draft-ietf-dime-drmp-05.txt   draft-ietf-dime-drmp-06.txt 
Diameter Maintenance and Extensions (DIME) S. Donovan Diameter Maintenance and Extensions (DIME) S. Donovan
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Standards Track April 5, 2016 Intended status: Standards Track May 18, 2016
Expires: October 7, 2016 Expires: November 19, 2016
Diameter Routing Message Priority Diameter Routing Message Priority
draft-ietf-dime-drmp-05.txt draft-ietf-dime-drmp-06.txt
Abstract Abstract
When making routing and resource allocation decisions, Diameter nodes When making routing and resource allocation decisions, Diameter nodes
currently have no generic mechanism to determine the relative currently have no generic mechanism to determine the relative
priority of Diameter messages. This document addresses this by priority of Diameter messages. This document addresses this by
defining a mechanism to allow Diameter endpoints to indicate the defining a mechanism to allow Diameter endpoints to indicate the
relative priority of Diameter transactions. With this information relative priority of Diameter transactions. With this information
Diameter nodes can factor that priority into routing, resource Diameter nodes can factor that priority into routing, resource
allocation and overload abatement decisions. allocation and overload abatement decisions.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 7, 2016. This Internet-Draft will expire on November 19, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3 1.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 4
3. Conventions Used in This Document . . . . . . . . . . . . . . 4 3. Conventions Used in This Document . . . . . . . . . . . . . . 4
4. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 4. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 5
5. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. First Responder Related Signaling . . . . . . . . . . . . 5 5.1. First Responder Related Signaling . . . . . . . . . . . . 6
5.2. Emergency Call Related Signaling . . . . . . . . . . . . 5 5.2. Emergency Call Related Signaling . . . . . . . . . . . . 6
5.3. Differentiated Services . . . . . . . . . . . . . . . . . 6 5.3. Differentiated Services . . . . . . . . . . . . . . . . . 6
5.4. Application Specific Priorities . . . . . . . . . . . . . 6 5.4. Application Specific Priorities . . . . . . . . . . . . . 7
6. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 7 6. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 8
7. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 8 7. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 9
8. Normative Behavior . . . . . . . . . . . . . . . . . . . . . 9 8. Normative Behavior . . . . . . . . . . . . . . . . . . . . . 10
9. Attribute Value Pairs . . . . . . . . . . . . . . . . . . . . 11 9. Attribute Value Pairs . . . . . . . . . . . . . . . . . . . . 12
9.1. DRMP AVP . . . . . . . . . . . . . . . . . . . . . . . . 11 9.1. DRMP AVP . . . . . . . . . . . . . . . . . . . . . . . . 12
9.2. Attribute Value Pair flag rules . . . . . . . . . . . . . 12 9.2. Attribute Value Pair flag rules . . . . . . . . . . . . . 13
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 10. Considerations When Defining Application Priorities . . . . . 13
10.1. AVP codes . . . . . . . . . . . . . . . . . . . . . . . 12 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
10.2. New registries . . . . . . . . . . . . . . . . . . . . . 12 11.1. AVP codes . . . . . . . . . . . . . . . . . . . . . . . 14
11. Security Considerations . . . . . . . . . . . . . . . . . . . 12 11.2. New registries . . . . . . . . . . . . . . . . . . . . . 15
11.1. Potential Threat Modes . . . . . . . . . . . . . . . . . 13 12. Security Considerations . . . . . . . . . . . . . . . . . . . 15
11.2. Denial of Service Attacks . . . . . . . . . . . . . . . 14 12.1. Potential Threat Modes . . . . . . . . . . . . . . . . . 15
11.3. End-to End-Security Issues . . . . . . . . . . . . . . . 14 12.2. Denial of Service Attacks . . . . . . . . . . . . . . . 16
12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 14 12.3. End-to End-Security Issues . . . . . . . . . . . . . . . 16
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 17
13.1. Normative References . . . . . . . . . . . . . . . . . . 15 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
13.2. Informative References . . . . . . . . . . . . . . . . . 15 14.1. Normative References . . . . . . . . . . . . . . . . . . 17
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 14.2. Informative References . . . . . . . . . . . . . . . . . 17
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction 1. Introduction
The Diameter Overload Indication Conveyance (DOIC) solution [RFC7683] The Diameter Overload Indication Conveyance (DOIC) solution [RFC7683]
for Diameter overload control introduces scenarios where Diameter for Diameter overload control introduces scenarios where Diameter
routing decisions made by Diameter nodes can be influenced by the routing decisions made by Diameter nodes can be influenced by the
overload state of other Diameter nodes. This includes the scenarios overload state of other Diameter nodes. This includes the scenarios
where Diameter endpoints and Diameter agents can throttle requests as where Diameter endpoints and Diameter agents can throttle requests as
a result of the target for the request being overloaded. a result of the target for the request being overloaded.
