Diameter Endpoint
Configuration Mode Commands
Diameter Endpoint
Configuration Mode is accessed from the Context Configuration Mode. The
base Diameter protocol operation is configured in this mode.
IMPORTANT:
The commands or keywords/variables
that are available are dependent on platform type, product version,
and installed license(s).
associate
This command associates/disassociates
a Stream Control Transmission Protocol (SCTP) parameter template
with the Diameter endpoint.
Syntax
associate sctp-parameters-template template_name
no associate sctp-parameters-template
no
Disassociates an SCTP
parameter template with the Diameter endpoint.
sctp-parameters-template template_name
Associates a previously
created SCTP parameter template with the Diameter endpoint. template_name specifies
the name for a pre-configured SCTP parameter template. For more
information on SCTP parameter templates, refer to the sctp-param-template command
in the Global Configuration
Mode Commands chapter.
Usage:
Use this command to
associate a configured SCTP parameter template with the Diameter endpoint.
The SCTP parameter
template allows for SCTP timer values to be configured for the interface
using the Diameter endpoint configuration. For more information
on SCTP parameters, refer to the SCTP Parameter Template
Configuration Mode Commands chapter.
IMPORTANT:
Only one SCTP parameter
template can be associated with the Diameter endpoint configuration.
The SCTP parameter template should be configured prior to issuing
this command.
Only the following
parameters from the template will be associated with the endpoint. When
no SCTP parameter template is associated with the endpoint, the
following default values are used:
sctp-cookie-life 60000 (default
for the parameter template as well)
sctp-max-init-retx 5 (default
for the parameter template as well)
sctp-max-path-retx 10 (default
in the parameter template is 5)
sctp-rto-initial 3000 (default
for the parameter template as well)
sctp-rto-max 60000 (default for
the parameter template as well)
sctp-rto-min 1000 (default for
the parameter template as well)
sctp-sack-period 200 (default
for the parameter template as well)
timeout sctp-heart-beat 30 (default
for the parameter template as well)
Example:
The following command
associates a pre-configured SCTP parameter template called
sctp1 to
the Diameter endpoint:
associate sctp-parameters-template sctp1
cea-timeout
This command configures
the Capabilities-Exchange-Answer (CEA) message timeout duration
for Diameter sessions.
Privilege:
Security Administrator,
Administrator
Syntax
cea-timeout timeout
default cea-timeout
default
Configures this command
with the default setting.
Default: 30 seconds
timeout
Specifies the timeout
duration (in seconds) to make the system wait for this duration
for a CEA message. timeout must
be an integer from 1 through 120.
Usage:
Use this command to
configure the CEA timer, i.e., how long to wait for the Capabilities-Exchange-Answer
message.
Example:
The following command
sets the Diameter CEA timeout to
16 seconds:
cea-timeout 16
connection retry-timeout
This command configures
the Diameter Connection Retry Timeout parameter.
Privilege:
Security Administrator,
Administrator
Syntax
connection retry-timeout timeout
default connection
retry-timeout
default
Configures this command
with the default setting.
Default: 30 seconds
timeout
Specifies the connection
retry timeout duration in seconds, and must be an integer from 1 through
3600.
Usage:
Use this command to
configure the Diameter Connection Retry Timeout parameter.
Example:
The following command
sets the Diameter Connection Retry Timer to
120 seconds:
connection retry-timeout
120
connection timeout
This command configures
the Diameter Connection Timeout parameter.
Privilege:
Security Administrator,
Administrator
Syntax
connection timeout timeout
default connection timeout
default
Configures this command
with the default setting.
Default: 30 seconds
timeout
Specifies the connection
timeout duration (in seconds) as an integer from 1 through 30.
Usage:
Use this command to
configure the Diameter Connection Timeout parameter.
Example:
The following command
sets Diameter connection timeout to
16 seconds:
connection timeout 16
destination-host-avp
This command controls
encoding of the Destination-Host AVP in initial/retried requests.
