 |
Click title to get back to main page of DiameterRA
Diameter State Machines
See tables for transitions numbers and Cause-Action pairs of each transition. Each transition is shown on apriopriate graph.
Authorization Session State Machines
These state machines MUST be observed by implementations which make use of authentication and/or authorization portion of application. They describe session lifecycle.
In the state table, the event 'Failure to send X' means that the Diameter agent is unable to send command X to the desired destination. This could be due to the peer being down, or due to the
peer sending back a transient failure or temporary protocol error notification DIAMETER_TOO_BUSY or DIAMETER_LOOP_DETECTED in the Result-Code AVP of the corresponding Answer command. The event 'X
successfully sent' is the complement of 'Failure to send X'.
Stateful Client
The following state machine is observed by a client when state is maintained on the server:
| State Machine Transitions for Stateful Client |
|---|
| State | Transition | Cause | Response/Action |
|---|
| Idle | 1 | Client requests access | Send to server service specific auth request |
| Idle | 10 | ASR Received for unknown session | Send ASA to server with Result-Code= UNKNOWN_SESSION_ID |
| Pending | 3 | Successful Service-specific authorization answer received with default Auth-Session-State value | Grant Access |
| Pending | 4 | Successful Service-specific authorization answer received but service not provided | Sent STR to server |
| Pending | 4 | Error processing successful Service-specific authorization answer | Sent STR to server |
| Pending | 2 | Failed Service-specific authorization answer received | Cleanup - free resources allocated for session |
| Open | 6 | User or client device requests access to service | Send service specific auth req |
| Open | 6 | Successful Service-specific authorization answer received | Provide Service |
| Open | 7 | Failed Service-specific authorization answer received. | Discon. user/device |
| Open | 5 | Session-Timeout Expires on Access Device | Send STR |
| Open | 5 | ASR Received, client will comply with request to end the session | Send ASA with Result-Code = SUCCESS,Send STR. |
| Open | 6 | ASR Received, client will not comply with request to end the session | Send ASA with Result-Code = SUCCESS |
| Open | 5 | Authorization-Lifetime + Auth-Grace-Period expires on access device | Send STR |
| Discon | 8 | ASR Received | Send ASA |
| Discon | 9 | STA Received | Discon. user/device |
Stateful Server
The following state machine is observed by a server when it is maintaining state for the session:
| State Machine Transitions for Stateful Server |
|---|
| State | Transition | Cause | Response |
|---|
| Idle | 1 | Service-specific authorization request received, and user is authorized | Send successful serv. specific answer |
| Idle | 7 | Service-specific authorization request received, and user is not authorized | Send failed serv. specific answer |
| Open | 3 | Service-specific authorization request received, and user is authorized | Send successful serv. specific answer |
| Open | 2 | Service-specific authorization request received, and user is not authorized | Send failed serv. specific answer, Cleanup |
| Open | 4 | Home server wants to terminate the service | Send ASR |
| Open | 2 | Authorization-Lifetime (and Auth-Grace-Period) expires on home server. | Cleanup |
| Open | 2 | Session-Timeout expires on home server | Cleanup |
| Discon | 5 | Failure to send ASR | Wait,resend ASR |
| Discon | 6 | ASR successfully sent and ASA Received with Result-Code | Cleanup |
| Not Discon | None | ASA Received | None |
| Any | 2,6,7 | STR Received | Send STA |
Stateless Client
The following state machine is observed by a client when state is not maintained on the server:
| State Machine Transitions for Stateless Client |
|---|
| State | Transition | Cause | Response |
|---|
| Idle | 1 | Client or Device Requests access | Send service specific auth req |
| Pending | 2 | Successful Service-specific authorization answer received with Auth-Session-State set to NO_STATE_MAINTAINED | Grant Access |
| Pending | 4 | Failed Service-specific authorization answer received | Cleanup |
| Open | 3 | Session-Timeout Expires on Access Device | Discon. user/device |
| Open | 3 | Service to user is terminated | Discon. user/device |
Stateless Server
The following state machine is observed by a server when it is not maintaining state for the session:
| State Machine Transitions for Stateless Server |
|---|
| State | Transition | Cause | Response |
|---|
| Idle | 1 | Service-specific authorization request received, and successfully processed | Send serv. specific answer |
Accounting State Machines
Following state machines MUST be observed by implementations which use accounting portion of application or just need accounting services.
Server side accounting state machine depends sometimes on application type, thus there are two types of state machines. Default state machine must be followed by all implemenations.
Client Machine - always stateless ?
This state machine is observer by client.
