Internet Engineering Task Force (IETF)                        S. Donovan
Request for Comments: 7944                                        Oracle
Category: Standards Track                                    August 2016
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                        S. Donovan
Request for Comments: 7944                                        Oracle
Category: Standards Track                                    August 2016
ISSN: 2070-1721
        

Diameter Routing Message Priority

Diameter路由消息优先级

Abstract

摘要

When making routing and resource allocation decisions, Diameter nodes currently have no generic mechanism to determine the relative priority of Diameter messages. This document addresses this by defining a mechanism to allow Diameter endpoints to indicate the relative priority of Diameter transactions. With this information, Diameter nodes can factor that priority into routing, resource allocation, and overload abatement decisions.

在做出路由和资源分配决策时,Diameter节点目前没有通用机制来确定Diameter消息的相对优先级。本文档通过定义一种机制来解决这一问题,该机制允许Diameter端点指示Diameter事务的相对优先级。有了这些信息,Diameter节点可以将优先级考虑到路由、资源分配和过载减轻决策中。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7944.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7944.

Copyright Notice

版权公告

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Applicability . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology and Abbreviations . . . . . . . . . . . . . . . .   4
   3.  Conventions Used in This Document . . . . . . . . . . . . . .   4
   4.  Problem Statement . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . .   6
     5.1.  First-Responder-Related Signaling . . . . . . . . . . . .   6
     5.2.  Emergency-Call-Related Signaling  . . . . . . . . . . . .   6
     5.3.  Differentiated Services . . . . . . . . . . . . . . . . .   7
     5.4.  Application-Specific Priorities . . . . . . . . . . . . .   7
   6.  Theory of Operation . . . . . . . . . . . . . . . . . . . . .   8
   7.  Extensibility . . . . . . . . . . . . . . . . . . . . . . . .  10
   8.  Normative Behavior  . . . . . . . . . . . . . . . . . . . . .  10
   9.  Attribute Value Pairs . . . . . . . . . . . . . . . . . . . .  12
     9.1.  DRMP AVP  . . . . . . . . . . . . . . . . . . . . . . . .  12
     9.2.  Attribute Value Pair Flag Rules . . . . . . . . . . . . .  13
   10. Considerations When Defining Application Priorities . . . . .  14
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
     11.1.  AVP Codes  . . . . . . . . . . . . . . . . . . . . . . .  15
   12. Security Considerations . . . . . . . . . . . . . . . . . . .  15
     12.1.  Potential Threat Modes . . . . . . . . . . . . . . . . .  15
     12.2.  Denial-of-Service Attacks  . . . . . . . . . . . . . . .  16
     12.3.  End-to-End Security Issues . . . . . . . . . . . . . . .  16
   13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     13.1.  Normative References . . . . . . . . . . . . . . . . . .  17
     13.2.  Informative References . . . . . . . . . . . . . . . . .  17
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .  18
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  18
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Applicability . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology and Abbreviations . . . . . . . . . . . . . . . .   4
   3.  Conventions Used in This Document . . . . . . . . . . . . . .   4
   4.  Problem Statement . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . .   6
     5.1.  First-Responder-Related Signaling . . . . . . . . . . . .   6
     5.2.  Emergency-Call-Related Signaling  . . . . . . . . . . . .   6
     5.3.  Differentiated Services . . . . . . . . . . . . . . . . .   7
     5.4.  Application-Specific Priorities . . . . . . . . . . . . .   7
   6.  Theory of Operation . . . . . . . . . . . . . . . . . . . . .   8
   7.  Extensibility . . . . . . . . . . . . . . . . . . . . . . . .  10
   8.  Normative Behavior  . . . . . . . . . . . . . . . . . . . . .  10
   9.  Attribute Value Pairs . . . . . . . . . . . . . . . . . . . .  12
     9.1.  DRMP AVP  . . . . . . . . . . . . . . . . . . . . . . . .  12
     9.2.  Attribute Value Pair Flag Rules . . . . . . . . . . . . .  13
   10. Considerations When Defining Application Priorities . . . . .  14
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
     11.1.  AVP Codes  . . . . . . . . . . . . . . . . . . . . . . .  15
   12. Security Considerations . . . . . . . . . . . . . . . . . . .  15
     12.1.  Potential Threat Modes . . . . . . . . . . . . . . . . .  15
     12.2.  Denial-of-Service Attacks  . . . . . . . . . . . . . . .  16
     12.3.  End-to-End Security Issues . . . . . . . . . . . . . . .  16
   13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     13.1.  Normative References . . . . . . . . . . . . . . . . . .  17
     13.2.  Informative References . . . . . . . . . . . . . . . . .  17
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .  18
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  18
        
1. Introduction
1. 介绍

The Diameter Overload Indication Conveyance (DOIC) solution [RFC7683] for Diameter overload control introduces scenarios where Diameter routing decisions made by Diameter nodes can be influenced by the overload state of other Diameter nodes. This includes the scenarios where Diameter endpoints and Diameter Agents can throttle requests as a result of the target for the request being overloaded.

直径过载控制的直径过载指示传输(DOIC)解决方案[RFC7683]引入了由直径节点做出的直径路由决策可能受其他直径节点过载状态影响的场景。这包括Diameter端点和Diameter代理可以由于请求的目标过载而限制请求的场景。

With currently available mechanisms, these Diameter nodes do not have a mechanism to differentiate request message priorities when making these throttling decisions. As such, all requests are treated the same, meaning that all requests have the same probability of being throttled.

使用当前可用的机制,这些Diameter节点在做出这些限制决策时没有区分请求消息优先级的机制。因此,所有请求都被视为相同的,这意味着所有请求都具有相同的被阻止的概率。

There are scenarios where treating all requests the same can cause issues. For instance, it might be considered important to reduce the probability of transactions involving first responders being throttled during overload scenarios caused, for example, by a period of heavy signaling resulting from a natural disaster.

在某些情况下,对所有请求进行相同处理可能会导致问题。例如,可能认为重要的是降低涉及第一响应者的事务在过载情况下被限制的可能性,例如,由自然灾害导致的一段时间的重信号。

This document defines a mechanism that allows Diameter nodes to indicate the relative priority of Diameter transactions. With this information, other Diameter nodes can factor the relative priority of requests into routing and throttling decisions.

