, or contents of existing AVPs; or checking the contents of the accounting record itself. One of these means could be to insert into the request sent to the accounting server an Auth-Application-Id AVP containing the identifier of the application for which the accounting request is sent. But in general, there is no clean and generic scheme for sorting these messages. Therefore, this model SHOULD NOT be used when all received accounting messages cannot be clearly identified and sorted. For most cases, the use of the Coupled Accounting Model is RECOMMENDED.
记帐服务器必须具有将记帐消息与要记帐的应用程序和/或服务相匹配的方法。这可能意味着定义新的AVP;检查现有AVP的存在、缺失或内容;或者检查会计记录本身的内容。其中一种方法是在发送给记帐服务器的请求中插入一个Auth应用程序Id AVP,其中包含为其发送记帐请求的应用程序的标识符。但总的来说,没有一个干净的通用方案来对这些消息进行排序。因此,当无法清楚地识别和排序所有收到的会计信息时,不应使用此模型。对于大多数情况,建议使用耦合会计模型。
Coupled Accounting Model:
耦合会计模型:
In this model, the accounting messages will use the Application Id of the application using the accounting service. The design implication for this is that the accounting messages are tightly coupled with the application itself, meaning that accounting messages will be routed like the other application messages. It would then be the responsibility of the application server (application entity receiving the ACR message) to send the accounting records carried by the accounting messages to the proper accounting server. The application server is also responsible for formulating a proper response (ACA). A coupled accounting model is a good design choice when:
在此模型中,记帐消息将使用使用记帐服务的应用程序的应用程序Id。其设计含义是记帐消息与应用程序本身紧密耦合,这意味着记帐消息将像其他应用程序消息一样进行路由。然后,应用程序服务器(接收ACR消息的应用程序实体)负责将会计消息携带的会计记录发送到适当的会计服务器。应用服务器还负责制定适当的响应(ACA)。在以下情况下,耦合会计模型是一个很好的设计选择:
* The system architecture or deployment does not provide an accounting server that supports Diameter. Consequently, the application server MUST be provisioned to use a different protocol to access the accounting server, e.g., via the Lightweight Directory Access Protocol (LDAP), SOAP, etc. This case includes the support of older accounting systems that are not Diameter aware.
* 系统体系结构或部署未提供支持Diameter的记帐服务器。因此,应用服务器必须设置为使用不同的协议来访问记帐服务器,例如,通过轻量级目录访问协议(LDAP)、SOAP等。这种情况包括支持不支持Diameter的旧记帐系统。
* The system architecture or deployment requires that the accounting service for the specific application should be handled by the application itself.
* 系统架构或部署要求特定应用程序的记帐服务应由应用程序本身处理。
In all cases above, there will generally be no direct Diameter access to the accounting server.
在上述所有情况下,通常不会直接访问记帐服务器。
These models provide a basis for using accounting messages. Application designers may obviously deviate from these models provided that the factors being addressed here have also been taken
这些模型为使用记帐消息提供了基础。应用程序设计人员可能会明显偏离这些模型,前提是这里所讨论的因素也被考虑在内
into account. As a general recommendation, application designers SHOULD NOT define a new set of commands to carry application-specific accounting records.
考虑到。作为一般建议,应用程序设计者不应定义一组新的命令来携带特定于应用程序的会计记录。
As specified in [RFC6733], the Diameter message exchange SHOULD be secured between neighboring Diameter peers using Transport Layer Security (TLS) / TCP or Datagram Transport Layer Security (DTLS) / Stream Control Transmission Protocol (SCTP). However, IPsec MAY also be deployed to secure communication between Diameter peers. When IPsec is used instead of TLS or DTLS, the following recommendations apply.
