[Dime] Update of RFC7423: Use of the 'E' bit in the Diameter Header

<lionel.morand@orange.com> Tue, 12 July 2016 06:45 UTC

Return-Path: <lionel.morand@orange.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B509A12B007 for <dime@ietfa.amsl.com>; Mon, 11 Jul 2016 23:45:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dz4VSrx2zpsb for <dime@ietfa.amsl.com>; Mon, 11 Jul 2016 23:45:55 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B7CA12B016 for <dime@ietf.org>; Mon, 11 Jul 2016 23:45:55 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm10.si.francetelecom.fr (ESMTP service) with ESMTP id 9CD8726428B for <dime@ietf.org>; Tue, 12 Jul 2016 08:45:53 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.62]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 7DC0B23807E for <dime@ietf.org>; Tue, 12 Jul 2016 08:45:53 +0200 (CEST)
Received: from OPEXCLILM43.corporate.adroot.infra.ftgroup ([fe80::ec23:902:c31f:731c]) by OPEXCLILM5E.corporate.adroot.infra.ftgroup ([fe80::2912:bfa5:91d3:bf63%19]) with mapi id 14.03.0301.000; Tue, 12 Jul 2016 08:45:52 +0200
From: <lionel.morand@orange.com>
To: "dime@ietf.org" <dime@ietf.org>
Thread-Topic: Update of RFC7423: Use of the 'E' bit in the Diameter Header
Thread-Index: AdHcCJGU2tNioeXhQRq9v0m2cxk+Ag==
Date: Tue, 12 Jul 2016 06:45:52 +0000
Message-ID: <11308_1468305953_57849221_11308_8803_1_6B7134B31289DC4FAF731D844122B36E01EFEEBD@OPEXCLILM43.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 6.2.1.2478543, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.7.12.55416
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/xp4p8_IvxN5wMuakgiAkIcq2_ng>
Subject: [Dime] Update of RFC7423: Use of the 'E' bit in the Diameter Header
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 06:45:58 -0000

Hi,

As discussed at the last meeting, here is a draft of a new section to include in the RFC7423bis clarifying the use of the 'E' bit in answer commands.
Please provide your comments. This text will be discussed in Berlin.

Regards,

Lionel

**********************
5.12.  Use of the 'E' bit in the Diameter Header

   As described in the section 3 of [RFC6733], the Diameter command
   header includes an 8-bit field named "Command Flags" field.

        0                   1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |    Version    |                 Message Length                                                |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |R P E T r r r r|                  Command Code                                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                         Application-ID                                                                   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                      Hop-by-Hop Identifier                                                        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                      End-to-End Identifier                                                          |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |  AVPs ...
       +-+-+-+-+-+-+-+-+-+-+-+-+-

   These Command Flags are used to characterize the type of Diameter
   message being sent/received, i.e. request or answer ('R' bit),
   proxyable message ('P' bit), error message ('E' bit) and
   retransmitted message ('T' bit).  About the 'E' bit, the following
   definition is given:

        E(rror)

         If set, the message contains a protocol error, and the message
         will not conform to the CCF described for this command.
         Messages with the 'E' bit set are commonly referred to as error
         messages.  This bit MUST NOT be set in request messages (see
         Section 7.2).

   Further details on the use of the 'E' bit are given in the section
   7.2 of the [RFC6733].  In this section, it is explained that when a
   request (e.g.  Diameter-EAP-Request) causes a protocol-related error
   i.e., DIAMETER_UNABLE_TO_DELIVER or DIAMETER_REDIRECT_INDICATION or
   any other error listed in section 7.1.3 of [RFC6733], the
   corresponding answer must not conform to the normal CCF grammar of
   the answer command (e.g.  Diameter-EAP-Answer) but must conform to
   the following generic grammar:

       <answer-message> ::= < Diameter Header: code, ERR [, PXY] >
                         0*1< Session-Id >
                            { Origin-Host }
                            { Origin-Realm }
                            { Result-Code }
                            [ Origin-State-Id ]
                            [ Error-Message ]
                            [ Error-Reporting-Host ]
                            [ Failed-AVP ]
                            [ Experimental-Result ]
                          * [ Proxy-Info ]
                          * [ AVP ]

   Note that the message format given above is not totally correct. If
   the Result-Code AVP is set to DIAMETER_REDIRECT_INDICATION, the
   Redirect-Host AVP must be present.  The message format should be as
   follow:

