Cisco Asr 9000 Diameter Support in BNG

DIAMETER Support in BNG
DIAMETER provides a base protocol that can be extended in order to provide authentication, authorization,
and accounting (AAA) services to new access technologies. This chapter provides information about
DIAMETER protocol and its support in BNG.
Table 1: Feature History for DIAMETER Support in BNG
Release Modification
Release 5.3.0 This chapter was introduced for DIAMETER support feature in BNG.
This chapter covers these topics:
• DIAMETER Overview, page 2

• DIAMETER Interface in BNG, page 2
• Supported DIAMETER Base Messages, page 3
• DIAMETER NASREQ Application, page 4
• DIAMETER Gx and Gy Applications, page 7
• DIAMETER DCCA Application, page 8
• BNG DIAMETER Call Flow, page 10
• Guidelines and Restrictions for DIAMETER Support in BNG, page 12
• Configuring DIAMETER Peer in BNG, page 12
• Configuring AAA for DIAMETER Peer in BNG, page 17
• Verification of DIAMETER Configurations in BNG, page 19
• Additional References, page 24
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
5.3.x
1
DIAMETER Overview
DIAMETER Overview
DIAMETER is a peer-to-peer protocol that is composed of a base protocol and a set of applications that allow
it to extend its services to provide AAA services to new access technologies. The base protocol provides basic
mechanisms for reliable transport, message delivery, and error handling and the base protocol must be used
in conjunction with a DIAMETER application. Each application relies on the services of the base protocol to
support a specific type of network access. Each application is defined by an application identifier and associated
with commands. Each command is defined with mandatory Attribute Value Pairs (AVPs) and non-mandatory
AVPs including vendor-specific AVPs.
DIAMETER allows peers to exchange a variety of messages. The DIAMETER client generates DIAMETER
messages to the DIAMETER server to perform the AAA actions for the user. This protocol also supports
server-initiated messages, such as a request to abort service to a particular user.
DIAMETER Interface in BNG

BNG supports the DIAMETER base protocol, along with applications such as DIAMETER Credit Control
Application (DCCA) and Network Access Server Requirements (NASREQ), which is used for policy control
and charging, and real-time credit control of pre-paid users. BNG acts as NASREQ and DCCA client to
perform AAA NAS related functionality, policy provisioning, quota request and usage reporting function.
With this DIAMETER interface, BNG provides service-aware billing functionality and policy provisioning
for post-paid and pre-paid users.
This figure shows the network of the DIAMETER interface in BNG:
Figure 1: DIAMETER Interface in BNG
Along with the DIAMETER base protocol, these DIAMETER applications are also supported in BNG:
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide,
Release 5.3.x
2
Supported DIAMETER Base Messages
• Diameter Credit Control Application (DCCA)

• Gx interface for Policy Control and Charging
• Gy interface for online charging
• Gz interface for offline charging
This table lists IANA-assigned application IDs for DIAMETER applications:
DIAMETER Application DIAMETER Application ID

DIAMETER common message 0x00000000
DIAMETER NASREQ message 0x00000001
DIAMETER base accounting 0x00000003
DIAMETER DCCA application(Gy) 0x00000004
DIAMETER policy interface(Gx) 0x01000016 (16777224)
Features supported for BNG with DIAMETER

These base protocol features are supported in BNG with DIAMETER:
• TCP as the transport protocol for DIAMETER messages
• TLS support over TCP for secure communication
• IPv4 and IPv6 transport stack to the back end DIAMETER server
These base protocol features are not supported in BNG with DIAMETER:
• Communication with diameter peers that act as proxy, relay or a redirection agent
• Diameter peer discovery
• SCTP as the transport protocol for DIAMETER messages
• Internet Protocol Security (IPSec)
Supported DIAMETER Base Messages

BNG supports these DIAMETER base messages:
DIAMETER Base Messages Abbreviation Command Description

Code
Capabilities-Exchange-Request CER 257 Sent from the client to the server to determine the
capabilities of the server.
5.3.x
3
DIAMETER NASREQ Application
DIAMETER Base Messages Abbreviation Command Description

Code
Capabilities-Exchange-Answer CEA 257 Sent from the server to the client in response to
a CER message.
Disconnect-Peer-Request DPR 282 Sent to the peer to inform about the termination
of the connection. The client or server may initiate
the termination.
Disconnect-Peer-Answer DPA 282 Sent as a response to a DPR message.
Device-Watchdog-Request DWR 280 Sent from the client to the server to monitor the
health of the connection. This happens if, for a
while, there is no traffic between peers, after CER
and CEA messages are exchanged.
Device-Watchdog-Answer DWA 280 Sent as response to a DWR message.
For details of DIAMETER attributes and sample packets of DIAMETER messages, see Appendix E,
DIAMETER Attributes.

