Diameter Endpoint Configuration Mode Commands

Diameter Endpoint Configuration Mode is accessed from the Context Configuration Mode. The base Diameter protocol operation is configured in this mode.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

associate

This command associates/disassociates a Stream Control Transmission Protocol (SCTP) parameter template with the Diameter endpoint.

Platform:

ASR 5000

Product:

MME


Privilege:

Administrator


Syntax
associate sctp-parameters-template template_nameno associate sctp-parameters-template
no

Disassociates an SCTP parameter template with the Diameter endpoint.

sctp-parameters-template template_name

Associates a previously created SCTP parameter template with the Diameter endpoint. template_name specifies the name for a pre-configured SCTP parameter template. For more information on SCTP parameter templates, refer to the sctp-param-template command in the Global Configuration Mode Commands chapter.


Usage:

Use this command to associate a configured SCTP parameter template with the Diameter endpoint.

The SCTP parameter template allows for SCTP timer values to be configured for the interface using the Diameter endpoint configuration. For more information on SCTP parameters, refer to the SCTP Parameter Template Configuration Mode Commands chapter.

IMPORTANT:

Only one SCTP parameter template can be associated with the Diameter endpoint configuration. The SCTP parameter template should be configured prior to issuing this command.

Only the following parameters from the template will be associated with the endpoint. When no SCTP parameter template is associated with the endpoint, the following default values are used:

sctp-cookie-life 60000 (default for the parameter template as well)

sctp-max-init-retx 5 (default for the parameter template as well)

sctp-max-path-retx 10 (default in the parameter template is 5)

sctp-rto-initial 3000 (default for the parameter template as well)

sctp-rto-max 60000 (default for the parameter template as well)

sctp-rto-min 1000 (default for the parameter template as well)

sctp-sack-period 200 (default for the parameter template as well)

timeout sctp-heart-beat 30 (default for the parameter template as well)


Example:
The following command associates a pre-configured SCTP parameter template called sctp1 to the Diameter endpoint:
associate sctp-parameters-template sctp1
cea-timeout

This command configures the Capabilities-Exchange-Answer (CEA) message timeout duration for Diameter sessions.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
cea-timeout timeoutdefault cea-timeout
default

Configures this command with the default setting.

Default: 30 seconds

timeout

Specifies the timeout duration (in seconds) to make the system wait for this duration for a CEA message. timeout must be an integer from 1 through 120.


Usage:

Use this command to configure the CEA timer, i.e., how long to wait for the Capabilities-Exchange-Answer message.


Example:
The following command sets the Diameter CEA timeout to 16 seconds:
cea-timeout 16
connection retry-timeout

This command configures the Diameter Connection Retry Timeout parameter.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
connection retry-timeout timeoutdefault connection
retry-timeout
default

Configures this command with the default setting.

Default: 30 seconds

timeout

Specifies the connection retry timeout duration in seconds, and must be an integer from 1 through 3600.


Usage:

Use this command to configure the Diameter Connection Retry Timeout parameter.


Example:
The following command sets the Diameter Connection Retry Timer to 120 seconds:
connection retry-timeout
120 
connection timeout

This command configures the Diameter Connection Timeout parameter.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
connection timeout timeoutdefault connection timeout
default

Configures this command with the default setting.

Default: 30 seconds

timeout

Specifies the connection timeout duration (in seconds) as an integer from 1 through 30.


Usage:

Use this command to configure the Diameter Connection Timeout parameter.


Example:
The following command sets Diameter connection timeout to 16 seconds:
connection timeout 16
destination-host-avp

This command controls encoding of the Destination-Host AVP in initial/retried requests.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
destination-host-avp { session-binding | always | initial-request | retried-request }default destination-host-avp
default

Configures this command with the default setting. Default: session-binding

session-binding

Includes the Destination-Host AVP when the Diameter session is bound with a host.

always

Includes the Destination-Host AVP in all types of request messages.

initial-request

Includes the Destination-Host AVP in an initial request but not in a retried request.

retried-request

Includes the Destination-Host AVP in a retried request but not in an initial request.


Usage:

Use this command to control encoding of the Destination-Host AVP in initial/retried requests.

This command has been introduced in release 12.0, in earlier releases, the Destination-Host AVP is not sent in session-setup/initial request (first message sent on that interface for that subscriber. The message will vary with different interfaces. For example, CCR-Initial for Gy, ACR-start for Rf, and so on). Also, Destination-Host AVP was not sent in retried requests. For example, CCR-Update failed to be responded by server. The message was retransmitted to alternate server.

