Support for Diameter Error Code Counters

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

ePDG

SaMOG

Applicable Platform(s)

  • ASR 5500

  • VPC-DI

  • VPC-SI

Feature Default

  • Enabled - Always-on

Related Changes in This Release

Not applicable

Related Documentation

  • ePDG Administration Guide

  • SaMOG Administration Guide

  • AAA Interface Administration and Reference

  • Statistics and Counters Reference, StarOS Release Guide

Revision History

Revision Details

Release

This release supports Diameter error code counters and 5001, 5004 and 5041 experimental result codes for ePDG and SaMOG services.

21.21

Feature Description

In ePDG and SaMOG services, the diameter result code counters are displayed as aggregate counters for different result code ranges, such as 1000-1999, 2000-2999, 3000-3999, 4000-4999 and 5000-5999. For example, 3xxx counter is the cumulative of all result codes that range 3000–3999. These counters are displayed at the global level, for each AAA server group and AAA server levels.

Each answer message from the diameter server, for the request sent from the ePDG and SaMOG, includes a result code or/and an experimental result code AVP. If both, result code and experimental result code AVPs are present, the result code AVP takes precedence. The result codes and experimental result codes are classified as follows:

  • 1xxx (Informational) – Errors that fall within this Informational category are used to inform the requester that a request could not be satisfied, and more action is required on its part before access is granted.

  • 2xxx (Success) – Result-code that fall within the Success category are used to inform a peer that a request has been successfully completed..

  • 3xxx (Protocol Errors) – Errors that fall within the Protocol Errors category SHOULD be treated on a per-hop basis, and Diameter proxies may attempt to correct the error, if it is possible.


    Note
    Protocol errors must only be used in answer messages whose 'E' bit is set.

  • 4xxx (Transient Failures) – Errors that fall within the Transient failures category are used to inform a peer that the request could not be satisfied at the time it was received but MAY be able to satisfy the request in the future.


    Note
    Transient errors must be used in answer messages whose 'E' bit is not set.

  • 5xxx (Permanent Failure) – Errors that fall within the Permanent failures category are used to inform the peer that the request failed and should not be attempted again.


    Note
    Permanent errors should be used in answer messages whose 'E' bit is not set.

Counters on each diameter result code help the operators to understand the type of failures. Result code-specific counters are available in the new show command output and in bulk statistics. These counters are available at each AAA server level or as summary of all the AAA servers associated with this ePDG/SaMOG service.

ePDG and SaMOG supports the following set of result code-specific counters as part of this feature:

Table 1. Result Code Specific Counters
Error Category Result Code

Result Code Value

Protocol Errors [E-bit set] [3XXX]

DIAMETER_UNABLE_TO_DELIVER

.

3002

DIAMETER_TOO_BUSY

3004

DIAMETER_LOOP_DETECTED

3005

DIAMETER_INVALID_HDR_BITS

3008

DIAMETER_INVALID_AVP_BITS

3009

Transient Failures [Could not satisfy request at this moment] [4XXX]

DIAMETER_AUTHENTICATION_REJECTED

4001

DIAMETER_OUT_OF_SPACE

4002

Permanent Failures [To inform peer, request is failed, shouldn’t be attempted again] [5XXX]

DIAMETER_ERROR_USER_UNKNOWN

5001

DIAMETER_UNKNOWN_SESSION_ID

5002

DIAMETER_AUTHORIZATION_REJECTED

5003

DIAMETER_ERROR_ROAMING_NOT_ALLOWED

5004

DIAMETER_MISSING_AVP

5005

DIAMETER_RESOURCES_EXCEEDED

5006

DIAMETER_UNABLE_TO_COMPLY

5012

DIAMETER_USER_UNKNOWN

5030

DIAMETER_ERROR_USER_NO_WLAN_SUBSCRIPTION

5041

Monitoring and Troubleshooting

Show Commands and Outputs

show diameter aaa-statistics result-code [ all ] | [ server <server_name> ] [ group <group_name> ]

This command displays the following error codes and descriptions.

Table 2.
Field Description

Authentication Servers Summary

Protocol Errors (3xxx]

Result Code 3002

Shows the aggregate total count of DIAMETER_UNABLE_TO_DELIVER result code value (3002) for all the AAA servers associated with the ePDG service.

This error is displayed, if Diameter cannot deliver the message to the destination, either because no host within the realm supporting the required application was available to process the request or because the Destination-Host AVP was specified without the associated Destination-Realm AVP.

Result Code 3004

Shows the aggregate total count of DIAMETER_TOO_BUSY error result code value (3004) only when a specific server is requested and it cannot provide the requested service.

Result Code 3005

Shows the aggregate total count of DIAMETER_LOOP_DETECTED result code value (3005), when an agent detected a loop while trying to get the message to the intended recipient. The message may be sent to an alternate peer, if one is available, but the peer reporting the error has identified a configuration problem.

