Re: [Dime] clearing of the Destination-Host AVP in the retransmitted request

"Poscic, Kristian (Nokia - US/Mountain View)" <> Wed, 03 April 2019 18:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3661B120166 for <>; Wed, 3 Apr 2019 11:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id C2QzC-2o0rLW for <>; Wed, 3 Apr 2019 11:52:55 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 12B8412013F for <>; Wed, 3 Apr 2019 11:52:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sfF0TCydB/T1rxILhxuvvqdJj6uVzogGQ/jYjxJejCw=; b=CNhgB7X2jYZtahoOkGksuyIO1UhfKOdVnGcP1a0ToJL1C4G2Vnj9xuDV+h57pA0Sb6XGJYsx+hkcHLcXtzr2/bSzab0EsLO1OVlNOPeGMwxNqTcIcQbUwUq1GuG9RFeQkgeDbMPySp68sMmmqwcl2mopFp9cdNcK3bjI+XbJ3SQ=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.9; Wed, 3 Apr 2019 18:52:52 +0000
Received: from ([fe80::6ce1:d83d:e1b2:da05]) by ([fe80::6ce1:d83d:e1b2:da05%7]) with mapi id 15.20.1771.011; Wed, 3 Apr 2019 18:52:52 +0000
From: "Poscic, Kristian (Nokia - US/Mountain View)" <>
To: Æstrid Smith <>
CC: "" <>
Thread-Topic: [Dime] clearing of the Destination-Host AVP in the retransmitted request
Thread-Index: AdTmh7TwzN1E6HnzRjKZFmd70UeSTADwscaAAABa1eA=
Date: Wed, 03 Apr 2019 18:52:52 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: be2034ba-9bb8-450e-89d3-08d6b865938e
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:AM0PR07MB6065;
x-ms-traffictypediagnostic: AM0PR07MB6065:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <>
x-forefront-prvs: 0996D1900D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(136003)(396003)(13464003)(199004)(189003)(446003)(6306002)(105586002)(106356001)(966005)(486006)(76176011)(97736004)(6916009)(229853002)(316002)(8936002)(5660300002)(4326008)(6436002)(52536014)(25786009)(86362001)(6246003)(53936002)(7736002)(66066001)(7696005)(476003)(99286004)(55016002)(74316002)(71190400001)(478600001)(9686003)(71200400001)(14454004)(3846002)(6116002)(256004)(2906002)(81156014)(81166006)(33656002)(53546011)(8676002)(6506007)(102836004)(26005)(186003)(11346002)(305945005)(14444005)(68736007); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR07MB6065;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: XHbgyyRK+NuENu8nn7EoH/s3bD6D0xajclJoXM/QrG3AUTBeT/BiV+701SYYaJKPLTuzDFXq+gyWgrQ8YAhMWzkT83FZP3brGeJ89J3mdcYvpcuOEXNaO9/IO+7vtbpK6//68KQ9bqlFS3LiSCpv/YPCXuX5qoUGu93W/HgOPOm7LBlOVfnRfaZzmsqD8lbzpNdi1QQ9xnXh6lg6ZX0+arySFiLf5M0lLxmRf3qsjTz68NCRSnRq2gUqTFxTqE26sVl3SjXqrWuBvuDeD0kINo36IG6Id6dxr2tEUtwAcCw9pRwrPSq+Sgg5ozT5bFXAnAJTavuwrANio48LIAV5/lA9OKQ3hTWloB4R6qQ9D1AWYyaJwTVL9MO5AZnh1yIBER9g2Yh5yQ9kdhRDdAwtd8HEXNtIwoHmFYeT3CGjKU0=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: be2034ba-9bb8-450e-89d3-08d6b865938e
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2019 18:52:52.5414 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6065
Archived-At: <>
Subject: Re: [Dime] clearing of the Destination-Host AVP in the retransmitted request
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Apr 2019 18:52:58 -0000

Thanks Astrid (sorry for butchering the spelling of your name but I don't have an 'ae' character on my keyboard). 
On receipt of UNABLE_TO_DELIVER, diameter client would still retransmit  on a different next-hop peer (if available), just that the dest-host is removed so that the peer can make the decision where to deliver this message (based on the realm routing).
The assumption is that the servers (for example PCRFs) are all synchronized (georedundancy), and then any can respond for the session in the retransmitted request. 
If the application servers are not synched, then this would be a problem indeed. But then, the problem would be if we leave the dest-host intact in the retransmit  while the dest-host is truly down.

