Diameter Maintenance and Extensions (DIME)Internet Engineering Task Force (IETF) L. Morand, Ed.Internet-DraftRequest for Comments: 7423 Orange LabsIntended status:BCP: 193 V. Fajardo Category: Best Current PracticeV. Fajardo Expires: March 27, 2015Fluke Networks ISSN: 2070-1721 H. TschofenigSeptember 23,November 2014 Diameter Applications Design Guidelinesdraft-ietf-dime-app-design-guide-28Abstract The Diameter base protocol provides facilities for protocol extensibility enablingto definethe definition of new Diameter applications ormodifymodification of existing applications. This document is a companion document to the DiameterBasebase protocol that further explains and clarifies the rules to extend Diameter. Furthermore, this document provides guidelines to Diameter application designersreusing/definingreusing/ defining Diameter applications or creating generic Diameter extensions. Status of This Memo ThisInternet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are workingmemo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 27, 2015.http://www.rfc-editor.org/info/rfc7423. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Reusing Existing Diameter Applications . . . . . . . . . . .65 4.1. Adding a New Command . . . . . . . . . . . . . . . . . . 6 4.2. Deleting an Existing Command . . . . . . . . . . . . . . 7 4.3. Reusing Existing Commands . . . . . . . . . . . . . . . . 7 4.3.1. Adding AVPs to a Command . . . . . . . . . . . . . . 7 4.3.2. Deleting AVPs from a Command . . . . . . . . . . . . 9 4.3.3. Changing theFlags SettingFlag Settings of AVP inexistingExisting Commands . . . . . . . . . . . . . . . . . . . . . . 10 4.4. Reusing Existing AVPs . . . . . . . . . . . . . . . . . . 10 4.4.1. Setting of the AVP Flags . . . . . . . . . . . . . . 10 4.4.2. Reuse of AVP of Type Enumerated . . . . . . . . . . . 11 5. Defining New Diameter Applications . . . . . . . . . . . . . 11 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 11 5.2. Defining New Commands . . . . . . . . . . . . . . . . . . 11 5.3. Use ofApplication-IdApplication Id in a Message . . . . . . . . . . . 12 5.4. Application-Specific Session State Machines . . . . . . . 13 5.5. Session-Id AVP and Session Management . . . . . . . . . . 13 5.6. Use of Enumerated Type AVPs . . . . . . . . . . . . . . . 14 5.7. Application-Specific Message Routing . . . . . . . . . . 16 5.8. Translation Agents . . . . . . . . . . . . . . . . . . . 17 5.9. End-to-End Application Capabilities Exchange . . . . . . 17 5.10. Diameter Accounting Support . . . . . . . . . . . . . . . 18 5.11. Diameter Security Mechanisms . . . . . . . . . . . . . . 20 6. Defining Generic Diameter Extensions . . . . . . . . . . . . 20 7. Guidelines for Registrations of Diameter Values . . . . . . . 21 8.IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 9.Security Considerations . . . . . . . . . . . . . . . . . . . 2310. Contributors . . . . . . . . . . . . . . . . . . . . . .9. References . .24 11. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . 2412.9.1. Normative References . . . . . . . . . . . . . . . . . .. . . . . . . 25 12.1. Normative24 9.2. Informative References . . . . . . . . . . . . . . . . .. 25 12.2. Informative References . .24 Appendix A. Contributors . . . . . . . . . . . . . . .25 Authors' Addresses. . . . . 27 Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 27 1. Introduction The Diameter base protocol [RFC6733] is intended to provide an Authentication, Authorization, and Accounting (AAA) framework for applications such as network access or IP mobility in both local and roaming situations. This protocol provides the ability for Diameter peers to exchange messages carrying data in the form of Attribute- Value Pairs (AVPs). The Diameter base protocol provides facilities to extend Diameter (see Section 1.3 of [RFC6733]) to support new functionality. In the context of this document, extending Diameter means one of the following: 1.AdditionThe addition of new functionality to an existing Diameter application without defining a new application. 2.AdditionThe addition of new functionality to an existing Diameter application that requires the definition of a new application. 3. The definition of an entirely new Diameter application to offer functionality not supported by existing applications. 4. The definition of a new generic functionality that can be reused across different applications. All of thesechoicesextensions are design decisions that can bedonecarried out by any combination of reusing existing or defining new commands,AVPsAVPs, or AVP values. However, application designers do not have complete freedom when making their design. A number of rules have been defined in [RFC6733] that place constraints on when an extension requires the allocation of a new Diameter application identifier or a new command code value. The objective of this document is the following: o Clarify the Diameter extensibility rules as defined in the Diameter base protocol. o Discuss design choices and provide guidelines when defining new applications. o Present trade-off choices. 2. Terminology This document reuses the terminology defined in [RFC6733]. Additionally, the following terms and acronyms are used in this application:ApplicationApplication: Extension of the Diameter base protocol [RFC6733] via the addition of new commands or AVPs. Each application is uniquely identified by an IANA-allocated application identifier value.CommandCommand: Diameter request or answer carrying AVPs between Diameter endpoints. Each command is uniquely identified byaan IANA- allocatedcommand codeCommand Code value and is described by a Command Code Format (CCF) for an application. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Overview As designed, the Diameter base protocol [RFC6733] can be seen as a two-layer protocol. The lower layer is mainly responsible for managing connections between neighboring peers and for message routing. The upper layer is where the Diameter applications reside. This model is in line with a Diameter node having an application layer and a peer-to-peer delivery layer. The Diameter base protocol document defines the architecture and behavior of the message delivery layer and then provides the framework for designing Diameter applications on the application layer. This framework includes definitions of application sessions and accounting support (seeSectionSections 8 andSection9 of [RFC6733]). Accordingly, a Diameter node is seen in this document as a single instance of a Diameter message delivery layer and one or more Diameter applications using it. The Diameter base protocol is designed to be extensible and the principles are described intheSection 1.3 of [RFC6733].As aIn summary, Diameter can be extendedby:by the following: 1. Defining new AVP values 2. Creating new AVPs 3. Creating new commands 4. Creating new applications As a main guiding principle, application designers SHOULDfollowcomply with the following recommendation: "try tore-usereuse as much as possible!". It will reduce the time to finalize specification writing, and it will lead to a smaller implementation effort as well as reduce the need for testing. In general, it is clever to avoid duplicate effort when possible. However,re-usereuse is not appropriate when the existing functionality does not fit the new requirement