Diameter Maintenance and J. Korhonen, Ed. Extensions (DIME) TeliaSonera Internet-Draft H. Tschofenig Intended status: Standards Track Nokia Siemens Networks Expires: January 10, 2008 M. Arumaithurai University of Goettingen July 9, 2007 Quality of Service Attributes for Diameter and RADIUS draft-ietf-dime-qos-attributes-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 10, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document extends the functionality of the Diameter Base protocol and other Diameter applications with respect to their ability to convey Quality of Service information. The AVPs defined in this document are also available for Remote Authentication Dial In User Service (RADIUS). Korhonen, et al. Expires January 10, 2008 [Page 1] Internet-Draft QoS attributes for Diameter July 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Commands, AVPs and Advertising Application Support . . . . . . 3 3.1. Command Codes . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 4 3.3. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 4 3.4. Credit-Control-Request (CCR) . . . . . . . . . . . . . . . 5 3.5. Credit-Control-Answer (CCA) . . . . . . . . . . . . . . . 6 3.6. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 7 3.7. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 8 4. Diameter QoS Defined AVPs . . . . . . . . . . . . . . . . . . 9 4.1. QoS-ID AVP . . . . . . . . . . . . . . . . . . . . . . . . 9 4.2. QoS-Flow-State AVP . . . . . . . . . . . . . . . . . . . . 9 4.3. QSPEC AVP . . . . . . . . . . . . . . . . . . . . . . . . 9 4.4. QoS-Resources AVP . . . . . . . . . . . . . . . . . . . . 10 4.5. QoS-Parameter AVP . . . . . . . . . . . . . . . . . . . . 10 4.6. Extended-QoS-Filter-Rule AVP . . . . . . . . . . . . . . . 10 4.7. QoS-Capability AVP . . . . . . . . . . . . . . . . . . . . 10 4.8. QSPEC-Type AVP . . . . . . . . . . . . . . . . . . . . . . 11 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.1. Diameter EAP with QoS Information . . . . . . . . . . . . 11 5.2. QoS Authorization . . . . . . . . . . . . . . . . . . . . 12 5.3. Diameter NASREQ with QoS Information . . . . . . . . . . . 13 5.4. Diameter Server Initiated Re-authorization of QoS . . . . 14 5.5. Diameter Credit-Control with QoS Information . . . . . . . 15 5.6. Diameter Server Initiated Credit Re-authorization . . . . 16 5.7. QoS and Credit-Control as Part of Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . 17 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 19 6.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 19 6.2. CCR and CCA Commands AVP Table . . . . . . . . . . . . . . 19 6.3. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 19 7. Diameter RADIUS Interoperability . . . . . . . . . . . . . . . 20 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 10. Security Considerations . . . . . . . . . . . . . . . . . . . 20 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 11.1. Normative References . . . . . . . . . . . . . . . . . . . 21 11.2. Informative References . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 Intellectual Property and Copyright Statements . . . . . . . . . . 23 Korhonen, et al. Expires January 10, 2008 [Page 2] Internet-Draft QoS attributes for Diameter July 2007 1. Introduction This document defines a number of Diameter Quality of Service (QoS) related AVPs that can be used with the Diameter Base protocol, and Diameter Credit Control, Diameter EAP and Diameter NASREQ applications to convey Quality of Service information. The Extended- QoS-Filter-Rule AVP thereby replaces the QoSFilterRule, defined in RFC 3588 [RFC3588], and the QoS-Filter-Rule, defined in RFC 4005 [RFC4005]. The AVPs defined in this document are also available for Remote Authentication Dial In User Service (RADIUS). 