Diameter Stack Configuration Guide

Contents

1Introduction
1.1Prerequisites

2
Diameter Stack Initial Configuration
2.1Diameter Stack Initial Configuration Procedure
2.2Configuration Examples for Diameter Connection Scenarios

3
Use Cases of Diameter Stack Update Configuration
3.1Change HSS Deployment
3.2Change EIR Deployment
3.3Change DRA Deployment
3.4Change the Port Which IPWorks AAA Listens On

4
Diameter Stack Management Tools
4.1How to Use Diameter Server Identification Tool
4.2How to Use Diameter Transport Tool
4.3How to Use Diameter Route Tool

Reference List

1   Introduction

This document describes how to configure Diameter stack initially and how to update the configuration when IPWorks AAA is already in service. Besides, some configuration examples are provided for reference.

Diameter stack supports both IPv4 and IPv6 addresses. All the examples in this document use only IPv4 addresses. The operator determines to use IPv4 or IPv6, or both addresses according to site requirement.

For general concepts about the Diameter Stack, refer to the Diameter Stack section in IPWorks Configuration Management.

1.1   Prerequisites

For Diameter Stack initial configuration, stop the IPWorks EPC AAA process if it is running:

  1. Log on to the SC node.

    # ssh <username>@<OAM IP Address>

  2. Stop all the running IPWorks EPC AAA processes, for example, EPC AAA services are deployed in both PL-3 and PL-4.

    SC-X # ipw-ctr stop aaa_diameter PL-3

    SC-X # ipw-ctr stop aaa_diameter PL-4

  3. If SCTP transport is used, configure SS7 stack to create SCTP FE, refer to section Configuring SS7 for Diameter over SCTP in Configure SS7 for AAA or according to different IPWorks deployment scenario.

    Figure 1 illustrates the protocol stack for IPWorks AAA:

Figure 1   IPWorks AAA Protocol Stack Overview

Personal Prerequisites

The personal must have good knowledge in:

2   Diameter Stack Initial Configuration

This section provides the following topics:

2.1   Diameter Stack Initial Configuration Procedure

This section describes how to configure the Diameter Stack initially, which includes:

The Diameter Stack management tools are used on SC node. For details about these tools, see Section 4 Diameter Stack Management Tools.

2.1.1   Configure Diameter Server Identification

The Diameter server identification consists of origin host, origin realm, host IP address, and product name that are used for Diameter Capabilities Exchange messages (CER/CEA messages).

  1. Initialize the Diameter Stack configuration.

    # dia-identity-ctr --cmd initial

    Prompt information is shown as below: 

    “Do you want to cleanup all the information of diameter identity, transport and route?
Please type 'Yes' or 'No' to continue: Yes”

  2. Configure Diameter server identification.

    # dia-identity-ctr --cmd add --origin-host "<AAA Host>" --origin-realm "<AAA Realm>" --host-ip-address "[<AAA Traffic Address>]" --product-name "<AAA Product Name>"

    For more information about the command, see Section 4.1 How to Use Diameter Server Identification Tool.

    For example:

    # dia-identity-ctr --cmd add --origin-host "PL-3.ipworks.com" --origin-realm "ipworks.com" --host-ip-address "[192.168.20.13]" --product-name "IPWorksAAADiameterServer"

    When SCTP multi-homing is used, more than one Host IP addresses need to be configured:

    # dia-identity-ctr --cmd add --origin-host "PL-3.ipworks.com" --origin-realm "ipworks.com" --host-ip-address "[192.168.20.13, 192.168.20.15]" --product-name "IPWorksAAADiameterServer"

2.1.2   Configure Diameter Transport

IPWorks AAA supports TCP or SCTP transport. When IPWorks AAA plays the Diameter server role, the transport is configured to accept connections from HSGW, ePDG, PGW, and DRA. When IPWorks AAA plays the Diameter client role, the transport is configured to connect to HSS.

Note:  
  • It is recommended that multi-connections to AAA server can be established by the remote nodes (HSGW, ePDG, PGW, or DRA).
  • It is recommended that the connection number equals to the multiples of the number of Pay Load which deployed with EPC AAA. So, the traffic can be load share between each Pay Load.
  • EPC AAA supports TCP or SCTP transport. If SCTP transport is selected, it supports two multi-homing IP address for EPC AAA and remote nodes.

2.1.3   Configure Diameter Route

Note:  
The Diameter route configuration is required only when DRA is used or IPWorks AAA is direct connection with multiple HSS and EIR.

The Diameter route table contains Application ID, Destination information (Destination Host and Realm), and Diameter peer. Application ID and Destination information are used as the match condition.

Configure Diameter Route with One Peer

Table 1 is an example of a Diameter route table that one peer is selected for the match condition.