In both these scenarios, it is not known which server will respond to the initial/retried message, so the Destination-Realm is encoded but not the Destination-Host. Only after a response for this message is received from one of the hosts present in that realm, the session is considered to be BOUND with that server. Any message sent after this binding will have the Destination-Host AVP encoded.

If the application has selected one of the servers using application-level commands like the peer-select command for credit-control or the diameter authentication or accounting server command in a AAA group, encoding of this AVP in initial/retried request is configurable.


Example:
The following command specifies to include the Destination-Host AVP in initial request but not in retried request:
destination-host-avp
initial-request
device-watchdog-request

This command manages the transport failure algorithm and configures the number of Device Watchdog Requests (DWRs) that will be sent before a connection is closed.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
device-watchdog-request
max-retries retry_countdefault device-watchdog-request
max-retries
default

Configures this command with the default setting. Default: 1

retry_count

Specifies the maximum number of DWRs, and must be an integer from 1 through 10.


Usage:

Use this command to configure the number of DWRs to be sent before closing the connection from a Diameter endpoint.


Example:
The following command sets the DWRs to 3:
device-watchdog-request
max-retries 3
dpa-timeout

This command configures the Disconnect-Peer-Answer (DPA) message timeout duration for Diameter sessions.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
dpa-timeout timeoutdefault dpa-timeout
default

Configures this command with the default setting.

Default: 30 seconds

timeout

Specifies the DPA message timeout duration (in seconds) as an integer from 1 through 60.


Usage:

Use this command to set the timer for DPA message timeout during Diameter connection session. This makes the system wait for this duration for DPA message.


Example:
The following command sets the Diameter DPA timeout to 16 seconds:
dpa-timeout 16
dynamic-peer-discovery

This command configures the system to dynamically locate peer Diameter servers by means of DNS.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
dynamic-peer-discovery [ protocol { sctp | tcp } ]{ default | no } dynamic-peer-discovery
default

Configures this command with the default setting.

Default: disabled

no

Removes the configuration.

protocol { sctp | tcp }

Configures peer discovery to use a specific protocol. Default: TCP

sctp: Uses Streaming Control Transmission Protocol (SCTP) for peer discovery.

tcp: Uses Transmission Control Protocol (TCP) for peer discovery.


Usage:

Use this command to configure the system to dynamically locate peer Diameter servers by means of DNS.

Configure the dynamic-peer-realm command to locate Diameter servers using Naming Authority Pointer (NAPTR) queries. If the peer realm command is not configured, configuring this command will still allow applications to trigger an NAPTR query on their chosen realms.

The preferred transport protocol is TCP to resolve instances were multiple NAPTR responses with the same priority are received. The one using the TCP transport protocol will be chosen. If the transport protocol is configured through the CLI, then the configured protocol is given preference.

The IP address version will be the same as that of the origin host address configured for the endpoint. For IPv4 endpoints, A-type DNS queries will be sent to resolve Fully Qualified Domain Names (FQDNs). For IPv6 endpoints, AAAA-type queries are sent.


Example:
The following command configures the system to dynamically locate peer Diameter servers using SCTP:
dynamic-peer-discovery
protocol sctp
dynamic-peer-failure-retry-count

This command configures the number of times the system will attempt to connect to a dynamically discovered Diameter peer.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
dynamic-peer-failure-retry-count no_of_retriesdefault dynamic-peer-failure-retry-count
default

Configures this command with the default setting.

Default: 8

no_of_retries

Specifies the number of retry attempts to connect to a dynamically discovered Diameter peer. The value must be an integer from 0 through 255.


Usage:

Use this command to configure the number of times the system attempts to connect to a dynamically discovered Diameter peer.

After the specified number of attempts if the peer is still not open, the peer is moved into blacklist and other peers are tried. The blacklisted peer will be retried after a time period of one hour.


Example:
The following command sets the retry attempts to 10:
dynamic-peer-failure-retry 10
dynamic-peer-realm

This command configures the name of the realm where peer Diameter servers can be dynamically discovered.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] dynamic-peer-realm realm_name
no

Removes the specified dynamic peer realm name from this endpoint configuration.

realm_name

Specifies the name of the peer realm where peer Diameter server are to be dynamically discovered. realm_name must be an existing realm, and must be an alphanumeric string of 1 through 127 characters.


