IETF Logo Mail Archive

Re: [Dime] draft-avasarala-diameter-error-invalid-identity-00

"AVASARALA, RANJIT KUMAR" <ra698k@att.com> Tue, 31 October 2017 18:57 UTC

Return-Path: <ra698k@att.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3663E13F5FF for <dime@ietfa.amsl.com>; Tue, 31 Oct 2017 11:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.411
X-Spam-Level:
X-Spam-Status: No, score=-3.411 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CSH8-WkjbyM for <dime@ietfa.amsl.com>; Tue, 31 Oct 2017 11:57:33 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EABA13F5F2 for <dime@ietf.org>; Tue, 31 Oct 2017 11:57:33 -0700 (PDT)
Received: from pps.filterd (m0049458.ppops.net [127.0.0.1]) by m0049458.ppops.net-00191d01. (8.16.0.21/8.16.0.21) with SMTP id v9VIvROV035991; Tue, 31 Oct 2017 14:57:31 -0400
Received: from tlpd255.enaf.dadc.sbc.com (sbcsmtp3.sbc.com [144.160.112.28]) by m0049458.ppops.net-00191d01. with ESMTP id 2dxvu15tef-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Oct 2017 14:57:28 -0400
Received: from enaf.dadc.sbc.com (localhost [127.0.0.1]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id v9VIvEWv118120; Tue, 31 Oct 2017 13:57:16 -0500
Received: from dalint01.pst.cso.att.com (dalint01.pst.cso.att.com [135.31.133.159]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id v9VIv9UU118026 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 31 Oct 2017 13:57:10 -0500
Received: from MOSTLS1MSGHUBAA.ITServices.sbc.com (MOSTLS1MSGHUBAA.itservices.sbc.com [135.41.4.148]) by dalint01.pst.cso.att.com (RSA Interceptor); Tue, 31 Oct 2017 18:56:53 GMT
Received: from MOSTLS1MSGUSRFG.ITServices.sbc.com ([169.254.7.170]) by MOSTLS1MSGHUBAA.ITServices.sbc.com ([135.41.4.148]) with mapi id 14.03.0361.001; Tue, 31 Oct 2017 13:56:53 -0500
From: "AVASARALA, RANJIT KUMAR" <ra698k@att.com>
To: "Bertz, Lyle T [CTO]" <Lyle.T.Bertz@sprint.com>, Yuval Lifshitz <ylifshitz@sandvine.com>, "dime@ietf.org" <dime@ietf.org>
Thread-Topic: draft-avasarala-diameter-error-invalid-identity-00
Thread-Index: AdNSZIrJm2O1lnw9Q5e+yrjpjtgOFgABIxwgAAJK+5AAAKJMwAABIT8w
Date: Tue, 31 Oct 2017 18:56:53 +0000
Message-ID: <BD15502709C85D4DAA2DCBF30D38A3B71728FDFA@MOSTLS1MSGUSRFG.ITServices.sbc.com>
References: <BD15502709C85D4DAA2DCBF30D38A3B7172894DC@MOSTLS1MSGUSRFG.ITServices.sbc.com> <C43C255C7106314F8D13D03FA20CFE49ED56978C@wtl-exchp-1.sandvine.com> <BD15502709C85D4DAA2DCBF30D38A3B71728D777@MOSTLS1MSGUSRFG.ITServices.sbc.com> <62823085c481447e95e17e4e62c6ce8c@plswe13m04.ad.sprint.com>
In-Reply-To: <62823085c481447e95e17e4e62c6ce8c@plswe13m04.ad.sprint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.38.35.228]
Content-Type: multipart/alternative; boundary="_000_BD15502709C85D4DAA2DCBF30D38A3B71728FDFAMOSTLS1MSGUSRFG_"
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-31_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710310228
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/JTDjpZryZDS8vguf61RjGQCqRZE>
Subject: Re: [Dime] draft-avasarala-diameter-error-invalid-identity-00
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 18:57:36 -0000

Hi Lyle

Answers inline <Ranjit>

Regards
Ranjit
VoLTE T4 Support
317-224-9441



From: Bertz, Lyle T [CTO] [mailto:Lyle.T.Bertz@sprint.com]
Sent: Tuesday, October 31, 2017 1:46 PM
To: AVASARALA, RANJIT KUMAR <ra698k@att.com>; Yuval Lifshitz <ylifshitz@sandvine.com>; dime@ietf.org
Subject: RE: draft-avasarala-diameter-error-invalid-identity-00

A few questions:


  1.  How did a CTF get and invalid IMEI?  It is typically pulling from somewhere else.
<Ranjit>  invalid iMEI can come from devices reporting invalid IMEI value.  This IMEI value comes from device to MME to PGW and all the way to IMS core.

  1.  When you say invalid in the spec you reference format.  If it is format that is doable but if it is questioning data / associations outside of the AVP or message then this is problematic.   An invalid value in the proposal is too vague. Was it a well formed AVP which did not pass some app level semantic check or was it just bad data?
<Ranjit> by invalid, I mean the data is invalid E.g. the IMEI should be 15 digits long and should follow the rules defined in RFC 7254/7255.  So the CCF that receives the IMEI should validate the IMEI (which the CCFs currently do not) and once they do, and if they determine that the IMEI is invalid, then they should insert the error code into Diameter response (E.g. CCA).