本文档定义了一种机制,允许Diameter节点指示Diameter事务的相对优先级。有了这些信息,其他Diameter节点可以将请求的相对优先级考虑到路由和限制决策中。

1.1. Applicability
1.1. 适用性

There are two primary considerations that must be addressed for the mechanism described in this document to work effectively. The first takes into consideration the fact that the Diameter base protocol defined in [RFC6733] is designed to transport multiple Diameter applications and that Diameter nodes can be implemented that support multiple applications. In order for the Diameter Routing Message Priority (DRMP) mechanism to work, the priorities defined for all messages across all applications used in a Diameter administrative domain must be defined in a consistent and coordinated fashion, taking the default priority into account. See Section 10 for a discussion of some of the considerations that need to be factored into the setting of DRMPs used by Diameter applications.

要使本文件所述机制有效运作,必须考虑两个主要因素。第一个考虑到[RFC6733]中定义的Diameter基本协议设计用于传输多个Diameter应用程序,并且可以实现支持多个应用程序的Diameter节点。为了使Diameter路由消息优先级(DRMP)机制发挥作用,必须以一致和协调的方式为Diameter管理域中使用的所有应用程序中的所有消息定义优先级,同时考虑默认优先级。有关直径应用所用DRMP设置中需要考虑的一些因素的讨论,请参见第10节。

Note that this consideration does not apply to Diameter networks where all Diameter nodes only support a single application.

请注意,此考虑不适用于所有Diameter节点仅支持单个应用程序的Diameter网络。

Without this cross application priority design taken into consideration, it is possible for messages for one application to gain unwarranted preferential treatment over messages for other applications.

如果不考虑这种跨应用程序优先级设计,则一个应用程序的消息可能会获得比其他应用程序的消息不必要的优惠待遇。

This mechanism also depends on all of the messages that carry the DRMP Attribute Value Pair (AVP) that are inserted into Diameter messages by trusted nodes within the Diameter administrative domain. As discussed in Section 12, misbehaving nodes have the ability to use the DRMP mechanism to gain unwarranted preferential treatment.

此机制还依赖于所有携带DRMP属性值对(AVP)的消息,DRMP属性值对由Diameter管理域内的受信任节点插入到Diameter消息中。如第12节所述,行为不端的节点有能力使用DRMP机制获得不必要的优惠待遇。

When messages cross Diameter administrative boundaries, care should be taken to either strip or modify the DRMP values in these messages. If the priority definitions vary between the two Diameter administrative domains, then it is possible for messages from a foreign domain to gain unwarranted preferential treatment.

当消息跨越直径管理边界时,应注意剥离或修改这些消息中的DRMP值。如果两个管理域之间的优先级定义不同,则来自外部域的消息可能会获得不必要的优惠待遇。

2. Terminology and Abbreviations
2. 术语和缩写

Diversion

改道

As defined in [RFC7683]. An overload abatement treatment where the reacting node selects alternate destinations or paths for requests.

如[RFC7683]中所定义。一种过载减轻处理,其中反应节点为请求选择备用目的地或路径。

DOIC

内政部

Diameter Overload Indication Conveyance.

直径过载指示输送。

DRMP

DRMP

Diameter Routing Message Priority.

Diameter路由消息优先级。

Overload Abatement

减轻超载

As defined in [RFC7683]. Reaction to receipt of an overload report resulting in a reduction in traffic sent to the reporting node. Abatement actions include diversion and throttling.

如[RFC7683]中所定义。对收到过载报告的反应,导致发送到报告节点的通信量减少。减排措施包括分流和节流。

Priority

优先事项

The relative importance of a Diameter message. A lower-priority value implies a higher relative importance of the message.

直径消息的相对重要性。较低的优先级值意味着消息的相对重要性较高。

Throttling

节流

As defined in [RFC7683]. An abatement treatment that limits the number of requests sent by the DOIC reacting node. Throttling can include a Diameter Client choosing to not send requests or a Diameter Agent or Server rejecting requests with appropriate error responses. In both cases, the result of the throttling is a permanent rejection of the transaction.

如[RFC7683]中所定义。限制DOIC响应节点发送的请求数量的一种消减处理。节流可以包括Diameter客户端选择不发送请求,或者Diameter代理或服务器拒绝具有适当错误响应的请求。在这两种情况下,节流的结果都是事务的永久拒绝。

3. Conventions Used in This Document
3. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

The interpretation from RFC 2119 does not apply for the above listed words when they are not used in all caps.

RFC 2119的解释不适用于未在所有CAP中使用的上述词语。

4. Problem Statement
4. 问题陈述

With the introduction of overload control mechanisms, Diameter nodes will be required to make decisions regarding which Diameter request messages should be throttled as a result of overloaded Diameter nodes.

随着过载控制机制的引入,Diameter节点将被要求决定哪些Diameter请求消息应该由于过载Diameter节点而被限制。

There is currently no generic mechanism to indicate which request messages should be given preferential treatment when these throttling decisions are made.

目前还没有通用的机制来指示在做出这些限制决定时应该优先处理哪些请求消息。

As a result, all messages are treated equally and, as such, have an equal probability of being throttled.

因此,所有消息都被平等地对待,因此,被限制的概率相等。

There are a number of scenarios where it is appropriate for an application to mark a request as being of a higher priority than other application requests. These are discussed in the next section.

在许多情况下,应用程序将请求标记为比其他应用程序请求具有更高优先级是合适的。这些将在下一节中讨论。

This document defines a mechanism for applications to indicate priority for individual transactions, reducing the probability of those transactions being throttled if there are other lower-priority transactions that are eligible for throttling treatment.

本文档为应用程序定义了一种机制,用于指示单个事务的优先级,从而在存在其他符合限制处理条件的低优先级事务时,降低这些事务被限制的可能性。

While the primary usage of DRMP-defined priorities is for input to throttling decisions related to Diameter overload control, it is also expected that the priority information could also be used for other routing-related functionality. This might include giving higher-priority transactions preferential treatment when selecting routes.

虽然DRMP定义优先级的主要用途是输入与直径过载控制相关的节流决策,但预计优先级信息也可用于其他路由相关功能。这可能包括在选择路线时给予更高优先级的交易优惠待遇。

It is also envisioned that DRMP information could be used by Diameter endpoints to make resource allocation decisions. For instance, a Diameter Server might choose to use the priority information to treat higher-priority requests ahead of lower-priority requests. It might also use the priority information as a reason to fail a request as a result of insufficient resources.