skipping to change at page 3, line 16 skipping to change at page 3, line 18
issues. For instance, it might be considered important to reduce the issues. For instance, it might be considered important to reduce the
probability of transactions involving first responders being probability of transactions involving first responders being
throttled during overload scenarios caused, for example, by a period throttled during overload scenarios caused, for example, by a period
of heavy signaling resulting from a natural disaster. of heavy signaling resulting from a natural disaster.
This document defines a mechanism that allows Diameter nodes to This document defines a mechanism that allows Diameter nodes to
indicate the relative priority of Diameter transactions. With this indicate the relative priority of Diameter transactions. With this
information other Diameter nodes can factor the relative priority of information other Diameter nodes can factor the relative priority of
requests into routing and throttling decisions. requests into routing and throttling decisions.
1.1. Applicability
There are two primary considerations that must be addressed for the
mechanism described in this document to work effectively. The first
takes into consideration that the Diameter base protocol defined in
[RFC6733] is designed to transport multiple Diameter applications
and that Diameter nodes can be implemented that support multiple
applications. In order for the DRMP mechanism to work, the
priorities defined for all messages across all applications used in a
Diameter administrative domain must be defined in a consistent and
coordinated fashion. See Section 10 for a discussion of some of the
considerations that need to be factored into the setting of DRMP
priorities used by Diameter applications.
Note that this consideration does not apply to Diameter networks
where all Diameter nodes only support a single application.
Without this cross application priority design taken into
consideration it is possible for messages for one application to gain
unwarranted preferential treatment over messages for other
applications.
This mechanism also depends on all of the messages that carry the
DRMP AVP are inserted into Diameter messages by trusted nodes within
the Diameter administrative domain. As discussed in Section 12,
misbehaving nodes have the ability to use the DRMP mechanism to gain
unwarranted preferential treatment.
When messages cross Diameter administrative boundaries, care should
be taken to either strip or modify the DRMP priority values in these
messages. If the priority definitions vary between the two Diameter
administrative domains then it is possible for messages from a
foreign domain to gain unwarranted preferential treatment.
2. Terminology and Abbreviations 2. Terminology and Abbreviations
Diversion Diversion
As defined in [RFC7683]. An overload abatement treatment where As defined in [RFC7683]. An overload abatement treatment where
the reacting node selects alternate destinations or paths for the reacting node selects alternate destinations or paths for
requests. requests.
DOIC DOIC
skipping to change at page 4, line 47 skipping to change at page 5, line 38
While the primary usage of DRMP defined priorities is for input to While the primary usage of DRMP defined priorities is for input to
Diameter overload control related throttling decisions, it is also Diameter overload control related throttling decisions, it is also
expected that the priority information could also be used for other expected that the priority information could also be used for other
routing related functionality. This might include giving higher routing related functionality. This might include giving higher
priority transactions preferential treatment when selecting routes. priority transactions preferential treatment when selecting routes.
It is also envisioned that DRMP priority information could be used by It is also envisioned that DRMP priority information could be used by
Diameter endpoints to make resource allocation decisions. For Diameter endpoints to make resource allocation decisions. For
instance, a Diameter Server might choose to use the priority instance, a Diameter Server might choose to use the priority
information to treat higher priority requests ahead of lower priority information to treat higher priority requests ahead of lower priority
requests. requests. It might also use the priority information to as a reason
to fail a request as a result of insufficient resources.