Privilege:
Security Administrator,
Administrator
Syntax
destination-host-avp { session-binding | always | initial-request | retried-request }
default destination-host-avp
default
Configures this command
with the default setting. Default: session-binding
session-binding
Includes the Destination-Host
AVP when the Diameter session is bound with a host.
always
Includes the Destination-Host
AVP in all types of request messages.
initial-request
Includes the Destination-Host
AVP in an initial request but not in a retried request.
retried-request
Includes the Destination-Host
AVP in a retried request but not in an initial request.
Usage:
Use this command to
control encoding of the Destination-Host AVP in initial/retried requests.
This command has been
introduced in release 12.0, in earlier releases, the Destination-Host
AVP is not sent in session-setup/initial request (first
message sent on that interface for that subscriber. The message
will vary with different interfaces. For example, CCR-Initial for
Gy, ACR-start for Rf, and so on). Also, Destination-Host AVP was
not sent in retried requests. For example, CCR-Update failed to
be responded by server. The message was retransmitted to alternate
server.
In both these scenarios,
it is not known which server will respond to the initial/retried message,
so the Destination-Realm is encoded but not the Destination-Host.
Only after a response for this message is received from one of the
hosts present in that realm, the session is considered to be BOUND
with that server. Any message sent after this binding will have
the Destination-Host AVP encoded.
If the application
has selected one of the servers using application-level commands
like the peer-select command
for credit-control or the diameter authentication or accounting server command
in a AAA group, encoding of this AVP in initial/retried request
is configurable.
Example:
The following command
specifies to include the Destination-Host AVP in initial request
but not in retried request:
destination-host-avp
initial-request
device-watchdog-request
This command manages
the transport failure algorithm and configures the number of Device
Watchdog Requests (DWRs) that will be sent before a connection is closed.
Privilege:
Security Administrator,
Administrator
Syntax
device-watchdog-request
max-retries retry_count
default device-watchdog-request
max-retries
default
Configures this command
with the default setting. Default: 1
retry_count
Specifies the maximum
number of DWRs, and must be an integer from 1 through 10.
Usage:
Use this command to
configure the number of DWRs to be sent before closing the connection
from a Diameter endpoint.
Example:
The following command
sets the DWRs to
3:
device-watchdog-request
max-retries 3
dpa-timeout
This command configures
the Disconnect-Peer-Answer (DPA) message timeout duration for Diameter
sessions.
Privilege:
Security Administrator,
Administrator
Syntax
dpa-timeout timeout
default dpa-timeout
default
Configures this command
with the default setting.
Default: 30 seconds
timeout
Specifies the DPA
message timeout duration (in seconds) as an integer from 1 through 60.
Usage:
Use this command to
set the timer for DPA message timeout during Diameter connection session.
This makes the system wait for this duration for DPA message.
Example:
The following command
sets the Diameter DPA timeout to
16 seconds:
dpa-timeout 16
dynamic-peer-discovery
This command
configures the system to dynamically locate peer Diameter servers
by means of DNS.
Privilege:
Security Administrator,
Administrator
Syntax
dynamic-peer-discovery [ protocol { sctp | tcp } ]
{ default | no } dynamic-peer-discovery
default
Configures this command
with the default setting.
Default: disabled
no
Removes the configuration.
protocol { sctp | tcp }
Configures peer discovery
to use a specific protocol. Default: TCP
sctp: Uses
Streaming Control Transmission Protocol (SCTP) for peer discovery.
tcp: Uses
Transmission Control Protocol (TCP) for peer discovery.
Usage:
Use this command to
configure the system to dynamically locate peer Diameter servers
by means of DNS.
Configure the dynamic-peer-realm command
to locate Diameter servers using Naming Authority Pointer (NAPTR)
queries. If the peer realm command is not configured, configuring
this command will still allow applications to trigger an NAPTR query
on their chosen realms.
The preferred transport
protocol is TCP to resolve instances were multiple NAPTR responses
with the same priority are received. The one using the TCP transport
protocol will be chosen. If the transport protocol is configured
through the CLI, then the configured protocol is given preference.
The IP address version
will be the same as that of the origin host address configured for the
endpoint. For IPv4 endpoints, A-type DNS queries will be sent to
resolve Fully Qualified Domain Names (FQDNs). For IPv6 endpoints,
AAAA-type queries are sent.