and/or there-usereuse leads to ambiguity. The impact on extending existing applications can be categorized into two groups: Minor Extension: Enhancing the functional scope of an existing application by the addition of optional features tosupport.support it. Such enhancement has nobackward compatibilitybackward-compatibility issue with the existing application. A typical example would be the definition of a new optional AVP for use in an existing command. Diameter implementations supporting the existing application but not the new AVP will simply ignore it, without consequences for the Diameter message handling, as described in [RFC6733]. The standardization effort will be fairly small. Major Extension: Enhancing an application that requires the definition of a new Diameter application. Such enhancement causesbackward compatibilitya backward-compatibility issue with existing implementations supporting the application. Typical examples would be the creation of a new command for providing functionality not supported by existing applications or the definition of a new AVP to be carried in an existing command with the M-bit set in the AVP flags (see Section 4.1 of [RFC6733] for definition ofthe"M-bit"). For such an extension, a significant specification effort isrequiredrequired, and a careful approach is recommended. 4. Reusing Existing Diameter Applications An existing application may need to be enhanced to fulfill newrequirementsrequirements, and these modifications can be at the command leveland/ orand/or at the AVP level. The following sections describe the possible modifications that can be performed on existing applications and their related impact. 4.1. Adding a New Command Adding a new command to an existing application is consideredasto be a major extension and requires a new Diameter application to be defined, as stated intheSection 1.3.4 of [RFC6733]. The need for a new application is because a Diameter node that is not upgraded to support the new command(s) within the (existing) application would reject any unknown command with the protocol error DIAMETER_COMMAND_UNSUPPORTED and cause the failure of the transaction. The new application ensures that Diameter nodes only receive commands within the context of applications they support. Adding a new command means either defining a completely new command or importing the command's Command Code Format (CCF) syntax from another application whereby the new application inherits some or all of the functionality of the applicationwherefrom which the commandcame from.came. In the former case, the decision to create a new application isstraightforwardstraightforward, since this is typically a result of adding a new functionality that does not exist yet. For the latter, the decision to create a new application will depend on whether importing the command in a new application is more suitable than simply using the existing application as it is in conjunction with any other application. An example considers the DiameterEAPExtensible Authentication Protocol (EAP) application [RFC4072] and the Diameter Network Access Server application [RFC7155]. When network access authentication using EAP is required, the Diameter EAP commands(Diameter-EAP-Request/Diameter-EAP-Answer)(Diameter-EAP-Request/ Diameter-EAP-Answer) are used;otherwiseotherwise, the Diameter Network Access Server application will be used. When the Diameter EAP application is used, the accounting exchanges defined in the Diameter Network Access Server may be used. However, in general, it is difficult to come to a hard guideline, and so a case-by-case study of each application requirement should be applied. Before adding or importing a command, application designers should consider the following: o Can the new functionality be fulfilled by creating a new command independent from any existing command? In this case, the resulting new application and the existing application can work independent of, but cooperatingwithwith, each other. o Can the existing command be reused without major extensionsand thereforeand, therefore, without the need for the definition of a new application,e.g.e.g., new functionality introduced by the creation of new optional AVPs. It is important to note that importing commands too liberally could result in a monolithic andhard to managehard-to-manage application supporting too many different features. 4.2. Deleting an Existing Command Although this process is not typical, removing a command from an application requires a new Diameter application to bedefineddefined, and then it is considered as a major extension. This is due to the fact that the reception of the deleted command would systematically result in a protocol error (i.e., DIAMETER_COMMAND_UNSUPPORTED). It is unusual to delete an existing command from an application for the sake of deleting it or the functionality it represents. An exception might be if the intent of the deletion is to create a newer variance of the same application that is somehow simpler than the application initially specified. 4.3. Reusing Existing Commands This section discusses rules in adding and/or deleting AVPs from an existing command of an existing application. The cases described in this section may not necessarily result in the creation of new applications. From a historical point of view, it is worthto notenoting that there was a strong recommendation tore-usereuse existing commands inthe[RFC3588] to prevent rapid depletion of code values available for vendor-specific commands. However, [RFC6733] has relaxed the allocation policy and enlarged the range of available code values for vendor-specific applications. Although reuse of existing commands is still RECOMMENDED, protocol designers can consider defining a new command when it provides a solution more suitable than the twisting of an existing command's use and applications. 4.3.1. Adding AVPs to a Command Based on the rules in [RFC6733], AVPs that are added to an existing command can be categorizedinto:as either: o Mandatory (to understand) AVPs. As defined in [RFC6733], these are AVPs with the M-bit flag set in this command, which means thatathe Diameter node receiving them is required to understand not only their values but also their semantics. Failure to do so will causeana message handling error: eitheraan error message with the result-code set to DIAMETER_AVP_UNSUPPORTED if the AVP is not understood in a request ora application specifican application-specific error handling if the given AVP is in an answer. o Optional (to understand) AVPs. As defined in [RFC6733], these are AVPs with the M-bit flag cleared in this command. A Diameter node receiving these AVPs can simply ignore them if it does not support them. It is important to note that thedefinitiondefinitions given above are independent of whether these AVPs are required or optional in the command as specified by the command'sCommand Code Format (CCF)CCF syntax [RFC6733]. NOTE: As stated in [RFC6733], the M-bit setting for a given AVP is relevant to an application and each command within that application that includes the AVP. The rules are strict in the case where the AVPs to be added in an exiting command are mandatory to understand, i.e., they have the M-bit set. A mandatory AVP MUST NOT be added to an existing command without defining a new Diameter application, as