Table 1    Route Table Example 1

Match Condition

Selected Peer

Application ID

Destination Host

Destination Realm

Peer Host

Peer Realm

SWx (16777265)

*

hss.com

hss1.hss.com

hss.com

SWm (16777264)

*

*

dra1.dra.com

dra.com

S13 (16777252)

*

eir.com

eir1.eir.com

eir.com

As Table 1 shows, when IPWorks AAA sends out a Diameter request message:

To configure Diameter route based on Table 1, do the following:

# dia-route-ctr --cmd add --app "SWx" --dest "[*],hss.com" --peer "[hss1.hss.com], hss.com"

# dia-route-ctr --cmd add --app "SWm" --dest "*" --peer "[dra1.dra.com], dra.com"

The following configuration is applicable for IMEI Check feature:

# dia-route-ctr --cmd add --app "S13" --dest "[*],eir.com" --peer "[eir1.eir.com], eir.com"

For more information about the command, see Section 4.3 How to Use Diameter Route Tool.

Configure Diameter Route with Two or More Peers

If two or more peers are selected for the match condition, the operator needs to decide which redundancy mode is used for the selected peers.

Table 2 is an example of a Diameter route table that two peers are selected for the match condition.

Table 2    Route Table Example 2

Match Condition

Selected Peer

Application ID

Destination Host

Destination Realm

Peer Host

Peer Realm

Redundancy Mode

SWx (16777265)

*

hss.com

hss1.hss.com

hss.com

Failover

SWx (16777265)

*

hss.com

hss2.hss.com

hss.com

S13 (16777252)

*

eir.com

eir1.eir.com

eir.com

Failover

S13 (16777252)

*

eir.com

eir2.eir.com

eir.com

SWm (16777264)

*

*

dra1.dra.com

dra.com

Load sharing

SWm (16777264)

*

*

dra2.dra.com

dra.com

As Table 2 shows, when IPWorks AAA sends out a Diameter request message:

To configure Diameter route based on Table 2 , do the following:

2.2   Configuration Examples for Diameter Connection Scenarios

Table 3 lists the configuration examples for typical Diameter connection scenarios.

Table 3    Diameter Connection Scenarios

Scenario

Transport Layer Type

Redundancy Mode

Procedures

Single HSS

Multi-homing is used.

-

Section 2.2.1 HSS

Single EIR

Multi-homing is used.

-

Section 2.2.2.1 Single EIR

HSS Redundancy

TCP

failover

Section 2.2.1.2 HSS Redundancy

EIR Redundancy

EIR Redundancy

failover

Section 2.2.2.2 EIR Redundancy

DRA

SCTP

load sharing

Section 2.2.3 Diameter Routing Agent

2.2.1   HSS

2.2.1.1   Single HSS

In this scenario (shown in Figure 2), IPWorks AAA opens a listen port and accepts TCP or SCTP connections from HSGW, ePDG, and PGW. IPWorks AAA connects to HSS via TCP or SCTP transport. And SCTP multi-homing is used.

Figure 2   Single HSS

Table 4 lists the presupposition values for the example:

Table 4    Presupposition Values for Single HSS

Attribute

IPWorks AAA

HSS

Host

aaa1.aaa.com

hss1.hss.com

Realm

aaa.com

hss.com

Traffic IP

192.168.20.13


192.168.20.14

192.168.20.1


192.168.20.2

Listening Port

3868

3869

Product Name

IPWorksAAADiameterServer

*

To configure Diameter stack in this scenario, do the following:

  1. Configure Diameter server identification.

    # dia-identity-ctr --cmd initial

    Prompt information is shown as below:

    Do you want to cleanup all the information of diameter identity, transport and route? Please type 'Yes' or 'No' to continue: Yes

    # dia-identity-ctr --cmd add --origin-host "aaa1.aaa.com" --origin-realm "aaa.com" --host-ip-address "[192.168.20.13,192.168.20.14]" --product-name "IPWorksAAADiameterServer"

  2. Configure Diameter transport.
    1. Configure TCP or SCTP transport to accept connections from HSGW, ePDG, or PGW.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:3868" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13, 192.168.20.14]:3868" --mode SCTP

    2. Configure TCP or SCTP transport to connect with HSS.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.1]:3869" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13, 192.168.20.14]:0" --remote "[192.168.20.1, 192.168.20.2]:3869" --mode SCTP

  3. Configure SS7 stack to create SCTP FE, refer to the section Configuring SS7 for Diameter over SCTP in Configure SS7 for AAA.

2.2.1.2   HSS Redundancy

In this scenario (as shown in Section 2.2.1.2 HSS Redundancy), IPWorks AAA opens a listen port and accepts connections from HSGW, ePDG, and PGW. There are two HSS servers connected by IPWorks AAA with failover mode.