The NASREQ application is used for Authentication, Authorization and Accounting (AAA) in the Network
Access Server (NAS) environment. For subscriber authentication or authorization, as part of the session
creation, a DIAMETER AA-Request message is sent to the DIAMETER NASREQ server and the response
may be an AA-Answer message. Subscriber accounting for sessions and services is done using AC-Request
and AC-Answer messages of the NASREQ application. BNG supports the NASREQ application for network
access related functionality; the admin access requests (such as Telnet, SSH, rlogin, and so on) must not be
transported using the DIAMETER protocol. Because Extensible Authentication Protocol (EAP) authentication
is not required in BNG, the support for DIAMETER EAP application is not considered.
If the user deploys a separate Offline Charging Server (OFCS) with the AAA method list configuration, the
NASREQ application forwards the messages accordingly.
No new application-specific AVPs are sent for the NASREQ application, except DIAMETER-specific common
set of AVPs and RADIUS prohibited AVPs for accounting.
This table lists the DIAMETER NAS messages supported by BNG:
DIAMETER NAS Abbreviation Command Description

Messages Code
AA-Request AAR 265 Used to request authentication or authorization (or
both) for a given NAS user.
Admin user related AVPs are not applicable for
BNG deployment with DIAMETER NASREQ
application.
Release 5.3.x
4

Messages Code
AA-Answer AAA 265 Sent in response to the AAR message.
If authorization was requested, a successful
response includes the authorization AVPs
appropriate for the service being provided. For
backward compatibility and also based on the
session type if it is IPoE or PPPoE, a few additional
DIAMETER Cisco VSAs may also be present in
this message.
Re-Auth-Request RAR 258 Sent by a DIAMETER server when it initiates a

re-authentication or re-authorization (or both)
service for a particular session.
Re-Auth-Answer RAA 258 Sent in response to the RAR message.

The Result-Code AVP must be present in the RAA
message and it indicates the disposition of the
request. A successful RAA transaction must be
followed by an AAR message.
Session-Termination-Request STR 275 Sent by NAS to inform DIAMETER server that an

authenticated or authorized (or both) session is
being terminated.
This is required only if NASREQ application is
stateful.
Session-Termination-Answer STA 275 Sent by DIAMETER server to acknowledge the

session termination notification sent by NAS.
The Result-Code AVP must be present in this STA
message, and it may also contain an indication that
an error occurred while the STR was being
serviced. Upon sending or receiving the STA, the
DIAMETER server must releases all resources for
the session indicated by the Session-ID AVP.
Abort-Session-Request ASR 274 Sent by DIAMETER server to NAS to stop the

session identified by the Session-ID AVP.
This is similar to RADIUS CoA Session-disconnect
request or POD. In the case of stateless application,
the DIAMETER session with the particular
Session-ID does not exist on BNG. Therefore,
instead of Session-ID, another BNG subscriber
identity such as Acct-Session-ID,
<Framed-IP-Address, VRF> may be sent as one of
the AVPs.
5.3.x
5
DIAMETER Accounting

Messages Code
Abort-Session-Answer ASA 274 Sent in response to the ASR message.
These are the possible result codes:
• DIAMETER_SUCCESS - If the session
identified by Session-ID was successfully
terminated.
• DIAMETER_UNKNOWN_SESSION_ID -
If the session is not currently active.
• DIAMETER_UNABLE_TO_COMPLY - If
the access device does not stop the session
for some reason.
Accounting-Request ACR 271 Sent by a DIAMETER node that is acting as a

client, in order to exchange accounting information
with a peer.
In addition to the standard AVPs, ACR messages
must also include service-specific accounting
AVPs.
Accounting-Answer ACA 271 To acknowledge an ACR message.

The ACA message contains the same Session-ID
as the corresponding request.
DIAMETER Accounting
The session accounting and service accounting functionality provided by BNG, remain unchanged with the
introduction of the DIAMETER interface. BNG uses accounting messages defined in the DIAMETER base
protocol. The DIAMETER NASREQ application is used for regular AAA services over DIAMETER. The
DIAMETER accounting message construction and transport is supported as part of this application.
The DIAMETER applications in BNG have the option of using either or both of these accounting application
extension models:
• Split Accounting Service - The accounting message carries the Application-ID of the DIAMETER base
accounting application (0x00000003). The respective diameter nodes advertise the DIAMETER base
accounting Application ID during capabilities exchanges (CER and CEA).
• Coupled Accounting Service - The accounting message carries the Application-ID of the application
that is using it (for example, NASREQ). The application itself processes the received accounting records
or forwards them to an accounting server. The accounting application advertisement is not required
during capabilities exchange, and the accounting messages are routed the same way as any of the other
application messages. In the case of BNG, where an application does not define its own accounting
service, the use of the split accounting model is preferred.
Release 5.3.x
6
DIAMETER Gx and Gy Applications
The Gz interface between PCEF and OFCS use DIAMETER base accounting application for offline
charging. Because BNG supports session based and service based accounting, the split accounting model
in which the accounting Application-ID is inserted in all the accounting messages, is preferable.
BNG does not support persistence of accounting records when the DIAMETER server is down.
DIAMETER Accounting Messages

