1. RADIUS User Guide
  2. RADIUS Overview
  3. Message Conversion
  4. RADIUS to Diameter Request Message Conversion

2.5.1 RADIUS to Diameter Request Message Conversion

RADIUS Request messages received from a peer node are encapsulated into a Diameter Request message and forwarded to the DRL for routing purposes. DRL Diameter Request message routing is based on message content, which has basic information such as Application ID, Command Code, source/destination Realms and source/destination node addresses (FQDNs). RCL generates this information using information from the RADIUS message and configuration data. Most of this information does not exist in RADIUS and needs to be inferred by RCL. Network Access Server (NAS) originated messages (e.g. Access-Request, Accounting-Request) typically contain information that can identify the source of the message (NAS-Identifier, IPv4 address, IPv6 address). Similarly, NAS terminated messages (e.g. CoA-Request and Disconnect-Request) typically contain information that can identify the destination of these messages.

Because RADIUS messages lack basic information such as Realms, Application IDs, or the source address of the node which initiated a message to a NAS node, the creation of Diameter Request message content is based both upon the message content, if available, or configuration data associated with the ingress Peer Node or RADIUS connection, if not. The generated Diameter information can then be used to setup appropriate routing rules in DRL.

RCL supports an optional NAS Node that can be used to infer either the origin or the destination host information depending on the type of the RADIUS request. The NAS Node can be populated with information that may be obtained from NAS identifying attributes in the RADIUS message (NAS Identifier, IPv4 address, IPv6 address) which is mapped to an FQDN which may serve as the origin or destination host information. RCL extracts this information from RADIUS requests and attempt to find a matching entry in the NAS Node.
  1. NAS Identifier address (NAS-Identifier attribute)
  2. IPv4 address (NAS-IP-Address attribute)
  3. IPv6 address (NAS-IPv6-Address attribute)

Each instance of address type is used until a match is found or list of addresses found in the message has been exhausted. If no match is found, then the Realm/FQDN associated with the ingress RADIUS Peer Node is used. Multiple instances of each address type may exist. Only the first instance of the NAS Identifier address is added to the search list while all instances of the IPv4 and IPv6 addresses are added to the search list.

The Diameter Application ID and Command Code assigned to the Diameter Request is determined statically using pre-configured mappings read from the Message Conversion Configuration Set. For information on how to view the Message Conversion Configuration Set, refer to Message Conversion Configuration Set.