Diameter Credit-Control Application, is a networking protocol for Diameter application used to implement real-time credit-control for a variety of end user services.
It is an IETF standard first defined in RFC 4006, and updated in RFC 8506.
The purpose of the diameter credit control application is to provide a framework for real-time charging, primarily meant for the communication between gateways/control-points and the back-end account/balance systems (typically an Online Charging System).
The application specifies methods for:
The diameter credit control application does not specify which type units are bought/used and which items are charged. This is left to the service context that has to be specified separately, as is some of the semantics.
Examples of units used/bought:
Examples of items charged:
Diameter credit control also specifies how to handle the fairly complex issue of multiple unit types used/charged against a single user balance. For instance, a user may pay for both online time and download bytes but has only a single account balance.
A session-based credit control process uses several interrogations which may include first, intermediate and last interrogation. During interrogation money is reserved from the user account. Session-based charging is typically used for scenarios where the charged units are continuously consumed, e.g. charging for bytes upload/download.
An event-based credit control process uses events as charging mechanism. Event-based charging is typically used when units are not continuously consumed, e.g. a user sending an MMS.
In order to support Credit Control via Diameter, there are two Diameter messages, the CCR (Credit Control Request) and the CCA (Credit Control Answer). Command Code for CCR/CCA is 272, as defined in RFC 4006
For quota management the client sends CCR to the server requesting units and reporting consumption. The server grants units and charges the user. For simple debit/credit the client sends a CCR asking the server to credit/debit the user's account. For price inquiries the client ask the server what the price for a unit is, and the server responds with the price.
The message flows are in general driven by the control-point asking for units and the server granting them. The message may also be generated by other diameter applications, such as NASREQ (RFC4005) for sessions that are time/usage-limited.
The following diagram shows a simplified message flow for a session using quota grants.
The client starts by requesting 10 units from the server. The server verifies that the user/subscriber has enough balance for it. In this example the server grants the client all the units it requested. if the subscriber had insufficient balance it could have granted less units or rejected it completely.
When or before the subscriber session has used the granted units the client sends an update to the server telling it how many units have been used and how many it would like granted this time. The client is allowed to request units before the previous grant is completely used, in order to avoid suspending the subscriber session while talking to the server. In this example the client sends the request when 7 units of the 10 previously granted units have been used; and ask for 10 more units, which the server grants. The server can use the used-units count for debiting the subscriber balance (granting units does not indicate that they will be used. The Used-Units AVP contains the actual usage). It is also possible for the server to tell the client how long the grant is valid, in which case the client is expected to send an update when the grant timer expires.
There can be many update messages during a session.
Finally, the subscriber has ended the session, and the client sends a termination message to the server containing the last Used-Units. The server can use the termination message to clear any related reservations made in the back-end balance management system. If the subscriber did not terminate the session himself but instead depleted his balance then the server would have responded earlier with reject to an update message, possibly telling the client/control-point to redirect traffic (this normally only makes sense for HTTP/WAP traffic).
The new command codes, CCA and CCR, may require some AVPs as indicated below. Bold AVPs are new to DCCA.