stated in [RFC6733]. This falls into the "Major Extensions" category. Despite the clarity of the rule, ambiguity still arises when evaluating whether a new AVP being added should be mandatory to begin with. Application designers should consider the following questions when deciding about the M-bit for a new AVP: o Would it be required for the receiving side to be able to process and understand the AVP and its content? o Would the new AVPs change the state machine of the application? o Would the presence of the new AVP lead to a different number ofround-trips,round trips, effectively changing the state machine of the application? o Would the new AVP be used to differentiate between old and new variances of the same application whereby the two variances are not backward compatible? o Would the new AVP have duality in meaning, i.e., be used to carry application-related information as well as to indicate that the message is for a new application? If the answer to at least one of the questions is"yes""yes", then the M-bit MUST be set for the newAVPAVP, and a new Diameter application MUST be defined. This list of questions isnon-exhaustivenon-exhaustive, and other criteria MAY be taken into account in the decision process. If application designers are instead contemplating the use of optional AVPs, i.e., with the M-bit cleared, there are still pitfalls that will cause interoperabilityproblems and thereforeproblems; therefore, they must be avoided. Some examples of these pitfalls are:as follows: o Use of optional AVPs with intersecting meaning. One AVP has partially the same usage and meaning as another AVP. The presence of both can lead to confusion. oAn optionalOptional AVPs with dual purpose, i.e., to carry application data as well as to indicate support for one or more features. This has a tendency to introduce interpretation issues. o Adding one or more optional AVPs and indicating (usually within descriptive text for the command) that at least one of them has to be understood by the receiver of the command. This would be equivalent to adding a mandatory AVP, i.e., an AVP with the M-bit set, to the command. 4.3.2. Deleting AVPs from a Command Application designers may want to reuse an existingcommandcommand, but some of theAVPAVPs present in the command's CCF syntax specification may be irrelevant for the functionality foreseen to be supported by this command. It may be then tempting to delete those AVPs from the command. The impacts of deleting an AVP from a command depends on itscommand codeCommand Code format specification and M-bit setting: o Case 1: Deleting an AVP that is indicated as a required AVP (noted as {AVP}) in the command's CCF syntax specification (regardless of the M-bit setting). In this case, a newcommand codeCommand Code, and subsequently a new Diameterapplicationapplication, MUST be specified. o Case 2: Deleting an AVP, which has the M-bit set, and is indicated as an optional AVP (noted as[AVP])[AVP] in the command CCF) in the command's CCF syntax specification. In this case, no newcommand codeCommand Code has to bespecifiedspecified, but the definition of a new Diameter application is REQUIRED. o Case 3: Deleting an AVP, which has the M-bit cleared, and is indicated as [AVP] in the command's CCF syntax specification. In this case, the AVP can be deleted without consequences. Application designers SHOULD attempttheto reuse the command's CCF syntax specification without modification and simply ignore (but not delete) any optionalAVPAVPs that will not be used. This is to maintain compatibility with existing applications that will not know about the new functionality as well as to maintain the integrity of existing dictionaries. 4.3.3. Changing theFlags SettingFlag Settings of AVP inexistingExisting Commands Although unusual, implementors may want to change the setting of the AVP flags a given AVP used in a command. Into an existing command,aan AVP that was initially defined as a mandatory AVP to understand, i.e., an AVP with the M-bit flag set in thecommand,command MAY be safely turned to an optional AVP, i.e., with the M-bit cleared. Any node supporting the existing application will still understand the AVP, whatever the setting of the M-bit. On the contrary, an AVP initially defined as an optional AVP to understand, i.e., an AVP with the M-bit flag cleared in thecommand,command MUST NOT be changed into a mandatory AVP with the M-bit flag set without defining a new Diameter application. Setting the M-bit for an AVP that was defined as an optional AVP is equivalent to adding a new mandatory AVP to an existingcommandcommand, and the rules given inthe sectionSection 4.3.1 apply. All other AVP flags (V-bit, P-bit, reserved bits) MUST remain unchanged. 4.4. Reusing Existing AVPs This section discusses rules in reusing existingAVPAVPs when reusing an existing command or defining a new command in a new application. 4.4.1. Setting of the AVP Flags When reusing existing AVPs in a new application, application designers MUST specify the setting of the M-bit flag for a new Diameter application and, if necessary, for every command of the application that can carry these AVPs. In general, for AVPs defined outside of the Diameter base protocol, the characteristics of an AVP are tied to its role within a given application and the commands used in this application. All other AVP flags (V-bit, P-bit, reserved bits) MUST remain unchanged. 4.4.2. Reuse of AVP of Type Enumerated When reusing an AVP of type Enumerated in a command for a new application, it is RECOMMENDED to avoid modifying the set of valid values defined for this AVP. Modifying the set of Enumerated values includes adding a value or deprecating the use of a value defined initially for the AVP. Modifying the set of values will impact the application defining this AVP and all the applications using this AVP, causing potential interoperability issues: a value used by a peer that will not be recognized by all the nodes between the client and the server will cause an error response with the Result-Code AVP set to DIAMETER_INVALID_AVP_VALUE. When the full range of values defined for this Enumerated AVP is not suitable for the new application, it is RECOMMENDEDto definethat a new AVP be defined to avoidbackwards compatibilitybackward-compatibility issues with existing implementations. 5. Defining New Diameter Applications 5.1. Introduction This section discusses the case where new applications have requirements that cannot be fulfilled by existing applications and would require definition of completely new commands,AVPsAVPs, and/or AVP values. Typically, there is little ambiguity about the decision to create these types of applications. Some examples are the interfaces defined for the IP Multimedia Subsystem of 3GPP, e.g., Cx/Dx ([TS29.228] and [TS29.229]), Sh ([TS29.328] and[TS29.329])[TS29.329]), etc. Application designers SHOULD try to import existing AVPs and AVP values for any newly defined commands. In certain cases where accounting will be used, the models described in Section 5.10 SHOULD also be considered. Additional considerations are described in the following sections. 