如[RFC6733]所述,应使用传输层安全性(TLS)/TCP或数据报传输层安全性(DTLS)/流控制传输协议(SCTP)在相邻Diameter对等方之间保护Diameter消息交换。但是,也可以部署IPsec来保护Diameter对等方之间的通信。当使用IPsec代替TLS或DTL时,以下建议适用。
IPsec Encapsulating Security Payload (ESP) [RFC4301] in transport mode with non-null encryption and authentication algorithms MUST be used to provide per-packet authentication, integrity protection, and confidentiality and to support the replay protection mechanisms of IPsec. Internet Key Exchange Protocol Version 2 (IKEv2) [RFC7296] SHOULD be used for performing mutual authentication and for establishing and maintaining security associations (SAs).
必须使用具有非空加密和身份验证算法的传输模式下的IPsec封装安全有效负载(ESP)[RFC4301]来提供每包身份验证、完整性保护和机密性,并支持IPsec的重播保护机制。Internet密钥交换协议版本2(IKEv2)[RFC7296]应用于执行相互身份验证以及建立和维护安全关联(SA)。
Version 1 of IKE (IKEv1), defined in [RFC2409], was initially used for peer authentication, negotiation of security associations, and key management in RFC 3588 [RFC3588]. For easier migration from the obsoleted implementations based on IKEv1 to IKEv2, both RSA digital signatures and pre-shared keys SHOULD be supported in IKEv2. However, if IKEv1 is used, implementors SHOULD follow the guidelines given in Section 13.1 of RFC 3588 [RFC3588].
[RFC2409]中定义的IKE(IKEv1)版本1最初用于RFC 3588[RFC3588]中的对等身份验证、安全关联协商和密钥管理。为了更容易地从基于IKEv1的过时实现迁移到IKEv2,IKEv2中应同时支持RSA数字签名和预共享密钥。但是,如果使用IKEv1,实施者应遵循RFC 3588[RFC3588]第13.1节中给出的指南。
Generic Diameter extensions are AVPs, commands, or applications that are designed to support other Diameter applications. They are auxiliary applications meant to improve or enhance the Diameter protocol itself or Diameter applications/functionality. Some examples include the extensions to support realm-based redirection of Diameter requests (see [RFC7075]), conveying a specific set of priority parameters influencing the distribution of resources (see [RFC6735]), and the support for QoS AVPs (see [RFC5777]).
通用直径扩展是用于支持其他直径应用程序的AVP、命令或应用程序。它们是辅助应用程序,旨在改进或增强Diameter协议本身或Diameter应用程序/功能。一些示例包括支持基于领域的Diameter请求重定向的扩展(请参见[RFC7075])、传递影响资源分配的一组特定优先级参数(请参见[RFC6735])以及对QoS AVP的支持(请参见[RFC5777])。
Since generic extensions may cover many aspects of Diameter and Diameter applications, it is not possible to enumerate all scenarios. However, some of the most common considerations are as follows:
由于通用扩展可能涵盖Diameter和Diameter应用程序的许多方面,因此不可能枚举所有场景。然而,一些最常见的考虑如下:
Backward Compatibility:
向后兼容性:
When defining generic extensions designed to be supported by existing Diameter applications, protocol designers MUST consider the potential impacts of the introduction of the new extension on the behavior of the node that would not be yet upgraded to support/understand this new extension. Designers MUST also ensure that new extensions do not break expected message delivery layer behavior.
当定义由现有的直径应用程序支持的通用扩展时,协议设计者必须考虑引入新的扩展对节点的行为的潜在影响,而节点的行为还没有升级到支持/理解这个新的扩展。设计者还必须确保新的扩展不会破坏预期的消息传递层行为。
Forward Compatibility:
正向兼容性:
Protocol designers MUST ensure that their design will not introduce undue restrictions for future applications.
协议设计者必须确保他们的设计不会对未来的应用引入不适当的限制。
Trade-off in Signaling:
信号传递中的权衡:
Designers may have to choose between the use of optional AVPs piggybacked onto existing commands versus defining new commands and applications. Optional AVPs are simpler to implement and may not need changes to existing applications. However, this ties the sending of extension data to the application's transmission of a message. This has consequences if the application and the extensions have different timing requirements. The use of commands and applications solves this issue, but the trade-off is the additional complexity of defining and deploying a new application. It is left up to the designer to find a good balance among these trade-offs based on the requirements of the extension.