Example:
The following command
configures the system to dynamically locate peer Diameter servers using
SCTP:
dynamic-peer-discovery
protocol sctp
dynamic-peer-failure-retry-count
This command
configures the number of times the system will attempt to connect to
a dynamically discovered Diameter peer.
Privilege:
Security Administrator,
Administrator
Syntax
dynamic-peer-failure-retry-count no_of_retries
default dynamic-peer-failure-retry-count
default
Configures this command
with the default setting.
Default: 8
no_of_retries
Specifies the number
of retry attempts to connect to a dynamically discovered Diameter peer.
The value must be an integer from 0 through 255.
Usage:
Use this command to
configure the number of times the system attempts to connect to
a dynamically discovered Diameter peer.
After the specified
number of attempts if the peer is still not open, the peer is moved
into blacklist and other peers are tried. The blacklisted peer will
be retried after a time period of one hour.
Example:
The following command
sets the retry attempts to
10:
dynamic-peer-failure-retry 10
dynamic-peer-realm
This command
configures the name of the realm where peer Diameter servers can
be dynamically discovered.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] dynamic-peer-realm realm_name
no
Removes the specified
dynamic peer realm name from this endpoint configuration.
realm_name
Specifies the name
of the peer realm where peer Diameter server are to be dynamically discovered. realm_name must
be an existing realm, and must be an alphanumeric string of 1 through
127 characters.
Usage:
Use this command to
locate Diameter servers using Naming Authority Pointer (NAPTR) queries.
Multiple realms can
be configured. Even if the dynamic-peer-discovery command
is not enabled, the realm configuration(s) will trigger dynamic
peer discovery on all diabase instances.
Example:
The following command
configures a peer realm, used for dynamic peer discovery, with a name
of
service-provider.com:
dynamic-peer-realm
service-provider.com
dynamic-route
This command
configures the expiration time for dynamic routes created after
a Diameter destination host is reached.
Privilege:
Security Administrator,
Administrator
Syntax
dynamic-route expiry-timeout value
default dynamic-route
expiry-timeout
default
Configures this command
with the default setting. Default: 86400 seconds (1 day)
value
Specifies the time
(in seconds) that a dynamic route to a Diameter host will expire.
The value must be an integer from 1 through 86400000.
Usage:
Use this command to
set expiration times for dynamic routes that are set up after a Diameter
host has been reached.
Example:
The following command
sets the dynamic route expiration to
43200 seconds:
dynamic-route expiry-timeout 43200
end
Exits the current
configuration mode and returns to the Exec mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the Exec mode.
exit
Exits the current
mode and returns to the parent configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the parent configuration mode.
load-balancing-algorithm
This command
configures the behavior for load balancing Diameters peers in the event
of a failure of an active server.
Privilege:
Security Administrator,
Administrator
Syntax
load-balancing-algorithm { highest-weight | lowest-weight-borrowing
min-active-servers number }
default load-balancing-algorithm
default
Configures this command
with the default setting.
Default: highest-weight
highest-weight
Selects an idle server
with the highest weight in failure scenarios. If multiple servers
have the same high weight, load balancing is performed among those
servers.
lowest-weight-borrowing
min-active-servers number
Borrows an idle server
with the lowest weight and adds it to the group of servers where
load balancing is performed. number specifies
the number of servers that must always be available as active for
load balancing. number must
be an integer from 2 through 4000.
Usage:
Use this command to
configure the behavior for load balancing Diameter peers in the event
of a failure of an active server.
Example:
The following command
configures the load balancing behavior for Diameter peers to borrowing
minimally active servers (lower weight) and maintaining an active
server group of
30 servers:
load-balancing-algorithm
lowest-weight-borrowing min-active-servers 30
max-outstanding
This command configures
the maximum number of Diameter messages that any application can
send to any one peer, while awaiting responses.
Privilege:
Security Administrator,
Administrator
Syntax
max-outstanding messages
{ default | no } max-outstanding
no
Disables the maximum
outstanding messages configuration.
default
Configures this command
with the default setting.