Note: There are a number of application specific definitions Note: There are a number of application specific definitions
indicating various views of application level priority for indicating various views of application level priority for
different requests. Using these application specific priority different requests. Using these application specific priority
Attribute Value Pairs (AVPs) as input to throttling and other Attribute Value Pairs (AVPs) as input to throttling and other
Diameter routing decisions would require Diameter agents to Diameter routing decisions would require Diameter agents to
understand all applications and do application specific parsing of understand all applications and do application specific parsing of
all messages in order to determine the priority of individual all messages in order to determine the priority of individual
messages. This is considered an unacceptable level of complexity messages. This is considered an unacceptable level of complexity
to put on elements whose primary responsibility is to route to put on elements whose primary responsibility is to route
Diameter messages. Diameter messages.
5. Use Cases 5. Use Cases
This section discusses various scenarios where Diameter transactions This section discusses various scenarios where Diameter transactions
can benefit from the use of priority information. can benefit from the use of priority information.
It is important to note that for priority information to be reliably
usable, the Diameter nodes sending and consuming DRMP AVPs must have
pre-established trust relationships of the sort described in
Section 12.
5.1. First Responder Related Signaling 5.1. First Responder Related Signaling
Natural disasters can result in a considerable increase in usage of Natural disasters can result in a considerable increase in usage of
network resources. This can be made worse if the disaster results in network resources. This can be made worse if the disaster results in
a loss of network capacity. a loss of network capacity.
The combination of added load and reduced capacity can lead to The combination of added load and reduced capacity can lead to
Diameter nodes becoming overloaded and, as a result, the use of DOIC Diameter nodes becoming overloaded and, as a result, the use of DOIC
mechanisms to request a reduction in traffic. This in turn results mechanisms to request a reduction in traffic. This in turn results
in requests being throttled in an attempt to control the overload in requests being throttled in an attempt to control the overload
skipping to change at page 6, line 36 skipping to change at page 7, line 31
than those that occur early in the series. This would recognize that than those that occur early in the series. This would recognize that
there was potentially significant work done by the network already there was potentially significant work done by the network already
that would be lost if those later transactions were throttled. that would be lost if those later transactions were throttled.
There are also scenarios where an agent cannot easily differentiate a There are also scenarios where an agent cannot easily differentiate a
request that starts a session from requests that update or end request that starts a session from requests that update or end
sessions. In these scenarios it might be appropriate to mark the sessions. In these scenarios it might be appropriate to mark the
requests that establish new sessions with a lower priority than requests that establish new sessions with a lower priority than
updates and session ending requests. This also recognizes that more updates and session ending requests. This also recognizes that more
work has already taken place for established sessions and, as a work has already taken place for established sessions and, as a
result, it might be more harmful if the session update and session result, it might be more harmful from a signaling point of view if
ending requests were to be throttled. the session update and session ending requests were to be throttled.
There are also scenarios where the priority of requests for There are also scenarios where the priority of requests for
individual command codes within an application depends on the context individual command codes within an application depends on the context
that exists when the request is sent. There isn't always information that exists when the request is sent. There isn't always information
in the message from which this context can be determined by Diameter in the message from which this context can be determined by Diameter
nodes other than the node that originates the request. nodes other than the node that originates the request.
This is similar to the scenario where a series of requests are needed This is similar to the scenario where a series of requests are needed
to access a network service. It is different in that the series of to access a network service. It is different in that the series of
requests involve different application command codes. In this requests involve different application command codes. In this
skipping to change at page 7, line 33 skipping to change at page 8, line 30
request sender also saves the priority information with the request sender also saves the priority information with the
transaction state. This will be used when handling the answer transaction state. This will be used when handling the answer
messages. messages.