Usage:

Use this command to locate Diameter servers using Naming Authority Pointer (NAPTR) queries.

Multiple realms can be configured. Even if the dynamic-peer-discovery command is not enabled, the realm configuration(s) will trigger dynamic peer discovery on all diabase instances.


Example:
The following command configures a peer realm, used for dynamic peer discovery, with a name of service-provider.com:
dynamic-peer-realm
service-provider.com
dynamic-route

This command configures the expiration time for dynamic routes created after a Diameter destination host is reached.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
dynamic-route expiry-timeout valuedefault dynamic-route
expiry-timeout
default

Configures this command with the default setting. Default: 86400 seconds (1 day)

value

Specifies the time (in seconds) that a dynamic route to a Diameter host will expire. The value must be an integer from 1 through 86400000.


Usage:

Use this command to set expiration times for dynamic routes that are set up after a Diameter host has been reached.


Example:
The following command sets the dynamic route expiration to 43200 seconds:
dynamic-route expiry-timeout 43200
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

load-balancing-algorithm

This command configures the behavior for load balancing Diameters peers in the event of a failure of an active server.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
load-balancing-algorithm { highest-weight | lowest-weight-borrowing
min-active-servers number }default load-balancing-algorithm
default

Configures this command with the default setting.

Default: highest-weight

highest-weight

Selects an idle server with the highest weight in failure scenarios. If multiple servers have the same high weight, load balancing is performed among those servers.

lowest-weight-borrowing min-active-servers number

Borrows an idle server with the lowest weight and adds it to the group of servers where load balancing is performed. number specifies the number of servers that must always be available as active for load balancing. number must be an integer from 2 through 4000.


Usage:

Use this command to configure the behavior for load balancing Diameter peers in the event of a failure of an active server.


Example:
The following command configures the load balancing behavior for Diameter peers to borrowing minimally active servers (lower weight) and maintaining an active server group of 30 servers:
load-balancing-algorithm
lowest-weight-borrowing min-active-servers 30
max-outstanding

This command configures the maximum number of Diameter messages that any application can send to any one peer, while awaiting responses.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
max-outstanding messages{ default | no } max-outstanding
no

Disables the maximum outstanding messages configuration.

default

Configures this command with the default setting.

Default: 256

messages

Specifies the maximum outstanding peer transmit window size setting. The input must be an integer from 1 through 4096.


Usage:

Use this command to set the unanswered Diameter messages that any application may send to any one peer, while awaiting responses. An application will not send any more Diameter messages to that peer until it has disposed of at least one of those queued messages. It disposes a message by either receiving a valid response or by discarding the message due to no response.


Example:
The following command sets the Diameter maximum outstanding messages setting to 1024:
max-outstanding 1024
origin address

This command has been deprecated. See the origin host and origin realm commands.

origin host

This command sets the origin host for the Diameter endpoint.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
origin host host_name address ipv4/ipv6_address [ port port_number ] [ accept-incoming-connections ] [ address ipv4/ipv6_address_secondary ]no origin host host_name address ipv4/ipv6_address [ port port_number ]
no

Removes the origin host configuration.

origin host host_name

Specifies the host name to bind the Diameter endpoint. host_name must be the local Diameter host name, and must be an alphanumeric string of 1 through 255 characters.

address ipv4/ipv6_address

Specifies the IP address to bind the Diameter endpoint using IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation. This address must be one of the addresses of a chassis interface configured within the context in which Diameter is configured.

port port_number

Specifies the port number for the Diameter endpoint (on inbound connections). The port number must be an integer from 1 through 65535. Default: 3868

Port number in the origin host should be configured only when the chassis is running in server mode, i.e. when accept-incoming-connections is configured.

In this case it will open a listening socket on the specified port. For configurations where chassis is operating as a client, port number should not be included. In this case, a random source port will be chosen for outgoing connections. This is applicable for both with or without multi-homing.

IMPORTANT:

Currently if multi-homing is configured, then the specified port is used instead of randomly chosen port. This is done so that application knows which port is used by the kernel as it will have to use the same port while adding/removing IP address from the association. Nevertheless, configuring port number in origin host for client mode is not supported.

accept-incoming-connections

Accepts inbound connection requests for the specified host.

address ipv4/ipv6_address_secondary

Specifies the secondary bind address for the Diameter endpoint in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation. This address must be one of the addresses of a chassis interface configured within the context in which Diameter is configured.