Accounting-Request (ACR) and Accounting-Answer (ACA) are the typical DIAMETER accounting NASREQ
messages. The possible ACR types are:
1 EVENT_RECORD - sent if a session fails to start, along with the reason for the failure.
2 START_RECORD - sent if the first authentication or authorization transaction is successfully completed.
3 INTERIM_RECORD - sent if additional authentications or authorizations occur.
4 STOP_RECORD - sent upon termination of the session context.
DIAMETER Gx and Gy Applications

The Gx reference point (based on 3GPP TS 129 212 V11.10.0), that is located between Policy and Charging
Rules Function (PCRF) and Policy and Charging Enforcement Function (PCEF), is used for provisioning and
removal of policy and charging control (PCC) rules from the PCRF to the PCEF and for the transmission of
traffic plane events from PCEF to PCRF. BNG acts as a PCEF in the current deployment. The PCRF acts as
a DIAMETER server with respect to the DIAMETER protocol defined over the Gx interface. That is, it is the
network element that handles PCC rule requests for a particular realm. The PCEF acts as the DIAMETER
client. That is, it is the network element that requests PCC rules in the transport plane network resources.
Currently BNG supports the Gx interface for PCC rules provisioning, but the usage monitoring feature on Gx
interface (3GPP RLS9) is not supported.
The Gy reference point (based on 3GPP TS 132 299 V11.9.1), that is located between OCS and PCEF, is used
for reporting and online charging.
The required AVPs for broadband deployment and for Cisco ASR 9000 Series Aggregation Services Router
use cases are derived out of the Gx and Gy reference points.
Supported Gx Messages
This table lists the DIAMETER Gx messages supported by BNG:
DIAMETER Gx Messages Abbreviation Command Description

Code
Credit-Control-Request CCR 272 Sent by the traffic plane function (TPF) to the
charging rules function (CRF) in order to request
charging rules for a bearer, and also to indicate
the termination of the subscriber session.
5.3.x
7
DIAMETER DCCA Application
DIAMETER Gx Messages Abbreviation Command Description

Code
Credit-Control-Answer CCA 272 Sent by the PCRF to the PCEF in response to the
CCR command. It is used to provision PCC rules
and event triggers for the bearer or session, and
to provide the selected bearer control mode for
the IP connectivity access network (IP-CAN)
session.
Re-Auth-Request RAR 258 Sent by the PCRF to the PCEF in order to

provision unsolicited PCC rules using the PUSH
procedure.
Re-Auth-Answer RAA 258 Sent by the PCEF to the PCRF in response to the
RAR command.
Abort Session Request ASR 274 Sent by any server to the access device providing
session service, requesting it to stop the session
identified by the Session-Id.
Abort Session Answer ASA 274 Sent in response to the ASR. The Result-Code
AVP that indicates the disposition of the request
must be present.
Supported Gy Messages
BNG supports these DIAMETER Gy messages:
• CCR-Initial
• CCA-Initial
• CCR-Update message with tariff change units
• CCA-Update
• CCR-Final
• CCA-Final

DCCA interface implementation is based on the RFC 4006. The 3GPP Gx and Gy applications use the DCCA
framework and AVPs to provide the respective functions.
BNG supports these DCCA messages:
• Credit Control Request (CCR)
• Credit Control Answer (CCA)
Release 5.3.x
8
Every single CCR must be responded with a separate CCA.
DCCA Session and Services

Each BNG subscriber session is associated with a DIAMETER CC-Session (Credit Control-Session) when
Gx or Gy, or both applications, are enabled. Multiple services may be active in a BNG subscriber session.
The quota management and usage reporting for each service is performed by using MSCC AVP in the
CCR-CCA messages. The Service-Identifier and Rating-Group AVP inside the MSCC identifies the service
of a subscriber session. Quota for a service is granted within one Granted-Service-Unit AVP (GSU). Quota
usage reporting is done in one or more Used-Service-Unit (USU) AVP.
A CC-Session is uniquely identified by a Diameter Session-ID. The same format is used for the construction
of Session-ID.
5.3.x
9
BNG DIAMETER Call Flow

This figure shows a call flow sequence of BNG DIAMETER, for DHCP-initiated IPoE sessions (this is based
on one of the BNG DIAMETER use cases and the BNG call flow):
Figure 2: BNG DIAMETER Call Flow
Release 5.3.x
10
5.3.x
11
Guidelines and Restrictions for DIAMETER Support in BNG
Guidelines and Restrictions for DIAMETER Support in BNG