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Commands, AVPs and Advertising Application Support 3.1. Command Codes This document re-uses the Diameter Base protocol [RFC3588], and Diameter Credit-Control [RFC4006], Diameter NASREQ [RFC4072] and Diameter EAP [RFC4005] application commands. The following commands are re-used to carry QoS related AVPs: Command-Name Abbrev. Code Reference Diameter-EAP-Request DER 268 RFC 4072 Diameter-EAP-Answer DEA 268 RFC 4072 Credit-Control-Request CCR 272 RFC 4006 Credit-Control-Answer CCA 272 RFC 4006 AA-Request AAR 265 RFC 4005 AA-Answer AAA 265 RFC 4005 Figure 1: Command Codes When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session- Termination-Request (STR), Session-Termination-Answer (STA), Abort- Korhonen, et al. Expires January 10, 2008 [Page 3] Internet-Draft QoS attributes for Diameter July 2007 Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request (ACR), and Accounting-Answer (ACA) commands are used together with this specification they follow the rules in Diameter NASREQ [RFC4005], Diameter EAP [RFC4072], Credit-Control [RFC4006] and Diameter Base Protocol [RFC3588]. The accounting commands use the Application Identifier value of the respective application. 3.2. Diameter-EAP-Request (DER) The Diameter-EAP-Request (DER) command [RFC4072], indicated by the Command-Code field set to 268 and the 'R' bit set in the Command Flags field, may be sent by the NAS to the Diameter server providing network access authentication and authorization services. At the same time as the network access authentication and authorization, the NAS MAY request the Diameter server to authorize provisioning of QoS resources. The message format is the same as defined in [RFC4072] with an addition of Diameter QoS specific AVPs. Figure 2 shows the DER message used with the Diameter QoS AVPs: ::= < Diameter Header: 268, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } [ Destination-Host ] [ User-Name ] [ QoS-Capability ] * [ QoS-Resources ] ... * [ AVP ] Figure 2: Diameter EAP Request Command 3.3. Diameter-EAP-Answer (DEA) The Diameter-EAP-Answer (DEA) message defined in [RFC4072], indicated by the Command- Code field set to 268 and 'R' bit cleared in the Command Flags field is sent in response to the Diameter-EAP-Request message (DER). If the QoS service is successfully authorized and the Korhonen, et al. Expires January 10, 2008 [Page 4] Internet-Draft QoS attributes for Diameter July 2007 Diameter server was able to fulfill the QoS Authorization request (if needed) then the response MAY include the QoS-Resources AVPs. The message format is the same as defined in [RFC4072] with an addition of Diameter QoS specific AVPs. Figure 3 shows the DEA message used with the Diameter QoS AVPs: ::= < Diameter Header: 268, PXY > < Session-Id > { Auth-Application-Id } { Auth-Request-Type } { Result-Code } { Origin-Host } { Origin-Realm } * [ QoS-Resources ] [ Session-Timeout ] [ User-Name ] ... * [ AVP ] Figure 3: Diameter EAP Answer Command 3.4. Credit-Control-Request (CCR) The Credit-Control-Request (CCR) command [RFC4006], indicated by the Command-Code field set to 272 and the 'R' bit set in the Command Flags field, may be sent by the NAS to the Diameter-QoS server to request QoS credit authorization for a given QoS provisioning request. In that case the CCR command MAY also carry the QoS- Resources AVPs. The message format is the same as defined in [RFC4006] with an addition of Diameter QoS specific AVPs. Figure 4 shows the CCR message used with the Diameter QoS AVPs: Korhonen, et al. Expires January 10, 2008 [Page 5] Internet-Draft QoS attributes for Diameter July 2007 ::= < Diameter Header: 272, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } { Service-Context-Id } { CC-Request-Type } { CC-Request-Number } [ Destination-Host ] [ User-Name ] [ QoS-Capability ] * [ QoS-Resources ] ... * [ AVP ] Figure 4: Credit Control Request Command 3.5. Credit-Control-Answer (CCA) The Credit-Control-Answer (CCA) command [RFC4006], indicated by the Command-Code