Diameter NASreq (RFC 4005) and RADIUS Compatibility

1
Diameter NASreq (RFC 4005) and RADIUS
Compatibility
draft-mitton-diameter-radius-vsas-01.txt

• David MittonRSA Security Inc.

2
Overview

• Diameter designed to be upwards compatible with
  RADIUS
• There will be encodings in Diameter that are not
  expressible in RADIUS
• Most RADIUS attributes are supported in RFC 4005,
  exceptions are noted in Section 9.
• Difficulty arises with Vendor Specific Attributes
  (VSAs)

3
Problems

• RADIUS VSA typical practice involves unknown
  formats for sub-types and lengths. Gateway must
  know format to translate
• RFC 4005 Section 9.6 only works for some RADIUS
  VSAs
• Imposes limitations on Vendor type space
• Diameter VS AVPs must be restrained to fit into
  RADIUS
• Diameter AVP type space larger than RADIUS
  suggested format
• Diameter AVP data can be longer
• Diameter AVPs have flags

4
RADIUS VSAs vs Diameter Vendor Specific AVPs
RADIUS VSA format
Suggested format
Length8 ! 24
Type 8 ! 32
Diameter Vendor AVP format
5
Goals

• Provide a mapping that allows bidirectional
  communication through a translating gateway
  system or bilingual server
• Minimize special cases and vendor specific
  knowledge in gateways
• Allow mix of Diameter and RADIUS speaking
  equipment and servers that dont use different
  AVPs for same information

6
Proposal

• draft-mitton-diameter-radius-vsas-01.txt
• Translate RADIUS VSAs as Diameter AVP 26. This
  is NOT as described in RFC 4005 Sect 9.6
• Translate Diameter VS AVPs to a new RADIUS
  attribute.

7
RADIUS VSAs as Diameter AVP 26

• No transformation of attribute data Avoids
  vendor specific knowledge which allows
  transparent pass-through
• Only end clients servers need to know inner
  format
• No additional encoding overhead
• Length must be constrained to RADIUS limits.

8
Proposed RADIUS VSA to Diameter AVP 26 mapping
RADIUS VSA
Diameter AVP 26
9
Diameter Vendor Specific AVPsin a RADIUS
attribute

• Add a new RADIUS attribute
• Provide fields of the proper length
• Define fragmentation and aggregation
• Similar to EAP message attribute
• Add segment number for concatenation
• Suppress redundant VID and VType on non-first
  segment

10
Proposed RADIUS Diameter VS Attribute
Diameter Vendor Attribute
RADIUSDiameter VSA
11
Affects Documents

• Changing Diameter Vendor EncapsulationAffects
  Diameter Base RFC 3588, and Diameter NAS
  Application RFC 4005
• Specify RADIUS format of Diameter TLVsAffects
  RADIUS document ???Need to make one !

12
Generic Diameter AVP to RADIUS Attribute

• While were at it, why not define a way to map
  Diameter AVPs (Type gt 255) to RADIUS and vice
  versa.
• Use same format as VS mapping without Vendor stuff

13
Proposed RADIUS Diameter AVP Attribute
Diameter Vendor Attribute
RADIUSDiameter VSA
14
Conclusion

• If we get rid of the RADIUS VSAs transformation
  in RFC 4005 Section 9 and add AVP 26 can transit
  Diameter with no transformational knowledge or
  loss of data
• Add a RADIUS attribute to hold Diameter VS and
  regular AVPs
• The two vendor spaces end up independent, but can
  be used by either.