Guidelines for DIAMETER AVPs in BNG
These guidelines must be taken into consideration for the DIAMETER AVPs in BNG:
• Because BNG is deployed in wire-line scenario, Subscription-ID (443) AVP is not required. Instead,
the subscriber identifier is carried using DIAMETER User-Name (1) AVP. If a provider likes to use the
common subscriber identity, BNG can include Subscription-ID(443) Grouped AVP with the appropriate
value for Subscription-ID-Type (450).
• To bring up a BNG session, a few Cisco VSAs are also needed as part of the subscriber authorization
profile. Since the profile is provided by the PCRF, you must ensure the support of those DIAMETER
Cisco AVPs.
• The network access details are sent from BNG in the request packet using the existing RADIUS equivalent
of DIAMETER AVPs, such as NAS-Port-ID (87), NAS-Identifier (32) and NAS-IP-Address (4).
• The user must define the subscriber service on the BNG router as part of the dynamic template. The
configurations on BNG router defines the service definitions that are part of a prepaid set. Hence, from
the Gx interface perspective, only the Service-name is expected to come from PCRF. More than one
service-name instance may come in CCA and RAR messages from PCRF. BNG receives these instances
using Charging-Rule-Install (1001) 3GPP Grouped AVP, Charging-Rule-Name (1005) 3GPP AVP,
Service-Identifier (439) IETF AVP and Rating-Group (432) 3GPP AVP, to be part of this grouped AVP
to represent the one logical service construct.
• Currently BNG does not support service definition coming from PCRF. Therefore, the
Charging-Rule-Definition(1003) 3GPP Grouped AVP, with containers to denote the flow-description,
is not required.
Restrictions for DIAMETER in BNG

The DIAMETER support in BNG is subjected to these restrictions:
• BNG does not support Origin-State-Id AVP. Therefore, if this AVP is received from the DIAMETER
server, it is ignored.
• The Session-Binding AVP is ignored by BNG router. BNG uses the value of Origin-Host AVP, received
in the latest CCA message, for the Destination-Host AVP of the next request and the termination request
as well.
• The use of In-band-Security-Id AVP, that is used to advertise the support of security portion of the
application is not recommended in CER and CEA messages. Instead, discovery of a DIAMETER entity's
security capabilities can be done through static configuration.
Configuring DIAMETER Peer in BNG

Perform this task to configure the DIAMETER connection on a BNG router.
The selection of DIAMETER server is mostly based on the AAA method list configuration. These are the
various selection options:
Release 5.3.x
12
• For regular AAA services (NASREQ), it is completely based on the AAA configuration on the router.
• For Gx, it can be based on the Gx realm selection.
• For prepaid, it is based on the charging profile associated with the subscriber session on BNG.
For details on configuring AAA for DIAMETER, see Configuring AAA for DIAMETER Peer in BNG, on
page 17.
SUMMARY STEPS
1. configure
2. diameter {gx | gy}
3. diameter peer peer name
4. transport security-type tls
5. transport tcp port port_num
6. destination host host_string
7. destination realm realm_string
8. address [ipv4 | ipv6] ip_addr
9. ip vrf forwarding vrf_table_name
10. source-interface intf-type intf-name
11. peer-type server
12. root
13. diameter origin host host-name
14. diameter origin realm realm-string
15. diameter timer [connection | transaction | watchdog] timer-value
16. diameter vendor supported [cisco | etsi | threegpp | vodafone]
17. diameter tls trustpoint label
18. diameter {gx | gy} [retransmit retansmit-timer-val | tx-timer tx-timer-val]
19. commit
DETAILED STEPS
Command or Action Purpose

Step 1 configure
Step 2 diameter {gx | gy} Configures Gx interface for policy control and charging.
Similarly, configures the Gy interface for online (prepaid) charging.
Example:
RP/0/RSP0/CPU0:router(config)# diameter
gx
5.3.x
13

Step 3 diameter peer peer name Configures DIAMETER peer.
Example:
peer GX_SERVER
Step 4 transport security-type tls [Optional] Configures the DIAMETER security type as TLS.
Example:
RP/0/RSP0/CPU0:router(config-dia-peer)#
transport security-type tcp
Step 5 transport tcp port port_num Configures the DIAMETER transport protocol used for establishing
the connection with the peer, along with the port number (Optional)
Example: that the remote peer uses for DIAMETER messages.
RP/0/RSP0/CPU0:router(config-dia-peer)# Currently only TCP is supported as DIAMETER transport protocol.

transport tcp port 3868
Step 6 destination host host_string Configures the hostname of the peer in Fully Qualified Domain Name
(FQDN) format.
Example: This value is sent in various messages so that intermediate proxies can
RP/0/RSP0/CPU0:router(config-dia-peer)# correctly route the packets.
destination host dcca1.cisco.com
Step 7 destination realm realm_string [Optional] Configures the realm to which the peer belongs to.
The destination realm is added by AAA clients while sending a request
Example: to AAA server, using the AAA_AT_DESTINATION_REALM
RP/0/RSP0/CPU0:router(config-dia-peer)# attribute. If this attribute is not present, then the realm information is
destination realm GX_REALM retrieved using the User name field. If the clients do not add the
attribute, then the value configured in the peer mode is used while
sending messages to the destination peer.
Step 8 address [ipv4 | ipv6] ip_addr Configures IP address of the DIAMETER peer.
Example:
address ipv4 2.2.2.2
Step 9 ip vrf forwarding vrf_table_name [Optional] Configures the VRF associated with the peer, to establish
connections with the peers immediately after configuring the peers.
Example: If this command is not configured, then the global routing table is used
RP/0/RSP0/CPU0:router(config-dia-peer)# for establishing the connection with the peer.
ip vrf forwarding VRF1
If the VRF associated with the name is not configured, then an error
message mentioning that is displayed, and this command does not have
any effect.
Release 5.3.x
14