设计者可能必须在使用附加在现有命令上的可选AVP与定义新命令和应用程序之间做出选择。可选AVP更易于实现,可能不需要更改现有应用程序。但是,这将扩展数据的发送与应用程序的消息传输联系起来。如果应用程序和扩展具有不同的定时要求,则会产生后果。命令和应用程序的使用解决了这个问题,但权衡的是定义和部署新应用程序的额外复杂性。设计师需要根据扩展的需求在这些权衡中找到一个良好的平衡点。
In practice, generic extensions often use optional AVPs because they are simple and non-intrusive to the application that would carry them. Peers that do not support the generic extensions need not understand nor recognize these optional AVPs. However, it is RECOMMENDED that the authors of the extension specify the context or usage of the optional AVPs. As an example, in the case that the AVP can be used only by a specific set of applications, then the specification MUST enumerate these applications and the scenarios when the optional AVPs will be used. In the case where the optional AVPs can be carried by any application, it should be sufficient to specify such a use case and perhaps provide specific examples of applications using them.
在实践中,通用扩展通常使用可选的AVP,因为它们简单且对携带它们的应用程序无干扰。不支持通用扩展的对等方不需要理解或识别这些可选AVP。但是,建议扩展的作者指定可选AVP的上下文或用法。例如,如果AVP只能由一组特定的应用程序使用,则规范必须列举这些应用程序以及将使用可选AVP的场景。在任何应用程序都可以携带可选AVP的情况下,指定这样的用例并提供使用它们的应用程序的具体示例就足够了。
In most cases, these optional AVPs piggybacked by applications would be defined as a Grouped AVP, and it would encapsulate all the functionality of the generic extension. In practice, it is not uncommon that the Grouped AVP will encapsulate an existing AVP that has previously been defined as mandatory ('M'-bit set), e.g., 3GPP IP Multimedia Subsystems (IMS) Cx/Dx interfaces ([TS29.228] and [TS29.229]).
在大多数情况下,这些由应用程序搭载的可选AVP将被定义为一个分组AVP,它将封装通用扩展的所有功能。在实践中,分组AVP将封装先前被定义为强制性(“M’-位集”)的现有AVP,例如3GPP IP多媒体子系统(IMS)Cx/Dx接口([TS29.228]和[TS29.229]),这种情况并不少见。
As summarized in Section 3 of this document and further described in Section 1.3 of [RFC6733], there are four main ways to extend Diameter. The process for defining new functionality slightly varies based on the different extensions. This section provides protocol designers with some guidance regarding the definition of values for possible Diameter extensions and the necessary interaction with IANA to register the new functionality.
如本文件第3节所述以及[RFC6733]第1.3节所述,有四种主要的扩径方法。根据不同的扩展,定义新功能的过程略有不同。本节为协议设计人员提供了一些关于可能的直径扩展值的定义以及注册新功能所需的IANA交互的指导。
a. Defining New AVP Values
a. 定义新的AVP值
The specifications defining AVPs and AVP values MUST provide guidance for defining new values and the corresponding policy for adding these values. For example, RFC 5777 [RFC5777] defines the Treatment-Action AVP, which contains a list of valid values corresponding to predefined actions (drop, shape, mark, permit). This set of values can be extended following the Specification Required policy defined in [RFC5226]. As a second example, the Diameter base specification [RFC6733] defines the Result-Code AVP that contains a 32-bit address space used to identity possible errors. According to Section 11.3.2 of [RFC6733], new values can be assigned by IANA via an IETF Review process [RFC5226].
定义AVP和AVP值的规范必须提供定义新值的指南以及添加这些值的相应策略。例如,RFC 5777[RFC5777]定义了治疗动作AVP,其中包含与预定义动作(下降、形状、标记、允许)相对应的有效值列表。这组值可以按照[RFC5226]中定义的规范要求策略进行扩展。作为第二个示例,Diameter base规范[RFC6733]定义了结果代码AVP,该代码包含用于识别可能错误的32位地址空间。根据[RFC6733]第11.3.2节,IANA可通过IETF评审过程[RFC5226]分配新值。
b. Creating New AVPs
b. 创建新的AVP
Two different types of AVP Codes namespaces can be used to create a new AVP:
两种不同类型的AVP代码命名空间可用于创建新的AVP:
* IETF AVP Codes namespace.