field set to 272 and the 'R' bit set in the Command Flags field is sent in response to the CC-Request (CCR) message to acknowledge a CC-Request command. If the Diameter QoS server was able to fulfill the QoS request (if needed) then the response MAY include the QoS-Resources AVPs. The message format is the same as defined in [RFC4006] with an addition of Diameter QoS specific AVPs. Figure 5 shows the CCA message used with the Diameter QoS AVPs: Korhonen, et al. Expires January 10, 2008 [Page 6] Internet-Draft QoS attributes for Diameter July 2007 ::= < Diameter Header: 272, PXY > < Session-Id > { Result-Code } { Origin-Host } { Origin-Realm } { Auth-Application-Id } { CC-Request-Type } { CC-Request-Number } [ User-Name ] [ CC-Session-Failover ] [ CC-Sub-Session-Id ] [ Acct-Multi-Session-Id ] [ Origin-State-Id ] [ Event-Timestamp ] * [ QoS-Resources ] ... * [ AVP ] Figure 5: Credit Control Answer Command 3.6. AA-Request (AAR) The AA-Request (AAR) message, indicated by the Command-Code field set to 265 and 'R' bit set in the Command Flags field, may be sent by the NAS to the Diameter server providing network access configuration services. At the same time as the network access authentication and authorization, the NAS MAY request the Diameter server to authorize provisioning of QoS resources. The message format is the same as defined in [RFC4005] with an addition of Diameter QoS specific AVPs. Figure 6 shows the AAR message used with the Diameter QoS AVPs: Korhonen, et al. Expires January 10, 2008 [Page 7] Internet-Draft QoS attributes for Diameter July 2007 ::= < Diameter Header: 265, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } [ QoS-Capability ] * [ QoS-Resources ] [ Destination-Host ] ... * [ AVP ] Figure 6: AA Request Command 3.7. AA-Answer (AAA) The AA-Answer (AAA) message, indicated by the Command-Code field set to 265 and 'R' bit cleared in the Command Flags field is sent in response to the AA-Request (AAR) message for confirmation of the result of QoS provisioning. If the QoS service is successfully authorized and the Diameter server was able to fulfill the QoS provisioning request (if needed) then the response MAY include the QoS-Resources AVPs. The message format is the same as defined in [RFC4005] with an addition of Diameter QoS specific AVPs. Figure 7 shows the AAA message used with the Diameter QoS AVPs: ::= < Diameter Header: 265, PXY > < Session-Id > { Auth-Application-Id } { Auth-Request-Type } { Result-Code } { Origin-Host } { Origin-Realm } * [ QoS-Resources ] [ User-Name ] [ Session-Timeout ] ... * [ AVP ] Korhonen, et al. Expires January 10, 2008 [Page 8] Internet-Draft QoS attributes for Diameter July 2007 Figure 7: AA Answer Command 4. Diameter QoS Defined AVPs The following table lists the Diameter AVPs used by this document, their AVP code values, types, possible flag values, and whether the AVP may be encrypted. +------------------+ | AVP Flag Rules | +-------------------------------------------------|----+---+----+----+ | AVP Section |MUST|MAY|SHLD|MUST| | Attribute Name Code Defined Data Type | | | NOT| NOT| +-------------------------------------------------+----+---+----+----+ |QoS-Flow-State TBD 4.2 Enumerated | |M,P| | V | |QSPEC TBD 4.3 OctetSTring| |M,P| | V | |QoS-ID TBD 4.1 Unsigned32 | |M,P| | V | |Extended-QoS-Filter-Rule TBD 4.6 Grouped | |M,P| | V | |QoS-Resources TBD 4.4 Grouped | |M,P| | V | |QoS-Parameter TBD 4.5 Grouped | |M,P| | V | |QoS-Capability TBD 4.7 Grouped | |M,P| | V | |QSPEC-Type TBD 4.8 Unsigned32 | |M,P| | V | +-------------------------------------------------+----+---+----+----+ 4.1. QoS-ID AVP The QoS-ID AVP (AVP Code TBD) is of type Unsigned32 and references the QSPEC. 4.2. QoS-Flow-State AVP The QoS-Flow-State AVP (AVP Code TBD) is of type Enumerated. It gives an indication as to how the flow MUST be treated. The Extended-QoS-Filter-Rule already provides an indicate whether a flow is permitted or denied. This optional AVP provides additional information about the treatment. Currently a single value is defined; further values are available via IANA registration. 