Figure 3   HSS Redundancy

Table 5 lists the presupposition values for the example:

Table 5    Presupposition Values for HSS Redundancy

Attribute

IPWorks AAA

HSS1

HSS2

Host

aaa1.aaa.com

hss1.hss.com

hss2.hss.com

Realm

aaa.com

hss.com

hss.com

Traffic IP

192.168.20.13

192.168.20.1

192.168.20.2

Listening Port

3868

3869

3869

Product Name

IPWorksAAADiameterServer

*

*

To configure Diameter stack in this scenario, do the following:

  1. Configure Diameter server identification.

    # dia-identity-ctr --cmd initial

    Prompt information is shown as below:

    Do you want to cleanup all the information of diameter identity, transport and route? Please type 'Yes' or 'No' to continue: Yes

    # dia-identity-ctr --cmd add --origin-host "aaa1.aaa.com" --origin-realm "aaa.com" --host-ip-address "[192.168.20.13]" --product-name "IPWorksAAADiameterServer"

  2. Configure Diameter transport.
    1. Configure one TCP transport which is used to accept connections from HSGW, ePDG, or PGW.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:3868" --mode TCP

    2. Configure one TCP transport which is used to connect to HSS1.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.1]:3869" --mode TCP

    3. Configure one TCP transport which is used to connect to HSS2.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.2]:3869" --mode TCP

  3. Configure Diameter route. In this scenario, IPWorks connects to two HSS via failover mode.

    # dia-route-ctr --cmd add --app "SWx" --dest "[*],hss.com" --peer "[hss1.hss.com],hss.com"

    # dia-route-ctr --cmd add --app "SWx" --dest "[*],hss.com" --peer "[hss2.hss.com],hss.com"

    Note:  
    The former configured route has a higher priority. In this example, the route to HSS1 is configured before HSS2, so the route to HSS1 has a higher priority.

2.2.2   EIR

The configuration example is only available for IMEI Check feature.

2.2.2.1   Single EIR

In this scenario (shown in Figure 4), IPWorks AAA opens a listen port and accepts TCP or SCTP connections from HSGW, ePDG, and PGW. IPWorks AAA connects to EIR by TCP or SCTP transport. And SCTP multi-homing is used.

Figure 4   Single EIR

Table 6    Presupposition Values for Single EIR

Attribute

EIR

Host

eir1.eir.com

Realm

eir.com

Traffic IP

192.168.20.3


192.168.20.4

Listening Port

3870

Product Name

*

This configuration steps are only needed in IMEI Check feature and the configuration are same as the steps in Section 2.2.1 HSS. The extra step is configuring TCP or SCTP transport to connect with EIR:

# dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.3]:3870" --mode TCP

# dia-transport-ctr --cmd add --local "[192.168.20.13, 192.168.20.14]:0" --remote "[192.168.20.3, 192.168.20.4]:3870" --mode SCTP

2.2.2.2   EIR Redundancy

Figure 5   EIR Redundancy

Table 7    Presupposition Values for EIR Redundancy

Attribute

EIR1

EIR2

Host

eir1.eir.com

eir2.eir.com

Realm

eir.com

eir.com

Traffic IP

192.168.20.3

192.168.20.4

Listening Port

3870

3870

Product Name

*

*

To configure Diameter stack in this scenario, do the following:

  1. Configure Diameter transport.
    1. Configure one TCP transport which is used to connect to EIR1.

      #dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.3]:3870" --mode TCP

    2. Configure one TCP transport which is used to connect to EIR2.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.4]:3870" --mode TCP

  2. Configure Diameter route. In this scenario, IPWorks connects to two EIRs via failover mode.

    # dia-route-ctr --cmd add --app "S13" --dest "[*],eir.com" --peer "[eir1.eir.com],eir.com"

    #dia-route-ctr --cmd add --app "S13" --dest "[*],eir.com" --peer "[eir2.eir.com],eir.com"

Note:  
The former configured route has a higher priority. In this example, the route to EIR1 is configured before EIR2, so the route to EIR1 has a higher priority.

2.2.3   Diameter Routing Agent

In this scenario (shown in Figure 6), IPWorks AAA opens a listen port and accepts SCTP connection from DRA. IPWorks AAA is not directly connected with HSS HSGW, ePDG, and PGW, DRA is working as a proxy.

Figure 6   DRA

Table 8 lists the presupposition values for the example:

Table 8    Presupposition Values for DRA

Attribute

IPWorks AAA

DRA1

DRA2

Host

aaa1.aaa.com

dra1.dra.com

dra2.dra.com

Realm

aaa.com

dra.com

dra.com

Traffic IP

192.168.20.13

192.168.20.1

192.168.20.2

Listening Port

3868

-

-

Product Name

IPWorksAAADiameterServer

-

-

To configure Diameter stack in this scenario, do the following:

  1. Configure Diameter server identification.

    # dia-identity-ctr --cmd initial

    Prompt information is shown as below: 

    Do you want to cleanup all the information of diameter identity, transport and route?
Please type 'Yes' or 'No' to continue: Yes

    # dia-identity-ctr --cmd add --origin-host "aaa1.aaa.com" --origin-realm "aaa.com" --host-ip-address "[192.168.20.13]" --product-name "IPWorksAAADiameterServer"

  2. Configure Diameter transport.

    Configure one SCTP transport that is used to accept connections from DRA.