In 12.3 and earlier releases, when an SCTP association is established and secondary IP addresses are dynamically added or removed, the SCTP connection will be terminated.


Usage:

Use this command to set the bind address for the Diameter endpoint.

Diameter agent on the chassis listens to standard TCP port 3868 and also supports the acceptance of any incoming TCP connection from external server.

The command origin host host-name must be entered exactly once. Alternatively, the origin host host-name address ipv4/ipv6_address [ port port_number ] command may be entered one or more times.

In StarOS releases prior to 14.0, the host names should be configured such that it is unique across all endpoints within the system. The host names and address values or address/port combinations should also be unique across all endpoints within the system.


Example:
The following command sets the origin host name to test and the IP address to 10.1.1.1:
origin host test address 10.1.1.1
origin realm

This command configures the realm to use in conjunction with the origin host.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] origin
realm realm_name
no

Removes the origin realm configuration.

realm_name

Specifies the realm to bind the Diameter endpoint. The realm_name must be an alphanumeric string of 1 through 127 characters. The realm is the Diameter identity. The originator’s realm must be present in all Diameter messages. The origin realm can typically be a company or service name.


Usage:

Use this command to set the realm for the Diameter endpoint.

Diameter agent on the chassis listens to standard TCP port 3868 and also supports the acceptance of any incoming TCP connection from external server.


Example:
The following command sets the origin realm to companyx:
origin realm companyx
peer

This command specifies a peer address for the Diameter endpoint.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
peer peer_name [ realm realm_name ] { address ipv4/ipv6_address [ [ port port_number ] [ connect-on-application-access ] [ send-dpr-before-disconnect
disconnect-cause disconnect_cause ] [ sctp ] ] + | fqdn fqdn [ [ port port_number ] [ send-dpr-before-disconnect
disconnect-cause disconnect_cause ] ] }no peer peer_name [ realm realm_name ]
no

Removes the specified peer configuration.

peer_name

Specifies the peer’s name as an alphanumeric string of 1 through 63 characters that allows punctuation characters.

realm realm_name

Specifies the realm of this peer as an alphanumeric string of 1 through 127 characters. The realm name can be a company or service name.

address ipv4/ipv6_address

Specifies the Diameter peer IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation. This address must be the IP address of the device with which the chassis is communicating.

fqdn fqdn

Specifies the Diameter peer FQDN as an alphanumeric string of 1 through 127 characters.

port port_number

Specifies the port number for this Diameter peer. The port number must be an integer from 1 through 65535.

connect-on-application-access

Activates peer on first application access.

send-dpr-before-disconnect

Sends Disconnect-Peer-Request (DPR).

disconnect-cause
Sends Disconnect-Peer-Request to the specified peer with the specified disconnect reason. The disconnect cause must be an integer from 0 through 2, for one of the following:
  • REBOOTING(0)
  • BUSY(1)
  • DO_NOT_WANT_TO_TALK_TO_YOU(2)
sctp

Uses Stream Control Transmission Protocol (SCTP) for this peer.

+

Indicates that more than one of the previous keywords can be entered within a single command.


Usage:

Use this command to add a peer to the Diameter endpoint.


Example:
The following command adds the peer named test with IP address 10.1.1.1 using port 126:
peer test address 10.1.1.1
port 126
response-timeout

This command configures the Response Timeout parameter. Response timeout specifies the maximum allowed response time for request messages sent from Diameter applications to Diameter server. On failure of reception of response for those request message within this specified time, this will be handled as failure by the corresponding applications and appropriate failure action will be initiated.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
response-timeout timeoutdefault response-timeout
default

Configures this command with the default setting.

Default: 60 seconds

timeout

Specifies the response timeout duration in seconds, and must be an integer from 1 through 300.


Usage:

Use this command to configure the Response Timeout parameter.