5.2. Defining New Commands As a general recommendation, commands SHOULD NOT be defined from scratch. It is instead RECOMMENDED tore-usereuse an existing command offering similar functionality and use it as a starting point. Codere-use leadreuse leads to a smaller implementation effort as well asreducereduces the need for testing. Moreover, the new command's CCF syntax specification SHOULD be carefully defined when considering applicability and extensibility of the application. If most of the AVPs contained in the command are indicated as fixed or required, it might be difficult to reuse the same commandand thereforeand, therefore, the same application in a slightly changed environment. Defining a command with most of the AVPs indicated as optional is considered as a good design choice in many cases, despite the flexibility it introduces in the protocol. Protocol designers MUST clearly state the reasons why these optional AVPs might or might not be present and properly define the corresponding behavior of the Diameter nodes when these AVPs are absent from the command. NOTE: As a hint for protocol designers, it is not sufficient to just look at the command's CCF syntax specification. It is also necessary to carefully read through the accompanying text in the specification. In the same way, the CCF syntax specification SHOULD be defined such that it will be possible to add any arbitrary optional AVPs with the M-bit cleared (including vendor-specific AVPs) without modifying the application. For this purpose, "* [AVP]" SHOULD be added in the command's CCF, which allows the addition of any arbitrary number of optional AVPs as described in [RFC6733]. 5.3. Use ofApplication-IdApplication Id in a Message When designing new applications, application designers SHOULD specify that the Application Id carried in all session-level messages is the Application Id of the application using those messages. This includes the session-level messages defined in the Diameter base protocol, i.e.,RAR/RAA, STR/STA, ASR/ASARe-Auth-Request (RAR) / Re-Auth-Answer (RAA), Session-Termination-Request (STR) / Session-Termination-Answer (STA), Abort-Session-Request (ASR) / Abort-Session-Answer (ASA), and possiblyACR/ACAAccounting-Request (ACR) / Accounting Answer (ACA) in the coupled accountingmodel,model; see Section 5.10. Some existing specifications do not adhere to this rule for historical reasons. However, this guidance SHOULD be followed by new applications to avoid routing problems. When a new application has been allocated with a new Application Id and it also reuses existing commands with or without modifications, the commands SHOULD use the newly allocated Application Id in the header and in all relevantApplication IdApplication-Id AVPs (Auth-Application-Id or Acct-Application-Id) present in the commands message body. Additionally, application designers usingVendor-Specific-a vendor-specific Application-Id AVP SHOULD NOT use the Vendor-Id AVP to further dissect or differentiate the vendor-specification Application Id. Diameter routing is not based on theVendor-Id.Vendor Id. As such, theVendor-Vendor Id SHOULD NOT be used as an additional input for routing or delivery of messages. The Vendor-Id AVP is an informational AVP only and kept for backward compatibility reasons. 5.4. Application-Specific Session State Machines Section 8 of [RFC6733] provides session state machines forauthentication, authorization and accounting (AAA) servicesAAA services, and these session state machines are not intended to cover behavior outside of AAA. If a new application cannot clearly be categorized into any of these AAA services, it is RECOMMENDED that the applicationdefinesdefine its own session state machine. Support for a server-initiated request is a clear example where anapplication-specificapplication- specific session state machine would be needed, for example, the Rw interface for the ITU-T push model(cf.[Q.3303.3]).(cf. [Q.3303.3]). 5.5. Session-Id AVP and Session Management Diameter applications are usually designed with the aim of managing user sessions (e.g., Diameternetwork access session (NASREQ)Network Access Server (NAS) application [RFC4005]) or a specific service access session (e.g., Diameter SIP application [RFC4740]). In the Diameter base protocol, session state is referenced using the Session-Id AVP. All Diameter messages that use the same Session-Id will be bound to the same session.Diameter-basedDiameter- based session management also implies that both the Diameter client and server (and potentially proxy agents along the path) maintain session state information. However, some applications may not need to rely on the Session-Id to identify and manage sessions because other information can be used instead to correlate Diameter messages. Indeed, the User-Name AVP or any other specific AVP can be present in every Diameter message andused thereforeused, therefore, for message correlation. Some applications might not require the notion ofDiameter sessionthe Diameter-session concept at all. For such applications, the Auth-Session-State AVP is usually set to NO_STATE_MAINTAINED in all Diametermessagesmessages, and these applicationsare thereforeare, therefore, designed as a set of stand-alone transactions. Even if an explicit access session termination is required, application- specific commands are defined and used instead of theSession- Termination-Request/Answer (STR/STA)STR/STA orAbort-Session-Request/Answer (ASR/ASA)ASR/ ASA defined in the Diameter base protocol [RFC6733]. In such a case, the Session-Id is not significant. Based on these considerations, protocol designers should carefully appraise whether the Diameter application being defined relies on the session management specified in the Diameter base protocol: o If it is, the Diameter command defined for the new application MUST include the Session-Id AVP defined in the Diameter base protocol[RFC6733][RFC6733], and the Session-Id AVP MUST be used for correlation of messages related to the same session. Guidance on the use of the Auth-Session-State AVP is given in the Diameter base protocol [RFC6733]. o Otherwise, because session management is not required or the application relies on its own session management mechanism, Diameter commands for the application need not include the Session-Id AVP. If any specific session management concept is supported by the application, the application documentation MUST clearly specify how the session is handled between the client and server (and possibly Diameter agents in the path). Moreover, because the application is not maintaining session state at the Diameter base protocol level, the Auth-Session-State AVP MUST be included in all Diameter commands for the application and MUST be set to NO_STATE_MAINTAINED. 