还可以设想,Diameter端点可以使用DRMP信息来做出资源分配决策。例如,Diameter服务器可能会选择使用优先级信息来处理优先级较高的请求,而不是优先级较低的请求。它还可能使用优先级信息作为由于资源不足而导致请求失败的原因。

Note: There are a number of application-specific definitions indicating various views of application-level priority for different requests. Using these application-specific priority AVPs as input to throttling and other Diameter routing decisions would require Diameter Agents to understand all applications and do application-specific parsing of all messages in order to determine the priority of individual messages. This is considered an unacceptable level of complexity to put on elements whose primary responsibility is to route Diameter messages.

注意:有许多特定于应用程序的定义,指示不同请求的应用程序级别优先级的各种视图。使用这些特定于应用程序的优先级AVP作为节流和其他Diameter路由决策的输入,需要Diameter代理了解所有应用程序,并对所有消息进行特定于应用程序的解析,以确定单个消息的优先级。对于主要负责路由消息的元素来说,这被认为是一个不可接受的复杂程度。

5. Use Cases
5. 用例

This section discusses various scenarios where Diameter transactions can benefit from the use of priority information.

本节讨论Diameter事务可以从使用优先级信息中获益的各种场景。

It is important to note that for priority information to be reliably usable, the Diameter nodes sending and consuming DRMP AVPs must have pre-established trust relationships of the sort described in Section 12.

需要注意的是,为了可靠地使用优先级信息,发送和使用DRMP avp的Diameter节点必须具有第12节中描述的预先建立的信任关系。

5.1. First-Responder-Related Signaling
5.1. 第一响应者相关信令

Natural disasters can result in a considerable increase in usage of network resources. This can be made worse if the disaster results in a loss of network capacity.

自然灾害会导致网络资源使用量的大幅增加。如果灾难导致网络容量损失,情况可能会更糟。

The combination of added load and reduced capacity can lead to Diameter nodes becoming overloaded and, as a result, the use of DOIC mechanisms to request a reduction in traffic. In turn, this results in requests being throttled in an attempt to control the overload scenario and prevent the overloaded node from failing.

增加的负载和减少的容量的组合可能导致Diameter节点过载,因此,使用DOIC机制请求减少通信量。反过来,这会导致请求被限制,试图控制过载场景并防止过载节点失败。

There is the need for first responders and other individuals responsible for handling the after effects of the disaster to be assured that they can gain access to the network resources in order to communicate both between themselves and with other network resources.

需要确保第一响应者和其他负责处理灾难后果的个人能够访问网络资源,以便在他们之间以及与其他网络资源进行通信。

Signaling associated with first responders needs to be given a higher priority to help ensure they can most effectively do their jobs.

与第一响应者相关的信号需要给予更高的优先级,以帮助确保他们能够最有效地完成工作。

The United States Wireless Priority Services (WPS) and Government Emergency Telecommunications Service (GETS) are examples of systems designed to address the command and control aspects of these first responder needs.

美国无线优先服务(WPS)和政府紧急电信服务(GETS)是设计用于满足这些第一响应者需求的指挥和控制方面的系统示例。

5.2. Emergency-Call-Related Signaling
5.2. 紧急呼叫相关信令

Similar to the first responder scenario, there is also signaling associated with emergency calls. Given the critical nature of these emergency calls, this signaling should also be given preferential treatment when possible.

与第一响应者场景类似,还有与紧急呼叫相关的信令。鉴于这些紧急呼叫的关键性质,在可能的情况下,也应优先处理这些信号。

5.3. Differentiated Services
5.3. 差异化服务

Operators may desire to differentiate network-based services by providing a service level agreement (SLA) that includes preferential Diameter routing behavior. This might, for example, be modeled as Platinum, Gold, and Silver levels of service.

运营商可能希望通过提供包含优先路由行为的服务级别协议(SLA)来区分基于网络的服务。例如,可以将其建模为白金、黄金和白银级别的服务。

In this scenario, an operator might offer a Platinum SLA that includes ensuring that all signaling for a customer who purchases the Platinum service is being marked as having a higher priority than signaling associated with Gold and Silver customers.

在这种情况下,运营商可能会提供白金SLA,其中包括确保购买白金服务的客户的所有信号都被标记为具有比黄金和白银客户相关的信号更高的优先级。

5.4. Application-Specific Priorities
5.4. 特定于应用程序的优先级

There are scenarios within Diameter applications where it might be appropriate to give a subset of the transactions for the application a higher priority than other transactions for that application.

Diameter应用程序中存在这样的场景,即为应用程序的事务子集赋予比该应用程序的其他事务更高的优先级可能是合适的。

For instance, when there is a series of transactions required for a user to gain access to network services, it might be appropriate to mark transactions that occur later in the series at a higher priority than those that occur early in the series. This would recognize that there was potentially significant work done by the network already that would be lost if those later transactions were throttled.

例如,当用户需要一系列事务才能访问网络服务时,可以适当地将该系列中稍后发生的事务标记为比该系列中较早发生的事务优先级更高的事务。这将认识到网络已经完成了一些潜在的重要工作,如果以后的事务被限制,这些工作将丢失。

There are also scenarios where an agent cannot easily differentiate a request that starts a session from requests that update or end sessions. In these scenarios, it might be appropriate to mark the requests that establish new sessions with a lower priority than updates and session ending requests. This also recognizes that more work has already taken place for established sessions, and as a result, it might be more harmful from a signaling point of view if the session update and session ending requests were to be throttled.

还有一些情况下,代理无法轻松区分启动会话的请求和更新或结束会话的请求。在这些场景中,可能适合将建立新会话的请求标记为优先级低于更新和会话结束请求的请求。这还认识到,对于已建立的会话,已经进行了更多的工作,因此,如果会话更新和会话结束请求被限制,则从信令的角度来看,可能更有害。

There are also scenarios where the priority of requests for individual command codes within an application depends on the context that exists when the request is sent. There isn't always information in the message from which this context can be determined by Diameter nodes other than the node that originates the request.

在某些情况下,应用程序中单个命令代码的请求优先级取决于发送请求时存在的上下文。除了发起请求的节点之外,Diameter节点并不总是可以从消息中确定此上下文的信息。

This is similar to the scenario where a series of requests are needed to access a network service. It is different in that the series of requests involves different application command codes. In this scenario, requests with the same command code have different implied priorities.

这类似于需要一系列请求才能访问网络服务的场景。不同之处在于,一系列请求涉及不同的应用程序命令代码。在这种情况下,具有相同命令代码的请求具有不同的隐含优先级。

One example of this is in the 3GPP application [S6a] where an Update Location Request (ULR) resulting from a Mobility Management Entity (MME) restoration procedure might be given a higher priority than a ULR resulting from an initial attach.