       <answer-message> ::= < Diameter Header: code, ERR [, PXY] >
                         0*1< Session-Id >
                            { Origin-Host }
                            { Origin-Realm }
                            { Result-Code }
                            [ Origin-State-Id ]
                            [ Error-Message ]
                            [ Error-Reporting-Host ]
                            [ Failed-AVP ]
                            [ Experimental-Result ]
                   -->    * [ Redirect-Host ]
                   -->      [ Redirect-Host-Usage ]
                   -->      [ Redirect-Max-Cache-Time ]
                          * [ Proxy-Info ]
                          * [ AVP ]

   It could be argued that the "*[AVP]" allows the presence of the
   Redirect-Host AVP, Redirect-Host-Usage AVP and Redirect-Max-Cache-
   Time AVP.  However, as there is a clear condition for the presence of
   the redirection information in the answer in case the Result-Code AVP
   is set to DIAMETER_REDIRECT_INDICATION, it is better to include these
   AVP in the generic answer message CCF when the 'E' bit is set in the
   Diameter header.

   If it is used to report protocol errors, the 'E' bit can also be used
   to indicate permanent errors i.e., DIAMETER_UNABLE_TO_COMPLY or any
   other error listed in section 7.1.5 of RFC6733, as described in the
   following part of the introduction of the section 7.1.5 of [RFC6733]:

    "[...] In error conditions where it is not possible or efficient
     to compose application-specific answer grammar, answer messages
     with the 'E' bit set and which comply to the grammar described
     in Section 7.2 MAY also be used for permanent errors.

   Besides describing the possible use of the 'E' bit for permanent
   error cases, the text above further clarifies the rational for an
   answer in a generic command format when the 'E' bit is set.  If an
   error is detected when processing the request at the Diameter
   protocol level, there is no need to generate an full answer complying
   to the CCF grammar of the answer command as defined in the application
   specification.  Furthermore, when this answer is generated by a
   Diameter node in the Diameter signalling path acting as a Diameter
   Relay agent, it is not even possible to generate such an application-
   specific answer as a Relay agent is by definition application-
   agnostic.

   As the main purpose of the answer is to notify the error in the
   process of the request, the pertinent information to provide is
   already contained in the Result-Code (or Experimental-Result) of the
   answer.  In addition, extra information that may also be present in
   the answer is useful for correcting the request or for debugging
   information (e.g.  Failed AVP, Redirect-Host AVP, etc.).

   When defining the commands for a new application, it is RECOMMENDED
   to specifically refer to the section 7.2 of [RFC6733] for the CCF
   specification for the answer command when 'E' bit is set.  AVPs that are 
   supposed to be only used when the 'E' bit is set SHOULD NOT be included
   in the definition of new answer commands e.g.  Redirect-Host AVP.  
   Diameter nodes supporting any application MUST expect to receive 
   answer commands that does not comply with the definition given in the
   application specification, as long as they are compliant with the generic 
   answer command's CCF when the 'E' bit is set.

   NOTE:  The IETF RFC 6733 [RFC6733] is not totally self-consistent as
      AVPs related to redirection information (Redirect-Host AVP,
      Redirect-Host-Usage AVP and Redirect-Max-Cache-Time AVP) are
      included in the CCF specifications of Diameter base answer
      commands (Re-Auth-Answer (RAA), Session-Termination-Answer (STA)
      and Abort-Session-Answer (ASA)) instead of just referring to the
      generic CCF syntax when the 'E' bit is set.  This could be
      misinterpreted as that "normal" answer commands can be used for
      providing redirection information.  Using as reference the IETF
      RFC 6733 [RFC6733], other standard Diameter applications have
      included the Redirect-Host AVP, Redirect-Host-Usage AVP and
      Redirect-Max-Cache-Time AVP in the CCF specification of the answer
      commands (e.g.  [RFC7155] or [RFC4006]).  In the same logic, the
      same approach has been adopted in most of the vendor-specific
      Diameter applications defining new commands.

   Moreover, protocol implementors SHOULD ensure that some protocol
   errors are only handled on a per-hop basis and are not forwarded to
   other peers.  For instance, the DIAMETER_REDIRECT_INDICATION is used
   to indicate to the request should be redirect to hosts that are
   supposed to be peers of the node receiving the answer.  If the
   receiver of the answer is a Diameter relay/proxy agent, it may
   attempt to redirect the request to one of the hosts identified by a
   DiameterURI in the answer.  If it is not able to forward the request
   to one of the identified hosts (e.g. no transport connection can be
   created with any of the identified hosts), the agent SHOULD return a
   DIAMETER_UNABLE_TO_DELIVER to the initiator of the request instead of
   forwarding DIAMETER_REDIRECT_INDICATION.  The same principle SHOULD
   apply with DIAMETER_TOO_BUSY and DIAMETER_LOOP_DETECTED.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.