5.6. Use of Enumerated Type AVPs The type Enumerated was initially defined to provide a list of valid values for an AVP with their respective interpretation described in the specification. For instance, AVPs of type Enumerated can be used to provide further information on the reason for the termination of a session or a specific action to perform upon the reception of the request. As described inthe sectionSection 4.4.2 above, defining an AVP of type Enumerated presents some limitations intermterms of extensibility and reusability. Indeed, the finite set of valid values definedatin the definition of the AVP of type Enumerated cannot be modified in practice without causingbackward compatibilitybackward-compatibility issues with existing implementations. As a consequence, AVPs ofTypetype Enumerated MUST NOT be extended by adding new values to support new capabilities. Diameter protocol designers SHOULD carefully consider before defining an Enumerated AVP whether the set of values will remain unchanged or new values may be required inathe near future. If such an extension is foreseen or cannot be avoided, it isRECOMMENEDRECOMMENDED toratherdefine AVPs of type Unsigned32 or Unsigned64 in which the data field would contain an address space representing "values" that would have the same use of Enumerated values. Whereas only the initial values defined at the definition of the AVP of type Enumerated are valid as described insectionSection 4.4.2, any value from the address space from 0 to 2^32 - 1 for AVPs of type Unsigned32 or from 0 to 2^64 - 1 for AVPs of type Unsigned64 is valid at the Diameter base protocol level and will not cause interoperability issues for intermediary nodes between clients and servers. Only clients and servers will be able to process the values at the application layer. For illustration, an AVP describing possible access networks would be defined asfollow:follows: Access-Network-Type AVP (XXX) is of type Unsigned32 and contains a 32-bit address space representing types of access networks. This application defines the following classes of access networks, all identified by the thousands digit in the decimal notation: o 1xxx (Mobile Access Networks) o 2xxx (Fixed AccessNetwork)Networks) o 3xxx (Wireless Access Networks) Values that fall within the Mobile Access Networks category are used to inform a peer that a request has been sent for a user attached to a mobile access network. The following values are defined in this application: 1001: 3GPP-GERAN The user is attached to a Global System for Mobile Communications (GSM) Enhanced Data rates for GSMEDGEEvolution (EDGE) Radio Access Network. 1002: 3GPP-UTRAN-FDD The user is attached to aUMTSUniversal Mobile Telecommunications System (UMTS) access network that uses frequency-division duplexing for duplexing. Unlike Enumerated AVP, any new value can be added in the address space defined by this Unsigned32 AVP without modifying the definition of the AVP. Thereis thereforeis, therefore, no risk ofbackward compatibility issue,backward-compatibility issues, especially when intermediate nodes may be present between Diameter endpoints.InAlong the same line, AVPs of type Enumerated are too often used as a simple Boolean flag,indicatingindicating, forinstanceinstance, a specific permission orcapability, and thereforecapability; therefore, onlytwothree values are defined, e.g., TRUE/ FALSE,AUTORIZED/UNAUTHORIZEDAUTHORIZED/UNAUTHORIZED, or SUPPORTED/UNSUPPORTED. This is a sub-optimal design since it limits the extensibility of the application: any new capability/permission would have to be supported by a new AVP or new Enumerated value of thealready definedalready-defined AVP, with thebackward compatibilitybackward-compatibility issues described above. Instead of using an Enumerated AVP for a Boolean flag, protocol designers SHOULD use AVPs of type Unsigned32 or Unsigned64AVPin which the data field would be defined as a bit mask whose bit settings are described in the relevant Diameter application specification. Such AVPs can be reused and extended without major impact on the Diameter application. The bit mask SHOULD leave room for future additions. Examples of AVPs that use bit masks are the Session-Binding AVP defined in [RFC6733] and the MIP6-Feature-Vector AVP defined in [RFC5447]. 5.7. Application-Specific Message Routing As described in [RFC6733], a Diameter request that needs to be sent to a home server serving a specific realm, but not to a specific server (such as the first request of a series of round trips), will contain a Destination-Realm AVP and no Destination-Host AVP. For such a request, the message routing usually relies only on the Destination-Realm AVP and the Application Id present in the request message header. However, some applications may need to rely on the User-Name AVP or any other application-specificAVPAVPs present in the request to determine the final destination of a request, e.g., to find the target AAA server hosting the authorization information for a given user when multiple AAA servers are addressable in the realm. In such a context, basic routing mechanisms described in [RFC6733] are not fully suitable, and additional application-level routing mechanisms MUST be described in the application documentation to provide such specific AVP-based routing. Such functionality will be basically hosted by an application-specific proxy agent that will be responsible for routing decisions based on the received specific AVPs. Examples of such application-specific routing functions can be found in the Cx/Dx applications ([TS29.228] and [TS29.229]) of the 3GPP IP Multimedia Subsystem, in which the proxy agent (Subscriber LocationFunctionFunction, aka SLF) uses specific application-level identities found in the request to determine the final destination of the message. Whatever the criteria used to establish the routing path of the request, the routing of the answer MUST follow the reverse path of the request, as described in [RFC6733], with the answer being sent to the source of the received request, using transaction states andhop- by-hophop-by-hop identifier matching. This ensures that the DiameterRelayrelay orProxyproxy agents in the request routing path will be able to release the transaction state upon receipt of the corresponding answer, avoiding unnecessary failover. Moreover, especially in roaming cases, proxy agents in the path must be able to apply local policies when receiving the answer from the server during authentication/ authorization and/or accountingprocedures,procedures and maintain up-to-date session state information by keeping track of all authorized active sessions. Therefore, application designers MUST NOT modify the answer-routing principles described in [RFC6733] when defining a new application. 5.8. Translation Agents As defined in [RFC6733], a translation agent is a device that provides interworking between Diameter and another AAA protocol, such asRADIUS .RADIUS. In the case of RADIUS, it was initially thought that defining the translation function would be straightforward by adopting a few basic principles, e.g., by the use of a shared range of code values for RADIUS attributes and Diameter AVPs. Guidelines for implementing a RADIUS-Diameter translation agent were put into the DiameterNASREQNAS Application([RFC4005]).[RFC4005]. However, it was acknowledged that such a translation mechanism was not so obvious and deeper protocol analysis was required to ensure efficient interworking between RADIUS and Diameter. Moreover, the interworking requirements depend on the functionalities provided by the Diameter application under specification, and a case-by-case analysis is required. As a consequence, all the material related to RADIUS-to-Diameter translation is removed from the new version of the DiameterNASREQ applicationNAS Application specification [RFC7155], which deprecatesthe RFC4005 ([RFC4005]).RFC 4005 [RFC4005]. Therefore, protocol designers SHOULD NOT assume the availability of a "standard" Diameter-to-RADIUSgatewaysgateway agent when planning to interoperate with the RADIUS infrastructure. They SHOULD specify the required translation mechanism along with the Diameter application, if needed. This recommendation applies for any kind of translation. 