| State Machine Transitions for Client |
|---|
| State | Transition | Next | Cause | Response/Action |
|---|
| Idle | 1 | PendingS | Client or device requests access | Send accounting start req. |
| Idle | 2 | PendingE | Client or device requests a one-time service | Send accounting event req |
| Idle | 3 | PendingB | Records in storage | Send record |
| PendingS | 4 | Open | Successful accounting start answer received | |
| PendingS | 4 | Open | Failure to send and buffer space available and realtime not equal to DELIVER_AND_GRANT | Store Start Record |
| PendingS | 4 | Open | Failure to send and no buffer space available and realtime equal to GRANT_AND_LOSE | |
| PendingS | 5 | Idle | Failure to send and no buffer space available and realtime not equal to GRANT_AND_LOSE | Disconnect user/dev |
| PendingS | 4 | Open | Failed accounting start answer received and realtime equal to GRANT_AND_LOSE | |
| PendingS | 5 | Idle | Failed accounting start answer received and realtime not equal to GRANT_AND_LOSE | Disconnect user/dev |
| PendingS | 6 | PendingS | User service terminated | Store stop record |
| Open | 7 | PendingI | Interim interval elapses | Send accounting interim record |
| Open | 8 | PendingL | User service terminated | Send accounting stop req. |
| PendingI | 9 | Open | Successful accounting interim answer received | |
| PendingI | 9 | Open | Failure to send and (buffer space available or old record can be overwritten) and realtime not equal to DELIVER_AND_GRANT | Store interim record |
| PendingI | 9 | Open | Failure to send and no buffer space available and realtime equal to GRANT_AND_LOSE | |
| PendingI | 10 | Idle | Failure to send and no buffer space available and realtime not equal to GRANT_AND_LOSE | Disconnect user/dev |
| PendingI | 9 | Open | Failed accounting interim answer received and realtime equal to GRANT_AND_LOSE | |
| PendingI | 10 | Idle | Failed accounting interim answer received and realtime not equal to GRANT_AND_LOSE | Disconnect user/dev |
| PendingI | 11 | PendingI | User service terminated | Store stop record |
| PendingE | 12 | Idle | Successful accounting event answer received | |
| PendingE | 12 | Idle | Failure to send and buffer space available | Store event record |
| PendingE | 12 | Idle | Failure to send and no buffer space available | |
| PendingE | 12 | Idle | Failed accounting event answer received | |
| PendingB | 13 | Idle | Successful accounting answer received | Delete record |
| PendingB | 13 | Idle | Failure to send | |
| PendingB | 13 | Idle | Failed accounting answer received | Delete record |
| PendingL | 14 | Idle | Successful accounting stop answer received | |
| PendingL | 14 | Idle | Failure to send and buffer space available | Store stop record |
| PendingL | 14 | Idle | Failure to send and no buffer space available | |
| PendingL | 14 | Idle | Failed accounting stop answer received | |
 The states PendingS, PendingI, PendingL, PendingE and PendingB are "waiting" states coresponding to request related to Start, Interim, Stop, Event or buffered record, respectively.
Server Stateless
The default server side state machine requires the reception of
accounting records in any order and at any time, and does not place
any standards requirement on the processing of these records.
Implementations of Diameter MAY perform checking, ordering,
correlation, fraud detection, and other tasks based on these records.
Both base Diameter AVPs as well as application specific AVPs MAY be
inspected as a part of these tasks. The tasks can happen either
immediately after record reception or in a post-processing phase.
However, as these tasks are typically application or even policy
dependent, they are not standardized by the Diameter specifications.
Applications MAY define requirements on when to accept accounting
records based on the used value of Accounting-Realtime-Required AVP,
credit limits checks, and so on.
| State Machine Transitions for Sateless Server |
|---|
| State | Transition | Next | Cause | Response/Action |
|---|
| Idle | 1 | Idle | Accounting start request received, and successfully processed. | Send accounting start answer |
| Idle | 1 | Idle | Accounting event request received, and successfully processed. | Send accounting event answer |
| Idle | 1 | Idle | Interim record received, and successfully processed. | Send accounting interim answer |
| Idle | 1 | Idle | Accounting stop request received, and successfully processed | Send accounting stop answer |
| Idle | 1 | Idle | Accounting request received, no space left to store records | Send accounting answer, Result-Code = OUT_OF_SPACE |
Server Stateful
This state machine MAY be followed by applications that require keeping track of the session state at the accounting server. Due to incompatibility with the ability to sustain long
duration connectivity problems use of this state machine is recommended only in applications where the value of the Accounting-Realtime-Required AVP is DELIVER_AND_GRANT, and hence
accounting connectivity problems are required to cause the serviced user to be disconnected. Otherwise, records sent by client after connection is reestabilished, might got dropped by server.
The state machine is supervised by a supervision session timer Ts, which the value should be reasonably higher than the Acct_Interim_Interval value. Ts MAY be set to two times the value of the Acct_Interim_Interval so as to avoid the accounting session in the Diameter server to change to Idle state in case of short transient network failure. Only event listed in table are valid, any other should be treated as error.
In the state table, the event 'Failure to send' means that the Diameter client is unable to communicate with the desired destination. This could be due to the peer being down, or due to the peer sending back a transient failure or temporary protocol error notification DIAMETER_OUT_OF_SPACE, DIAMETER_TOO_BUSY, or DIAMETER_LOOP_DETECTED in the Result-Code AVP of the Accounting Answer command.
The event 'Failed answer' means that the Diameter client received a non-transient failure notification in the Accounting Answer command.
Note that the action 'Disconnect user/dev' MUST have an effect also to the authorization session state table, e.g., cause the STR message to be sent, if the given application has both
authentication/authorization and accounting portions.
| State Machine Transitions for Sateful Server |
|---|
| State | Transition | Next | Cause | Response/Action |
|---|
| Idle | 1 | Open | Accounting start request received, and successfully processed. | Send accounting start answer,Start Ts |
| Idle | 2 | Idle | Accounting event request received, and successfully processed. | Send accounting event answer |
| Idle | 2 | Idle | Accounting request received,no space left to store records | Send accounting answer, Result-Code= OUT_OF_SPACE |
| Open | 3 | Open | Interim record received, and successfully processed. | Send accounting interimanswer, Restart Ts |
| Open | 4 | Idle | Accounting stop request received, and successfully processed | Send accounting stop answer,Stop Ts |
| Open | 4 | Idle | Accounting request received, no space left to store records | Send accounting answer, Result-Code= OUT_OF_SPACE, Stop Ts |
| Open | 4 | Idle | Session supervision timer Ts expired | Stop Ts |
-- Main.baranowb - 08 Jun 2006
|