2. Agents handling the request - Agents use the priority information 2. Agents handling the request - Agents use the priority information
when making routing decisions. This can include determining when making routing decisions. This can include determining
which requests to route first, which requests to throttle and which requests to route first, which requests to throttle and
where the request is routed. For instance, requests with higher where the request is routed. For instance, requests with higher
priority might have a lower probability of being throttled. The priority might have a lower probability of being throttled. The
mechanism for how the agent determines which requests are mechanism for how the agent determines which requests are
throttled is implementation dependent and is outside the scope of candidates to be throttled is implementation dependent and is
this document. Before forwarding request messages, agents outside the scope of this document. Before forwarding request
generally do not modify the priority information present in the messages, agents generally do not modify the priority information
received request message nor include the priority information present in the received request message nor include the priority
when absent in the received request message. However, in some information when absent in the received request message.
scenarios, agents can modify the priority information, for However, in some scenarios, agents can modify the priority
example, edge agents modifying the priority values set by an information, for example, edge agents modifying the priority
adjacent operator. There might be other scenarios where a values set by an adjacent operator. There might be other
Diameter endpoint does not support the DRMP mechanism and agents scenarios where a Diameter endpoint does not support the DRMP
insert the priority information in the request messages for that mechanism and agents insert the priority information in the
non supporting endpoint. When forwarding the request messages, request messages for that non supporting endpoint. When
the agent also saves the transaction priority in the transaction forwarding the request messages, the agent also saves the
state, either as locally managed state or using the Proxy-Info transaction priority in the transaction state, either as locally
mechanism defined in [RFC6733]. This will be used when handling managed state or using the Proxy-Info mechanism defined in
the associated answer message for the transaction. [RFC6733]. This will be used when handling the associated answer
message for the transaction.
3. Request handler - The handler of the request, be it a Diameter 3. Request handler - The handler of the request, be it a Diameter
Server or a Diameter Client, can use the priority information to Server or a Diameter Client, can use the priority information to
determine how to handle the request. This could include determine how to handle the request. This could include
determining the order in which requests are handled and resources determining the order in which requests are handled and resources
that are applied to handling of the request. that are applied to handling of the request.
4. Answer sender - The handler of the request is also the sender of 4. Answer sender - The handler of the request is also the sender of
the answer. The answer sender uses the priority information the answer. The answer sender uses the priority information
received in the request message when sending the answer. This received in the request message when sending the answer. This
skipping to change at page 10, line 15 skipping to change at page 11, line 15
Diameter endpoints MAY use routing priority information included in Diameter endpoints MAY use routing priority information included in
the DRMP AVP when making resource allocation decisions for the the DRMP AVP when making resource allocation decisions for the
transaction associated with the answer messages using the DRMP transaction associated with the answer messages using the DRMP
information associated with the transaction. information associated with the transaction.
Diameter endpoints MAY include the DRMP AVP in answer messages. This Diameter endpoints MAY include the DRMP AVP in answer messages. This
is done when the priority for the answer message needs to have a is done when the priority for the answer message needs to have a
different priority than the priority carried in the request message. different priority than the priority carried in the request message.
When determining the priority to apply to answer messages, Diameter When determining the priority to apply to answer messages, Diameter
nodes MUST use the priority indicated in the DRMP AVP carried in the nodes SHOULD use the priority indicated in the DRMP AVP carried in
answer message, if it exists. Otherwise, the Diameter node MUST use the answer message, if it exists. If there is not DRMP AVP in the
the priority indicated in the DRMP AVP of the associated request answer message then the Diameter node SHOULD use the priority
message. indicated in the DRMP AVP of the associated request message.
Note: One method to determine what priority to apply to an answer Note: One method to determine what priority to apply to an answer
when there is no DRMP AVP in the answer message is to save the when there is no DRMP AVP in the answer message is to save the
priority included in the request message in state associated with priority included in the request message in state associated with
the Diameter transaction. Another is to use the Proxy-Info the Diameter transaction. Another is to use the Proxy-Info
mechanism defined in [RFC6733]. mechanism defined in [RFC6733].
Diameter nodes MUST have a default priority to apply to transactions Diameter nodes MUST have a default priority to apply to transactions
that do not have an explicit priority set in the DRMP AVP. that do not have an explicit priority set in the DRMP AVP.
Diameter nodes SHOULD use the PRIORITY_10 priority as this default Diameter nodes SHOULD use the PRIORITY_10 priority as this default
value. value.
Note: This does not imply that a DRMP AVP is added to the message.
Rather, the message is treated the same as a message that has a
DRMP AVP with priority value of PRIORITY_10.
Diameter nodes MUST support the ability for the default priority to Diameter nodes MUST support the ability for the default priority to
be modified through local configuration interfaces. be modified through local configuration interfaces.