* IETF AVP代码名称空间。
* Vendor-specific AVP Codes namespace.
* 供应商特定的AVP代码命名空间。
In the latter case, a vendor needs to be first assigned by IANA with a private enterprise number, which can be used within the Vendor-Id field of the vendor-specific AVP. This enterprise number delimits a private namespace in which the vendor is responsible for vendor-specific AVP code value assignment. The absence of a Vendor Id or a Vendor-Id value of zero (0) in the AVP header identifies standard AVPs from the IETF AVP Codes namespace
在后一种情况下,IANA首先需要为供应商分配一个私有企业编号,该编号可在供应商特定AVP的供应商Id字段中使用。此企业编号界定了一个私有名称空间,供应商在其中负责供应商特定的AVP代码值分配。AVP头中没有供应商Id或供应商Id值为零(0)表示IETF AVP代码命名空间中的标准AVP
managed by IANA. The allocation of code values from the IANA-managed namespace is conditioned by an Expert Review of the specification defining the AVPs or an IETF Review if a block of AVPs needs to be assigned. Moreover, the remaining bits of the AVP Flags field of the AVP header are also assigned via Standards Action if the creation of new AVP flags is desired.
由IANA管理。IANA托管名称空间中代码值的分配取决于定义AVP的规范的专家评审,或者如果需要分配AVP块,则取决于IETF评审。此外,如果需要创建新的AVP标志,则AVP报头的AVP标志字段的剩余位也通过标准动作分配。
c. Creating New Commands
c. 创建新命令
Unlike the AVP Codes namespace, the Command Code namespace is flat, but the range of values is subdivided into three chunks with distinct IANA registration policies:
与AVP代码命名空间不同,命令代码命名空间是平面的,但值的范围被细分为三个具有不同IANA注册策略的块:
* A range of standard Command Code values that are allocated via IETF Review;
* 通过IETF评审分配的一系列标准命令代码值;
* A range of vendor-specific Command Code values that are allocated on a first-come, first-served basis; and
* 按先到先得原则分配的一系列特定于供应商的命令代码值;和
* A range of values reserved only for experimental and testing purposes.
* 仅为实验和测试目的保留的一系列值。
As for AVP flags, the remaining bits of the Command Flags field of the Diameter header are also assigned via a Standards Action to create new Command flags if required.
对于AVP标志,直径标题的命令标志字段的剩余位也通过标准操作分配,以在需要时创建新的命令标志。
d. Creating New Applications
d. 创建新的应用程序
Similarly, to the Command Code namespace, the Application-Id namespace is flat but divided into two distinct ranges:
类似地,对于命令代码命名空间,应用程序Id命名空间是平面的,但分为两个不同的范围:
* A range of values reserved for standard Application Ids, allocated after Expert Review of the specification defining the standard application.
* 为标准应用程序ID保留的一系列值,在专家审查定义标准应用程序的规范后分配。
* A range for values for vendor-specific applications, allocated by IANA on a first-come, first-served basis.
* 供应商特定应用程序的值范围,由IANA按照先到先得的原则分配。
The IANA AAA parameters page can be found at <http://www.iana.org/assignments/aaa-parameters>, and the enterprise number IANA page is available at <http://www.iana.org/assignments/ enterprise-numbers>. More details on the policies followed by IANA for namespace management (e.g., first-come, first-served; Expert Review; IETF Review; etc.) can be found in [RFC5226].
IANA AAA参数页面可在以下位置找到:<http://www.iana.org/assignments/aaa-parameters>,企业编号IANA页面可在<http://www.iana.org/assignments/ 企业编号>。有关IANA遵循的命名空间管理政策(例如,先到先得;专家评审;IETF评审等)的更多详细信息,请参见[RFC5226]。
NOTE: When the same functionality/extension is used by more than one vendor, it is RECOMMENDED that a standard extension be defined. Moreover, a vendor-specific extension SHOULD be registered to avoid interoperability issues in the same network. With this aim, the registration policy of a vendor-specific extension has been simplified with the publication of [RFC6733], and the namespace reserved for vendor-specific extensions is large enough to avoid exhaustion.
