1. Policy and Charging Application User Guide
  2. Policy DRA Overview
  3. Topology Hiding

3.8 Topology Hiding

For security reasons, network operators require the Diameter Routing Agents to be able to hide the PCRF topology from selected Policy Clients. When a Policy Client is configured to have the PCRF topology hidden from it, all Diameter messages (Request or Answer) that are sent to it need to be processed by the Policy DRA for Topology Hiding. The Policy DRA will place some configured Origin-Host and Origin-Realm values into the messages instead of the PCRF’s real Origin-Host and Origin-Realm values.

Topology Hiding configuration is done on each Policy DRA DSR using the Policy and Charging section of the NOAM GUI. The configuration enables users to set the Topology Hiding function to be Enabled or Disabled for the Policy DRA node. After being enabled, the Topology Hiding function can be further configured to apply for a specific Topology Hiding Scope, as summarized in Table 3-3:
  • The Policy Clients with specific FQDNs
  • All of the Policy Clients with Foreign Realm
  • All the Policy Clients with Foreign Realm and the local Policy Clients with specific FQDNs
  • All Policy Clients
The Host Name used for hiding PCRF topology is also configured. If a Policy Client is configured to use Topology Hiding, the Origin Host and Realm of all messages sent to the Policy Client will be changed to the configured Host Name.
The Diameter messages to be topology hidden from certain Policy Clients can be initiated from either Policy Clients (by a CCR from a PCEF) or Policy servers (by an RAR from a PCRF), or initiated by the Policy DRA (by an RAR generated by the Policy DRA). The handling of the Diameter messages for Topology Hiding will be different depending on the specific scenarios. To determine whether or not Topology Hiding is applicable for a Policy Client:
  • For messages initiated from Policy Clients, the Policy DRA will compare the Origin-Host and Origin-Realm values in the incoming messages to the configured values.
  • For messages initiated from Policy servers or by the Policy DRA, the Policy DRA compares the Destination-Host and Destination-Realm values to the configured values. =
  • For messages initiated by the Policy DRA, the Policy DRA will compare the Destination-Host and Destination-Realm of the Policy Client with the configured values to determine whether or not the Topology Hiding is applicable to the Policy Client.

Table 3-3 Topology Hiding Scope Configuration

Topology Hiding System Setting Topology Hiding Scope Setting Result
Disabled N/A No Topology Hiding is performed
Enabled Specific Clients Topology Hiding is performed for messages destined to the policy clients that are configured from the SOAM GUI Main Menu Policy and Charging, and then Configuration, and then Policy DRA, and then Policy CLients screen
All Foreign Realms Topology Hiding is performed for messages destined to the policy clients whose realms are different from the realm of the PCRF to be bound
All Foreign Realms + Specific Clients Topology Hiding is performed if either All Foreign Realms or Specific Clients condition is met
All Messages Topology Hiding is performed for all messages destined to all policy clients