Step 10 source-interface intf-type intf-name [Optional] Configures the source-interface to be used for the
DIAMETER connection. The diameter client uses this source address
Example: and port to initiate the TCP connection to the peer.
RP/0/RSP0/CPU0:router(config-dia-peer)# This command is also available in global configuration mode, when

source-interface Bundle-Ether 1 used with diameter keyword.
Step 11 peer-type server Configures the peer type. By default, the peer type is, server.
Example:
peer-type server
Step 12 root Returns the configuration mode back to the global configuration mode.
Example:
root
Step 13 diameter origin host host-name Configures the origin host information.
The origin host information is sent in different requests to the
Example: DIAMETER peer and it maps to multiple IP addresses. If this value is
RP/0/RSP0/CPU0:router(config)# diameter not configured, then a NULL string is sent. Therefore, this is a
origin host 1.1.1.1 mandatory configuration.
Step 14 diameter origin realm realm-string [Optional] Configures the origin realm information.
The origin realm information is sent in each request to the DIAMETER
Example: peer. If this value is not configured, then a NULL string is sent.
RP/0/RSP0/CPU0:router(config)# diameter Therefore, this is a mandatory configuration.
origin realm cisco.com
Step 15 diameter timer [connection | transaction | Configures global timers for DIAMETER.
watchdog] timer-value
• Connection timer is used to delay the connection establishment
or re-establishment of client with the DIAMETER server. It
Example: determines the frequency of transport connection attempts with
RP/0/RSP0/CPU0:router(config)# diameter the peer when there is no active connection with the peer.
timer watchdog 300
• Transaction timer is used for setting the frequency of transaction
attempts. That is, the duration for which the client waits for any
response message from the peer.
• Watchdog timer is used to periodically send the
Device-Watch-Dog to the DIAMETER server to test the link
status.
5.3.x
15

Note These timers can also be configured at the peer level (in
diameter peer configuration mode). By default, the peers
inherit the globally configured timer values. But, if the timer
values are configured at peer level as well, then the peer level
timer values take precedence over the globally configured
timer values.
Step 16 diameter vendor supported [cisco | etsi | Advertises the various vendor AVPs that the DIAMETER node
threegpp | vodafone] understands. This information is passed to the peer in capability
exchange messages.
Example:
vendor supported cisco
Step 17 diameter tls trustpoint label Specifies the trustpoint name to be used in the certificate to be used
for DIAMETER TLS exchange. If a trustpoint name is not provided,
Example: then the default trustpoint is used.
tls trustpoint DIAMETER_TRUSTPOINT
Step 18 diameter {gx | gy} [retransmit Configures the re-transmit and the transaction timers for Gx and Gy
retansmit-timer-val | tx-timer tx-timer-val] applications.
Example:
gx retransmit 5
gx tx-timer 100
Step 19 commit
Configuring DIAMETER Connection in BNG: Example
DIAMETER-specific configurations:
diameter gx
diameter gy
diameter peer GX_SERVER
destination realm GX_REALM
!
diameter peer GY_SERVER
transport tcp port 3869
destination realm GY_REALM
!
diameter peer NASREQ_SERVER
!
diameter timer watchdog 300
diameter origin host 1.1.1.1
diameter origin realm cisco.com
diameter vendor supported threegpp
diameter vendor supported cisco
Release 5.3.x
16
Configuring AAA for DIAMETER Peer in BNG
diameter vendor supported vodafone

Perform this task to configure AAA for DIAMETER NASREQ application in BNG router.
Before You Begin

Prior to this task, you must set up the DIAMETER peer in BNG router. For details, see Configuring DIAMETER
Peer in BNG, on page 12.
SUMMARY STEPS
1. configure
2. aaa group server {diameter | radius} server-group-name
3. server peer_name
4. aaa authentication subscriber {list-name | default} group {server-group-name | diameter | radius}
5. aaa authorization subscriber {list-name | default} group {server-group-name | diameter | radius}
6. aaa accounting subscriber {list-name | default} group {server-group-name | diameter | radius}
7. aaa accounting service {list-name | default} group {server-group-name | diameter | radius}
8. aaa authorization policy-if {list-name | default} group {server-group-name | diameter | radius}
9. aaa authorization prepaid {list-name | default} group {server-group-name | diameter | radius}
10. commit
DETAILED STEPS

Step 1 configure
Step 2 aaa group server {diameter | radius} server-group-name Configures the named server group for DIAMETER,
and enters the server group sub-mode.
Example:
RP/0/RSP0/CPU0:router(config)# aaa group server
diameter GX_SG
Step 3 server peer_name Attaches the globally configured DIAMETER server

(configured using diameter peer command) having the
Example: same name, to the server group. If a server is not
configured with the same name, then an error message
RP/0/RSP0/CPU0:router(config-sg-diameter)# server mentioning that is displayed.
GX_SERVER
Unlike for RADIUS, DIAMETER does not have private
servers. DIAMETER considers a server that does not
have a VRF name configured, as a global server, and it
uses global routing table for that particular server.
5.3.x
17