5.9. End-to-End Application Capabilities Exchange Diameter applications can rely on optional AVPs to exchange application-specific capabilities and features. These AVPs can be exchanged on an end-to-end basis at the application layer. Examples of this can be found with the MIP6-Feature-Vector AVP in [RFC5447] and the QoS-Capability AVP in [RFC5777]. End-to-end capabilities AVPs can be added as optional AVPs with the M-bit cleared to existing applications to announce support of new functionality. Receivers that do not understand these AVPs or the AVP values can simply ignore them, as stated in [RFC6733]. When supported, receivers of these AVPs can discover the additional functionality supported by the Diameterend-pointendpoint originating the request and behave accordingly when processing the request. Senders of these AVPs can safely assume the receivingend-pointendpoint does not support any functionality carried by the AVP if it is not present in the corresponding response. This is useful in cases where deployment choices are offered, and the generic design can be made available for a number of applications. When used in a new application, these end-to-end capabilities AVPs SHOULD be added as an optional AVP into the CCF of the commands used by the new application. Protocol designers SHOULD clearly specify this end-to-end capabilities exchange and the correspondingbehaviourbehavior of the Diameter nodes supporting the application. It is also important to note that this end-to-end capabilities exchange relying on the use of optional AVPs is not meant as a generic mechanism to support extensibility of Diameter applications with arbitrary functionality. When the added features drastically change the Diameter application or when Diameter agents must be upgraded to support the new features, a new application SHOULD be defined, as recommended in [RFC6733]. 5.10. Diameter Accounting Support Accounting can be treated as an auxiliary application that is used in support of other applications. In most cases, accounting support is required when defining new applications. This document provides two possible models for using accounting: Split Accounting Model: In this model, the accounting messages will use the Diameter base accounting Application Id (value of 3). The design implication for this is that the accounting is treated as an independent application, especially for Diameter routing. This means that accounting commands emanating from an application may be routed separately from the rest of the other application messages. This may also imply that the messages end up in a central accounting server. A split accounting model is a good design choice when: * The application itself does not define its own accounting commands. * The overall system architecture permits the use of centralized accounting for one or more Diameter applications. Centralizing accounting may haveadvantagesadvantages, but there are also drawbacks. The model assumes that the accounting server can differentiate received accounting messages. Since the received accounting messages can be for any application and/or service, the accounting server MUST have a method to match accounting messages with applications and/or services being accounted for. This may mean defining newAVPs,AVPs; checking the presence,absenceabsence, or contents of existingAVPs,AVPs; or checking the contents of the accounting record itself. One of these means could be to insert into the request sent to the accounting server an Auth-Application-Id AVP containing the identifier of the application for which the accounting request is sent. But in general, there is no clean and generic scheme for sorting these messages. Therefore, this model SHOULD NOT be used when all received accounting messages cannot be clearly identified and sorted. For most cases, the use of the Coupled Accounting Model is RECOMMENDED. Coupled Accounting Model: In this model, the accounting messages will use the Application Id of the application using the accounting service. The design implication for this is that the accounting messages are tightly coupled with the applicationitself;itself, meaning that accounting messages will be routed like the other application messages. It would then be the responsibility of the application server (application entity receiving the ACR message) to send the accounting records carried by the accounting messages to the proper accounting server. The application server is also responsible for formulating a proper response (ACA). A coupled accounting model is a good design choice when: * The system architecture or deployment does not provide an accounting server that supports Diameter. Consequently, the application server MUST be provisioned to use a different protocol to access the accounting server, e.g., viaLDAP, SOAPthe Lightweight Directory Access Protocol (LDAP), SOAP, etc. This case includes the support of older accounting systems that are not Diameter aware. * The system architecture or deployment requires that the accounting service for the specific application should be handled by the application itself. In all cases above, there will generally be no direct Diameter access to the accounting server. These models provide a basis for using accounting messages. Application designers may obviously deviate from these models provided that the factors being addressed here have also been taken into account. As a general recommendation, application designers SHOULD NOT define a new set of commands to carry application-specific accounting records. 5.11. Diameter Security Mechanisms As specified in [RFC6733], the Diameter message exchange SHOULD be secured between neighboring Diameter peers usingTLS/TCPTransport Layer Security (TLS) / TCP orDTLS/ SCTP.Datagram Transport Layer Security (DTLS) / Stream Control Transmission Protocol (SCTP). However, IPsec MAY also be deployed to secure communication between Diameter peers. When IPsec is used instead of TLS or DTLS, the following recommendations apply. IPsecESPEncapsulating Security Payload (ESP) [RFC4301] in transport mode with non-null encryption and authentication algorithms MUST be used to provide per-packet authentication, integrityprotectionprotection, andconfidentiality,confidentiality and to support the replay protection mechanisms of IPsec.IKEv2 [RFC5996]Internet Key Exchange Protocol Version 2 (IKEv2) [RFC7296] SHOULD be used for performing mutual authentication and for establishing and maintaining security associations (SAs).IKEv1 [RFC2409]Version 1 of IKE (IKEv1), defined in [RFC2409], was initially usedwithfor peer authentication, negotiation of security associations, and key management in RFC 3588[RFC3588] and for[RFC3588]. For easier migration fromIKEv1 basedthe obsoleted implementations based on IKEv1 to IKEv2, both RSA digital signatures and pre-shared keys SHOULD be supported in IKEv2. However, if IKEv1 is used,implementersimplementors SHOULD follow the guidelines given in Section 13.1 of RFC 3588 [RFC3588]. 