Default: 256
messages
Specifies the maximum
outstanding peer transmit window size setting. The input must be
an integer from 1 through 4096.
Usage:
Use this command to
set the unanswered Diameter messages that any application may send
to any one peer, while awaiting responses. An application will not
send any more Diameter messages to that peer until it has disposed
of at least one of those queued messages. It disposes a message
by either receiving a valid response or by discarding the message
due to no response.
Example:
The following command
sets the Diameter maximum outstanding messages setting to
1024:
max-outstanding 1024
origin host
This command sets
the origin host for the Diameter endpoint.
Privilege:
Security Administrator,
Administrator
Syntax
origin host host_name address ipv4/ipv6_address [ port port_number ] [ accept-incoming-connections ] [ address ipv4/ipv6_address_secondary ]
no origin host host_name address ipv4/ipv6_address [ port port_number ]
no
Removes the origin
host configuration.
origin host host_name
Specifies the host
name to bind the Diameter endpoint. host_name must
be the local Diameter host name, and must be an alphanumeric string
of 1 through 255 characters.
address ipv4/ipv6_address
Specifies the IP address
to bind the Diameter endpoint using IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation. This address must be one of the addresses of a chassis interface
configured within the context in which Diameter is configured.
port port_number
Specifies the port
number for the Diameter endpoint (on inbound connections). The port number
must be an integer from 1 through 65535. Default: 3868
Port number in the origin
host should be configured only when the chassis is running in server
mode, i.e. when accept-incoming-connections is configured.
In this case it will
open a listening socket on the specified port. For configurations
where chassis is operating as a client, port number should not be
included. In this case, a random source port will be chosen for
outgoing connections. This is applicable for both with or without
multi-homing.
IMPORTANT:
Currently if multi-homing
is configured, then the specified port is used instead of randomly chosen
port. This is done so that application knows which port is used
by the kernel as it will have to use the same port while adding/removing
IP address from the association. Nevertheless, configuring port number
in origin host for client mode is not supported.
accept-incoming-connections
Accepts inbound connection
requests for the specified host.
address ipv4/ipv6_address_secondary
Specifies the secondary
bind address for the Diameter endpoint in IPv4 dotted-decimal or IPv6
colon-separated-hexadecimal notation. This address must be one of
the addresses of a chassis interface configured within the context
in which Diameter is configured.
In 12.3 and earlier releases,
when an SCTP association is established and secondary IP addresses
are dynamically added or removed, the SCTP connection will be terminated.
Usage:
Use this command to
set the bind address for the Diameter endpoint.
Diameter agent on
the chassis listens to standard TCP port 3868 and also supports
the acceptance of any incoming TCP connection from external server.
The command origin host host-name must
be entered exactly once. Alternatively, the origin host host-name address ipv4/ipv6_address [ port port_number ] command
may be entered one or more times.
In StarOS releases
prior to 14.0, the host names should be configured such that it
is unique across all endpoints within the system. The host names
and address values or address/port combinations should
also be unique across all endpoints within the system.
Example:
The following command
sets the origin host name to
test and the
IP address to
10.1.1.1:
origin host test address 10.1.1.1
origin realm
This command configures
the realm to use in conjunction with the origin host.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] origin
realm realm_name
no
Removes the origin
realm configuration.
realm_name
Specifies the realm
to bind the Diameter endpoint. The realm_name must
be an alphanumeric string of 1 through 127 characters. The realm
is the Diameter identity. The originator’s realm must be
present in all Diameter messages. The origin realm can typically
be a company or service name.
Usage:
Use this command to
set the realm for the Diameter endpoint.
Diameter agent on
the chassis listens to standard TCP port 3868 and also supports
the acceptance of any incoming TCP connection from external server.
Example:
The following command
sets the origin realm to
companyx:
origin realm companyx
peer
This command specifies
a peer address for the Diameter endpoint.