  1.  Is this a IMSI-IMEI(SV) association issue?
<Ranjit> not association - but the value itself.  Technically IMEI and IMEISV are same (except for additional value of SV)

Lyle

From: DiME [mailto:dime-bounces@ietf.org] On Behalf Of AVASARALA, RANJIT KUMAR
Sent: Tuesday, October 31, 2017 1:08 PM
To: Yuval Lifshitz <ylifshitz@sandvine.com<mailto:ylifshitz@sandvine.com>>; dime@ietf.org<mailto:dime@ietf.org>
Subject: Re: [Dime] draft-avasarala-diameter-error-invalid-identity-00

Hi Yuval

Thank you for the comments.

I agree that a standard diameter error exists - the AVP error.   The reason I proposed invalid mobile identity is - it will be more specific to mobile identity.  It can be changed to a 5xxx - but I want an option for the entity to re-send the request with a valid value (assuming it can)

Yes User-Equipment-info AVP is optional in Credit Control Request - but we have seen it is present most of the times and all the times the value is IMEI or IMEISV ( though other values can exist) - but in case of VoLTE / IMS scenarios, the value is usually IMEI.

Now we have lot of cases where due to invalid IMEI - the number of bad records being generated is increasing - so need a way to prevent those.

So the proposed solution is for the entities receiving IMEI as part of any AVP - to validate it and if found invalid to respond with a error.  The entity receiving the error has an option to re-send the request with a valid value if it can.


Regards
Ranjit
VoLTE T4 Support
317-224-9441



From: Yuval Lifshitz [mailto:ylifshitz@sandvine.com]
Sent: Tuesday, October 31, 2017 12:07 PM
To: AVASARALA, RANJIT KUMAR <ra698k@att.com<mailto:ra698k@att.com>>; dime@ietf.org<mailto:dime@ietf.org>
Cc: ben@nostrum.com<mailto:ben@nostrum.com>; Yuval Lifshitz <ylifshitz@sandvine.com<mailto:ylifshitz@sandvine.com>>
Subject: RE: draft-avasarala-diameter-error-invalid-identity-00

Dear Ranjit,
I think there are several issues with your proposal:

  *   A standard diameter error already exists for the case described. It is DIAMETER_INVALID_AVP_VALUE (5004)
  *   3xxx level error codes are meant for peer level (per hop) while the case you describe is session level (end 2 end)
  *   User-Equipment-Info is an optional AVP (at least in RFC4006), and its payload is not necessarily IMEI or IMEISV. This mean that specification forcing the credit control server to validate it would contradict the existing specification

Best Regards,

Yuval

From: DiME [mailto:dime-bounces@ietf.org] On Behalf Of AVASARALA, RANJIT KUMAR
Sent: Tuesday, October 31, 2017 6:32 PM
To: dime@ietf.org<mailto:dime@ietf.org>
Cc: ben@nostrum.com<mailto:ben@nostrum.com>
Subject: [Dime] draft-avasarala-diameter-error-invalid-identity-00

Hello all

We published a new Internet draft addressing the issue of invalid IMEI in SIP / Diameter requests.

Here is the background

IMEI is used for uniquely identifying the mobile devices.  IMEI is present in SIP REGISTER request (Contact header) and Diameter CCR Request (user-Equipment-Info AVP).   It is always assumed that the IMEI value is correct and also the entities that receive IMEI usually do not validate the value.

This IMEI goes all the way till CCFs which use it as part of records generation that eventually lead to generation of CDRs.  So in scenarios where IMEI is correct, the records are considered good but if the IMEI is invalid or incorrect, then the records that are generated become "bad" and lead to inconsistency in billing.

So there is a need to reduce or prevent the generation of bad records and this can be done by validating the received IMEI and reporting invalid instances of IMEI.

So in order to report the cases of invalid iMEI, this draft proposes a new diameter protocol error code - DIAMETER_INVALID_MOBILE_IDENTITY

We request everyone to review the draft and comment.

The URL of the draft is - https://tools.ietf.org/html/draft-avasarala-diameter-error-invalid-identity-00.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Furldefense.proofpoint.com-252Fv2-252Furl-253Fu-253Dhttps-2D3A-5F-5Ftools.ietf.org-5Fhtml-5Fdraft-2D2Davasarala-2D2Ddiameter-2D2Derror-2D2Dinvalid-2D2Didentity-2D2D00.html-2526d-253DDwMFAg-2526c-253DLFYZ-2Do9-5FHUMeMTSQicvjIg-2526r-253DHqz9E2LJHAT14pCYdmHOsQ-2526m-253D9slEZFhalRQfK8W0Qy624FMWppcDpsLJbAfOgESdBug-2526s-253DMP1LfzIYI7pYN8bUqxkF1kdjPlx-2DEQtCfvDNnG9xUXM-2526e-253D-26data-3D02-257C01-257Clyle.t.bertz-2540sprint.com-257C44eb4dec63ce4bfcec0f08d5208a6cd7-257C4f8bc0acbd784bf5b55f1b31301d9adf-257C0-257C0-257C636450701272955406-26sdata-3DQz57rER72b51IojZ3iN21OgJcjdNaQkgX6uSaAc-252Bpsg-253D-26reserved-3D0&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=Hqz9E2LJHAT14pCYdmHOsQ&m=C1X46Oah2dkod6mTzQd2Gucu43Pt0QxtveM6b_VzXnA&s=k7aQgGjqXY88-5XHB6akQ90W0ewaV11A-e096n0aSdU&e=>

Regards
Ranjit






________________________________

This e-mail may contain Sprint proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.

v2.39.1 | Report a Bug | By Email | System Status