    # dia-transport-ctr --cmd add --local "[192.168.20.13]:3868" --mode SCTP

  3. Configure Diameter route. In this scenario, IPWorks connects with two DRA via load sharing mode.

    # dia-route-ctr --cmd add --app "*" --dest "*" --peer "[dra1.dra.com, dra2.dra.com], dra.com"

2.2.4   Hybrid Deployment with DRA

In this scenario (shown in Figure 7), IPWorks AAA opens a port to accept TCP connection from DRA. IPWorks AAA directly connects with two groups of HSS. HSS1 and HSS2 are in Group 1, and HSS3 and HSS4 are in Group 2. Inside the HSS Group, the HSS works in load sharing mode. Between Group1 and Group2, the HSS works in failover mode. Group 1 has a higher priority. If IMEI Check feature is enabled, EIR configuration and deployment is the same as HSS.

Figure 7   Hybrid Deployment with DRA

To configure Diameter stack in this scenario, do the following:

  1. Configure Diameter server identification.

    # dia-identity-ctr --cmd initial

    # dia-identity-ctr --cmd add --origin-host "aaa1.aaa.com" --origin-realm "aaa.com" --host-ip-address "[192.168.20.13]" --product-name "IPWorksAAADiameterServer"

  2. Configure Diameter transport.
    1. Configure one TCP transport that is used to accept connections from DRA.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:3868" --mode TCP

    2. Configure one TCP transport for each HSS.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.1]:3869" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.2]:3869" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.3]:3869" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.4]:3869" --mode TCP

    3. Configure one TCP transport for each EIR if IMEI Check feature is enabled.

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.5]:3870" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.6]:3870" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.7]:3870" --mode TCP

      # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.8]:3870" --mode TCP

  3. Configure Diameter route.
    • Inside the HSS Group, the HSS works in load sharing mode. Between Group1 and Group2, the HSS works in failover mode. Group 1 has a higher priority.

      # dia-route-ctr --cmd add --app "SWx" --dest "[*], hss.com" --peer "[hss1.hss.com, hss2.hss.com], hss.com"

      # dia-route-ctr --cmd add --app "SWx" --dest "[*], hss.com" --peer "[hss3.hss.com, hss4.hss.com], hss.com"

    • Inside the EIR Group, the EIR works in load sharing mode. Between Group1 and Group2, the EIR works in failover mode. Group 1 has a higher priority. This step is only available in IMEI Check feature.

      # dia-route-ctr --cmd add --app "S13" --dest "[*], eir.com" --peer "[eir1.eir.com, eir2.eir.com], eir.com"

      # dia-route-ctr --cmd add --app "S13" --dest "[*], eir.com" --peer "[eir3.eir.com, eir4.eir.com], eir.com"

    • Two DRA works in load sharing mode:

      # dia-route-ctr --cmd add --app "SWm" --dest "*" --peer "[dra1.dra.com, dra2.dra.com], dra.com"

      # dia-route-ctr --cmd add --app "S6b" --dest "*" --peer "[dra1.dra.com, dra2.dra.com], dra.com"

      # dia-route-ctr --cmd add --app "STa" --dest "*" --peer "[dra1.dra.com, dra2.dra.com], dra.com"

3   Use Cases of Diameter Stack Update Configuration

In some case, customer needs to update the diameter stack configuration, such as adding an HSS or DRA. Here are some common use cases for updating diameter stack configurations:

Most of these use cases involve combinations of adding, modifying, or removing diameter server identification, transport, and route. The diameter stack configuration updates take effect in runtime.

The Diameter Stack management tools are used to operate the diameter server identification, transport, and route. For details about these tools, see Section 4 Diameter Stack Management Tools.

3.1   Change HSS Deployment

This use case is about IPWorks AAA directly connecting with HSS. When an HSS is added or removed, the diameter transport and diameter route need to be updated.

3.1.1   Add an HSS

The current deployment is that IPWorks AAA directly connects to two HSS (HSS1, HSS 2) with load sharing mode. The diameter transport is TCP. This example is to add an HSS (HSS 3) based on current deployment.

Figure 8   Add an HSS

To add the HSS3:

  1. Add a diameter transport which is used to connect to HSS3:

    # dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.3]:3869" --mode TCP

  2. Change the diameter route:
    1. List the current diameter route. Two HSS work in load sharing mode.

      # dia-route-ctr --cmd list

      RouteTable:
--------------------------------
id:       1
app:      SWx
dest:     host = *,  realm = hss.com
peer:     host = ['hss1.hss.com', 'hss2.hss.com'], realm = hss.com
priority: 1

    2. Change the diameter route, and make that three HSS work in load sharing mode.

      #dia-route-ctr --cmd modify --id 1 --peer "[hss1.hss.com, hss2.hss.com, hss3.hss.com], hss.com"

    3. List the modified diameter route:

      # dia-route-ctr --cmd list

      RouteTable:
--------------------------------
id:       1
app:      SWx
dest:     host = *,  realm = hss.com
peer:     host = ['hss1.hss.com', 'hss2.hss.com',  'hss3.hss.com'],  realm = hss.com
priority: 1

3.1.2   Remove an HSS

The current deployment is that IPWorks AAA connects to three HSS (HSS1, HSS2, HSS3) with load sharing mode. The diameter transport is TCP. This example is to remove an HSS (HSS3) based on current deployment.