Privilege:
Security Administrator,
Administrator
Syntax
peer peer_name [ realm realm_name ] { address ipv4/ipv6_address [ [ port port_number ] [ connect-on-application-access ] [ send-dpr-before-disconnect
disconnect-cause disconnect_cause ] [ sctp ] ] + | fqdn fqdn [ [ port port_number ] [ send-dpr-before-disconnect
disconnect-cause disconnect_cause ] ] }
no peer peer_name [ realm realm_name ]
no
Removes the specified
peer configuration.
peer_name
Specifies the peer’s
name as an alphanumeric string of 1 through 63 characters that allows punctuation
characters.
realm realm_name
Specifies the realm
of this peer as an alphanumeric string of 1 through 127 characters.
The realm name can be a company or service name.
address ipv4/ipv6_address
Specifies the Diameter
peer IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation. This address must be the IP address of the device with
which the chassis is communicating.
fqdn fqdn
Specifies the Diameter
peer FQDN as an alphanumeric string of 1 through 127 characters.
port port_number
Specifies the port
number for this Diameter peer. The port number must be an integer
from 1 through 65535.
connect-on-application-access
Activates peer on
first application access.
send-dpr-before-disconnect
Sends Disconnect-Peer-Request
(DPR).
disconnect-cause
Sends Disconnect-Peer-Request
to the specified peer with the specified disconnect reason. The
disconnect cause must be an integer from 0 through 2, for one of
the following:
- REBOOTING(0)
- BUSY(1)
- DO_NOT_WANT_TO_TALK_TO_YOU(2)
sctp
Uses Stream Control
Transmission Protocol (SCTP) for this peer.
+
Indicates that more
than one of the previous keywords can be entered within a single command.
Usage:
Use this command to
add a peer to the Diameter endpoint.
Example:
The following command
adds the peer named
test with
IP address
10.1.1.1 using
port
126:
peer test address 10.1.1.1
port 126
response-timeout
This command configures
the Response Timeout parameter. Response timeout specifies the maximum
allowed response time for request messages sent from Diameter applications
to Diameter server. On failure of reception of response for those
request message within this specified time, this will be handled
as failure by the corresponding applications and appropriate failure
action will be initiated.
Privilege:
Security Administrator,
Administrator
Syntax
response-timeout timeout
default response-timeout
default
Configures this command
with the default setting.
Default: 60 seconds
timeout
Specifies the response
timeout duration in seconds, and must be an integer from 1 through 300.
Usage:
Use this command to
configure the Response Timeout parameter.
Example:
The following command
sets the response timeout to
100 seconds:
response-timeout 100
route-entry
This command creates
an entry in the route table for Diameter peer.
Privilege:
Security Administrator,
Administrator
Syntax
route-entry { [ host host_name ] [ peer peer_id [ weight priority ] ] [ realm realm_name [ application
credit-control peer peer_id ] [ weight value ] | peer peer_id [ weight value ] ] }
no route-entry { [ host host_name ] [ peer peer_id ] [ realm realm_name { application
credit-control peer peer_id | peer peer_id } ] }
no
Disables the specified
route-entry table configuration.
host host_name
Specifies the Diameter
server’s host name as an alphanumeric string of 1 through
63 characters.
realm realm_name
Specifies the realm
name as an alphanumeric string of 1 through 127 characters. The
realm may typically be a company or service name.
application credit-control
Specifies the credit
control application — DCCA or RADIUS.
peer peer_id
Specifies the peer
ID of the Diameter endpoint route as an alphanumeric string of 1
through 63 characters.
weight priority
Specifies the priority
for a peer in the route table as an integer from 0 through 255.
Default: 10
The peer with the highest
weight is used. If multiple peers have the highest weight, selection is
by round-robin mechanism.
Usage:
Use this command to
create a route table for Diameter application.
When a Diameter client
starts to establish a session with a realm/application,
the system searches the route table for the best match. If an entry
has no host specified, the entry is considered to match the requested
value. Similarly, if an entry has no realm or application specified,
the entry is considered to match any such requested value. The best
match algorithm is to prefer specific matches for whatever was requested,
either realm/application or host/realm/application.
If there are no such matches, then system looks for route table
entries that have wildcards.
Example:
The following command
creates a route entry with the host name
dcca_host1 and
peer ID
dcca_peer with
priority weight of
10:
route-entry host dcca_host1
peer dcca_peer weight 10
route-failure
This command controls
what action is performed for the route table after failure or recovery
after failure.