Example:
The following command sets the response timeout to 100 seconds:
response-timeout 100 
route-entry

This command creates an entry in the route table for Diameter peer.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
route-entry { [ host host_name ] [ peer peer_id [ weight priority ] ] [ realm realm_name [ application
credit-control peer peer_id ] [ weight value ] | peer peer_id [ weight value ] ] }no route-entry { [ host host_name ] [ peer peer_id ] [ realm realm_name { application
credit-control peer peer_id | peer peer_id } ] } 
no

Disables the specified route-entry table configuration.

host host_name

Specifies the Diameter server’s host name as an alphanumeric string of 1 through 63 characters.

realm realm_name

Specifies the realm name as an alphanumeric string of 1 through 127 characters. The realm may typically be a company or service name.

application credit-control

Specifies the credit control application — DCCA or RADIUS.

peer peer_id

Specifies the peer ID of the Diameter endpoint route as an alphanumeric string of 1 through 63 characters.

weight priority

Specifies the priority for a peer in the route table as an integer from 0 through 255. Default: 10

The peer with the highest weight is used. If multiple peers have the highest weight, selection is by round-robin mechanism.


Usage:

Use this command to create a route table for Diameter application.

When a Diameter client starts to establish a session with a realm/application, the system searches the route table for the best match. If an entry has no host specified, the entry is considered to match the requested value. Similarly, if an entry has no realm or application specified, the entry is considered to match any such requested value. The best match algorithm is to prefer specific matches for whatever was requested, either realm/application or host/realm/application. If there are no such matches, then system looks for route table entries that have wildcards.


Example:
The following command creates a route entry with the host name dcca_host1 and peer ID dcca_peer with priority weight of 10:
route-entry host dcca_host1
peer dcca_peer weight 10
route-failure

This command controls what action is performed for the route table after failure or recovery after failure.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
route-failure { deadtime seconds | recovery-threshold
percent percentage | result-code result_code | threshold counter }default route-failure { deadtime | recovery-threshold | threshold }no route-failure result-code result_code
no

Disables the route-failure configuration.

default

Configures the default setting for the specified parameter.

deadtime seconds

Specifies the time duration (in seconds) for which the system keeps the route in FAILED status. When this time expires, the system changes the status to AVAILABLE.

seconds must be an integer from 1 through 86400. Default: 60

recovery-threshold percent percentage

Specifies the percentage value at which the failure counter is reset when provisionally changing the status from FAILED to AVAILABLE.

For example, if a failure counter of 16 caused the status to change to FAILED. After the configured deadtime expires, the status changes to AVAILABLE. If this keyword is configured with 75 percent, the failure counter will be reset to 12 (75 percent of 16).

percentage must be an integer from 1 through 99. Default: 90

result-code result_code

Configures which answer messages are to be treated as failures, in addition to requests that time out. Up to 16 different result codes can be specified.

result_code must be an integer from 0 through 4294967295.

threshold counter

Configures the number of errors that causes the status to become FAILED. The counter value must be an integer from 0 through 4294967295. Default: 16

The error counter begins at zero, and whenever there is a good response it decrements (but not below zero) or increments (but not above this threshold).


Usage:

Use this command to control how failure/recovery is performed for the route table. After a session is established, it is possible for the session to encounter errors or Diameter redirection messages that cause the Diameter protocol to re-use the route table to switch to a different route.

Each Diameter client within the chassis maintains counters relating to the status of each of its connections to different hosts (when the destination is realm/application without a specific host, the host name is kept as “”, i.e., blank).

Moreover, those counters are further divided according to which peer is used to reach each host. Each Diameter client maintains a status of each peer-to-host combination. Under normal good conditions the status will be AVAILABLE, while error conditions might cause the status to be FAILED.

Only combinations that are AVAILABLE will be used. If none are AVAILABLE, then system attempts the secondary peer if failover is configured and system can find an AVAILABLE combination there. If nothing is AVAILABLE, the system uses a FAILED combination.


Example:
The following command configures the time duration for route failure to 90 seconds:
route-failure deadtime 90
server-mode

This command configures the Diameter endpoint to establish the system as the server side endpoint of the connection.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
server-mode [ demux-mode ]
demux-mode

Specifies that the Diameter proxy is to use the demux manager to identify the appropriate session manager. If this keyword is not enabled, the proxy will route the request directly to a session manager.


Usage:

Use this command to configure the Diameter endpoint to establish this system as the server side endpoint of the connection. When the Diameter proxy receives an incoming request, the proxy identifies the endpoint for the request. If the system is in client mode, the proxy extracts the instance ID of the session manager which serves as the session-ID of the request. If this command is enabled, the extraction of the instance ID is disabled.