Figure 9   Remove an HSS

To remove the HSS3:

  1. Change the diameter route:
    1. List the current diameter route, three HSS works in load sharing mode.

      # dia-route-ctr --cmd list

      RouteTable:
--------------------------------
id:       1
app:      SWx
dest:     host = *,  realm = hss.com
peer:     host = ['hss1.hss.com', 'hss2.hss.com',  'hss3.hss.com'],  realm = hss.com
priority: 1

    2. Change the diameter route, and make that the left two HSS work in load sharing mode.

      #dia-route-ctr --cmd modify --id 1 --peer "[hss1.hss.com, hss2.hss.com], hss.com"

    3. List the modified diameter route:

      # dia-route-ctr --cmd list

      SC-1:~ # dia-route-ctr --cmd list
RouteTable:
--------------------------------
id:       1
app:      SWx
dest:     host = *,  realm = hss.com
peer:     host = ['hss1.hss.com', 'hss2.hss.com'],  realm = hss.com
priority: 1

  2. Delete the diameter transport HSS3 related.
    1. List the current diameter transport, and find that the id of diameter transport HSS3 related is 1.

      # dia-transport-ctr --cmd list

      TransportTable:
+------+------------------------+-----------------------+--------+
|   id | local                  | remote                | mode   |
+======+========================+=======================+========+
|    1 | ['192.168.20.13']:0    | ['192.168.20.3']:3869 | TCP    |
+------+------------------------+-----------------------+--------+
|    2 | ['192.168.20.13']:0    | ['192.168.20.2']:3869 | TCP    |
+------+------------------------+-----------------------+--------+
|    3 | ['192.168.20.13']:0    | ['192.168.20.1']:3869 | TCP    |
+------+------------------------+-----------------------+--------+
|    4 | ['192.168.20.13']:3868 |                       | TCP    |
+------+------------------------+-----------------------+--------+

    2. Remove the transport which id is 1:

      # dia-transport-ctr --cmd rm --id 1

3.2   Change EIR Deployment

For changing EIR deployment, refer to Section 3.1.

3.3   Change DRA Deployment

When a DRA is added or removed, or the priority of DRA is changed, diameter route needs to be updated. If IPWorks AAA plays the diameter client role and connects to DRA, the diameter transport also needs to be updated.

3.3.1   Add a DRA

The current deployment is that IPWorks AAA listens on port 3868, and two DRA (DRA1, DRA2) connect to IPWorks AAA. The two DRA work in failover mode. This example is to add a DRA (DRA3) based on current deployment.

Figure 10   Add a DRA

As IPWorks AAA already has a transport to accept connections from DRA, it is not necessary to create an additional transport, you only need to add a diameter route.

To add a DRA3:

  1. List current Diameter route, two DRA work in failover mode.

    # dia-route-ctr --cmd list

    RouteTable:
--------------------------------
id:       1
app:      *
dest:     *
peer:     host = ['dra1.dra.com'],  realm = dra.com
priority: 1


--------------------------------
id:       2
app:      *
dest:     *
peer:     host = ['dra2.dra.com'],  realm = dra.com
priority: 2

  2. Add a diameter route for DRA3.

    # dia-route-ctr --cmd add --app "*" --dest "*" --peer "[dra3.dra.com], dra.com"

  3. List the modified Diameter route, three DRA works in failover mode.

    # dia-route-ctr --cmd list

    RouteTable:
--------------------------------
id:       1
app:      *
dest:     *
peer:     host = ['dra1.dra.com'],  realm = dra.com
priority: 1


--------------------------------
id:       2
app:      *
dest:     *
peer:     host = ['dra2.dra.com'],  realm = dra.com
priority: 2
--------------------------------
id:       3
app:      *
dest:     *
peer:     host = ['dra3.dra.com'],  realm = dra.com
priority: 3

3.3.2   Remove a DRA

The current deployment is that IPWorks AAA listens on port 3868, and three DRA (DRA1, DRA2, and DRA3) connect to IPWorks AAA. The three DRA work in failover mode. This example is to remove a DRA (DRA3) based on current deployment.