RFC 4006  6.5 allows for backup destinations. There, it is alluded that the client may have two destination hosts configured, and use one until 3002 is received. When 3002 is received (and some other config conditions are met), the second dest-host can be used. 
What I'm saying is that one can just remove the dest-host from the retransmit and the message will be naturally delivered via realm routing to some dest host (assuming georedundancy is supported).

It looks like that if vendors implement one behavior for this, it will address some scenarios, but it will break some other. Really no uniform solution.  

-----Original Message-----
From: Æstrid Smith <> 
Sent: Wednesday, April 3, 2019 1:25 PM
To: Poscic, Kristian (Nokia - US/Mountain View) <>
Subject: Re: [Dime] clearing of the Destination-Host AVP in the retransmitted request

Hi Kris,

Your second scenario, an Unable_To_Deliver reply, can be generated on predictive loop avoidance (6733 section 6.1.7) also.  Blacklisting the peer for that destination-host is a good choice in that scenario.  But I wouldn't think that clearing the destination-host is necessary, because if the message could be retransmitted on a different path it may eventually succeed.

If you're out of paths, though, as an ultimate fallback that seems reasonable.

But then, I work almost exclusively with the base protocol in context of a relay agent :) We don't touch the destination-host on any message, unless configured otherwise.  From my reading of rfc6733 section 6.1, there isn't much latitude to include or omit a destination-host on any particular message.
æstrid smith     -------------------
--<[ c y b e r  |  s o f t w a r e  |  e n g i n e e r ]>--
    ------------                     ------------------

On Sat, Mar 30, 2019 at 12:55:00PM +0000, Poscic, Kristian wrote:
> Can someone clarify in which case should a Diameter client (DC) clear 
> the Destination-Host AVP in the *retransmitted* request
> message:
> 1. When the peer failover occurs - say the connection to node 1
>    fails and DC retransmit the request in the pending queue to node
>    2? Section 5.5.4 in RFC 6733 is not specific about this, and it
>    may even imply that the destination-host should not be
>    cleared. Even though the clearing it may be beneficial.
> 1. When the client receives Diameter_Unable_to_Deliver (with E-bit
>    set) error message, which indicates that the node to which the
>    request is sent is unable to deliver the message to the
>    destination-host (or realm). In this case it would be beneficial
>    to blacklist this peer for this particular Diameter session. The
>    application (Gx/Gy/NASREQ) could then retransmit, but it clearly
>    does not make sense for Diam Base to send the message to the same
>    peer. Should the destination-host be cleared in this retransmit?
>    Some of this is mentioned in RFC 4006, sec 6.5, but again, it is
>    not clear.
> I assume that when the original request message times out (due to no 
> answer received) and it is retransmitted after Tx timer expires, the 
> destination-host is not cleared in the retransmit.
> Also, should the CC-Req-Num be the same on retransmit, or should the 
> client use a new one?
>                                             +---------+
>                                             |Diameter |
>                       +---------------------|         |
>          +---------+  |                     | Node 1  |
>          |Diameter |--+                     +---------+
>          |         |
>          | Client  |--+                     +---------+
>          +---------+  |                     |Diameter |
>                       +---------------------|         |
>                                             | Node 2  |
>                                             +---------+
> Note: Diameter Node 1 and Node 2 could be relay agents OR the home 
> servers (say redundant PCRFs, each with it's own unique peer name).
> I assume that DC should not make a decision on how to react based on 
> the knowledge whether it has peering connection with the RA or the 
> server.
> This is in the context on plain Base, without any overload 
> functionality (overload reports).
> Thanks,
> Kris

> _______________________________________________
> DiME mailing list