0 Pending: The filter rules are not installed but kept pending. Subsequent signaling is necessary to active them. 4.3. QSPEC AVP The QSPEC AVP (AVP Code TBD) is of type OctetString and contains Quality of Service parameters. These parameters are defined in a separate document, see [I-D.ietf-dime-qos-parameters]. Korhonen, et al. Expires January 10, 2008 [Page 9] Internet-Draft QoS attributes for Diameter July 2007 4.4. QoS-Resources AVP The QoS-Resources AVP (AVP Code TBD) is of type Grouped and includes description of the resources that have been authorized or requested. More than one QoS-Resources AVP MAY be included in a single message. QoS-Resources ::= < AVP Header: XXX > 1* [ Extended-QoS-Filter-Rule ] 1* [ QoS-Parameter ] [ QoS-Flow-State ] * [ AVP ] 4.5. QoS-Parameter AVP The QoS-Parameter AVP (AVP Code TBD) is of type Grouped and ties the QoS-ID AVP together to the QSPEC AVP. All parameters followed by the QSPEC-Type AVP refer to the same QoS model/profile. QoS-Parameter ::= < AVP Header: XXX > { QoS-ID } { QSPEC-Type } 1* [ QSPEC ] * [ AVP ] 4.6. Extended-QoS-Filter-Rule AVP TheExtended-QoS-Filter-Rule AVP (AVP Code TBD) is of type Grouped. The QoS filter rule associated with the QoS-ID re-uses the RADIUS NAS-Traffic-Rule AVP [I-D.ietf-radext-filter-rules]. This AVP ties a specific filter to a QoS-ID that in turn refers to a specific QoS- Parameter. Extended-QoS-Filter-Rule ::= < AVP Header: XXX > { QoS-ID } { NAS-Traffic-Rule } * [ AVP ] 4.7. QoS-Capability AVP The QoS-Capability AVP (AVP Code TBD) is of type Grouped and contains a list of supported QSPEC-Types and respective AVPs. The NAS SHOULD include this AVP from the NAS to the Diameter server to indicate the support for this specification and for the specific Korhonen, et al. Expires January 10, 2008 [Page 10] Internet-Draft QoS attributes for Diameter July 2007 QoS models. QoS-Capability ::= < AVP Header: XXX > 1* { QSPEC-Type } * [ AVP ] 4.8. QSPEC-Type AVP The QSPEC-Type AVP (AVP Code TBD) is of type Unsigned32 and contains the supported QoS model or QoS profile. The value of 0 refers to the QoS parameters described in [I-D.ietf-dime-qos-parameters]. The values are taken from the registry defined in [I-D.ietf-nsis-qspec]. 5. Examples This section shows a number of signaling flows where QoS negotiation and authorization is part of the conventional NASREQ, EAP or Credit- Control applications message exchanges. These signaling flows are meant to be examples only. 5.1. Diameter EAP with QoS Information Figure 8 shows a simple signaling flow where a NAS (Diameter Client) announces its QoS awareness and capabilities included into the DER message and as part of the access authentication procedure. Upon completion of the EAP negotiation, the Diameter Server provides a pre-provisioned QoS profile to the NAS in the final DEA message. Korhonen, et al. Expires January 10, 2008 [Page 11] Internet-Draft QoS attributes for Diameter July 2007 End Diameter Diameter Host Client server | | | | (initiate EAP) | | |<------------------------------>| | | | Diameter-EAP-Request | | | EAP-Payload(EAP Start) | | | QoS-Capability | | |------------------------------->| | | | | | Diameter-EAP-Answer | | Result-Code=DIAMETER_MULTI_ROUND_AUTH | | | EAP-Payload(EAP Request #1) | | |<-------------------------------| | EAP Request(Identity) | | |<-------------------------------| | : : : : <<>> : : : : | | | | EAP Response #N | | |------------------------------->| | | | Diameter-EAP-Request | | | EAP-Payload(EAP Response #N) | | |------------------------------->| | | | | | Diameter-EAP-Answer | | | Result-Code=DIAMETER_SUCCESS | | | EAP-Payload(EAP Success) | | | [EAP-Master-Session-Key] | | | (authorization AVPs) | | | QoS-Resources | | |<-------------------------------| | | | | EAP Success | | |<-------------------------------| | | | | Figure 8: Example of a Diameter EAP enhanced with QoS Information 5.2. QoS Authorization Figure 9 shows an example of authorization only QoS signaling as part of the NASREQ message exchange. The NAS provides the Diameter Server with the QoS profile it wishes to use in the AAR message. The Diameter Server then either authorizes the proposed QoS profile or reject the authorization, and then informs the NAS about the authorization result in the AAA message. In this scenario the NAS Korhonen, et al. Expires January 10, 2008 [Page 12] Internet-Draft QoS attributes for Diameter July 2007 does not need to include the QoS-Capability AVP in the AAR message as the QoS-Resources AVP implicitly does the same and also the NAS is authorizing a specific QoS profile, not a pre-provisioned one. End Diameter Host NAS Server | | | | | | | QoS Request | | +----------------->| | | | | | |AA-Request | | |Auth-Request-Type=AUTHORIZE_ONLY | |NASREQ-Payload | | |QoS-Resources | | +----------------------------->| | | | | | AA-Answer| | | NASREQ-Payload(Success)| | | QoS-Resources| | |<-----------------------------+ | Accept | | |<-----------------+ | | | | | | | | | | Figure 9: Example of an Authorization-Only Message Flow 5.3. Diameter NASREQ with QoS Information Figure 10 shows a similar pre-provisioned QoS signaling as in Figure 8 but using the NASREQ application instead of EAP application. Korhonen, et al. Expires January 10, 2008 [Page 13] Internet-Draft QoS attributes for Diameter July 2007 End Diameter Host NAS Server | | | | Start Network | | | Attachment | | |<---------------->| | | | | | |AA-Request | | |NASREQ-Payload | | |QoS-Capability | | +----------------------------->| | | | | | AA-Answer| | Result-Code=DIAMETER_MULTI_ROUND_AUTH| | NASREQ-Payload(NASREQ Request #1)| | |<-----------------------------+ | | | | Request | | |<-----------------+ | | | | : : : : <<>> : : : : | Response #N | | +----------------->| | | | | | |AA-Request | | |NASREQ-Payload ( Response #N )| | +----------------------------->| | | | | | AA-Answer| | | Result-Code=DIAMETER_SUCCESS| | | (authorization AVPs)| | | QoS-Resources | | |<-----------------------------+ | | | | Success | | |<-----------------+ | | | | Figure 10: Example of a Diameter NASREQ enhanced with QoS Information 5.4. Diameter Server Initiated Re-authorization of QoS Figure 11 shows a message exchange for a Diameter Server initiated QoS profile re-authorization procedure. The Diameter Server sends the NAS a RAR message requesting re-authorization for an existing session and the NAS acknowledges it with a RAA message. The NAS that Korhonen, et al. Expires January 10, 2008 [Page 14] Internet-Draft QoS attributes for Diameter July 2007 is aware of its existing QoS profile and information for the ongoing session that the Diameter Server requested for re-authorization. Thus the NAS must initiate re-authorization of the existing QoS profile. The re-authorization procedure is the same as in Figure 9. End Diameter Host NAS Server | | | | | | : : : : <<>> : : : : | | | | | RA-Request | | |<-----------------------------+ | | | | |RA-Answer | | |Result-Code=DIAMETER_SUCCESS | | +----------------------------->| | | | | | | | |AA-Request | | |NASREQ-Payload | | |Auth-Request-Type=AUTHORIZE_ONLY | |QoS-Capability | | +----------------------------->| | | | | | AA-Answer| | | Result-Code=DIAMETER_SUCCESS| | | (authorization AVPs)| | | QoS-Resources | | |<-----------------------------+ | | | Figure 11: Example of a Server-initiated Re-Authorization Procedure 5.5. Diameter Credit-Control with QoS Information In this case the authorization and authentication take place at the beginning and then when a new service request comes in the accounting is done as per the required QoS. It's a 3GPP scenario. Korhonen, et al. Expires January 10, 2008 [Page 15] Internet-Draft QoS