这方面的一个例子是在3GPP应用[S6a]中,其中由移动性管理实体(MME)恢复过程产生的更新位置请求(ULR)可能被赋予比由初始连接产生的ULR更高的优先级。

6. Theory of Operation
6. 操作理论

This section outlines the envisioned usage of DRMP.

本节概述了DRMP的预期用途。

The expected behavior depends on the role (request sender, agent, or request handler) of the Diameter node handling the request.

预期的行为取决于处理请求的Diameter节点的角色(请求发送者、代理或请求处理者)。

The following behavior is expected during the flow of a Diameter transaction.

在Diameter事务流期间,预期会出现以下行为。

1. Request sender -- The sender of a request, be it a Diameter Client or a Diameter Server, determines the relative priority of the request and includes that priority information in the request. The method for determining the relative priority is application specific and is outside the scope of this specification. The request sender also saves the priority information with the transaction state. This will be used when handling the answer messages.

1. 请求发送者——请求的发送者,无论是Diameter客户端还是Diameter服务器,都决定请求的相对优先级,并在请求中包含该优先级信息。确定相对优先级的方法是特定于应用的,不在本规范的范围内。请求发送方还将优先级信息与事务状态一起保存。这将在处理应答消息时使用。

2. Agents handling the request -- Agents use the priority information when making routing decisions. This can include determining which requests to route first, which requests to throttle, and where the request is routed. For instance, requests with higher priority might have a lower probability of being throttled. The mechanism for how the agent determines which requests are candidates to be throttled is implementation dependent and is outside the scope of this document. Before forwarding request messages, agents generally do not modify the priority information present in the received request message nor include the priority information when absent in the received request message. However, in some scenarios, agents can modify the priority information, for example, edge agents modifying the priority values set by an adjacent operator. There might be other scenarios where a Diameter endpoint does not support the DRMP mechanism, and agents insert the priority information in the request messages for that non-supporting endpoint. When forwarding the request messages, the agent also saves the transaction priority in the transaction state either as locally managed state or using the Proxy-Info mechanism defined in [RFC6733]. This will be used when handling the associated answer message for the transaction.

2. 代理处理请求——代理在做出路由决策时使用优先级信息。这可以包括确定首先路由哪些请求、限制哪些请求以及路由请求的位置。例如,具有较高优先级的请求被阻止的概率较低。代理如何确定哪些请求是要限制的候选请求的机制取决于实现,不在本文档的范围内。在转发请求消息之前,代理通常不会修改接收到的请求消息中存在的优先级信息,也不会在接收到的请求消息中不存在优先级信息时包含优先级信息。但是,在某些情况下,代理可以修改优先级信息,例如,边缘代理可以修改相邻操作员设置的优先级值。在其他情况下,Diameter端点可能不支持DRMP机制,代理在该非支持端点的请求消息中插入优先级信息。在转发请求消息时,代理还将事务状态中的事务优先级保存为本地管理状态或使用[RFC6733]中定义的代理信息机制。这将在处理事务的关联应答消息时使用。

3. Request handler -- The handler of the request, be it a Diameter Server or a Diameter Client, can use the priority information to determine how to handle the request. This could include determining the order in which requests are handled and resources that are applied to the handling of the request.

3. 请求处理程序——请求的处理程序,无论是Diameter服务器还是Diameter客户端,都可以使用优先级信息来确定如何处理请求。这可能包括确定处理请求的顺序以及应用于处理请求的资源。

4. Answer sender -- The handler of the request is also the sender of the answer. The answer sender uses the priority information received in the request message when sending the answer. This implies that answers for higher-priority transactions are given preferential treatment over lower-priority transactions. The answer sender also has the option of including priority information in the answer message. This is done when the answer message needs to have a different priority than the priority carried in the request message. The priority included by the answer sender is application specific.

4. 应答发送者——请求的处理者也是应答的发送者。应答发送方在发送应答时使用请求消息中接收到的优先级信息。这意味着,与低优先级事务相比,高优先级事务的答案会得到优先处理。应答发送方还可以选择在应答消息中包含优先级信息。当应答消息需要具有与请求消息中携带的优先级不同的优先级时,可以执行此操作。应答发送方包含的优先级是特定于应用程序的。

5. Agent handling the answer -- By default, agents handling answer messages use the priority information stored with the transaction state to determine the priority of relaying the answer message. However, priority information included in the answer message, when present, is used in place of the stored priority information. The use of priority information implies that answers for higher-priority transactions are given preferential treatment over lower-priority transactions. When forwarding the answer messages, agents generally do not modify the priority information present in the received answer messages nor include the priority information when absent in the received answer messages. However, in some scenarios, agents can modify the priority information, for example, edge agents modifying the priority values set by an adjacent operator. There might be other scenarios where a Diameter endpoint does not support the DRMP mechanism, and agents insert the priority information for that non-supporting endpoint.

5. 代理处理应答——默认情况下,处理应答消息的代理使用与事务状态一起存储的优先级信息来确定中继应答消息的优先级。但是,应答消息中包含的优先级信息(当存在时)用于代替存储的优先级信息。优先权信息的使用意味着高优先权交易的答案比低优先权交易得到优先处理。在转发应答消息时,代理通常不修改接收到的应答消息中存在的优先级信息,也不包括在接收到的应答消息中不存在的优先级信息。但是,在某些情况下,代理可以修改优先级信息,例如,边缘代理可以修改相邻操作员设置的优先级值。在其他情况下,Diameter端点可能不支持DRMP机制,而代理插入该非支持端点的优先级信息。

6. Answer handler -- The answer handler uses the same method as the agent to determine the priority of the answer message. By default, the handler of the answer message uses the priority saved in the transaction's state. Priority information in the answer message is used when present. The priority is used when allocating resources for processing that occurs after the receipt of the answer message.

6. 应答处理程序——应答处理程序使用与代理相同的方法来确定应答消息的优先级。默认情况下,应答消息的处理程序使用事务状态中保存的优先级。应答信息中的优先级信息在出现时使用。在为接收到应答消息后发生的处理分配资源时使用优先级。

7. Extensibility
7. 扩展性

This document does not define extensibility mechanisms that are specific to the DRMP mechanism. As a result, any extension that requires new AVPs will be required to use existing Diameter extensibility mechanisms defined in [RFC6733].