Note: There are scenarios where operators might want to specify a Note: There are scenarios where operators might want to specify a
different default value for transactions that do not have an different default value for transactions that do not have an
explicit priority. In this case, the operator defined local explicit priority. In this case, the operator defined local
policy would override the use of PRIORITY_10 as the default policy would override the use of PRIORITY_10 as the default
priority. priority.
When using DRMP priority information, Diameter nodes MUST use the When using DRMP priority information, Diameter nodes MUST use the
skipping to change at page 11, line 13 skipping to change at page 12, line 15
not insert a DRMP AVP with a priority value of 10. not insert a DRMP AVP with a priority value of 10.
When setting and using priorities, for all integers x,y in [0,15] When setting and using priorities, for all integers x,y in [0,15]
treat PRIORITY_<x> as lower priority than PRIOIRTY_<y> when y<x. treat PRIORITY_<x> as lower priority than PRIOIRTY_<y> when y<x.
Note: As a result PRIORITY_0 is the highest priority. Note: As a result PRIORITY_0 is the highest priority.
9. Attribute Value Pairs 9. Attribute Value Pairs
This section describes the encoding and semantics of the Diameter This section describes the encoding and semantics of the Diameter
Overload Indication Attribute Value Pairs (AVPs) defined in this Overload Indication Attribute Value Pair (AVP) defined in this
document. document.
9.1. DRMP AVP 9.1. DRMP AVP
The DRMP (AVP code TBD1) is of type Enumerated. The value of the AVP The DRMP (AVP code TBD1) is of type Enumerated. The value of the AVP
indicates the routing message priority for the transaction. The indicates the routing message priority for the transaction. The
following values are defined: following values are defined:
PRIORITY_15 15 PRIORITY_15 is the lowest priority. PRIORITY_15 15 PRIORITY_15 is the lowest priority.
skipping to change at page 12, line 31 skipping to change at page 13, line 34
+---------+ +---------+
|AVP flag | |AVP flag |
|rules | |rules |
+----+----+ +----+----+
AVP Section | |MUST| AVP Section | |MUST|
Attribute Name Code Defined Value Type |MUST| NOT| Attribute Name Code Defined Value Type |MUST| NOT|
+--------------------------------------------------+----+----+ +--------------------------------------------------+----+----+
|DRMP TBD1 x.x Enumerated | | V | |DRMP TBD1 x.x Enumerated | | V |
+--------------------------------------------------+----+----+ +--------------------------------------------------+----+----+
10. IANA Considerations 10. Considerations When Defining Application Priorities
10.1. AVP codes As discussed in Section 1.1, it is important that the definition of
priority values used by all applications within a single Diameter
administrative domain be done in a consistent and coordinated manner.
New AVPs defined by this specification are listed in Section 9. All The following are some things to be considered when defining the DRMP
AVP codes are allocated from the 'Authentication, Authorization, and priorities to be used in Diameter networks which support Diameter
Accounting (AAA) Parameters' AVP Codes registry. nodes handling multiple applications.
10.2. New registries 1. As with any prioritization scheme, it is possible for higher
priority messages to block lower priority messages from ever
being handled. In a Diameter network this will often result in
those Diameter transactions being retried. This can result in
more traffic than the network would have handled without use of
the DRMP mechanism.
One potential guideline to prevent unwanted starving of lower
priority messages is to have higher priority messages represent a
relatively small portion of messages handled by the Diameter
network under normal scenarios.
Note that there are scenarios, such as first responder
messages, where the blocking of lower priority messages is a
requirement.
2. When setting priorities for any of the use cases outlined in
Section 5 it is important to use the same priority values across
applications. For instance, when defining priority for the First
Responder use case discussed in Section 5.1 and the Emergency
call use case discussed in Section 5.2 use cases, one high
priority value might be used for all first responder messages,
say PRIORITY_2, and a slightly lower priority value, say
PRIORITY_3, might be used for emergency call related messages.
These values should be specified for these use cases across all
applications used within the Diameter administrative domain.
Note that the values mentioned here are strictly for
illustrative purposes. The actual values used for these use
cases are likely to be different.