attributes for Diameter July 2007 Diameter End User Service Element Server CC Server (CC Client) | Registration | AA request/answer(accounting,cc or both)| |<----------------->|<------------------>| | | : | | | | : | | | | Service Request | | | |------------------>| | | | | CCR(Initial,Credit-Control AVPs, | | | QoS-capability) | | +|---------------------------------------->| | CC stream|| | CCA(Granted-Units)| | || | QoS-Resources | | +|<----------------------------------------| | Service Delivery | | | |<----------------->| ACR(start,Accounting AVPs) | | : |------------------->|+ | | : | ACA || Accounting stream | | |<-------------------|+ | | : | | | | : | | | | | CCR(Update,Used-Units) | | |---------------------------------------->| | | | CCA(Granted-Units)| | | | QoS-Resources | | |<----------------------------------------| | : | | | | : | | | | End of Service | | | |------------------>| CCR(Termination, Used-Units) | | |---------------------------------------->| | | | CCA | | |<----------------------------------------| | | ACR(stop) | | | |------------------->| | | | ACA | | | |<-------------------| | Figure 12: Example with first interrogation after user's authorization/authentication 5.6. Diameter Server Initiated Credit Re-authorization This example shows a Diameter Credit Control interaction whereby the server initiates a re-authorization exchange. Korhonen, et al. Expires January 10, 2008 [Page 16] Internet-Draft QoS attributes for Diameter July 2007 Service Element Diameter End User (CC Client) Server CC Server | | | | | | | | : : : : : <<<<<< Initial Message Exchanges >>>>>> : : : : : | | | | | | Re-Auth-Request| | | Auth-Application-ID = CREDIT_CONTROL| | |Re-Auth-Request-Type = AUTHORIZE_ONLY| | | Session-ID| | |<------------------------------------+ | | | | | | Re-Auth-Answer | | | | Session-ID | | | | Result-Code = DIAMETER_LIMITED_SUCCESS | +------------------------------------>| | | | | | | CCR | | | CC-Request-Type = UPDATE_REQUEST | | | Used-Units | | | |-------------------+---------------->| | | CCA(Granted-Units)| | | Result-Code = DIAMETER_SUCCESS| | | QoS-Resources| | |<------------------+-----------------| | | | | Figure 13: Server-Initiated Credit Re-Authorization 5.7. QoS and Credit-Control as Part of Authentication and Authorization In this example, the Credit control is performed along with the Authentication/Authorization message. This is usually the case in NAS scenario. Korhonen, et al. Expires January 10, 2008 [Page 17] Internet-Draft QoS attributes for Diameter July 2007 Service Element Diameter End User (CC Client) server CC Server | (e.g. NAS) | | | | | | | Service Request | AA Request (CC AVPs) | | | Credit-Control=CREDIT_AUTHORIZATION | | | QoS-Resources | | |------------------>|------------------->| | | | | CCR(Initial, CC AVPs) | | | QoS-Resources | | | |------------------->| | | | CCA(Granted-Units) | | | | QoS-Resources | | | |<-------------------| | | AA Answer(Granted-Units) | | | QoS-Resources | | | Service Delivery |<-------------------| | |<----------------->| | | | | ACR(start,Accounting AVPs) | | |------------------->|+ | | | ACA || Accounting stream | | |<-------------------|+ | | | | | | | | | | | | | | | | | | | CCR(Update,Used-Units) | | | QoS-Resources | CCR(Update,Used-Units) | |------------------->| QoS-Resources | | | |------------------->| | | | CCA(Granted-Units) | | | | QoS-Resources | | | CCA(Granted-Units) |<-------------------| | | QoS-Resources | | | |<-------------------| | | | | | | | | | | End of Service | | | |------------------>| CCR(Termination,Used-Units) | | |------------------->| CCR(Term.,Used-Units) | | |------------------->| | | | CCA | | | CCA |<-------------------| | |<-------------------| | | | ACR(stop) | | | |------------------->| | | | ACA | | | |<-------------------| | Korhonen, et al. Expires January 10, 2008 [Page 18] Internet-Draft QoS attributes for Diameter July 2007 Figure 14: Example with use of the authorization messages for the first Diameter Credit Control interrogation 6. AVP Occurrence Tables 6.1. DER and DEA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the DER and DEA Commands, as defined in this document and in [RFC4072]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | DER | DEA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ Figure 15: DER and DEA Commands AVP table 6.2. CCR and CCA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the CCR and CCA Commands, as defined in this document and in [RFC4006]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | CCR | CCA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ Figure 16: CCR and CCA Commands AVP table 6.3. AAR and AAA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the AAR and AAA Commands, as defined in this document and in [RFC4005]. Korhonen, et al. Expires January 10, 2008 [Page 19] Internet-Draft QoS attributes for Diameter July 2007 +---------------+ | Command-Code | |-------+-------+ Attribute Name | AAR | AAA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ Figure 17: AAR and AAA Commands AVP table 7. Diameter RADIUS Interoperability [Editor's Note: Text will be provided in a future version of this document.] 8. Acknowledgments We would like to thank Victor Fajardo for his comments. 9. IANA Considerations Diameter reserves the AVP Codes 0 - 255 for RADIUS functions that are implemented in Diameter. AVPs new to Diameter have code values of 256 and greater. This specification assigns the values TBD-1 to TBD-2 from the AVP Code namespace defined in RFC 3588 [RFC3588]. See Section 4 for the newly defined AVPs. This specification also specifies the use of AVPs in the 0 - 255 range, which are defined in 'RADIUS Types', see http://www.iana.org/assignments/radius-types. These values are assigned by the policy in Section 6 of RFC 2865 [RFC2865] and are amended by RFC 3575 [RFC3575]. 10. Security Considerations This document describes the extension of Diameter for conveying Quality of Service information. The security considerations of the Diameter protocol itself have been discussed in RFC 3588 [RFC3588]. Use of the AVPs defined in this document MUST take into consideration the security issues and requirements of the Diameter Base protocol. Korhonen, et al. Expires January 10, 2008 [Page 20] Internet-Draft QoS attributes for Diameter July 2007 11. References 11.1. Normative References [I-D.ietf-dime-qos-parameters] Korhonen, J. and H. Tschofenig, "Quality of Service Parameters for Usage with the AAA Framework", draft-ietf-dime-qos-parameters-00 (work in progress), June 2007. [I-D.ietf-radext-filter-rules] Congdon, P., "RADIUS Attributes for Filtering and Redirection", draft-ietf-radext-filter-rules-03 (work in progress), July 2007. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, July 2003. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005. [RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J. Loughney, "Diameter Credit-Control Application", RFC 4006, August 2005. 11.2. Informative References [I-D.ietf-nsis-qspec] Ash, J., "QoS NSLP QSPEC Template", draft-ietf-nsis-qspec-17 (work in progress), July 2007. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005. Korhonen, et al. Expires January 10, 2008 [Page 21] Internet-Draft QoS attributes for Diameter July 2007 Authors' Addresses Jouni Korhonen (editor) TeliaSonera Teollisuuskatu 13 Sonera FIN-00051 Finland Email: jouni.korhonen@teliasonera.com Hannes Tschofenig Nokia Siemens Networks Otto-Hahn-Ring 6 Munich, Bavaria 81739 Germany Email: Hannes.Tschofenig@nsn.com URI: http://www.tschofenig.com Mayutan Arumaithurai University of Goettingen Email: mayutan.arumaithurai@gmail.com Korhonen, et al. Expires January 10, 2008 [Page 22] Internet-Draft QoS attributes for Diameter July 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Korhonen, et al. Expires January 10, 2008 [Page 23]