Figure 11   Remove a DRA

To remove the DRA3:

  1. List the current Diameter route, three DRA work in failover mode.

    # dia-route-ctr --cmd list

    RouteTable:
--------------------------------
id:       1
app:      *
dest:     *
peer:     host = ['dra1.dra.com'],  realm = dra.com
priority: 1


--------------------------------
id:       2
app:      *
dest:     *
peer:     host = ['dra2.dra.com'],  realm = dra.com
priority: 2
--------------------------------
id:       3
app:      *
dest:     *
peer:     host = ['dra3.dra.com'],  realm = dra.com
priority: 3

  2. Remove the diameter route DRA3 related. The id of the route DRA3 is 3.

    # dia-route-ctr --cmd rm --id 3

  3. List the modified Diameter route, two DRA work in failover mode.

    # dia-route-ctr --cmd list

    SC-1:~ # dia-route-ctr --cmd list
RouteTable:
--------------------------------
id:       1
app:      *
dest:     *
peer:     host = ['dra1.dra.com'],  realm = dra.com
priority: 1


--------------------------------
id:       2
app:      *
dest:     *
peer:     host = ['dra2.dra.com'],  realm = dra.com
priority: 2

3.3.3   Change Priority of DRA

The current deployment is that IPWorks AAA listens on port 3868, and two DRA (DRA1, DRA2) connect to IPWorks AAA. The two DRA work in failover mode and DRA1 has a higher priority. This example is to change the priority of DRA.

To change the priority:

  1. List the Diameter route, two DRA work in failover mode, and DRA1 has a higher priority.

    # dia-route-ctr --cmd list

    RouteTable:
--------------------------------
id:       1
app:      *
dest:     *
peer:     host = ['dra1.dra.com'],  realm = dra.com
priority: 1


--------------------------------
id:       2
app:      *
dest:     *
peer:     host = ['dra2.dra.com'],  realm = dra.com
priority: 2

  2. Change the DRA priority.

    # dia-route-ctr --cmd modify --id 2 --peer "[dra1.dra.com], dra.com"

    # dia-route-ctr --cmd modify --id 1 --peer "[dra2.dra.com], dra.com"

  3. List the modified Diameter route. The priority of DRA1 and DRA2 changes.

    # dia-route-ctr --cmd list

    RouteTable:
--------------------------------
id:       1
app:      *
dest:     *
peer:     host = ['dra2.dra.com'],  realm = dra.com
priority: 1


--------------------------------
id:       2
app:      *
dest:     *
peer:     host = ['dra1.dra.com'],  realm = dra.com
priority: 2

3.4   Change the Port Which IPWorks AAA Listens On

When IPWorks AAA plays the Diameter server role, it listens on a port to accept connections from the remote peers. IPWorks AAA supports to change the listening port in runtime.

Here is an example to change the original listening port (3868) to the new one (3870). In this example, the IPWorks AAA traffic IP is 192.168.20.13.

  1. Add a new transport with the new listening port to accept connections from remote peers.

    # dia-transport-ctr --cmd add --local "[192.168.20.13]:3870" --mode TCP

  2. Configure the eVIP policy for the new port 3870, and remove the old one.

    Log on to the ECLI interface:

    # ssh <username>@<MIP_OAM_IP> -t -s cli

    >dn ManagedElement=<Node Name>,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=ipw_sig_sp,EvipFlowPolicies=1

    (EvipFlowPolicies=1)>configure
(config-EvipFlowPolicies=1)>EvipFlowPolicy=diameter_port_3870
(config-EvipFlowPolicy=diameter_port_3870)>addressFamily="ipv4"
(config-EvipFlowPolicy=diameter_port_3870)>dest="192.168.20.13"
(config-EvipFlowPolicy=diameter_port_3870)>destPort="3870"
(config-EvipFlowPolicy=diameter_port_3870)>protocol="tcp"
(config-EvipFlowPolicy=diameter_port_3870)>targetPool="DIA_pools"
(config-EvipFlowPolicy=diameter_port_3870)>commit
(EvipFlowPolicy=diameter_port_3870)>show
EvipFlowPolicy=diameter_port_3870
   addressFamily="ipv4"
   dest="192.168.20.13"
   destPort="3870"
   protocol="tcp"
   targetPool="DIA_pools"
(EvipFlowPolicy=diameter_port)>up
(EvipFlowPolicies=1)>show
EvipFlowPolicies=1
   EvipFlowPolicy=sip_alb_tcp_fe_ipv4_port_53
   EvipFlowPolicy=sip_alb_udp_fe_ipv4_port_53
   EvipFlowPolicy=sctp_1
   EvipFlowPolicy=sctp_2
   EvipFlowPolicy=sctp_3
   EvipFlowPolicy=sctp_4
   EvipFlowPolicy=diameter_port_3868
   EvipFlowPolicy=diameter_port_3870
(config-EvipFlowPolicies=1)>no EvipFlowPolicy=diameter_port_3868
(config-EvipFlowPolicies=1)>commit

  3. After remote peer has already connected to IPWorks AAA with the new transport, remove the original transport.

    In this example, the record is of original transport is 2.