Step 4 aaa authentication subscriber {list-name | default} group Configures subscriber authentication with DIAMETER
{server-group-name | diameter | radius} protocol using NASREQ application.
Example:
RP/0/RSP0/CPU0:router(config)# aaa authentication
subscriber default group diameter
Step 5 aaa authorization subscriber {list-name | default} group Configures subscriber authorization with DIAMETER
{server-group-name | diameter | radius} protocol using NASREQ application.
Example:
RP/0/RSP0/CPU0:router(config)# aaa authorization
Step 6 aaa accounting subscriber {list-name | default} group Configures subscriber session accounting to DIAMETER
{server-group-name | diameter | radius} server using Base Accounting Application.
Example:
RP/0/RSP0/CPU0:router(config)# aaa accounting
Step 7 aaa accounting service {list-name | default} group Configures to carry subscriber service accounting records
{server-group-name | diameter | radius} to DIAMETER server using Base Accounting
Application.
Example:
RP/0/RSP0/CPU0:router(config)# aaa accounting
service default group diameter
Step 8 aaa authorization policy-if {list-name | default} group Configures authorization lists for policy interface (Gx
{server-group-name | diameter | radius} interface).
Example:
policy-if policy_meth group GX_SG
Step 9 aaa authorization prepaid {list-name | default} group Configures authorization lists for prepaid (Gy interface).
{server-group-name | diameter | radius}
Example:
prepaid prepaid_meth group GY_SG
Step 10 commit
Configuring AAA for DIAMETER Connection in BNG: Example
AAA configurations:
Release 5.3.x
18
Verification of DIAMETER Configurations in BNG
aaa group server diameter GX_SG

server GX_SERVER
!
aaa group server diameter GY_SG
server GY_SERVER
!
aaa group server diameter NASREQ_SG
server NASREQ_SERVER
!
aaa authorization network default group radius
aaa accounting service default group radius
aaa accounting subscriber default group radius
aaa accounting subscriber nasreq_acct_list group NASREQ_SG
aaa authorization subscriber default group radius
aaa authorization subscriber nasreq_author_list group NASREQ_SG
aaa authorization policy-if policy_meth group GX_SG
aaa authentication subscriber default group radius
aaa authorization prepaid prepaid_meth group GY_SG
Prepaid Service:
dynamic-template
type service prepaid
service-policy input qos_in_parent1 merge 10 acct-stats
service-policy output qos_out_parent1 merge 10 acct-stats
accounting aaa list default type service periodic-interval 30
prepaid-config prepaid_config
Prepaid Template:
subscriber
accounting prepaid prepaid_config
threshold volume 100
method-list authorization prepaid_meth
threshold time 100
password cisco
Policy Map:
policy-map type control subscriber diam_policy

event session-start match-first
class type control subscriber dual-stack do-until-failure
10 activate dynamic-template DYN_TEMP_IPSUB_DUAL
20 authorize aaa list default identifier source-address-mac password welcome
30 authorize aaa list policy_meth identifier username password welcome
!
!
end-policy-map
!

These show commands can be used to verify the DIAMETER configurations in BNG:
5.3.x
19
SUMMARY STEPS
1. show tcp brief

2. show diameter peer
3. show diameter gx statistics
4. show diameter gy statistics
5. show diameter gx session session-id-string
6. show diameter gy session session-id-string
7. show diameter nas session [checkpoint | session | summary]
8. show checkpoint dynamic process diameter
DETAILED STEPS
Step 1 show tcp brief
Example:
RP/0/RSP0/CPU0:router# show tcp brief
PCB VRF-ID Recv-Q Send-Q Local Address Foreign Address State

0x1016cc7c 0x60000000 0 0 2.2.2.1:28691 2.2.2.2:3869 ESTAB
0x1016bbc8 0x60000000 0 0 2.2.2.1:24698 2.2.2.2:3868 ESTAB
0x1013ccc0 0x60000000 0 0 0.0.0.0:23 0.0.0.0:0 LISTEN
0x10138db8 0x00000000 0 0 0.0.0.0:23 0.0.0.0:0 LISTEN
Displays a summary of the TCP connection table.
Step 2 show diameter peer
Example:
RP/0/RSP0/CPU0:router# show diameter peer
Origin Host :
Origin Realm :
Source Interface :
TLS Trustpoint :
Connection timer value : 30 seconds
Watchdog timer value : 300 seconds
Transaction timer value : 30 seconds
Number of Peers:3
Peer name : GX_SERVER