3. Messages without the DRMP AVP will be given default priority
value threatment. This will include messages from Diameter
Clients that have not been updated to support the DRMP mechanism.
It might also include messages from foreign administrative
domains if the DRMP AVPs are stripped from messages crossing the
Diameter administrative domains.
4. The process used to introduce the DRMP mechanism into a Diameter
network should also be taken into consideration. Messages of the
same type within the same application might get different
treatment depending on whether those messages are sent from nodes
that are upgraded to support the DRMP mechanism versus nodes that
have not yet been upgraded to support the DRMP mechanism.
11. IANA Considerations
11.1. AVP codes
The new AVP defined by this specification is listed in Section 9.
All AVP codes are allocated from the 'Authentication, Authorization,
and Accounting (AAA) Parameters' AVP Codes registry.
11.2. New registries
There are no new IANA registries introduced by this document. There are no new IANA registries introduced by this document.
11. Security Considerations 12. Security Considerations
DRMP gives Diameter nodes the ability to influence which requests are DRMP gives Diameter nodes the ability to influence which requests are
throttled during overload scenarios. Improper use of the DRMP throttled during overload scenarios. In addition, DRMP can be used
mechanism could result in the malicious Diameter node gaining in determining the routing decisions for request messages. Improper
preferential treatment, by reducing the probability of its requests use of the DRMP mechanism could result in the malicious Diameter node
being throttled, over other Diameter nodes. This would be achieved gaining preferential treatment, by reducing the probability of its
by the malicious node inserting artificially high priority values. requests being throttled, over other Diameter nodes. This would be
achieved by the malicious node inserting artificially high priority
values.
Diameter does not include features to provide end-to-end Diameter does not include features to provide end-to-end
authentication, integrity protection, or confidentiality. This opens authentication, integrity protection, or confidentiality. This opens
the possibility that malicious or compromised agents in the path of a the possibility that malicious or compromised agents in the path of a
request could modify the DRMP AVP to reflect a priority different request could modify the DRMP AVP to reflect a priority different
than that asserted by the sender of the request. than that asserted by the sender of the request.
11.1. Potential Threat Modes 12.1. Potential Threat Modes
The Diameter protocol involves transactions in the form of requests The Diameter protocol involves transactions in the form of requests
and answers exchanged between clients and servers. These clients and and answers exchanged between clients and servers. These clients and
servers may be peers, that is, they may share a direct transport servers may be peers, that is, they may share a direct transport
(e.g., Transmission Control Protocol (TCP) or Stream Control (e.g., Transmission Control Protocol (TCP) or Stream Control
Transmission Protocol (SCTP)) connection, or the messages may Transmission Protocol (SCTP)) connection, or the messages may
traverse one or more intermediaries, known as Diameter Agents. traverse one or more intermediaries, known as Diameter Agents.
Diameter nodes use Transport Layer Security (TLS), Datagram Transport Diameter nodes use Transport Layer Security (TLS), Datagram Transport
Layer Security (DTLS), or IPsec to authenticate peers, and to provide Layer Security (DTLS), or IPsec to authenticate peers, and to provide
confidentiality and integrity protection of traffic between peers. confidentiality and integrity protection of traffic between peers.
skipping to change at page 14, line 7 skipping to change at page 16, line 21
in scope to when one or more Diameter nodes are in an overloaded in scope to when one or more Diameter nodes are in an overloaded
state. state.
The DRMP mechanism can also be used to influence the order in which The DRMP mechanism can also be used to influence the order in which
Diameter messages are handled by Diameter nodes. The above attacks Diameter messages are handled by Diameter nodes. The above attacks
have a potentially greater impact in this scenario as the priority have a potentially greater impact in this scenario as the priority
indication impacts the handling of all requests at all times, indication impacts the handling of all requests at all times,
independent of the overload status of Diameter nodes in the Diameter independent of the overload status of Diameter nodes in the Diameter
network. network.