Example:
The following command sets the system as the server side of the Diameter endpoint and instructs the Diameter proxy to use the demux manager to identify the appropriate session manager where the request is to be routed:
server-mode demux-mode
tls

This command enables/disables the Transport Layer Security (TLS) support between a Diameter client and Diameter server node.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
tls { certificate certificate | password password | privatekey private_key }default tls
default

Disables the TLS support at Diameter endpoint.

certificate certificate

Specifies the certificate for TLS support. The certificate must appear encrypted, and must be an alphanumeric string of 700 through 900 characters.

password password

Specifies the password for TLS support. The password must be encrypted, and must be an alphanumeric string of 6 through 50 characters.

privatekey private_key

Specifies the private key for TLS support. The private key must be encrypted, and must be an alphanumeric string of 900 through 1500 characters.


Usage:

Use this command to configure TLS support between a Diameter client and Diameter server node. By default, TLS is disabled.

IMPORTANT:

Both the Diameter client and server must be configured with TLS enabled or TLS disabled; otherwise, the Diameter connection will be rejected.


Example:
The following commands enable the TLS between a Diameter client and Diameter server node:
tls certificate "-----BEGIN
CERTIFICATE-----\nMIICGDCCAYECAgEBMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAlVTMRMwEQYD\nVQQKEwpSVEZNLCBJbmMuMRkwFwYDVQQLExBXaWRnZXRzIERpdmlzaW9uMRgwFgYD\nVQQDEw9UZXN0IENBMjAwMTA1MTcwHhcNMDEwNTE3MTYxMDU5WhcNMDQwMzA2MTYx\nMDU5WjBRMQswCQYDVQQGEwJVUzETMBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UE\nCxMQV2lkZ2V0cyBEaXZpc2lvbjESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqG\nSIb3DQEBAQUAA4GNADCBiQKBgQCiWhMjNOPlPLNW4DJFBiL2fFEIkHuRor0pKw25\nJ0ZYHW93lHQ4yxA6afQr99ayRjMY0D26pH41f0qjDgO4OXskBsaYOFzapSZtQMbT\n97OCZ7aHtK8z0ZGNW/cslu+1oOLomgRxJomIFgW1RyUUkQP1n0hemtUdCLOLlO7Q\nCPqZLQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAIumUwl1OoWuyN2xfoBHYAs+lRLY\nKmFLoI5+iMcGxWIsksmA+b0FLRAN43wmhPnums8eXgYbDCrKLv2xWcvKDP3mps7m\nAMivwtu/eFpYz6J8Mo1fsV4Ys08A/uPXkT23jyKo2hMu8mywkqXCXYF2e+7pEeBr\ndsbmkWK5NgoMl8eM\n-----END
CERTIFICATE-----\n"
tls privatekey BEGIN
RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info:
DES-EDE3-CBC,5772A2A7BE34B611\n\n1yJ+xAn4MudcIfXXy7ElYngJ9EohIh8yvcyVLmE4kVd0xeaL/Bqhvk25BjYCK5d9\nk1K8cjgnKEBjbC++0xtJxFSbUhwoKTLwn+sBoJDcFzMKkmJXXDbSTOaNr1sVwiAR\nSnB4lhUcHguYoV5zlRJn53ft7t1mjB6RwGH+d1Zx6t95OqM1lnKqwekwmotVAWHj\nncu3N8qhmoPMppmzEv0fOo2/pK2WohcJykSeN5zBrZCUxoO0NBNEZkFUcVjR+KsA\n1ZeI1mU60szqg+AoU/XtFcow8RtG1QZKQbbXzyfbwaG+6LqkHaWYKHQEI1546yWK\nus1HJ734uUkZoyyyazG6PiGCYV2u/aY0i3qdmyDqTvmVIvve7E4glBrtDS9h7D40\nnPShIvOatoPzIK4Y0QSvrI3G1vTsIZT3IOZto4AWuOkLNfYS2ce7prOreF0KjhV0\n3tggw9pHdDmTjHTiIkXqheZxZ7TVu+pddZW+CuB62I8lCBGPW7os1f21e3eOD/oY\nYPCI44aJvgP+zUORuZBWqaSJ0AAIuVW9S83Yzkz/tlSFHViOebyd8Cug4TlxK1VI\nq6hbSafh4C8ma7YzlvqjMzqFifcIolcbx+1A6ot0UiayJTUra4d6Uc4Rbc9RIiG0\njfDWC6aii9YkAgRl9WqSd31yASge/HDqVXFwR48qdlYQ57rcHviqxyrwRDnfw/lX\nMf6LPiDKEco4MKej7SR2kK2c2AgxUzpGZeAY6ePyhxbdhA0eY21nDeFd/RbwSc5s\neTiCCMr41OB4hfBFXKDKqsM3K7klhoz6D5WsgE6u3lDoTdz76xOSTg==\n-----END
RSA PRIVATE KEY-----\n"
tls password TLSpassword_3B167E 
use-proxy