type : SERVER
Address/port : 2.2.2.2/3868
Transport protocol : TCP
Peer security protocol : NONE
connection timer : 30 seconds
watchdog timer value : 300 seconds
transaction timer value : 30 seconds
VRF name : default
Source-interface :
Destination realm : GX_REALM
Destination host name :
Peer connection status : Open
Peer Statistics
------------------------------
Release 5.3.x
20
IN / OUT
------------------------------
ASR 0 0
ASA 0 0
ACR 0 0
ACA 0 0
CER 0 1
CEA 1 0
DWR 0 0
DWA 0 0
DPR 0 0
DPA 0 0
RAR 0 0
RAA 0 0
STR 0 0
STA 0 0
AAR 0 0
AAA 0 0
CCR 0 0
CCA 0 0
Malformed Rcvd : 0
Prot. Errs Sent : 0 Prot. Errs Rcvd : 0
Trans. Errs Sent : 0 Trans. Errs Rcvd : 0
Perm. Errs Sent : 0 Perm. Errs Rcvd : 0
Displays DIAMETER peer information.
Step 3 show diameter gx statistics
Example:
RP/0/RSP0/CPU0:router# show diameter gx statistics
CCR Initial Messages : 1
CCR Initial Messages Sent Failed : 0
CCR Initial Messages Timed Out : 0
CCR Initial Messages Retry : 0
CCR Update Messages : 0
CCR Update Messages Sent Failed : 0
CCR Update Messages Timed Out : 0
CCR Update Messages Retry : 0
CCR Terminate Messages : 0
CCR Terminate Messages Sent Failed : 0
CCR Terminate Messages Timed Out : 0
CCR Terminate Messages Retry : 0
CCA Initial Messages : 1
CCA Initial Messages Error : 0
CCA Update Messages : 0
CCA Update Messages Error : 0
CCA Terminate Messages : 0
CCA Terminate Messages Error : 0
RAR Received Messages : 0
RAR Received Messages Error : 0
RAA Sent Messages : 0
RAA Sent Messages Error : 0
ASR Received Messages : 0
ASR Received Messages Error : 0
ASA Sent Messages : 0
ASA Sent Messages Error : 0
Session Termination Messages Recvd : 0
Unknown Request Messages : 0
Restored Sessions : 0
Total Opened Sessions : 1
Total Closed Sessions : 0
Total Active Sessions : 1
Displays DIAMETER gx statistics.
Step 4 show diameter gy statistics
5.3.x
21
Example:
RP/0/RSP0/CPU0:router# show diameter gy statistics
CCR Initial Messages : 1

CCR Initial Messages Sent Failed : 0
CCR Initial Messages Timed Out : 0
CCR Initial Messages Retry : 0
CCR Update Messages : 4
CCR Update Messages Sent Failed : 0
CCR Update Messages Timed Out : 0
CCR Update Messages Retry : 0
CCR Terminate Messages : 1
CCR Terminate Messages Sent Failed : 0
CCR Terminate Messages Timed Out : 0
CCR Terminate Messsages Retry : 0
CCA Initial Messages : 1
CCA Initial Messages Error : 0
CCA Update Messages : 4
CCA Update Messages Error : 0
CCA Terminate Messages : 1
CCA Terminate Messages Error : 0
RAR Received Messages : 0
RAR Received Messages Error : 0
RAA Sent Messages : 0
RAA Sent Messages Error : 0
ASR Received Messages : 0
ASR Received Messages Error : 0
ASA Sent Messages : 0
ASA Sent Messages Error : 0
Unknown Request Messages : 0
Restored Sessions : 0
Total Opened Sessions : 2
Total Closed Sessions : 1
Total Active Sessions : 1
Displays DIAMETER gy statistics.
Step 5 show diameter gx session session-id-string
Example:
RP/0/RSP0/CPU0:router# show diameter gx session 461419
Gx Session Status for [461419]

Session Status : ACTIVE
Diameter Session ID : 1.1.1.1;4;461419;1185991
Gx Session State : OPEN
Request Number : 0
Request Type : INITIAL REQUEST
Request Retry Count : 0
Displays DIAMETER gx session information.
Step 6 show diameter gy session session-id-string
Example:
RP/0/RSP0/CPU0:router# show diameter gy session 461421
Gy Session Status for [461421]

Gy Session State : OPEN
Request Number : 1
Release 5.3.x
22
Request Type : UPDATE REQUEST

Displays DIAMETER gy session information.
Step 7 show diameter nas session [checkpoint | session | summary]
Example:
RP/0/RSP0/CPU0:router# show diameter nas session
Gy Session Status for [461421]

Gy Session State : OPEN
Request Number : 1
Request Type : UPDATE REQUEST
RP/0/RSP0/CPU0:router# show diameter nas session 00070a6f
Nas Session status for [00070a6f]

Session Status : Active
Authentication Status : NA
Authorization Status : SUCCESS
Accounting Status (Start) : NA
Accounting Status (Stop) : NA
Disconnect status : NA
Peer Information :
Server group : NASREQ_SG
Server Used : NASREQ_SERVER
RP/0/RSP0/CPU0:router# show diameter nas summary
NAS Statistics :
NAS Initiated msgs :
Authentication ::
In : 0 Out : 0
Requests received : 0 Requests send : 0
Response received : 0 Result forwaded : 0
Transaction Succeeded: 0 Transactions Failed : 0
Authorization ::
In : 1 Out : 1
Accounting (Start) ::
In : 0 Out : 0
Accounting (Stop) ::
In : 0 Out : 0
5.3.x
23
Additional References
Accounting (Interim) ::
In : 0 Out : 0
Disconnect ::
In : 0 Out : 0
Server Initiated msgs :
Coa (RAR) ::
In : 0 Out : 0
POD (ASR) ::
In : 0 Out : 0
Diameter NAS summary
Displays DIAMETER NAS information.
Step 8 show checkpoint dynamic process diameter
Example:
RP/0/RSP0/CPU0:router# show checkpoint dynamic process diameter
Name Version ID Seg #Objects Length InfoLen Flags