本文档不定义特定于DRMP机制的扩展性机制。因此,任何需要新AVP的扩展都需要使用[RFC6733]中定义的现有直径扩展机制。

8. Normative Behavior
8. 规范行为

This section contains the normative behavior associated with DRMP.

本节包含与DRMP相关的规范行为。

When routing priority information is available, Diameter nodes SHOULD include Diameter routing message priority in the DRMP AVP in all Diameter request messages.

当路由优先级信息可用时,Diameter节点应在所有Diameter请求消息的DRMP AVP中包含Diameter路由消息优先级。

Note: The method of determining the priority value included in the request is application specific and is not in the scope of this specification.

注:确定请求中包含的优先级值的方法是特定于应用的,不在本规范的范围内。

The priority marking scheme does not require the Diameter Agents to understand application-specific AVPs.

优先级标记方案不要求直径代理了解特定于应用的AVP。

When available, Diameter nodes SHOULD use routing priority information included in the DRMP AVP when making Diameter overload throttling decisions.

如果可用,Diameter节点在作出Diameter过载限制决策时,应使用DRMP AVP中包含的路由优先级信息。

Diameter Agents MAY use routing priority information included in the DRMP AVP when relaying request and answer messages. This includes the selection of routes and the ordering of messages relayed.

Diameter代理在中继请求和应答消息时可以使用DRMP AVP中包含的路由优先级信息。这包括路由的选择和中继消息的排序。

Note: The priority information included in the DRMP AVP in request messages applies to both the request message and, by default, the answer message associated with the transaction.

注意:请求消息中DRMP AVP中包含的优先级信息适用于请求消息,默认情况下,也适用于与事务关联的应答消息。

While done only in exceptional circumstances, Diameter Agents MAY modify priority information when relaying request and answer messages.

虽然仅在特殊情况下进行,但Diameter代理在中继请求和应答消息时可能会修改优先级信息。

Note: There might be scenarios where a Diameter Agent does modify priority information. For instance, an edge agent might need to modify the priority values set by an adjacent operator.

注意:在某些情况下,Diameter代理可能会修改优先级信息。例如,边缘代理可能需要修改相邻操作符设置的优先级值。

While done only in exceptional circumstances, Diameter Agents MAY add priority information when relaying request and answer messages.

虽然只有在特殊情况下才会这样做,但Diameter代理在中继请求和应答消息时可能会添加优先级信息。

Note: There might be scenarios where a Diameter endpoint does not support the DRMP mechanism, and agents insert priority information for that non-supporting endpoint.

注意:在某些情况下,Diameter端点可能不支持DRMP机制,代理会插入该不支持端点的优先级信息。

Diameter endpoints MAY use routing priority information included in the DRMP AVP when making resource allocation decisions for the transaction associated with the request message that contains the DRMP information.

Diameter端点在为与包含DRMP信息的请求消息相关联的事务做出资源分配决策时,可以使用DRMP AVP中包含的路由优先级信息。

Diameter endpoints MAY use routing priority information included in the DRMP AVP when making resource allocation decisions for the transaction associated with the answer messages using the DRMP information associated with the transaction.

Diameter端点在使用与事务相关联的DRMP信息为与应答消息相关联的事务作出资源分配决策时,可以使用DRMP AVP中包括的路由优先级信息。

Diameter endpoints MAY include the DRMP AVP in answer messages. This is done when the priority for the answer message needs to have a different priority than the priority carried in the request message.

Diameter端点可以在应答消息中包含DRMP AVP。当应答消息的优先级需要与请求消息中的优先级不同时,可以执行此操作。

When determining the priority to apply to answer messages, Diameter nodes SHOULD use the priority indicated in the DRMP AVP carried in the answer message, if it exists. If there is not DRMP AVP in the answer message, then the Diameter node SHOULD use the priority indicated in the DRMP AVP of the associated request message.

当确定应用于应答消息的优先级时,Diameter节点应使用应答消息中携带的DRMP AVP中指示的优先级(如果存在)。如果应答消息中没有DRMP AVP,则Diameter节点应使用相关请求消息的DRMP AVP中指示的优先级。

Note: One method to determine what priority to apply to an answer when there is no DRMP AVP in the answer message is to save the priority included in the request message in the state associated with the Diameter transaction. Another is to use the Proxy-Info mechanism defined in [RFC6733].

注意:当应答消息中没有DRMP AVP时,确定对应答应用何种优先级的一种方法是将请求消息中包含的优先级保存在与Diameter事务关联的状态中。另一种是使用[RFC6733]中定义的代理信息机制。

Diameter nodes MUST have a default priority to apply to transactions that do not have an explicit priority set in the DRMP AVP.

Diameter节点必须具有默认优先级,才能应用于DRMP AVP中未设置显式优先级的事务。

In order to guarantee consistent handling of messages from non-upgraded Diameter Clients, Diameter nodes SHOULD use the PRIORITY_10 priority as this default priority value.

为了保证一致地处理来自未升级的Diameter客户端的消息,Diameter节点应使用PRIORITY_10 PRIORITY作为此默认优先级值。

PRIORITY_10 is a midrange priority that corresponds to "normal" traffic and thus would be a suitable default for most deployments, while still allowing different Diameter applications to designate other priorities for lower- and higher-priority traffic.

优先级_10是与“正常”流量相对应的中端优先级,因此对于大多数部署来说是合适的默认值,同时仍然允许不同的Diameter应用程序为低优先级和高优先级流量指定其他优先级。

Note: This does not imply that a DRMP AVP is added to the message. Rather, the message is treated the same as a message that has a DRMP AVP with a priority value of PRIORITY_10.

注意:这并不意味着消息中添加了DRMP AVP。相反,该消息被视为具有优先级值为priority_10的DRMP AVP的消息。

Diameter nodes MUST support the ability for the default priority to be modified through local configuration interfaces.

Diameter节点必须支持通过本地配置接口修改默认优先级的能力。

Note: There are scenarios where operators might want to specify a different default value for transactions that do not have an explicit priority. In this case, the operator-defined local

注意:在某些情况下,操作员可能希望为没有明确优先级的事务指定不同的默认值。在这种情况下,运算符定义了本地

policy would override the use of PRIORITY_10 as the default priority.

策略将覆盖优先级_10作为默认优先级的使用。

When using DRMP information, Diameter nodes MUST use the default priority for transactions that do not have priority specified in a DRMP AVP.

