[Dime] RE : Re: Question regarding diameter session

<lionel.morand@orange.com> Fri, 14 July 2017 15:47 UTC

Return-Path: <lionel.morand@orange.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B2EF129AF6 for <dime@ietfa.amsl.com>; Fri, 14 Jul 2017 08:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.399
X-Spam-Level:
X-Spam-Status: No, score=-5.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPjql5JpRPiA for <dime@ietfa.amsl.com>; Fri, 14 Jul 2017 08:47:31 -0700 (PDT)
Received: from relais-inet.orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B864A1242F7 for <dime@ietf.org>; Fri, 14 Jul 2017 08:47:30 -0700 (PDT)
Received: from opfednr04.francetelecom.fr (unknown [xx.xx.xx.68]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 008D3C03EF; Fri, 14 Jul 2017 17:47:29 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.13]) by opfednr04.francetelecom.fr (ESMTP service) with ESMTP id C9DC640068; Fri, 14 Jul 2017 17:47:28 +0200 (CEST)
Received: from OPEXCLILM43.corporate.adroot.infra.ftgroup ([fe80::ec23:902:c31f:731c]) by OPEXCLILM6D.corporate.adroot.infra.ftgroup ([fe80::54f9:a6c3:c013:cbc7%19]) with mapi id 14.03.0352.000; Fri, 14 Jul 2017 17:47:28 +0200
From: <lionel.morand@orange.com>
To: Ajinkya Joshi <ajoshi@definitionnetworks.com>, "dime@ietf.org" <dime@ietf.org>
Thread-Topic: =?iso-8859-1?Q?RE=A0:_Re:_[Dime]_Question_regarding_diameter_session?=
Thread-Index: AQHS/Lh+fvTWiZEAKk6ZSs78BsXH/g==
Date: Fri, 14 Jul 2017 15:47:27 +0000
Message-ID: <5135_1500047248_5968E790_5135_80_1_6B7134B31289DC4FAF731D844122B36E2D1B10AC@OPEXCLILM43.corporate.adroot.infra.ftgroup>
References: <CAFUT_s2os8=BkfGFyBd3W0V+yQ5wiwCibagLxrL8OTKWQ8ZGgA@mail.gmail.com>, <CAFUT_s2v_hEMRz-NC0sZhcEnZYqn9-vcnq1wGzkgyF_qekse1Q@mail.gmail.com>
In-Reply-To: <CAFUT_s2v_hEMRz-NC0sZhcEnZYqn9-vcnq1wGzkgyF_qekse1Q@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_6B7134B31289DC4FAF731D844122B36E2D1B10ACOPEXCLILM43corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/8S-XF5wFUad34nbTHltd6zbo0AQ>
Subject: [Dime] =?iso-8859-1?q?RE=A0=3A_Re=3A__Question_regarding_diameter?= =?iso-8859-1?q?_session?=
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 15:47:33 -0000

Hi,

not sure to understand... The use case that you give is exactly the one that I gave to illustrate my answer "No".
The server would either reject or ignore sessions related requests coming from another source.

Lionel

Le 14 juil. 2017 16:59, Ajinkya Joshi <ajoshi@definitionnetworks.com> a écrit :
I didn't receive the replies on email.
Inline question starting with [AJ]
Copying the responses from archive for reference. ---

Hi,

Please see below.

Regards,

Lionel

> -----Message d'origine-----
> De : DiME [mailto:dime-bounces at ietf.org<http://ietf.org>] De la part de Ivan Skytte Jørgensen
> Envoyé : jeudi 29 juin 2017 11:21
> À : dime at ietf.org<http://ietf.org>
> Objet : Re: [Dime] Question regarding diameter session
>
> On Thursday 29 June 2017 13:15:05 Ajinkya Joshi wrote:
> > Hello,
> >
> > >From the RFC 6733, it is clear that diameter session is identified
> > >bases on
> > session-id, which has to be globally unique. Also in section 2.5
> > (Connections vs Sessions), it's clearly mentioned that one connection
> > can be used to multiplex multiple diameter sessions.
> > I have following questions related to diameter session -
> >
> > Is there any implicit correlation between diameter session and origin-host?
>
> Only what is spelled out in the RFC "The Session-Id MUST begin with the sender's
> identity [...]"

[LM] correct.

>
> A dubious diameter implementation may decode the session-id extracting what
> the origin-host might be. But that would be silly since it is already present in the
> origin-host AVP. Well-behaved diameter implementations treat session-id as an
> opaque string.
>
> > Does diameter standard allow different requests for the same session
> > to have different origin-host value?
>
> Yes, eg RAR and ASR requests will have a typically have an origin-host/realm
> different from where the session-id was created.

[LM] if the question was for requests with different origin-host received by the same server for the same session, the answer is NO.
Session related data maintained by a server for a given session are bounded to a single Origin-host. As said in the RFC6733,
  "A session is a
   logical concept at the application layer that exists between the
   Diameter client and the Diameter server; it is identified via the
   Session-Id AVP."
There is therefore a 1-to-1 relationship between the server and the client initiating the session. If a server would accept session related messages from different nodes for the same session, it would not possible to ensure a consistent management of the session state, e.g. node A creating the session, node B terminating the session whereas node A is not aware.

[AJ] What if there is an implementation where client is distributed and session state is shared by some means between the various client nodes. Each of the client node represents  different diameter host. So, how would server behave, if say client node-1 (with diameter host name as "n1", which becomes origin-host) initiates a diameter session, and different client node say node-2 (with diameter host name as "n2", which becomes origin-host) sends some subsequent message for the same session (using same session-id)?


>
>
> /isj
>
> _______________________________________________
> DiME mailing list
> DiME at ietf.org<http://ietf.org>
> https://www.ietf.org/mailman/listinfo/dime

On Thu, Jun 29, 2017 at 1:15 PM, Ajinkya Joshi <ajoshi@definitionnetworks.com<mailto:ajoshi@definitionnetworks.com>> wrote:
Hello,

>From the RFC 6733, it is clear that diameter session is identified bases on session-id, which has to be globally unique. Also in section 2.5 (Connections vs Sessions), it's clearly mentioned that one connection can be used to multiplex multiple diameter sessions.
I have following questions related to diameter session -

Is there any implicit correlation between diameter session and origin-host?
Does diameter standard allow different requests for the same session to have different origin-host value?
Is there any possible problem if the value of Diameter Identity (part of recommended format for session-id) is different from those present in the request (like origin-host/origin-realm)?

--
Regards,
Ajinkya Joshi



--
Regards,
Ajinkya Joshi

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.