6. Defining Generic Diameter Extensions Generic Diameter extensions are AVPs,commandscommands, or applications that are designed to support other Diameter applications. They are auxiliary applications meant to improve or enhance the Diameter protocol itself or Diameter applications/functionality. Some examples include the extensions to support realm-based redirection of Diameter requests (see [RFC7075]),conveyconveying a specific set of priority parameters influencing the distribution of resources (see [RFC6735]), and the support for QoS AVPs (see [RFC5777]). Since generic extensions may cover many aspects of Diameter and Diameter applications, it is not possible to enumerate all scenarios. However, some of the most common considerations are as follows: Backward Compatibility: When defining generic extensions designed to be supported by existing Diameter applications, protocol designers MUST consider the potential impacts of the introduction of the new extension on the behavior of the node that would not be yet upgraded tosupport/ understandsupport/understand this new extension. Designers MUST also ensure that new extensions do not break expected message delivery layer behavior. Forward Compatibility: Protocol designers MUST ensure that their design will not introduce undue restrictions for future applications. Trade-off in Signaling: Designers may have to choose between the use of optional AVPs piggybacked onto existing commands versus defining new commands and applications. Optional AVPs are simpler to implement and may not need changes to existing applications. However, this ties the sending of extension data to the application's transmission of a message. This has consequences if the application and the extensions have different timing requirements. The use of commands and applications solves this issue, but the trade-off is the additional complexity of defining and deploying a new application. It is left up to the designer to find a good balance among these trade-offs based on the requirements of the extension. In practice, generic extensions often use optional AVPs because they are simple and non-intrusive to the application that would carry them. Peers that do not support the generic extensions need not understand nor recognize these optional AVPs. However, it is RECOMMENDED that the authors of the extension specify the context or usage of the optional AVPs. As an example, in the case that the AVP can be used only by a specific set ofapplicationsapplications, then the specification MUST enumerate these applications and the scenarios when the optional AVPs will be used. In the case where the optional AVPs can be carried by any application, it should be sufficient to specify such a use case and perhaps provide specific examples of applications using them. In most cases, these optional AVPs piggybacked by applications would be defined as a GroupedAVPAVP, and it would encapsulate all the functionality of the generic extension. In practice, it is not uncommon that the Grouped AVP will encapsulate an existing AVP that has previously been defined as mandatory ('M'-bitset)set), e.g., 3GPPIMSIP Multimedia Subsystems (IMS) Cx/Dx interfaces ([TS29.228] and [TS29.229]). 7. Guidelines for Registrations of Diameter Values As summarized intheSection 3 of this document and further described intheSection 1.3 of [RFC6733], there are four main ways to extend Diameter. The process for defining new functionality slightly varies based on the different extensions. This section provides protocol designers with some guidance regarding the definition of values for possible Diameter extensions and the necessary interaction with IANA to register the new functionality. a. DefiningnewNew AVPvaluesValues The specifications defining AVPs and AVP values MUST provide guidance for defining new values and the corresponding policy for adding these values. For example,theRFC 5777 [RFC5777] defines the Treatment-ActionAVPAVP, which contains a list of valid values corresponding topre-definedpredefined actions (drop, shape, mark, permit). This set of values can be extended following the Specification Required policy defined in [RFC5226]. As a second example, the Diameter base specification [RFC6733] defines the Result-Code AVP that contains a 32-bit address space used to identity possible errors. According totheSection 11.3.2 of [RFC6733], new values can be assigned by IANA via an IETF Review process [RFC5226]. b. CreatingnewNew AVPs Two different types of AVP Codes namespaces can be used to create a newAVPs:AVP: * IETF AVP Codesnamespace;namespace. * Vendor-specific AVP Codes namespace. In the latter case, a vendor needs to be first assigned by IANA with a private enterprise number, which can be used within the Vendor-Id field of the vendor-specific AVP. This enterprise number delimits a private namespace in which the vendor is responsible for vendor-specific AVP code value assignment. The absence of aVendor-IdVendor Id or a Vendor-Id value of zero (0) in the AVP header identifies standard AVPs from the IETF AVP Codes namespace managed by IANA. The allocation of code values from the IANA- managed namespace is conditioned by an Expert Review of the specification defining the AVPs or an IETFreviewReview if a block of AVPs needs to be assigned. Moreover, the remaining bits of the AVP Flags field of the AVP header are also assigned viaStandardStandards Action if the creation of new AVPFlagsflags is desired. c. Creatingnew commandsNew Commands Unlike the AVPCodeCodes namespace, the Command Code namespace isflatflat, but the range of values is subdivided into three chunks with distinct IANA registration policies: * A range of standard Command Code values that are allocated via IETFreview;Review; * A range of vendor-specific Command Code values that are allocated on aFirst-Come/First-Servedfirst-come, first-served basis; and * A range of values reserved only for experimental and testing purposes. As for AVPFlags,flags, the remaining bits of the Command Flags field of the Diameter header are also assigned via a Standards Action to create new CommandFlagsflags if required. d. Creatingnew applications SimilarlyNew Applications Similarly, to the Command Code namespace, the Application-Id namespace is flat but divided into two distinct ranges: * A range of values reserved for standardApplication-IdsApplication Ids, allocated after Expert Review of the specification defining the standardapplication;application. * A range for values forvendor specificvendor-specific applications, allocated by IANA on aFirst-Come/First-Servefirst-come, first-served basis. The IANA AAA parameters page can be found athttp://www.iana.org/assignments/aaa-parameters<http://www.iana.org/assignments/aaa-parameters>, and the enterprise number IANA page is available athttp://www.iana.org/assignments/ enterprise-numbers.<http://www.iana.org/assignments/ enterprise-numbers>. More details on the policies followed by IANA for namespace management(e.g. First-Come/First-Served,(e.g., first-come, first-served; ExpertReview,Review; IETFReview,Review; etc.) can be found in [RFC5226]. NOTE: When the same functionality/extension is used by more than one vendor, it is RECOMMENDEDto definethat a standardextension.extension be defined. Moreover, a vendor-specific extension SHOULD be registered to avoid interoperability issues in the same network. With this aim, the registration policy of a vendor-specific extension has been simplified with the publication of[RFC6733][RFC6733], and the namespace reserved for vendor-specific extensions is large enough to avoid exhaustion. 