Privilege:
Security Administrator,
Administrator
Syntax
route-failure { deadtime seconds | recovery-threshold
percent percentage | result-code result_code | threshold counter }
default route-failure { deadtime | recovery-threshold | threshold }
no route-failure result-code result_code
no
Disables the route-failure
configuration.
default
Configures the default
setting for the specified parameter.
deadtime seconds
Specifies the time
duration (in seconds) for which the system keeps the route in FAILED status.
When this time expires, the system changes the status to AVAILABLE.
seconds must
be an integer from 1 through 86400. Default: 60
recovery-threshold
percent percentage
Specifies the percentage
value at which the failure counter is reset when provisionally changing
the status from FAILED to AVAILABLE.
For example, if a failure
counter of 16 caused the status to change to FAILED. After the configured
deadtime expires, the status changes to AVAILABLE. If this keyword
is configured with 75 percent, the failure counter will be reset
to 12 (75 percent of 16).
percentage must
be an integer from 1 through 99. Default: 90
result-code result_code
Configures which answer
messages are to be treated as failures, in addition to requests
that time out. Up to 16 different result codes can be specified.
result_code must
be an integer from 0 through 4294967295.
threshold counter
Configures the number
of errors that causes the status to become FAILED. The counter value
must be an integer from 0 through 4294967295. Default: 16
The error counter
begins at zero, and whenever there is a good response it decrements
(but not below zero) or increments (but not above this threshold).
Usage:
Use this command to
control how failure/recovery is performed for the route
table. After a session is established, it is possible for the session
to encounter errors or Diameter redirection messages that cause
the Diameter protocol to re-use the route table to switch to a different route.
Each Diameter client
within the chassis maintains counters relating to the status of
each of its connections to different hosts (when the destination
is realm/application without a specific host, the host
name is kept as “”, i.e., blank).
Moreover, those counters
are further divided according to which peer is used to reach each host.
Each Diameter client maintains a status of each peer-to-host combination.
Under normal good conditions the status will be AVAILABLE, while
error conditions might cause the status to be FAILED.
Only combinations
that are AVAILABLE will be used. If none are AVAILABLE, then system
attempts the secondary peer if failover is configured and system
can find an AVAILABLE combination there. If nothing is AVAILABLE,
the system uses a FAILED combination.
Example:
The following command
configures the time duration for route failure to
90 seconds:
route-failure deadtime 90
server-mode
This command
configures the Diameter endpoint to establish the system as the server
side endpoint of the connection.
Privilege:
Security Administrator,
Administrator
Syntax
server-mode [ demux-mode ]
demux-mode
Specifies that the
Diameter proxy is to use the demux manager to identify the appropriate session
manager. If this keyword is not enabled, the proxy will route the
request directly to a session manager.
Usage:
Use this command to
configure the Diameter endpoint to establish this system as the
server side endpoint of the connection. When the Diameter proxy
receives an incoming request, the proxy identifies the endpoint
for the request. If the system is in client mode, the proxy extracts the
instance ID of the session manager which serves as the session-ID
of the request. If this command is enabled, the extraction of the
instance ID is disabled.
Example:
The following command
sets the system as the server side of the Diameter endpoint and instructs
the Diameter proxy to use the demux manager to identify the appropriate
session manager where the request is to be routed:
server-mode demux-mode
tls
This command enables/disables
the Transport Layer Security (TLS) support between a Diameter client
and Diameter server node.
Privilege:
Security Administrator,
Administrator
Syntax
tls { certificate certificate | password password | privatekey private_key }
default tls
default
Disables the TLS support
at Diameter endpoint.
certificate certificate
Specifies the certificate
for TLS support. The certificate must appear encrypted, and must
be an alphanumeric string of 700 through 900 characters.
password password
Specifies the password
for TLS support. The password must be encrypted, and must be an alphanumeric
string of 6 through 50 characters.
privatekey private_key
Specifies the private
key for TLS support. The private key must be encrypted, and must
be an alphanumeric string of 900 through 1500 characters.
Usage:
Use this command to
configure TLS support between a Diameter client and Diameter server
node. By default, TLS is disabled.