---------------------------------------------------------------------------------
0x00000003 0, 0, 0 0x40001c00 M 0 292 4 I M
0x00000004 0, 0, 0 0x40001d00 M 1 264 4 I M
0x00000002 0, 0, 0 0x40001e00 M 1 24 4 I M
0x00000001 0, 0, 0 0x40001f00 M 1 24 4 I M
Segment 0: Number of pages allocated: 4

Segment 0: Number of pages free: 3
Segment 1: Number of pages allocated: 9

Segment 1: Number of pages free: 3
-----------------------------------------------------------------------------------
Displays checkpoint information of DIAMETER process.
These sections provide references related to implementing DIAMETER.
Release 5.3.x
24
RFCs and Standards
Standard/RFC
RFC-6733 Diameter Base Protocol
RFC-4006 Diameter Credit-Control Application
RFC-4005 Diameter Network Access Server Application (NASREQ)
RFC-3046 DHCP Relay Agent Information Option
RFC-3539 Authentication, Authorization and Accounting (AAA) Transport

Profile
3GPP TS 129 212 V11.10.0 Universal Mobile Telecommunications System (UMTS); LTE;
Policy and Charging Control (PCC); Reference Points for Gx
interface support.
3GPP TS 132 299 V11.9.1 Technical Specification on Diameter charging applications used
for Gx and Gy interface support.
MIBs
MIB MIBs Link

To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
5.3.x
25
Release 5.3.x
26

Cisco Asr 9000 Diameter Support in BNG

Uploaded by

Copyright:

Available Formats

Cisco Asr 9000 Diameter Support in BNG

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Asr 9000 Diameter Support in BNG

Uploaded by

Copyright:

Available Formats

DIAMETER Support in BNG

Table 1: Feature History for DIAMETER Support in BNG

This chapter covers these topics:

• DIAMETER Overview, page 2

DIAMETER Interface in BNG

Figure 1: DIAMETER Interface in BNG

• Diameter Credit Control Application (DCCA)

This table lists IANA-assigned application IDs for DIAMETER applications:

DIAMETER Application DIAMETER Application ID

DIAMETER NASREQ message 0x00000001

DIAMETER base accounting 0x00000003

DIAMETER DCCA application(Gy) 0x00000004

DIAMETER policy interface(Gx) 0x01000016 (16777224)

Features supported for BNG with DIAMETER

Supported DIAMETER Base Messages

DIAMETER Base Messages Abbreviation Command Description

DIAMETER Base Messages Abbreviation Command Description

Disconnect-Peer-Answer DPA 282 Sent as a response to a DPR message.

Device-Watchdog-Answer DWA 280 Sent as response to a DWR message.

DIAMETER NASREQ Application

DIAMETER NAS Abbreviation Command Description

DIAMETER NAS Abbreviation Command Description

Re-Auth-Request RAR 258 Sent by a DIAMETER server when it initiates a

Re-Auth-Answer RAA 258 Sent in response to the RAR message.

Session-Termination-Request STR 275 Sent by NAS to inform DIAMETER server that an

Session-Termination-Answer STA 275 Sent by DIAMETER server to acknowledge the

Abort-Session-Request ASR 274 Sent by DIAMETER server to NAS to stop the

DIAMETER NAS Abbreviation Command Description

Accounting-Request ACR 271 Sent by a DIAMETER node that is acting as a

Accounting-Answer ACA 271 To acknowledge an ACR message.

DIAMETER Accounting Messages

DIAMETER Gx and Gy Applications

DIAMETER Gx Messages Abbreviation Command Description

DIAMETER Gx Messages Abbreviation Command Description

Re-Auth-Request RAR 258 Sent by the PCRF to the PCEF in order to

DIAMETER DCCA Application

Every single CCR must be responded with a separate CCA.

DCCA Session and Services

BNG DIAMETER Call Flow

Figure 2: BNG DIAMETER Call Flow

Guidelines and Restrictions for DIAMETER Support in BNG

Restrictions for DIAMETER in BNG

Configuring DIAMETER Peer in BNG

Command or Action Purpose

Command or Action Purpose

RP/0/RSP0/CPU0:router(config-dia-peer)# Currently only TCP is supported as DIAMETER transport protocol.

Command or Action Purpose

RP/0/RSP0/CPU0:router(config-dia-peer)# This command is also available in global configuration mode, when

Command or Action Purpose

Configuring DIAMETER Connection in BNG: Example

diameter vendor supported vodafone

Configuring AAA for DIAMETER Peer in BNG

Before You Begin

Command or Action Purpose

Step 3 server peer_name Attaches the globally configured DIAMETER server

Command or Action Purpose

Configuring AAA for DIAMETER Connection in BNG: Example

aaa group server diameter GX_SG