Command code | ||
---|---|---|
Attribute name | CCR | CCA |
Acct-Multi-Session-Id | 0–1 | 0–1 |
Auth-Application-Id | 1 | 1 |
CC-Correlation-Id | 0–1 | 0 |
CC-Session-Failover | 0 | 0–1 |
CC-Request-Number | 1 | 1 |
CC-Request-Type | 1 | 1 |
CC-Sub-Session-Id | 0–1 | 0–1 |
Check-Balance-Result | 0 | 0–1 |
Cost-Information | 0 | 0–1 |
Credit-Control-Failure-Handling | 0 | 0–1 |
Destination-Host | 0–1 | 0 |
Destination-Realm | 1 | 0 |
Direct-Debiting-Failure-Handling | 0 | 0–1 |
Event-Timestamp | 0–1 | 0–1 |
Failed-AVP | 0 | 0+ |
Final-Unit-Indication | 0 | 0–1 |
Granted-Service-Unit | 0 | 0–1 |
Multiple-Services-Credit-Control | 0+ | 0+ |
Multiple-Services-Indicator | 0–1 | 0 |
Origin-Host | 1 | 1 |
Origin-Realm | 1 | 1 |
Origin-State-Id | 0–1 | 0–1 |
Proxy-Info | 0+ | 0+ |
Redirect-Host | 0 | 0+ |
Redirect-Host-Usage | 0 | 0–1 |
Redirect-Max-Cache-Time | 0 | 0–1 |
Requested-Action | 0–1 | 0 |
Requested-Service-Unit | 0–1 | 0 |
Route-Record | 0+ | 0+ |
Result-Code | 0 | 1 |
Service-Context-Id | 1 | 0 |
Service-Identifier | 0–1 | 0 |
Service-Parameter-Info | 0+ | 0 |
Session-Id | 1 | 1 |
Subscription-Id | 0+ | 0 |
Termination-Cause | 0–1 | 0 |
User-Equipment-Info | 0–1 | 0 |
Used-Service-Unit | 0+ | 0 |
User-Name | 0–1 | 0–1 |
Validity-Time | 0 | 0–1 |
Command code | ||
---|---|---|
Attribute name | RAR | RAA |
CC-Sub-Session-Id | 0–1 | 0–1 |
G-S-U-Pool-Identifier | 0–1 | 0–1 |
Service-Identifier | 0–1 | 0–1 |
Rating-Group | 0–1 | 0–1 |
The table uses the following symbols:
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common protocols for email retrieval.
The Real Time Streaming Protocol (RTSP) is an application-level network protocol designed for multiplexing and packetizing multimedia transport streams over a suitable transport protocol. RTSP is used in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between endpoints. Clients of media servers issue commands such as play, record and pause, to facilitate real-time control of the media streaming from the server to a client or from a client to the server.
The Simple Mail Transfer Protocol (SMTP) is an internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications. SIP is used for signaling and controlling multimedia communication sessions in applications of Internet telephony for voice and video calls, in private IP telephone systems, in instant messaging over Internet Protocol (IP) networks as well as mobile phone calling over LTE (VoLTE).
The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.
In computer networking, the User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network. Prior communications are not required in order to set up communication channels or data paths.
An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises in 1991 as an access server authentication and accounting protocol. It was later brought into IEEE 802 and IETF standards.
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
In computer science and networking in particular, a session is a time-delimited two-way link, a practical layer in the tcp/ip protocol enabling interactive expression and information exchange between two or more communication devices or ends – be they computers, automated systems, or live active users. A session is established at a certain point in time, and then ‘torn down’ - brought to an end - at some later point. An established communication session may involve more than one message in each direction. A session is typically stateful, meaning that at least one of the communicating parties needs to hold current state information and save information about the session history to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.
STUN is a standardized set of methods, including a network protocol, for traversal of network address translator (NAT) gateways in applications of real-time voice, video, messaging, and other interactive communications.
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite.
The IP Multimedia Subsystem or IP Multimedia Core Network Subsystem (IMS) is a standardised architectural framework for delivering IP multimedia services. Historically, mobile phones have provided voice call services over a circuit-switched-style network, rather than strictly over an IP packet-switched network. Alternative methods of delivering voice (VoIP) or other multimedia services have become available on smartphones, but they have not become standardized across the industry. IMS is an architectural framework that provides such standardization.
Online charging system (OCS) is a system allowing a communications service provider to charge their customers, in real time, based on service usage.
The Session Initiation Protocol (SIP) is the signaling protocol selected by the 3rd Generation Partnership Project (3GPP) to create and control multimedia sessions with two or more participants in the IP Multimedia Subsystem (IMS), and therefore is a key element in the IMS framework.