使用DRMP信息时,Diameter节点必须为没有在DRMP AVP中指定优先级的事务使用默认优先级。

Note: This guidance on the handling of messages without a priority does not result in a Diameter Agent inserting a DRMP AVP into the message. Rather, it gives guidance on how that specific transaction should be treated when its priority is compared with other requests. When a Diameter Agent relays the request, it will not insert a DRMP AVP with a priority value of 10.

注意:关于无优先级消息处理的本指南不会导致Diameter Agent将DRMP AVP插入消息中。相反,它给出了在将特定事务的优先级与其他请求进行比较时应如何处理该事务的指导。当Diameter代理中继请求时,它不会插入优先级值为10的DRMP AVP。

When setting and using priorities, for all integers x,y in [0,15], treat PRIORITY_<x> as lower priority than PRIORITY_<y> when y<x.

设置和使用优先级时,对于[0,15]中的所有整数x,y,当y<x时,将优先级_ux>视为比优先级_y>更低的优先级。

Note: As a result, PRIORITY_0 is the highest priority.

注意:因此,优先级_0是最高优先级。

9. Attribute Value Pairs
9. 属性值对

This section describes the encoding and semantics of the Diameter Routing Message Priority AVP defined in this document.

本节介绍本文档中定义的Diameter路由消息优先级AVP的编码和语义。

9.1. DRMP AVP
9.1. DRMP AVP

The DRMP (AVP code 301) is of type Enumerated. The value of the AVP indicates the routing message priority for the transaction. The following values are defined:

DRMP(AVP代码301)属于枚举类型。AVP的值表示事务的路由消息优先级。定义了以下值:

PRIORITY_15 15 PRIORITY_15 is the lowest priority.

优先级15优先级15优先级15是最低优先级。

PRIORITY_14 14 PRIORITY_14 is a higher priority than PRIORITY_15 and a lower priority than PRIORITY_13.

优先级_14 14优先级_14的优先级高于优先级_15,而低于优先级_13。

PRIORITY_13 13 PRIORITY_13 is a higher priority than PRIORITY_14 and a lower priority than PRIORITY_12.

优先级_13 13优先级_13的优先级高于优先级_14,而低于优先级_12。

PRIORITY_12 12 PRIORITY_12 is a higher priority than PRIORITY_13 and a lower priority than PRIORITY_11.

优先级_12 12优先级_12的优先级高于优先级_13,而低于优先级_11。

PRIORITY_11 11 PRIORITY_11 is a higher priority than PRIORITY_12 and a lower priority than PRIORITY_10.

优先级_11 11优先级_11的优先级高于优先级_12,而低于优先级_10。

PRIORITY_10 10 PRIORITY_10 is a higher priority than PRIORITY_11 and a lower priority than PRIORITY_9.

优先级_10 10优先级_10的优先级高于优先级_11,而低于优先级_9。

PRIORITY_9 9 PRIORITY_9 is a higher priority than PRIORITY_10 and a lower priority than PRIORITY_8.

优先级9优先级9优先级9高于优先级10,低于优先级8。

PRIORITY_8 8 PRIORITY_8 is a higher priority than PRIORITY_9 and a lower priority than PRIORITY_7.

优先级8优先级8优先级8高于优先级9,低于优先级7。

PRIORITY_7 7 PRIORITY_7 is a higher priority than PRIORITY_8 and a lower priority than PRIORITY_6.

优先级7优先级7优先级7高于优先级8,低于优先级6。

PRIORITY_6 6 PRIORITY_6 is a higher priority than PRIORITY_7 and a lower priority than PRIORITY_5.

优先级6优先级6优先级6高于优先级7,低于优先级5。

PRIORITY_5 5 PRIORITY_5 is a higher priority than PRIORITY_6 and a lower priority than PRIORITY_4.

优先级5优先级5优先级5高于优先级6,低于优先级4。

PRIORITY_4 4 PRIORITY_4 is a higher priority than PRIORITY_5 and a lower priority than PRIORITY_3.

优先级4优先级4优先级4高于优先级5,低于优先级3。

PRIORITY_3 3 PRIORITY_3 is a higher priority than PRIORITY_4 and a lower priority than PRIORITY_2.

优先级3优先级3优先级3高于优先级4,低于优先级2。

PRIORITY_2 2 PRIORITY_2 is a higher priority than PRIORITY_3 and a lower priority than PRIORITY_1.

优先级2优先级2优先级2高于优先级3,低于优先级1。

PRIORITY_1 1 PRIORITY_1 is a higher priority than PRIORITY_2 and a lower priority than PRIORITY_0.

优先级_1优先级_1的优先级高于优先级_2,而低于优先级_0。

PRIORITY_0 0 Priority 0 is the highest priority.

优先级\u 0优先级0是最高优先级。

9.2. Attribute Value Pair Flag Rules
9.2. 属性值对标志规则
                                                         +---------+
                                                         |AVP Flag |
                                                         |Rules    |
                                                         +----+----+
                              AVP   Section              |    |MUST|
       Attribute Name         Code  Defined  Value Type  |MUST| NOT|
      +--------------------------------------------------+----+----+
      |DRMP                    301  9.1      Enumerated  |    | V  |
      +--------------------------------------------------+----+----+
        
                                                         +---------+
                                                         |AVP Flag |
                                                         |Rules    |
                                                         +----+----+
                              AVP   Section              |    |MUST|
       Attribute Name         Code  Defined  Value Type  |MUST| NOT|
      +--------------------------------------------------+----+----+
      |DRMP                    301  9.1      Enumerated  |    | V  |
      +--------------------------------------------------+----+----+
        
10. Considerations When Defining Application Priorities
10. 定义应用程序优先级时的注意事项

As discussed in Section 1.1, it is important that the definition of priority values used by all applications within a single Diameter administrative domain be done in a consistent and coordinated manner.

如第1.1节所述,必须以一致和协调的方式定义单个直径管理域内所有应用程序使用的优先级值。

The following are some things to be considered when defining the DRMPs to be used in Diameter networks that support Diameter nodes handling multiple applications.

以下是定义用于支持Diameter节点处理多个应用程序的Diameter网络中的DRMP时需要考虑的一些事项。

1. As with any prioritization scheme, it is possible for higher-priority messages to block lower-priority messages from ever being handled. In a Diameter network, this will often result in those Diameter transactions being retried. This can result in more traffic than the network would have handled without use of the DRMP mechanism.