注意:当同一功能/扩展由多个供应商使用时,建议定义标准扩展。此外,应注册特定于供应商的扩展,以避免在同一网络中出现互操作性问题。为此,供应商特定扩展的注册策略已随着[RFC6733]的发布而简化,并且为供应商特定扩展保留的名称空间足够大,以避免耗尽。
This document provides guidelines and considerations for extending Diameter and Diameter applications. Although such an extension may be related to a security functionality, the document does not explicitly give additional guidance on enhancing Diameter with respect to security. However, as a general guideline, it is recommended that any Diameter extension SHOULD NOT break the security concept given in [RFC6733]. In particular, it is reiterated here that any command defined or reused in a new Diameter application SHOULD be secured by using TLS [RFC5246] or DTLS/SCTP [RFC6083] and MUST NOT be used without one of the following: TLS, DTLS, or IPsec [RFC4301]. When defining a new Diameter extension, any possible impact of the existing security principles described in [RFC6733] MUST be carefully appraised and documented in the Diameter application specification.
本文件提供了扩展直径和直径应用的指南和注意事项。尽管这种扩展可能与安全功能有关,但本文档并未明确给出关于增强安全性的额外指导。但是,作为一般指南,建议任何直径扩展不得破坏[RFC6733]中给出的安全概念。特别是,这里重申,在新的Diameter应用程序中定义或重用的任何命令都应使用TLS[RFC5246]或DTLS/SCTP[RFC6083]进行保护,并且在没有以下任一项的情况下不得使用:TLS、DTLS或IPsec[RFC4301]。定义新的直径扩展时,必须仔细评估[RFC6733]中描述的现有安全原则的任何可能影响,并将其记录在直径应用规范中。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, "Diameter Base Protocol", RFC 6733, October 2012, <http://www.rfc-editor.org/info/rfc6733>.
[RFC6733]Fajardo,V.,Arkko,J.,Loughney,J.,和G.Zorn,“直径基准协议”,RFC 67332012年10月<http://www.rfc-editor.org/info/rfc6733>.
[Q.3303.3] International Telecommunications Union, "Resource control protocol No. 3: Protocols at the Rw interface between the policy decision physical entity (PD-PE) and a policy enforcement physical entity (PE-PE): Diameter profile version 3", ITU-T Recommendation Q.3303.3, August 2008.
[Q.3303.3]国际电信联盟,“第3号资源控制协议:决策物理实体(PD-PE)和政策执行物理实体(PE-PE)之间Rw接口的协议:直径配置文件版本3”,ITU-T建议Q.3303.3,2008年8月。
[RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998, <http://xml.resource.org/public/rfc/info/rfc2409>.
[RFC2409]Harkins,D.和D.Carrel,“互联网密钥交换(IKE)”,RFC 2409,1998年11月<http://xml.resource.org/public/rfc/info/rfc2409>.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003, <http://www.rfc-editor.org/info/rfc3588>.
[RFC3588]Calhoun,P.,Loughney,J.,Guttman,E.,Zorn,G.,和J.Arkko,“直径基础协议”,RFC 3588,2003年9月<http://www.rfc-editor.org/info/rfc3588>.
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005, <http://www.rfc-editor.org/info/rfc4005>.
[RFC4005]Calhoun,P.,Zorn,G.,Spence,D.,和D.Mitton,“Diameter网络访问服务器应用”,RFC 4005,2005年8月<http://www.rfc-editor.org/info/rfc4005>.
[RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005, <http://www.rfc-editor.org/info/rfc4072>.
[RFC4072]Eronen,P.,Hiller,T.,和G.Zorn,“直径可扩展认证协议(EAP)应用”,RFC 4072,2005年8月<http://www.rfc-editor.org/info/rfc4072>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005, <http://www.rfc-editor.org/info/rfc4301>.
