top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Capability Exchange in Diameter

0 votes
3,223 views

Capability exchange is a procedure where two diameter peer exchange their identity and their capabilities i.e. protocol version number, supported applications, security mechanism etc. Message used between peers for this purpose is CER/CEA Messages (Capability-Exchange-Request/Capability-Exchange-Answer).

Capabilities Exchange Summary

  • CER/CEA messages are used

  • Message exchange advertises:
    Supported applications
    Peer Identity
    Security schemes – Indicates the use of TLS
    SCTP host addresses if used

  • CER/CEA may or may not be protected

CER/CEA Exchange

Exchange Procedure (RFC 3588 at a glance)

1) A receiver of a Capabilities-Exchange-Req (CER) message that does not have any applications in common with the sender MUST return a Capabilities-Exchange-Answer (CEA) with the Result-Code AVP set to DIAMETER_NO_COMMON_APPLICATION, and SHOULD disconnect the transport layer connection.

2) Receiver of a Capabilities-Exchange-Req (CER) message that does not have any security mechanisms in common with the sender MUST return a Capabilities-Exchange-Answer (CEA) with the Result-Code AVP set to DIAMETER_NO_COMMON_SECURITY, and SHOULD disconnect the transport layer connection.

3) If CER is received from any unknown peer then receiver should discard the message, or send the CEA with the Result-Code Avp set to DIAMETER_UNKNOWN_PEER. (If the local implementation policy permits to receive CER from unknown hosts,a successful CEA MAY be returned, and the life time of the peer entry in PEER-Table is equal to the lifetime of the transport connection. If in any case transport connection fails then all the pending transactions destined to the unknown peer can be discarded._)

Note: The CER and CEA messages MUST NOT be proxied, redirected or relayed. Since CER/CEA messages can not be proxied, but still it is possible that proxy will receive a CER message and proxy does not have any peer to handle the application requested in CER, in this case proxy set the E bit in CEA and set the Result-Code Avp to DIAMETER_UNABLE_TO_DELIVER, sends back to CER generator peer.

Message Format

  <CER> ::= < Diameter Header: 257, REQ >
            { Origin-Host }
            { Origin-Realm }
         1* { Host-IP-Address }
            { Vendor-Id }
            { Product-Name }
            [ Origin-State-Id ]
          * [ Supported-Vendor-Id ]
          * [ Auth-Application-Id ]
          * [ Inband-Security-Id ]
          * [ Acct-Application-Id ]
          * [ Vendor-Specific-Application-Id ]
            [ Firmware-Revision ]
          * [ AVP ]

  <CEA> ::= < Diameter Header: 257 >
            { Result-Code }
            { Origin-Host }
            { Origin-Realm }
         1* { Host-IP-Address }
            { Vendor-Id }
            { Product-Name }
            [ Origin-State-Id ]
            [ Error-Message ]
          * [ Failed-AVP ]
          * [ Supported-Vendor-Id ]
          * [ Auth-Application-Id ]
          * [ Inband-Security-Id ]
          * [ Acct-Application-Id ]
          * [ Vendor-Specific-Application-Id ]
            [ Firmware-Revision ]
          * [ AVP ]
posted Jun 4, 2014 by Tapesh Kulkarni

  Promote This Article
Facebook Share Button Twitter Share Button LinkedIn Share Button

...