1. 与任何优先级方案一样,高优先级消息可能会阻止低优先级消息被处理。在Diameter网络中,这通常会导致重试那些Diameter事务。这会导致比不使用DRMP机制时网络所能处理的流量更多的流量。

One potential guideline to prevent unwanted starving of lower-priority messages is to have higher-priority messages represent a relatively small portion of messages handled by the Diameter network under normal scenarios.

防止低优先级消息的不必要饥饿的一个潜在指导原则是,在正常情况下,高优先级消息代表Diameter网络处理的相对较小的消息部分。

Note that there are scenarios, such as first responder messages, where the blocking of lower-priority messages is a requirement.

请注意,在某些情况下,例如第一响应者消息,需要阻止优先级较低的消息。

2. When setting priorities for any of the use cases outlined in Section 5, it is important to use the same priority values across applications. For instance, when defining priority for the first responder use case discussed in Section 5.1 and the emergency call use case discussed in Section 5.2, one high-priority value might be used for all first responder messages, say PRIORITY_2, and a slightly lower-priority value, say PRIORITY_3, might be used for emergency-call-related messages. These values should be specified for these use cases across all applications used within the Diameter administrative domain.

2. 当为第5节中概述的任何用例设置优先级时,在应用程序中使用相同的优先级值是很重要的。例如,当为第5.1节中讨论的第一响应者用例和第5.2节中讨论的紧急呼叫用例定义优先级时,一个高优先级值可能用于所有第一响应者消息,比如优先级_2,而一个稍低的优先级值,比如优先级_3,可能用于紧急呼叫相关消息。应在Diameter管理域中使用的所有应用程序中为这些用例指定这些值。

Note that the values mentioned here are strictly for illustrative purposes. The actual values used for these use cases are likely to be different.

请注意,此处提到的值仅用于说明目的。这些用例使用的实际值可能不同。

3. Messages without the DRMP AVP will be given default priority value treatment. This will include messages from Diameter Clients that have not been updated to support the DRMP mechanism. It might also include messages from foreign administrative domains if the DRMP AVPs are stripped from messages crossing the Diameter administrative domains.

3. 没有DRMP AVP的消息将被给予默认优先级值处理。这将包括来自Diameter客户端的消息,这些消息尚未更新以支持DRMP机制。如果DRMP AVP从跨越Diameter管理域的消息中剥离,则它还可能包括来自外部管理域的消息。

4. The process used to introduce the DRMP mechanism into a Diameter network should also be taken into consideration. Messages of the same type within the same application might get different treatment depending on whether those messages are sent from nodes that are upgraded to support the DRMP mechanism versus nodes that have not yet been upgraded to support the DRMP mechanism.

4. 还应考虑将DRMP机制引入Diameter网络的过程。同一应用程序中相同类型的消息可能会得到不同的处理,这取决于这些消息是从已升级为支持DRMP机制的节点发送的,还是从尚未升级为支持DRMP机制的节点发送的。

11. IANA Considerations
11. IANA考虑
11.1. AVP Codes
11.1. AVP码

The new AVP defined by this specification is listed in Section 9. All AVP codes are allocated from the "AVP Codes" subregistry of the "Authentication, Authorization, and Accounting (AAA) Parameters" registry.

第9节列出了本规范定义的新AVP。所有AVP代码都是从“认证、授权和记帐(AAA)参数”注册表的“AVP代码”子区分配的。

12. Security Considerations
12. 安全考虑

DRMP gives Diameter nodes the ability to influence which requests are throttled during overload scenarios. In addition, DRMP can be used in determining the routing decisions for request messages. Improper use of the DRMP mechanism could result in the malicious Diameter node gaining preferential treatment, by reducing the probability of its requests being throttled, over other Diameter nodes. This would be achieved by the malicious node inserting priority values that are artificially high.

DRMP使Diameter节点能够影响在过载情况下限制哪些请求。此外,DRMP可用于确定请求消息的路由决策。不正确地使用DRMP机制会降低恶意Diameter节点的请求被阻止的概率,从而导致恶意Diameter节点获得优先处理。这可以通过恶意节点插入人为高的优先级值来实现。

Diameter does not include features to provide end-to-end authentication, integrity protection, or confidentiality. This opens the possibility that malicious or compromised agents in the path of a request could modify the DRMP AVP to reflect a priority different than that asserted by the sender of the request.

Diameter不包括提供端到端身份验证、完整性保护或机密性的功能。这使得请求路径中的恶意或受损代理可能会修改DRMP AVP,以反映与请求发送方声明的优先级不同的优先级。

12.1. Potential Threat Modes
12.1. 潜在威胁模式

The Diameter protocol involves transactions in the form of requests and answers exchanged between clients and servers. These clients and servers may be peers; that is, they may share a direct transport (e.g., the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP)) connection, or the messages may traverse one or more intermediaries, known as Diameter Agents. Diameter nodes use Transport Layer Security (TLS), Datagram Transport Layer Security (DTLS), or IPsec to authenticate peers and to provide confidentiality and integrity protection of traffic between peers. Nodes can make authorization decisions based on the peer identities authenticated at the transport layer.

Diameter协议涉及客户端和服务器之间交换的请求和应答形式的事务。这些客户端和服务器可能是对等的;也就是说,它们可以共享直接传输(例如,传输控制协议(TCP)或流控制传输协议(SCTP))连接,或者消息可以穿过一个或多个中间层,称为Diameter代理。Diameter节点使用传输层安全性(TLS)、数据报传输层安全性(DTLS)或IPsec对对等方进行身份验证,并为对等方之间的通信提供机密性和完整性保护。节点可以基于在传输层验证的对等身份做出授权决策。

When agents are involved, this presents an effectively transitive trust model. That is, a Diameter Client or Server can authorize an agent for certain actions, but it must trust that agent to make appropriate authorization decisions about its peers, and so on. Since confidentiality and integrity protection occurs at the transport layer, agents can read, and perhaps modify, any part of a Diameter message, including the DRMP AVP.

当涉及代理时,这提供了一个有效的可传递信任模型。也就是说,Diameter客户端或服务器可以授权代理执行某些操作,但它必须信任该代理对其对等方做出适当的授权决策,以此类推。由于机密性和完整性保护发生在传输层,所以代理可以读取、甚至修改Diameter消息的任何部分,包括DRMP AVP。

There are several ways an attacker might attempt to exploit the DRMP mechanism. A malicious or compromised Diameter node might insert invalid priority values resulting in either preferential treatment, resulting from higher values, or degraded treatment resulting from lower values, for that node.