[RFC4301]Kent,S.和K.Seo,“互联网协议的安全架构”,RFC 43012005年12月<http://www.rfc-editor.org/info/rfc4301>.
[RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., Canales-Valenzuela, C., and K. Tammi, "Diameter Session Initiation Protocol (SIP) Application", RFC 4740, November 2006, <http://www.rfc-editor.org/info/rfc4740>.
[RFC4740]Garcia Martin,M.,Belinchon,M.,Pallares Lopez,M.,Canales Valenzuela,C.,和K.Tammi,“Diameter会话启动协议(SIP)应用”,RFC 47402006年11月<http://www.rfc-editor.org/info/rfc4740>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008, <http://www.rfc-editor.org/info/rfc5246>.
[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月<http://www.rfc-editor.org/info/rfc5246>.
[RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., and K. Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction", RFC 5447, February 2009, <http://www.rfc-editor.org/info/rfc5447>.
[RFC5447]Korhonen,J.,Bournelle,J.,Tschofenig,H.,Perkins,C.,和K.Chowdhury,“Diameter移动IPv6:支持网络访问服务器到Diameter服务器的交互”,RFC 5447,2009年2月<http://www.rfc-editor.org/info/rfc5447>.
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., and A. Lior, "Traffic Classification and Quality of Service (QoS) Attributes for Diameter", RFC 5777, February 2010, <http://www.rfc-editor.org/info/rfc5777>.
[RFC5777]Korhonen,J.,Tschofenig,H.,Arumaithurai,M.,Jones,M.,和A.Lior,“直径的流量分类和服务质量(QoS)属性”,RFC 57772010年2月<http://www.rfc-editor.org/info/rfc5777>.
[RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)", RFC 6083, January 2011, <http://www.rfc-editor.org/info/rfc6083>.
[RFC6083]Tuexen,M.,Seggelmann,R.,和E.Rescorla,“流控制传输协议(SCTP)的数据报传输层安全性(DTLS)”,RFC 6083,2011年1月<http://www.rfc-editor.org/info/rfc6083>.
[RFC6735] Carlberg, K. and T. Taylor, "Diameter Priority Attribute-Value Pairs", RFC 6735, October 2012, <http://www.rfc-editor.org/info/rfc6735>.
[RFC6735]Carlberg,K.和T.Taylor,“直径优先级属性值对”,RFC 67352012年10月<http://www.rfc-editor.org/info/rfc6735>.
[RFC7075] Tsou, T., Hao, R., and T. Taylor, "Realm-Based Redirection In Diameter", RFC 7075, November 2013, <http://www.rfc-editor.org/info/rfc7075>.
[RFC7075]Tsou,T.,Hao,R.,和T.Taylor,“基于领域的直径重定向”,RFC 70752013年11月<http://www.rfc-editor.org/info/rfc7075>.
[RFC7155] Zorn, G., "Diameter Network Access Server Application", RFC 7155, April 2014, <http://www.rfc-editor.org/info/rfc7155>.
[RFC7155]Zorn,G.“Diameter网络访问服务器应用”,RFC 7155,2014年4月<http://www.rfc-editor.org/info/rfc7155>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, October 2014, <http://www.rfc-editor.org/info/rfc7296>.
[RFC7296]Kaufman,C.,Hoffman,P.,Nir,Y.,Eronen,P.,和T.Kivinen,“互联网密钥交换协议版本2(IKEv2)”,STD 79,RFC 72962014年10月<http://www.rfc-editor.org/info/rfc7296>.
[TS29.228] 3rd Generation Partnership Project, "Technical Specification Group Core Network and Terminals; IP Multimedia (IM) Subsystem Cx and Dx Interfaces; Signalling flows and message contents", 3GPP TS 29.228, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29228.htm>.
[TS29.228]第三代合作伙伴项目,“技术规范组核心网络和终端;IP多媒体(IM)子系统Cx和Dx接口;信令流和消息内容”,3GPP TS 29.228,2014年9月<http://www.3gpp.org/ftp/Specs/html-info/29228.htm>.
