top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Comparison between Diameter RFC3588 and RFC6733

+2 votes
914 views

There seems to be lot of confusion around what RFC6733 is all about and how it is different from 3588. In short RFC6733 is backwards compatible with the former RFC3588, and still defines Diameter Version 1.0 means no Diameter Version 2.0.

In this article I am trying to cover the differences between RFC3588 and RFC6733.

Default Port

RFC3588: Default Port is 3868
RFC6733: One more port is added for secure transport. Default port for TCP & SCTP is 3868 and Port of TLS & DTLS is 5868.

Message Length

RFC3588: Doesn’t state about Message Length.
RFC6733: Message Length field is three octet and indicates the length of Diameter message including the header field and the padded AVPs. Ans RFC clearly state that Message Length is always multiple of 4.

Support of IP-Sec

RFC3588: IP-Sec Support is required for secured communication within the Realm(Intra-Realm)
RFC6733: IP-Sec support for diameter is not required, If diameter node communicates on TCP it should support TLS and on SCTP should it support DTLS.

CER Security

RFC3588: CER/CEA message is used to check whether to establish TLS channel and AVP used is INBAND-SECURITY.
RFC6733: This is more secure as compare to 3588 even CER/CEA is secure what it means that security to be applied before CER/CEA message exchange. And Inband-Security AVP is deprecated and same is for E2E-Sequence AVP because End to End security is ensured with TLS/TCP and DTLS/SCTP.

Application Id Usage

RFC3588: Doesn’t clearly state about the usage of Application Id in session based application and base DIAMETER messages.
RFC6733: Clearly state the application-id for base diameter message i.e Base Diameter Message such as ASR/ASA, RAR/RAA and STR/STA MUST have Application Id of the application. Peer connection establishment and maintenance messages i.e. CER/CEA, DWR/DWA should be Application Id as 0.

Capability Update Procedure

RFC3588: Doesn’t specify Capability Update Procedure i.e.CER/CEA message shall be sent once at the time of Application Layer connection initiation.
RFC-6733 Provides a mechanism when CER/CEA message can be exchanged during established DIAMETER Connection with the exception of Security mechanism which can’t be changed with the help of Capability Update Request (CER/CEA with Application Id 10)

Misc

RFC-6733 clearly states about loop avoidance or recovery which RFC 3488 doesnot. Here Node that detects loop may attempt for alternative route if exists and all the alternative routes are tried before DIAMETER_UNABLE_TO_DELIVER message.
RFC-6733 provides a priority rule for multiple cache routes. That tells which entry to use these are 1. ALL_SESSION 2. ALL_USER 3.REALM_AND_APPLICATION 4. ALL_REALM 5. ALL_APPLICATION 6. ALL_HOST

posted Sep 10, 2014 by anonymous

  Promote This Article
Facebook Share Button Twitter Share Button LinkedIn Share Button

...