NAS Network Access Server (DIAMETER application)
Introduction
A Network Access Server (NAS) is a device that provides access to a network by receiving and forwarding authentication and authorization requests from end-users. The NAS is typically located at the edge of a network and acts as a gateway to the outside world. It can be a physical or virtual device that performs the tasks of authentication, authorization, and accounting (AAA) on behalf of the network. The DIAMETER protocol is a AAA protocol that is used to perform authentication, authorization, and accounting functions in a NAS. This article provides an overview of the NAS and its relationship with the DIAMETER protocol.
NAS and its Functions
A Network Access Server (NAS) is a device that connects a user to a network. It provides a point of entry for users to access the network and forwards authentication and authorization requests to a backend server. The NAS typically performs the following functions:
- Authentication: The NAS authenticates the user by requesting a username and password. The user enters the username and password, and the NAS forwards this information to the backend server for authentication.
- Authorization: Once the user is authenticated, the NAS forwards an authorization request to the backend server. The backend server checks if the user is authorized to access the requested resources.
- Accounting: The NAS keeps track of the user's usage of network resources and forwards accounting information to the backend server. The accounting information includes the amount of data transmitted and received, the duration of the connection, and other details.
NAS and the DIAMETER Protocol
The DIAMETER protocol is a AAA protocol that is used to perform authentication, authorization, and accounting functions in a NAS. DIAMETER is a successor to the RADIUS protocol and provides additional features such as support for IP-based protocols, extensibility, and enhanced security. The DIAMETER protocol uses a client-server model, where the NAS acts as a client and the backend server acts as a server.
The DIAMETER protocol is composed of three main components: the Diameter base protocol, the Diameter application protocol, and the Diameter Attribute-Value Pairs (AVPs). The Diameter base protocol defines the message format and the message exchange between the client and the server. The Diameter application protocol defines the specific application for which the protocol is being used. The Diameter AVPs are used to carry attribute-value pairs in the messages exchanged between the client and the server.
The DIAMETER protocol is used in a NAS to perform the following functions:
- Authentication: The NAS sends an authentication request to the backend server using the DIAMETER protocol. The authentication request contains the user's username and password in the form of AVPs. The backend server responds with an authentication answer that indicates whether the user is authenticated or not.
- Authorization: Once the user is authenticated, the NAS sends an authorization request to the backend server using the DIAMETER protocol. The authorization request contains information about the resources that the user is requesting access to. The backend server responds with an authorization answer that indicates whether the user is authorized to access the requested resources.
- Accounting: The NAS sends accounting information to the backend server using the DIAMETER protocol. The accounting information contains details about the user's usage of network resources, such as the amount of data transmitted and received, the duration of the connection, and other details.
DIAMETER Applications
The DIAMETER protocol is used in various applications, including the following:
- Mobile Network Authentication: The DIAMETER protocol is used in mobile networks to authenticate and authorize mobile devices. The Diameter Mobile IPv4 and Diameter Mobile IPv6 applications are used to perform AAA functions in mobile networks.
- Internet Service Provider (ISP) Billing: The DIAMETER protocol is used in ISP billing systems to track the usage of network resources by customers. The Diameter Credit-Control Application (DCCA) is used in ISP billing systems to perform real-time credit control and to manage user sessions.
- Voice over IP (VoIP): The DIAMETER protocol is used in VoIP networks to authenticate and authorize users and to perform accounting functions. The Diameter SIP Application is used to perform AAA functions in VoIP networks.
- Diameter Gateway: The DIAMETER protocol is used in Diameter Gateways, which are used to connect different Diameter networks. The Diameter Routing Agent (DRA) is used in Diameter Gateways to route Diameter messages between different Diameter networks.
DIAMETER Security
The DIAMETER protocol provides enhanced security features compared to its predecessor, the RADIUS protocol. The DIAMETER protocol includes features such as message encryption, message integrity protection, and secure transport. The DIAMETER protocol also includes support for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), which provide secure transport for Diameter messages.
The DIAMETER protocol includes support for message encryption using the Advanced Encryption Standard (AES). Message encryption ensures that the messages exchanged between the client and the server are not intercepted or modified by a third party. The DIAMETER protocol also includes support for message integrity protection using the HMAC-SHA1 algorithm. Message integrity protection ensures that the messages exchanged between the client and the server are not modified during transmission.
Conclusion
The Network Access Server (NAS) is a device that provides access to a network by receiving and forwarding authentication and authorization requests from end-users. The DIAMETER protocol is a AAA protocol that is used to perform authentication, authorization, and accounting functions in a NAS. The DIAMETER protocol uses a client-server model, where the NAS acts as a client and the backend server acts as a server. The DIAMETER protocol provides enhanced security features compared to its predecessor, the RADIUS protocol. The DIAMETER protocol is used in various applications, including mobile network authentication, ISP billing, VoIP, and Diameter Gateways.