This command enables/disables Diameter proxy for the Diameter endpoint. By default this command is disabled.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
use-proxy [ server-mode [ demux-mode ] ]no use-proxy
no

Disables Diameter proxy for the current endpoint.

This command at endpoint level will equip an application to use Diameter proxy to route all its messages to an external peer.

server-mode

Specifies that the Diameter endpoint to establish the Diameter proxy as the server side endpoint of the connection.

demux-mode

Specifies that the Diameter endpoint to establish the Diameter proxy to use the Demux manager to identify the appropriate session manager. If this keyword is not enabled, the proxy will route the request directly to a session manager.


Usage:

Use this command to establish a Diameter proxy to route all its messages to an external peer. The proxy acts as an application gateway for Diameter. It gets the configuration information at process startup and decides which Diameter peer has to be contacted for each application. It establishes the peer connection upon finding no peer connection already exists.

All the incoming Diameter requests/responses land on Diamproxy. Diamproxy checks if a Sessmgr is already serving this session based on parameters like session-id and peer-id of the request/response.

If no Sessmgr is allocated to the request and the Demux mode is ON, the DiamProxy forwards the new request to Demux/Bindmux for sessmgr allocation. Demux/Bindmux has updated information about the load on all the Sessmgrs and assigns the optimal Sessmgr to the Diameter session. Once a Sessmgr is allocated for the session, a mapping of session-id to Sessmgr is added at Diamproxy. All further requests for this session will be directly routed to Sessmgr.

Each proxy task will automatically select one of the host names configured with the origin host command. Multiple proxy tasks will not use the same host names, so there should be at least as many host names as proxy tasks. Otherwise, some proxy tasks will not be able to perform Diameter functionality. The chassis automatically selects which proxy tasks are used by which managers (i.e., ACSMgrs, Sessmgrs), without verifying whether the proxy task is able to perform Diameter functionality.

To be able to run this command, the Diameter proxy must be enabled. In the Global Configuration Mode Commands chapter, see the description of the require diameter-proxy command.


Example:
The following command enables Diameter proxy for the current endpoint:
use-proxy
The following command disables Diameter proxy for the current endpoint:
no use-proxy
vsa-support

This command allows DIABASE to use vendor IDs configured in the dictionary for negotiation of the Diameter peers’ capabilities regardless of the supported vendor IDs received in Capabilities-Exchange-Answer (CEA) messages.

Platform:

ASR 5000

Product:

GGSN


Privilege:

Security Administrator, Administrator


Syntax
vsa-support { all-from-dictionary | negotiated-vendor-ids }default vsa-support
default

Configures this command with the default setting.

Default: negotiated-vendor-ids

all-from-dictionary

Allows DIABASE to use the vendor IDs from the dictionary as indicated in the Capabilities-Exchange-Request (CER) messages from Diameter peers.

negotiated-vendor-ids

Allows DIABASE to use the supported vendor IDs satisfying capability negotiation.


Usage:

Use this command to set DIABASE to use the vendor IDs from the dictionary or use the vendor IDs satisfying the capabilities negotiation.


Example:
The following command enables DIABASE to use the vendor IDs specified in the dictionary:
vsa-support all-from-dictionary
watchdog-timeout

This command configures the Watchdog Timeout parameter.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
watchdog-timeout timeout{ default | no } watchdog-timeout
no

Disables the watchdog timeout configuration.

default

Configures this command with the default setting.

Default: 30 seconds

timeout

Specifies the timeout duration (in seconds) as an integer from 6 through 30.


Usage:

Use this command to configure the Watchdog Timeout parameter for the Diameter endpoint. If this timer expires before getting a response from the destination, other route to the same destination is tried, as long as the retry count setting has not exceeded (see the device-watchdog-request CLI command) and as long as the response timer has not expired (see the response-timeout CLI command).


Example:
The following command sets the watchdog timeout setting to 15 seconds:
watchdog-timeout 15