8.IANA Considerations This document does not require actions by IANA. 9.Security Considerations This document provides guidelines and considerations for extending Diameter and Diameter applications. Although such an extension may be related to a security functionality, the document does not explicitly give additional guidance on enhancing Diameter with respect to security. However, as a general guideline, it is recommended that any Diameter extension SHOULD NOT break the security concept given inthe[RFC6733]. In particular, it isremindedreiterated here that any command defined or reused in a new Diameter application SHOULD be secured by using TLS [RFC5246] or DTLS/SCTP [RFC6083] and MUST NOT be used without one of the following: TLS, DTLS, or IPsec [RFC4301]. When defining a new Diameter extension, any possible impact of the existing security principles described inthe[RFC6733] MUST be carefully appraised and documented in the Diameter application specification.10. Contributors The content of this document was influenced by a design team created to revisit the Diameter extensibility rules. The team was formed in February 2008 and finished its work in June 2008. Except the authors, the design team members were: o Avi Lior o Glen Zorn o Jari Arkko o Jouni Korhonen o Mark Jones o Tolga Asveren o Glenn McGregor o Dave Frascone We would like to thank Tolga Asveren, Glenn McGregor, and John Loughney for their contributions as co-authors to earlier versions of this document. 11. Acknowledgments We greatly appreciate the insight provided by Diameter implementers who have highlighted the issues and concerns being addressed by this document. The authors would also like to thank Jean Mahoney, Ben Campbell, Sebastien Decugis and Benoit Claise for their invaluable detailed reviews and comments on this document. 12.9. References12.1.9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March1997.1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC6733] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, "Diameter Base Protocol", RFC 6733, October2012. 12.2.2012, <http://www.rfc-editor.org/info/rfc6733>. 9.2. Informative References [Q.3303.3]3rd Generation Partnership Project, "ITU-T Recommendation Q.3303.3,International Telecommunications Union, "Resource control protocolno. 3 (rcp3): ProtocolNo. 3: Protocols at the Rw interface between thePolicy Decision Physical Entitypolicy decision physical entity (PD-PE) andthe Policy Enforcement Physical Entitya policy enforcement physical entity (PE-PE):Diameter"",Diameter profile version 3", ITU-T Recommendation Q.3303.3, August 2008. [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November1998.1998, <http://xml.resource.org/public/rfc/info/rfc2409>. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September2003.2003, <http://www.rfc-editor.org/info/rfc3588>. [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August2005.2005, <http://www.rfc-editor.org/info/rfc4005>. [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August2005.2005, <http://www.rfc-editor.org/info/rfc4072>. [RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December2005.2005, <http://www.rfc-editor.org/info/rfc4301>. [RFC4740] Garcia-Martin, M., Belinchon, M., Pallares-Lopez, M., Canales-Valenzuela, C., and K. Tammi, "Diameter Session Initiation Protocol (SIP) Application", RFC 4740, November2006.2006, <http://www.rfc-editor.org/info/rfc4740>. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May2008.2008, <http://www.rfc-editor.org/info/rfc5226>. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August2008.2008, <http://www.rfc-editor.org/info/rfc5246>. [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., and K. Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction", RFC 5447, February2009.2009, <http://www.rfc-editor.org/info/rfc5447>. [RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M., and A. Lior, "Traffic Classification and Quality of Service (QoS) Attributes for Diameter", RFC 5777, February2010. [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 5996, September 2010.2010, <http://www.rfc-editor.org/info/rfc5777>. [RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)", RFC 6083, January2011.2011, <http://www.rfc-editor.org/info/rfc6083>. [RFC6735] Carlberg, K. and T. Taylor, "Diameter Priority Attribute- Value Pairs", RFC 6735, October2012.2012, <http://www.rfc-editor.org/info/rfc6735>. [RFC7075] Tsou, T., Hao, R., and T. Taylor, "Realm-Based Redirection In Diameter", RFC 7075, November2013.2013, <http://www.rfc-editor.org/info/rfc7075>. [RFC7155] Zorn, G., "Diameter Network Access Server Application", RFC 7155, April2014.2014, <http://www.rfc-editor.org/info/rfc7155>. [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, October 2014, <http://www.rfc-editor.org/info/rfc7296>. [TS29.228] 3rd Generation Partnership Project,"3GPP TS 29.228; Technical"Technical Specification Group Core Network and Terminals; IP Multimedia (IM) Subsystem Cx and Dx Interfaces; Signalling flows and message contents",<http://www.3gpp.org/ftp/Specs/html-info/29272.htm>.3GPP TS 29.228, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29228.htm>. [TS29.229] 3rd Generation Partnership Project,"3GPP TS 29.229; Technical"Technical Specification Group Core Network and Terminals; Cx and Dx interfaces based on the Diameter protocol; Protocol details", 3GPP TS 29.229, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29229.htm>. [TS29.328] 3rd Generation Partnership Project,"3GPP TS 29.328; Technical"Technical Specification Group Core Network and Terminals; IP Multimedia (IM) Subsystem Sh interface;signallingSignalling flows and messagecontent",contents", 3GPP TS 29.328, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29328.htm>. [TS29.329] 3rd Generation Partnership Project,"3GPP TS 29.329; Technical"Technical Specification Group Core Network and Terminals; Sh Interface based on the Diameter protocol; Protocol details", 3GPP TS 29.329, September 2014, <http://www.3gpp.org/ftp/Specs/html-info/29329.htm>. Appendix A. Contributors The content of this document was influenced by a design team created to revisit the Diameter extensibility rules. The team was formed in February 2008 and finished its work in June 2008. In addition to those individuals listed in the Authors' Addresses section, the design team members were: o Avi Lior o Glen Zorn o Jari Arkko o Jouni Korhonen o Mark Jones o Tolga Asveren o Glenn McGregor o Dave Frascone We would like to thank Tolga Asveren, Glenn McGregor, and John Loughney for their contributions as coauthors to earlier versions of this document. Appendix B. Acknowledgments We greatly appreciate the insight provided by Diameter implementors who have highlighted the issues and concerns being addressed by this document. The authors would also like to thank Jean Mahoney, Ben Campbell, Sebastien Decugis, and Benoit Claise for their invaluable, detailed reviews and comments on this document. Authors' Addresses Lionel Morand (editor) Orange Labs 38/40 rue du General Leclerc Issy-Les-Moulineaux Cedex 9 92794 France Phone: +33145296257Email:EMail: lionel.morand@orange.com Victor Fajardo Fluke NetworksEmail:EMail: vf0213@gmail.com Hannes Tschofenig Hall in Tirol 6060 AustriaEmail:EMail: Hannes.Tschofenig@gmx.net URI: http://www.tschofenig.priv.at