RADIUS vs. Diameter Protocol: A Detailed Comparison

radius
diameter
aaa
protocol
network

This article compares the Radius and Diameter protocols, highlighting the differences between them. Both are fundamental for AAA (Authentication, Authorization, and Accounting) servers. ISP roaming is facilitated by RADIUS servers, allowing users to access their registered ISP from various locations.

Both Radius and Diameter serve as AAA protocols, offering these key benefits:

  • Simplifying NAS (Network Access Server) functionality.
  • Centralizing user administration.
  • Enabling user roaming.
  • Providing protection against active attackers.

Radius Diameter Network Architecture Figure 1: Radius and Diameter Network Architecture

RADIUS Protocol

RADIUS (Remote Authentication Dial-In User Service) is a protocol designed for AAA.

Key features include:

  • Client/Server model
  • Network security provision
  • Flexible authentication methods
  • Extensibility

RADIUS operates in the following modes:

  • User-Name/Password
  • Challenge/Response
  • Interoperation with PAP/CHAP
  • Proxy

A secret key is shared between the client and server before communication begins.

The following RADIUS packet types are exchanged:

  • Access Request: Initiated by the client to the server.
  • The server responds with either Access Accept, Access Reject, or Access Challenge.
  • Access-Accept messages contain the necessary attributes to provide services to the user.

Radius packet header format Figure 2: RADIUS Protocol Packet Header Format

Figure 2 illustrates the RADIUS protocol packet header, comprised of these fields:

  • Code: A 1-byte field identifying packet types.
  • Identifier: A 1-byte field for matching responses to requests.
  • Length: A 2-byte field specifying the total packet length (20 to 4096 octets), including the code, identifier, length, and authenticator fields.
  • Authenticator: A 16-octet field used in request/response messages.
  • List of Attributes: RADIUS uses over 63 attributes, each consisting of a type, length, and value. Common attributes include User-Name, User-Password, CHAP-Password, NAS-IP-Address, and NAS-Port.

DIAMETER Protocol

Diameter is another AAA protocol offering similar functionalities to RADIUS but with enhanced and additional capabilities.

Key features of the DIAMETER Protocol:

  • Capabilities negotiation
  • AAA information carried in AVPs (Attribute Value Pairs)
  • Error notification
  • Extensibility through new commands and AVPs
  • Basic services for user sessions, accounting, and session state maintenance
  • Hop-by-hop security using IPSec (mandatory) and TLS (optional)
  • Diameter clients must support TCP or SCTP, while agents and servers must support both.
  • Independent authentication/authorization and accounting session management
  • Peer-to-peer protocol

Diameter Header Figure 3: Diameter Protocol Header Format

Figure 3 shows the Diameter protocol header format, including:

  • Flags: (13 bits) indicating the command type (request, reply, indication).
  • Hop-by-Hop Identifier
  • End-To-End Identifier
  • Command Code
  • AVPs: Encapsulate relevant information to the message

Diameter AVP Figure 4: Diameter AVP Format

Figure 4 depicts the Diameter protocol AVP format, composed of:

  • AVP Code: Uniquely identifies the attribute.
  • AVP Flags: Indicate how the AVP should be handled: r (reserved), P (protected), M (mandatory), V (vendor-specific).

The Diameter base protocol provides a secure transport for messages defined in application-specific extensions. Data objects are encapsulated within Attribute Value Pairs (AVPs).

Radius vs. Diameter: Key Differences

FeatureRadius ProtocolDiameter Protocol
Full FormRemote Authentication Dial-In User ServiceEnhanced RADIUS protocol. Successor to RADIUS.
Transport ProtocolUDPTCP/SCTP (Stream Control Transmission Protocol)
ReliabilityUnreliable; lacks reliability, ordering, data integrityReliable; uses positive/negative feedback
Defined InRFC 2865RFC 6733 and RFC 3588
ApplicationsNetwork Access, IP MobilityNAS, mobile IP, credit controls, 3G, SIP, EAP
Header/Packet FormatSpecific RADIUS Packet Header (Figure 2)Diameter Header & AVP formats (Figures 3 & 4)

The PDU header formats for Radius and Diameter protocols differ, as illustrated in Figures 2, 3, and 4.

In summary, Diameter offers improved transport, proxying, session control, and security compared to Radius. This is the core difference between the two protocols.

Data Communication: Interview Questions and Answers

Prepare for your software engineering job interview with these frequently asked questions on data communication, covering OSI model, TCP/IP, security, and emerging trends.

data communication
network
protocol

Zigbee Interview Questions and Answers

Prepare for your Zigbee interview with this comprehensive guide. Covers key topics like network architecture, protocols, and comparisons with WiFi.

zigbee
interview
wireless
Weightless System: Basic Overview for IoT

Weightless System: Basic Overview for IoT

Explore the Weightless standard, designed for low-cost, long-battery-life IoT devices using TV white space, including frame structure, specifications, and protocol stack.

weightless
iot
wireless