11.2. Denial of Service Attacks 12.2. Denial of Service Attacks
The DRMP mechanism does not open direct denial of service attack The DRMP mechanism does not open direct denial of service attack
vectors. Rather, it introduces a mechanism where a node can gain vectors. Rather, it introduces a mechanism where a node can gain
unwarranted preferential treatment. It also introduces a mechanism unwarranted preferential treatment. It also introduces a mechanism
where a node can get degraded service in the scenario where a rogue where a node can get degraded service in the scenario where a rogue
agent changes the priority value included in messages. agent changes the priority value included in messages.
11.3. End-to End-Security Issues 12.3. End-to End-Security Issues
The lack of end-to-end integrity features in Diameter [RFC6733] makes The lack of end-to-end integrity features in Diameter [RFC6733] makes
it difficult to establish trust in DRMP AVPs received from non- it difficult to establish trust in DRMP AVPs received from non-
adjacent nodes. Any agents in the message path may insert or modify adjacent nodes. Any agents in the message path may insert or modify
DRMP AVPs. Nodes must trust that their adjacent peers perform proper DRMP AVPs. Nodes must trust that their adjacent peers perform proper
checks on overload reports from their peers, and so on, creating a checks on overload reports from their peers, and so on, creating a
transitive-trust requirement extending for potentially long chains of transitive-trust requirement extending for potentially long chains of
nodes. Network operators must determine if this transitive trust nodes. Network operators must determine if this transitive trust
requirement is acceptable for their deployments. Nodes supporting requirement is acceptable for their deployments. Nodes supporting
DRMP MUST give operators the ability to select which peers are DRMP MUST give operators the ability to select which peers are
skipping to change at page 14, line 41 skipping to change at page 17, line 7
It is expected that work on end-to-end Diameter security might make It is expected that work on end-to-end Diameter security might make
it easier to establish trust in non-adjacent nodes for DRMP purposes. it easier to establish trust in non-adjacent nodes for DRMP purposes.
Readers should be reminded, however, that the DRMP mechanism allows Readers should be reminded, however, that the DRMP mechanism allows
Diameter agents to modify AVPs in existing messages that are Diameter agents to modify AVPs in existing messages that are
originated by other nodes. If end-to-end security is enabled, there originated by other nodes. If end-to-end security is enabled, there
is a risk that such modification could violate integrity protection. is a risk that such modification could violate integrity protection.
The details of using any future Diameter end-to-end security The details of using any future Diameter end-to-end security
mechanism with DRMP will require careful consideration, and are mechanism with DRMP will require careful consideration, and are
beyond the scope of this document. beyond the scope of this document.
12. Contributors 13. Contributors
The following people contributed substantial ideas, feedback, and The following people contributed substantial ideas, feedback, and
discussion to this document: discussion to this document:
o Janet P. Gunn o Janet P. Gunn
13. References 14. References
13.1. Normative References 14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, [RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn,
Ed., "Diameter Base Protocol", RFC 6733, Ed., "Diameter Base Protocol", RFC 6733,
DOI 10.17487/RFC6733, October 2012, DOI 10.17487/RFC6733, October 2012,
<http://www.rfc-editor.org/info/rfc6733>. <http://www.rfc-editor.org/info/rfc6733>.
13.2. Informative References 14.2. Informative References
[RFC7683] Korhonen, J., Ed., Donovan, S., Ed., Campbell, B., and L. [RFC7683] Korhonen, J., Ed., Donovan, S., Ed., Campbell, B., and L.
Morand, "Diameter Overload Indication Conveyance", Morand, "Diameter Overload Indication Conveyance",
RFC 7683, DOI 10.17487/RFC7683, October 2015, RFC 7683, DOI 10.17487/RFC7683, October 2015,
<http://www.rfc-editor.org/info/rfc7683>. <http://www.rfc-editor.org/info/rfc7683>.
[S6a] 3GPP, "Evolved Packet System (EPS); Mobility Management [S6a] 3GPP, "Evolved Packet System (EPS); Mobility Management
Entity (MME) and Serving GPRS Support Node (SGSN) related Entity (MME) and Serving GPRS Support Node (SGSN) related
interfaces based on Diameter protocol", 3GPP TS 29.272 interfaces based on Diameter protocol", 3GPP TS 29.272
10.8.0, June 2013. 10.8.0, June 2013.
 End of changes. 27 change blocks. 
70 lines changed or deleted 174 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/