 We are now going to look at a triple-A service provisioning protocol known as diameter There is a whole Concept to diameter and the detailing of the protocol Which has to be explained in due course I will try to be as explanatory as possible, but if need be we are going to look at more of it in due Let's start with the introduction So diameter is basically a standardized triple-A Service provisioning protocol Recommended by the ITF It actually came into being because the traditional radius Protocol and service that is remote Authentication dial-in user service was not able to keep up with the emerging requirements for triple-A that is access authorization and accounting for emerging Technologies especially at the underlying layers. So diameter is basically again an application layer protocol and It is meant to work with the user applications For providing network access Diameter is it is an extended form of radius. So The focus of comparison of diameter is with radius to show and highlight What are the additional features which are provided by diameter? So diameter is Reliable unlike radius because it uses TCP and Streaming control transmission protocol unlike UDP And the reason was because the scope of radius was only limited to Individual subscribers which were connecting to the network services using dial-up modems New access technologies like DSL mobile broadband optical and cable all Necessited there's some new functionality that keeps up with their high-speed Bandwidth and service delivery Potential have to be incorporated in some new Protocol. So here it is diameter with its own set of rich features Let's look at each one of these one by one. The first one is fail over a fail over actually means once particular server service Connection network Application fails then there has to be a mechanism to automatically trigger the backup. This is known as failover. So Radius actually was using UDP so it it relied more on the application layer to come up with its own acknowledgement Acknowledgement mechanisms, but diameter has facilitated it and improved it tremendously by using the concept of acknowledgment and some advanced failover methods then There is a security which is provided by Diameter because radius actually provided Mechanism known as the extensible authentication protocol and IP sec IP sec works at the network layer and the Extensible authentication protocol would would provide security to the responses which were coming from the end-to-end applications for instance the server which would respond to the radius initiated requests would be able to encrypt and Deliver the Messages in an in a secure manner, but this isn't this was not the case for the other radius Messaging and control information diameter has actually Ensured this all together at a new level it it actually has a Per packet encryption mechanism where the encryption can Actually vary From a packet to another packet this uses again IP sec But at the transport layer since it uses TCP it can be encrypted using the transport layer security Diameter also has backward compatibility Provisioning so it does provide security on UDP known as the DTLS then it is obviously More reliable as compared to radius Unlike Radius, there is support for agents and our agents are actually the entities which would work on behalf of the Diameter server to communicate with multiple clients what means we can think about relay agents proxy agents and Directing nodes as agents so diameter utilizes a myriad of agents to provide Services to the end users Then there are service server initiated messages usually it is a client server model where a client initiates communication with the server In that case the server is in no position to initiate communication with the client But in in diameter. There's a provision that the server can actually initiate communication with the client for instance, there is a mechanism known as Unsolicited disconnect where the server decides to disconnect the and terminate the connection and Sometimes if the server can ask the reauthentication and reauthorization To to take place for that the server initiated messages is a very good feature that has been introduced in diameter Then there is a transition support our transition support actually means that diameter is a backward Compatible with the radius so within an organization both a diameter as well as radius can exist a Very interesting and exciting feature in diameter is the capability negotiation Here the client and server Can actually negotiate on mutually agreeable parameters? This was not the case in radius. So in radius if the parameters would not match then A client could not avail the triple a services from radius, but here Diameter uses some smart mechanisms like error handling mechanisms capability negotiation by asking the values of Parameters and features which are provided on either side to negotiate on the acceptable service level Then there's another very exciting feature in in diameter Let's look at radius first in radius for all the client and server names and addresses Some kind of manual configuration was required and in order to ensure the security use in EAP and IPsec some kind of shared secret key had to be Provisioned now Sharing of the key was again a very laborious and very administratively heavy Task and then these shared secret keys had their limited applicability Now diameter has taken it to a new level by introducing dynamic discovery using DNS so the fully qualified domain name based DNS discovery mechanism helps a client to discover Any agent which is it which is in its first hop coverage likewise An agent can also discover another agent to implement the diameter functionality effectively