Diameter Network Access Server (NAS) Application (application id: 1)

The Diameter Network Access Server (NAS) Application, is designed to facilitate Authentication, Authorization, and Accounting (AAA) services within a NAS environment. NAS environments typically include network devices such as routers, switches, and firewalls that provide access to a network. The NAS application is crucial for ensuring that all users and devices attempting to connect to the network are authenticated, authorized to use network resources, and that their usage is properly accounted for.

Purpose of the Diameter NAS Application Interface
Authentication: The NAS application verifies the identity of users or devices attempting to access the network. This step ensures that only authorized entities can initiate a session and access network services.
Authorization: After successful authentication, the NAS application determines whether the user or device is permitted to access the requested services or resources. Authorization policies are enforced to control the level of access granted.
Accounting: The NAS application tracks and records the usage of network resources by authenticated users or devices. This information is essential for billing, resource management, and audit purposes.

The NAS application operates as an intermediary between network access devices (such as routers and switches) and AAA servers. It utilizes the Diameter protocol framework, which is defined in [RFC6733], to manage the exchange of AAA information.

The key elements of this architecture include:

• Diameter Protocol: The NAS application is based on the Diameter Base protocol, which provides the foundation for message exchange, security, and error handling. The application uses standard Diameter message formats and Attribute-Value Pairs (AVPs) to convey information between NAS devices and AAA servers.
• Command Codes: The NAS application defines several Diameter command codes that are essential for its operation. These include:
  • AA-Request (AAR) and AA-Answer (AAA): Used for the authentication and authorization of sessions.
  • Re-Auth-Request (RAR) and Re-Auth-Answer (RAA): Used for reauthenticating or reauthorizing ongoing sessions.
  • Session-Termination-Request (STR) and Session-Termination-Answer (STA): Used for terminating active sessions.
  • Accounting-Request (ACR) and Accounting-Answer (ACA): Used for reporting the usage of network resources.

Diameter NAS Application interface workflow:

1. Session Establishment:
   • When a user or device initiates a connection to the network, the NAS generates an AA-Request (AAR) message containing the necessary authentication details.
   • This message is sent to the AAA server, which processes the authentication information.
   • If the authentication is successful, the AAA server responds with an AA-Answer (AAA) message, which includes authorization information and establishes a session context for the user or device.
2. Session Reauthentication/Reauthorization:
   • Periodically, the NAS may need to reauthenticate or reauthorize the user or device to ensure continued access to the network. This is typically required after a certain time period or under specific conditions.
   • The NAS sends a Re-Auth-Request (RAR) message to the AAA server, which re-evaluates the session's validity.
   • The server responds with a Re-Auth-Answer (RAA) message, updating the session context and maintaining or modifying access permissions as necessary.
3. Accounting:
   • Throughout the active session, the NAS tracks resource usage, including metrics such as session duration, data transferred, and services accessed.
   • This information is reported to the AAA server using Accounting-Request (ACR) messages.
   • The AAA server acknowledges the receipt of this information with Accounting-Answer (ACA) messages, ensuring accurate accounting and billing.
4. Session Termination:
   • When the user or device disconnects from the network or the session is otherwise terminated, the NAS sends a Session-Termination-Request (STR) message to the AAA server.
   • The AAA server processes this request and responds with a Session-Termination-Answer (STA) message, releasing any resources associated with the session.
   • If accounting is active, a final Accounting-Request (ACR) message is sent to report the end of the session.

For complete technical specification of Diameter NAS Application interface in Diameter protocol please refer to: [RFC7155]