IMPORTANT:
Both the Diameter
client and server must be configured with TLS enabled or TLS disabled; otherwise,
the Diameter connection will be rejected.
Example:
The following commands
enable the TLS between a Diameter client and Diameter server node:
tls certificate "-----BEGIN
CERTIFICATE-----\nMIICGDCCAYECAgEBMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAlVTMRMwEQYD\nVQQKEwpSVEZNLCBJbmMuMRkwFwYDVQQLExBXaWRnZXRzIERpdmlzaW9uMRgwFgYD\nVQQDEw9UZXN0IENBMjAwMTA1MTcwHhcNMDEwNTE3MTYxMDU5WhcNMDQwMzA2MTYx\nMDU5WjBRMQswCQYDVQQGEwJVUzETMBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UE\nCxMQV2lkZ2V0cyBEaXZpc2lvbjESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqG\nSIb3DQEBAQUAA4GNADCBiQKBgQCiWhMjNOPlPLNW4DJFBiL2fFEIkHuRor0pKw25\nJ0ZYHW93lHQ4yxA6afQr99ayRjMY0D26pH41f0qjDgO4OXskBsaYOFzapSZtQMbT\n97OCZ7aHtK8z0ZGNW/cslu+1oOLomgRxJomIFgW1RyUUkQP1n0hemtUdCLOLlO7Q\nCPqZLQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAIumUwl1OoWuyN2xfoBHYAs+lRLY\nKmFLoI5+iMcGxWIsksmA+b0FLRAN43wmhPnums8eXgYbDCrKLv2xWcvKDP3mps7m\nAMivwtu/eFpYz6J8Mo1fsV4Ys08A/uPXkT23jyKo2hMu8mywkqXCXYF2e+7pEeBr\ndsbmkWK5NgoMl8eM\n-----END
CERTIFICATE-----\n"
tls privatekey BEGIN
RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info:
DES-EDE3-CBC,5772A2A7BE34B611\n\n1yJ+xAn4MudcIfXXy7ElYngJ9EohIh8yvcyVLmE4kVd0xeaL/Bqhvk25BjYCK5d9\nk1K8cjgnKEBjbC++0xtJxFSbUhwoKTLwn+sBoJDcFzMKkmJXXDbSTOaNr1sVwiAR\nSnB4lhUcHguYoV5zlRJn53ft7t1mjB6RwGH+d1Zx6t95OqM1lnKqwekwmotVAWHj\nncu3N8qhmoPMppmzEv0fOo2/pK2WohcJykSeN5zBrZCUxoO0NBNEZkFUcVjR+KsA\n1ZeI1mU60szqg+AoU/XtFcow8RtG1QZKQbbXzyfbwaG+6LqkHaWYKHQEI1546yWK\nus1HJ734uUkZoyyyazG6PiGCYV2u/aY0i3qdmyDqTvmVIvve7E4glBrtDS9h7D40\nnPShIvOatoPzIK4Y0QSvrI3G1vTsIZT3IOZto4AWuOkLNfYS2ce7prOreF0KjhV0\n3tggw9pHdDmTjHTiIkXqheZxZ7TVu+pddZW+CuB62I8lCBGPW7os1f21e3eOD/oY\nYPCI44aJvgP+zUORuZBWqaSJ0AAIuVW9S83Yzkz/tlSFHViOebyd8Cug4TlxK1VI\nq6hbSafh4C8ma7YzlvqjMzqFifcIolcbx+1A6ot0UiayJTUra4d6Uc4Rbc9RIiG0\njfDWC6aii9YkAgRl9WqSd31yASge/HDqVXFwR48qdlYQ57rcHviqxyrwRDnfw/lX\nMf6LPiDKEco4MKej7SR2kK2c2AgxUzpGZeAY6ePyhxbdhA0eY21nDeFd/RbwSc5s\neTiCCMr41OB4hfBFXKDKqsM3K7klhoz6D5WsgE6u3lDoTdz76xOSTg==\n-----END
RSA PRIVATE KEY-----\n"
tls password TLSpassword_3B167E
use-proxy
This command enables/disables
Diameter proxy for the Diameter endpoint. By default this command
is disabled.