    # dia-transport-ctr --cmd list

    TransportTable:
+------+------------------------+-----------------------+--------+
|   id | local                  | remote                | mode   |
+======+========================+=======================+========+
|    1 | ['192.168.20.13']:3870   |                     | TCP    |
+------+------------------------+-----------------------+--------+
|    2 | ['192.168.20.13']:3868    |                    | TCP    |
+------+------------------------+-----------------------+--------+

    # dia-transport-ctr --cmd rm --id 2

    # dia-transport-ctr --cmd list

    TransportTable:
+------+------------------------+-----------------------+--------+
|   id | local                  | remote                | mode   |
+======+========================+=======================+========+
|    1 | ['192.168.20.13']:3870   |                     | TCP    |
+------+------------------------+-----------------------+--------+

4   Diameter Stack Management Tools

This section provides user guides of Diameter Stack management tools to configure Diameter Stack. It includes the following topics:

4.1   How to Use Diameter Server Identification Tool

The tool dia-identity-ctr is used to initialize the Diameter basic configuration. Also, it can list, add, and modify the following identity attributes:

Table 9    Diameter Server Identification Attributes

Attribute Name

Attribute Value

Comment

originHost

<AAA Host>

Encode it as Origin-Host AVP in CER/CEA message.

originRealm

<AAA Realm>

Encode it as Origin-Realm AVP in CER/CEA message.

hostIpAddress

<AAA Traffic IP>

Encode it as Host-IP-Address AVP in CER/CEA message.

productName

<AAA Product Name>

Encode it as Product-Name AVP in CER/CEA message, it represents the product name of IPWorks Diameter AAA server.

Initialize Diameter Server Identification

The initial command cleans up all the information of identity, transport, and route for Diameter Stack.

# dia-identity-ctr --cmd initial

Prompt information is shown as below: 

Do you want to cleanup all the information of diameter identity, transport and route?
Please type 'Yes' or 'No' to continue:

Type Yes to continue or type No to cancel this operation.

List Diameter Server Identification

# dia-identity-ctr --cmd list

Add Diameter Server Identification

Syntax:

# dia-identity-ctr --cmd add --product-name "<AAA Product Name>" --origin-host "<AAA Host>" --origin-realm "<AAA Realm>" --host-ip-address "[<AAA Traffic IP>,..]"

Example:

# dia-identity-ctr --cmd add --product-name "IPWorksAAADiameterServer" --origin-host "PL-3" --origin-realm "aaa.ericssion.com" --host-ip-address "[192.168.10.13, 192.168.10.14]"

Table 10    dia-identity-ctr Add Command Options

Option

Mandatory/Optional

Default Value

product-name

Mandatory

-

origin-host

Mandatory

-

origin-realm

Mandatory

-

host-ip-address

Mandatory

-

Modify Diameter Server Identification

Syntax:

# dia-identity-ctr --cmd modify --product-name "<AAA Product Name>" --origin-host "<AAA Host>" --origin-realm "<AAA Realm>” --host-ip-address "[<AAA Traffic IP>,..]"

Example:

# dia-identity-ctr --cmd modify --product-name "IPWorksAAADiameterServer" --origin-host "PL-3" --origin-realm "aaa.ericssion.com" --host-ip-address "[192.168.10.13, 192.168.10.14]"

Table 11    dia-identity-ctr Add Command Options

Option

Mandatory/Optional

Default Value

product-name

Optional

-

origin-host

Optional

-

origin-realm

Optional

-

host-ip-address

Optional

-

4.2   How to Use Diameter Transport Tool

IPWorks AAA can accept connection request from Diameter Peer Node(s) by supporting Diameter connection over TCP or SCTP.

The tool dia-transport-ctr is used to list, add, modify, and remove the following transport related attributes:

Table 12    Diameter Transport Attributes

Node

Attribute Name

Attribute Value

Comment

IPWorks AAA (local)

address

<AAA Traffic IP>

IPWorks AAA can use separate IPs for SCTP and TCP traffic.

port

<AAA Listening Port>

Defaults to 3868 for listening transport, 0 for connecting port

Peer node (remote)

address

<Peer Traffic IP>

Traffic IP for peer node, such as HSS

port

<Peer Listening Port>

-

List Diameter Transport

# dia-transport-ctr --cmd list

Add Diameter Transport

Syntax:

# dia-transport-ctr --cmd add --local "[<AAA Traffic IP>]:<AAA Listening Port>" --remote "[<Peer Traffic IP>]:<Peer Listening Port>" --mode <TCP/SCTP>

Example:

# dia-transport-ctr --cmd add --local "[192.168.20.13]:3868" --mode TCP

# dia-transport-ctr --cmd add --local "[192.168.20.13]:0" --remote "[192.168.20.1]:3869" --mode TCP

# dia-transport-ctr --cmd add --local "[192.168.20.13,192.168.20.14]:0" --remote "[192.168.20.1,192.168.20.2]:3869" --mode SCTP

Table 13    dia-transport-ctr Add Command Options

Option

Mandatory/Optional

Default Value

Comments

local

Mandatory

-

The address and port of IPWorks AAA should be as its value.


Multiple value can be specified for the address.

remote

Optional

-

The address and port of peer node should be as its value if needed.