攻击者可以通过多种方式试图利用DRMP机制进行攻击。恶意或受损的Diameter节点可能会插入无效的优先级值,从而导致对该节点的优先处理(由较高的值导致),或降级处理(由较低的值导致)。

A similar attack involves a malicious or compromised Diameter Agent changing the priority value resulting in the sending Diameter node getting either preferential or degraded service.

类似的攻击涉及恶意或受损的Diameter代理更改优先级值,导致发送Diameter节点获得优先或降级服务。

The DRMP mechanism can be used to aid in overload throttling decisions. When this is the case, then the above attacks are limited in scope to when one or more Diameter nodes are in an overloaded state.

DRMP机制可用于辅助过载节流决策。在这种情况下,上述攻击的范围仅限于一个或多个Diameter节点处于过载状态时。

The DRMP mechanism can also be used to influence the order in which Diameter messages are handled by Diameter nodes. The above attacks have a potentially greater impact in this scenario as the priority indication impacts the handling of all requests at all times, independent of the overload status of Diameter nodes in the Diameter network.

DRMP机制还可用于影响Diameter节点处理Diameter消息的顺序。在这种情况下,上述攻击可能会产生更大的影响,因为优先级指示会始终影响所有请求的处理,而与Diameter网络中Diameter节点的过载状态无关。

12.2. Denial-of-Service Attacks
12.2. 拒绝服务攻击

The DRMP mechanism does not open direct denial-of-service attack vectors. Rather, it introduces a mechanism where a node can gain unwarranted preferential treatment. It also introduces a mechanism where a node can get degraded service in the scenario where a rogue agent changes the priority value included in messages.

DRMP机制不会打开直接拒绝服务攻击向量。相反,它引入了一种机制,节点可以获得不必要的优惠待遇。它还引入了一种机制,在恶意代理更改消息中包含的优先级值的情况下,节点可以获得降级服务。

12.3. End-to-End Security Issues
12.3. 端到端安全问题

The lack of end-to-end integrity features in Diameter [RFC6733] makes it difficult to establish trust in DRMP AVPs received from non-adjacent nodes. Any agents in the message path may insert or modify DRMP AVPs. Nodes must trust that their adjacent peers perform proper checks on overload reports from their peers, and so on, creating a transitive-trust requirement extending for potentially long chains of nodes. Network operators must determine if this transitive trust requirement is acceptable for their deployments. Nodes supporting

Diameter[RFC6733]中缺乏端到端完整性功能,这使得在从非相邻节点接收的DRMP AVP中很难建立信任。消息路径中的任何代理都可以插入或修改DRMP AVP。节点必须信任其相邻的对等方对来自其对等方的过载报告执行适当的检查,以此类推,从而创建一个可传递的信任需求,扩展潜在的长节点链。网络运营商必须确定其部署是否可以接受这种可传递的信任要求。节点支撑

DRMP MUST give operators the ability to select which peers are trusted to deliver DRMP AVPs, and whether they are trusted to forward the DRMP AVPs from non-adjacent nodes. Diameter nodes MUST strip DRMP AVPs from messages received from peers that are not trusted for DRMP purposes.

DRMP必须使运营商能够选择信任哪些对等方来交付DRMP AVP,以及是否信任它们从非相邻节点转发DRMP AVP。Diameter节点必须将DRMP AVP从从不受DRMP信任的对等方接收的消息中剥离。

It is expected that work on end-to-end Diameter security might make it easier to establish trust in non-adjacent nodes for DRMP purposes. Readers should be reminded, however, that the DRMP mechanism allows Diameter Agents to modify AVPs in existing messages that are originated by other nodes. If end-to-end security is enabled, there is a risk that such modification could violate integrity protection. The details of using any future Diameter end-to-end security mechanism with DRMP will require careful consideration and are beyond the scope of this document.

预计端到端Diameter安全性方面的工作可能会更容易在非相邻节点中建立信任,以实现DRMP目的。但是,应该提醒读者,DRMP机制允许Diameter代理修改由其他节点发起的现有消息中的AVP。如果启用了端到端安全性,则此类修改可能会违反完整性保护。在DRMP中使用任何未来Diameter端到端安全机制的细节都需要仔细考虑,并且超出了本文档的范围。

13. References
13. 工具书类
13.1. Normative References
13.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.

[RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, Ed., "Diameter Base Protocol", RFC 6733, DOI 10.17487/RFC6733, October 2012, <http://www.rfc-editor.org/info/rfc6733>.

[RFC6733]Fajardo,V.,Ed.,Arkko,J.,Loughney,J.,和G.Zorn,Ed.,“直径基准协议”,RFC 6733,DOI 10.17487/RFC6733,2012年10月<http://www.rfc-editor.org/info/rfc6733>.

13.2. Informative References
13.2. 资料性引用

[RFC7683] Korhonen, J., Ed., Donovan, S., Ed., Campbell, B., and L. Morand, "Diameter Overload Indication Conveyance", RFC 7683, DOI 10.17487/RFC7683, October 2015, <http://www.rfc-editor.org/info/rfc7683>.

[RFC7683]Korhonen,J.,Ed.,Donovan,S.,Ed.,Campbell,B.,和L.Morand,“直径过载指示运输”,RFC 7683,DOI 10.17487/RFC7683,2015年10月<http://www.rfc-editor.org/info/rfc7683>.

[S6a] 3GPP, "Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol", 3GPP TS 29.272, 14.0.0, June 2016, <http://www.3gpp.org/ftp/Specs/html-info/29272.htm>.

[S6a]3GPP,“演进分组系统(EPS);基于Diameter协议的移动管理实体(MME)和服务GPRS支持节点(SGSN)相关接口”,3GPP TS 29.272,14.0.012016年6月<http://www.3gpp.org/ftp/Specs/html-info/29272.htm>.

Contributors

贡献者

The following person contributed substantial ideas, feedback, and discussion to this document:

以下人员为本文件提供了大量想法、反馈和讨论:

o Janet P. Gunn

o 珍妮特·P·葛恩

Author's Address

作者地址

Steve Donovan Oracle 7460 Warren Parkway Frisco, Texas 75034 United States of America

Steve Donovan Oracle 7460 Warren Parkway Frisco,德克萨斯州75034美利坚合众国

   Email: srdonovan@usdonovans.com
        
   Email: srdonovan@usdonovans.com