Privilege:
Security Administrator,
Administrator
Syntax
use-proxy [ server-mode [ demux-mode ] ]
no use-proxy
no
Disables Diameter
proxy for the current endpoint.
This command at endpoint
level will equip an application to use Diameter proxy to route all its
messages to an external peer.
server-mode
Specifies that the
Diameter endpoint to establish the Diameter proxy as the server
side endpoint of the connection.
demux-mode
Specifies that the
Diameter endpoint to establish the Diameter proxy to use the Demux manager
to identify the appropriate session manager. If this keyword is
not enabled, the proxy will route the request directly to a session
manager.
Usage:
Use this command to
establish a Diameter proxy to route all its messages to an external peer.
The proxy acts as an application gateway for Diameter. It gets the
configuration information at process startup and decides which Diameter
peer has to be contacted for each application. It establishes the
peer connection upon finding no peer connection already exists.
All the incoming Diameter
requests/responses land on Diamproxy. Diamproxy checks
if a Sessmgr is already serving this session based on parameters
like session-id and peer-id of the request/response.
If no Sessmgr is allocated
to the request and the Demux mode is ON, the DiamProxy forwards
the new request to Demux/Bindmux for sessmgr allocation.
Demux/Bindmux has updated information about the load on
all the Sessmgrs and assigns the optimal Sessmgr to the Diameter
session. Once a Sessmgr is allocated for the session, a mapping
of session-id to Sessmgr is added at Diamproxy. All further requests
for this session will be directly routed to Sessmgr.
Each proxy task will
automatically select one of the host names configured with the origin host command.
Multiple proxy tasks will not use the same host names, so there
should be at least as many host names as proxy tasks. Otherwise, some
proxy tasks will not be able to perform Diameter functionality.
The chassis automatically selects which proxy tasks are used by
which managers (i.e., ACSMgrs, Sessmgrs), without verifying whether
the proxy task is able to perform Diameter functionality.
To be able to run
this command, the Diameter proxy must be enabled. In the Global Configuration
Mode Commands chapter, see the description of the require diameter-proxy command.
Example:
The following command
enables Diameter proxy for the current endpoint:
use-proxy
The following command
disables Diameter proxy for the current endpoint:
no use-proxy
vsa-support
This command allows
DIABASE to use vendor IDs configured in the dictionary for negotiation
of the Diameter peers’ capabilities regardless of the supported
vendor IDs received in Capabilities-Exchange-Answer (CEA) messages.
Privilege:
Security Administrator,
Administrator
Syntax
vsa-support { all-from-dictionary | negotiated-vendor-ids }
default vsa-support
default
Configures this command
with the default setting.
Default: negotiated-vendor-ids
all-from-dictionary
Allows DIABASE to
use the vendor IDs from the dictionary as indicated in the Capabilities-Exchange-Request
(CER) messages from Diameter peers.
negotiated-vendor-ids
Allows DIABASE to
use the supported vendor IDs satisfying capability negotiation.
Usage:
Use this command to
set DIABASE to use the vendor IDs from the dictionary or use the vendor
IDs satisfying the capabilities negotiation.
Example:
The following command
enables DIABASE to use the vendor IDs specified in the dictionary:
vsa-support all-from-dictionary
watchdog-timeout
This command configures
the Watchdog Timeout parameter.
Privilege:
Security Administrator,
Administrator
Syntax
watchdog-timeout timeout
{ default | no } watchdog-timeout
no
Disables the watchdog
timeout configuration.
default
Configures this command
with the default setting.
Default: 30 seconds
timeout
Specifies the timeout
duration (in seconds) as an integer from 6 through 30.
Usage:
Use this command to
configure the Watchdog Timeout parameter for the Diameter endpoint.
If this timer expires before getting a response from the destination,
other route to the same destination is tried, as long as the retry
count setting has not exceeded (see the
device-watchdog-request CLI
command) and as long as the response timer has not expired (see
the
response-timeout CLI
command).
Example:
The following command
sets the watchdog timeout setting to
15 seconds:
watchdog-timeout 15