Multiple value can be specified for the address.

mode

Mandatory

-

Only two choices: "TCP" or "SCTP".


For example, SCTP should be set if SCTP transport is used.

Remove Diameter Transport

Note:  
Use list command to show all the records before remove operation.

Syntax:

# dia-transport-ctr --cmd rm --id <Record_Id>

Example:

# dia-transport-ctr --cmd list

# dia-transport-ctr --cmd rm --id 1

Table 14    dia-transport-ctr rm Command Option

Option

Mandatory/Optional

Default Value

Comments

id

Mandatory

-

The value is set to the record id that will be deleted. The record id can be shown by list command.

Modify Diameter Transport

Note:  
Use list command to show all the records before modify operation.

Syntax:

# dia-transport-ctr --cmd modify --id <Record_Id> --local "[<AAA Traffic IP>]:<AAA Listening Port>" --remote "[<Peer Traffic IP>]:<Peer Listening Port>"

Example:

# dia-transport-ctr --cmd list

# dia-transport-ctr --cmd modify --id 4 --local "[192.168.20.13]:3868"

# dia-transport-ctr --cmd modify --id 4 --local "[192.168.20.13]:0" --remote "[192.168.20.1]:3869"

# dia-transport-ctr --cmd modify --id 4 --remote "[192.168.20.1]:3870"

# dia-transport-ctr --cmd modify --id 4 --local "[192.168.20.13, 192.168.20.14]:0" --remote "[192.168.20.1, 192.168.20.2]:3869"

Table 15    dia-transport-ctr Modify Command Options

Option

Mandatory/Optional

Default Value

Comments

id

Mandatory

-

The value is set to the record id that will be modified. The record id can be shown by list command.

local

Optional

-

The address and port of IPWorks AAA should be as its value.


Multiple value can be specified for the address.

remote

Optional

-

The address and port of peer node should be as its value if needed.


Multiple value can be specified for the address.

4.3   How to Use Diameter Route Tool

The tool dia-route-ctr is used to list, add, modify, and remove the following route related attributes:

Table 16    Diameter Route Attributes

Node

Attribute Name

Attribute Value

Comment

dest

host

<Destination Host>

Only single value can be specified. If all hosts are in one realm, use "*" here.

realm

<Destination Realm>

-

peer

host

<Peer Host>

Multiple value can be specified. If all hosts are in one realm, use " *" here.

realm

<Peer Realm>

-

List Diameter Route

# dia-route-ctr --cmd list

Add Diameter Route

Syntax:

# dia-route-ctr --cmd add --app "<App Name>" --dest "[<Destination Host>],<Destination Realm>" --peer "[<Peer Host>],<Peer Realm>"

Example:

# dia-route-ctr --cmd add --app "SWx" --dest "[*],hss.com" --peer "[hss1],hss.com"

# dia-route-ctr --cmd add --app "SWx" --dest "[hss1],hss.com" --peer "[hss1,hss2],hss.com"

# dia-route-ctr --cmd add --app "SWx" --dest "*" --peer "[hss1,hss2],hss.com9"

Table 17    dia-route-ctr Add Command Options

Option

Mandatory/Optional

Default Value

Comments

app

Mandatory

-

The app is configured to one of these values: SWx, STa, S6b, or SWm, use "*" for all apps.

dest

Mandatory

-

The host and realm of destination node should be configured as its value.


If all the destination are in one realm, use " *" as the host name.

peer

Mandatory

-

The host and realm of peer node should be configured as its value.


If more than one peer are in one realm, multiple hosts are configured.

Remove Diameter Route

Note:  
Use list command to show all the records before the remove operation,

Syntax:

# dia_route_ctr --cmd rm --id <RECORD_ID>

Example:

# dia_route_ctr --cmd list

# dia_route_ctr --cmd rm --id 1

Table 18    dia-route-ctr rm Command Option

Option

Mandatory/Optional

Default Value

Comments

id

Mandatory

-

The value is set to the record id that will be deleted.

Modify Diameter Route

Note:  
Use list command to show all the records before the modify operation.

Syntax:

# dia-route-ctr --cmd modify --id <Record Id> --peer "[<Peer Host>],<Peer Realm>"

Example:

# dia-route-ctr --cmd list

# dia-route-ctr --cmd modify --id 4 --peer "[hss1,hss2],hss.com"

Table 19    dia-route-ctr Modify Command Options

Option

Mandatory/Optional

Default Value

Comments

id

Mandatory

-

The value is set to the record id that will be modified.

peer

Optional

-

The host and realm of peer node should be configured as its value.


If more than one peers are in one realm, multiple hosts are configured.


Reference List

[1] C-diameter Programmer's Guide, 198 17-APR 901 0488/2
[2] Configure SS7 for AAA.


Copyright

© Ericsson AB 2017, 2018. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
All trademarks mentioned herein are the property of their respective owners. These are shown in the document Trademark Information.

    Diameter Stack Configuration Guide