[TS29.229] 3rd Generation Partnership Project, "Technical Specification Group Core Network and Terminals; Cx and Dx interfaces based on the Diameter protocol; Protocol details", 3GPP TS 29.229, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29229.htm>.
[TS29.229]第三代合作伙伴项目,“技术规范组核心网络和终端;基于Diameter协议的Cx和Dx接口;协议详情”,3GPP TS 29.229,2014年9月<http://www.3gpp.org/ftp/Specs/html-info/29229.htm>.
[TS29.328] 3rd Generation Partnership Project, "Technical Specification Group Core Network and Terminals; IP Multimedia (IM) Subsystem Sh interface; Signalling flows and message contents", 3GPP TS 29.328, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29328.htm>.
[TS29.328]第三代合作伙伴项目,“技术规范组核心网络和终端;IP多媒体(IM)子系统Sh接口;信令流和消息内容”,3GPP TS 29.328,2014年9月<http://www.3gpp.org/ftp/Specs/html-info/29328.htm>.
[TS29.329] 3rd Generation Partnership Project, "Technical Specification Group Core Network and Terminals; Sh Interface based on the Diameter protocol; Protocol details", 3GPP TS 29.329, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29329.htm>.
[TS29.329]第三代合作伙伴项目,“技术规范组核心网络和终端;基于Diameter协议的Sh接口;协议细节”,3GPP TS 29.3292014年9月<http://www.3gpp.org/ftp/Specs/html-info/29329.htm>.
Contributors
贡献者
The content of this document was influenced by a design team created to revisit the Diameter extensibility rules. The team was formed in February 2008 and finished its work in June 2008. In addition to those individuals listed in the Authors' Addresses section, the design team members were:
本文档的内容受到设计团队的影响,该设计团队是为了重新审视直径扩展性规则而创建的。该小组于2008年2月成立,并于2008年6月完成工作。除了作者地址部分列出的个人外,设计团队成员还包括:
o Avi Lior
o 阿维利奥
o Glen Zorn
o 格伦·佐恩
o Jari Arkko
o 贾里·阿克科
o Jouni Korhonen
o 朱尼·科霍宁
o Mark Jones
o 马克·琼斯
o Tolga Asveren
o 托尔加·阿斯维伦
o Glenn McGregor
o 格伦·麦克格雷戈
o Dave Frascone
o 戴夫·弗拉斯科恩
We would like to thank Tolga Asveren, Glenn McGregor, and John Loughney for their contributions as coauthors to earlier versions of this document.
我们要感谢Tolga Asveren、Glenn McGregor和John Loughney作为本文件早期版本的合著者所作的贡献。
Acknowledgments
致谢
We greatly appreciate the insight provided by Diameter implementors who have highlighted the issues and concerns being addressed by this document. The authors would also like to thank Jean Mahoney, Ben Campbell, Sebastien Decugis, and Benoit Claise for their invaluable, detailed reviews and comments on this document.
我们非常感谢Diameter实施者提供的见解,他们强调了本文档所解决的问题和关注点。作者还要感谢Jean Mahoney、Ben Campbell、Sebastien Decugis和Benoit Claise对本文件的宝贵、详细的评论和评论。
Authors' Addresses
作者地址
Lionel Morand (editor) Orange Labs 38/40 rue du General Leclerc Issy-Les-Moulineaux Cedex 9 92794 France
莱昂内尔·莫兰德(编辑)橙色实验室法国莱克勒将军街38/40号莱克勒·伊西·勒·穆莱诺·塞德克斯9 92794
Phone: +33145296257
EMail: lionel.morand@orange.com
Phone: +33145296257
EMail: lionel.morand@orange.com
Victor Fajardo Fluke Networks
维克多·法哈多·福禄克网络公司
EMail: vf0213@gmail.com
EMail: vf0213@gmail.com
Hannes Tschofenig Hall in Tirol 6060 Austria
奥地利蒂罗尔的汉内斯·茨霍芬尼大厅6060
EMail: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at
EMail: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at