Result Code 3008

Shows the aggregate total count of DIAMETER_INVALID_HDR_BITS result code value (3008), if a request was received whose bits in the Diameter header were set either to an invalid combination or to a value that is inconsistent with the Command Code definition.

Result Code 3009

Shows the aggregate total count of DIAMETER_INVALID_AVP_BITS result code value (3009), if a request was received that included an AVP whose flag bits are set to an unrecognized value or that is inconsistent with the AVP definition.

Result Code Others

Total number of aggregate count result for 3xxx result codes. This Result Code Others does not match with any of the other specific result codes counter.

Transient Failures (4xxx)

Result Code 4001

Shows the aggregate total count of DIAMETER_AUTHENTICATION_REJECTED result code value (4001),when the authentication process for the user fails, due to an invalid password used by the user. Further attempts must only be allowed after prompting the user for a new password.

Result Code 4002

Shows the aggregate total couunt of DIAMETER_OUT_OF_SPACE Result code value (4002), when a Diameter node receives the accounting request but was unable to commit it to stable storage due to a temporary lack of space.

Result Code Others

Total number of aggregate count result for 4xxx result codes. This Result Code Others does not match with any of the other specific result codes counter.

Permanent Failures (5xxx]

Result Code 5002

Displays the aggregate total count of DIAMETER_UNKNOWN_SESSION_ID result code value (5002), if the request contains an unknown Session-Id.

Result Code 5003

Displays the aggregate total count of DIAMETER_AUTHORIZATION_REJECTED (5003) result code value, if a request was received for which the user could not be authorized. This error occurs if the requested service is not permitted to the user.

Result Code 5005

Displays the aggregate total count of DIAMETER_MISSING_AVP (5005) result code value, if a request did not contain an AVP that is required by the Command Code definition.

Important 
If this value is sent in the Result-Code AVP, a Failed-AVP should be included in the message. The Failed-AVP must contain an example of the missing AVP complete with the Vendor-Id if applicable. The value field of the missing AVP should be of correct minimum length and contain zeroes.

Result Code 5006

Displays the aggregate total count of DIAMETER_RESOURCES_EXCEEDED (5006) result code value, when a request was received that cannot be authorized because the user has already expended allowed resources. For example, error occurs when a user is restricted to one dial-up PPP port, attempts to establish a second PPP connection.

Result Code 5012

Displays the aggregate total count of DIAMETER_UNABLE_TO_COMPLY (5012) result code value, if an error is returned when a request is rejected for unspecified reasons.

Result Code 5030

Displays the aggregate total count of DIAMETER_USER_UNKNOWN (5030) result code value.

Result Code Others

Total number of aggregate count result for 5xxx result codes. This Result Code Others does not match with any of the other specific result codes counter.

Experimental Result Code Stats

Exp Result Code 5001

Total number of times the Experimental-Result-Code DIAMETER_ERROR_USER_UNKNOWN (5001) is received in the authentication response message.

Exp Result Code 5004

Total number of times the Experimental-Result-Code DIAMETER_ERROR_ROAMING_NOT_ALLOWED (5004) is received in the authentication response message.

Accounting Servers Summary

Protocol Errors (3xxx]

Result Code 3002

Shows the aggregate total count of DIAMETER_UNABLE_TO_DELIVER result code value (3002), if Diameter cannot deliver the message to the destination, either because no host within the realm supporting the required application was available to process the request or because the Destination-Host AVP was specified without the associated Destination-Realm AVP.

Result Code 3004

Displays the aggregate total count of DIAMETER_TOO_BUSY error result code value (3004) only when a specific server is requested and it cannot provide the requested service.

Result Code 3005

Shows the aggregate total count of DIAMETER_LOOP_DETECTED result code value (3005), when an agent detected a loop while trying to get the message to the intended recipient. The message may be sent to an alternate peer, if one is available, but the peer reporting the error has identified a configuration problem.

Result Code 3008

Shows the aggregate total count of DIAMETER_INVALID_HDR_BITS result code value (3008), if a request was received whose bits in the Diameter header were set either to an invalid combination or to a value that is inconsistent with the Command Code definition.

Result Code 3009

Shows the aggregate total count of DIAMETER_INVALID_AVP_BITS result code value (3009), if a request was received that included an AVP whose flag bits are set to an unrecognized value or that is inconsistent with the AVP definition.

Result Code Others

Total number of aggregate count result for 3xxx result codes. This Result Code Others does not match with any of the other specific result codes counter.

Transient Failures (4xxx)

Result Code 4001

Shows the aggregate total count of DIAMETER_AUTHENTICATION_REJECTED result code value (4001),when the authentication process for the user fails, due to an invalid password used by the user. Further attempts must only be allowed after prompting the user for a new password.

Result Code 4002

Shows the aggregate total count of DIAMETER_OUT_OF_SPACE Result code value (4002), when a Diameter node receives the accounting request but was unable to commit it to stable storage due to a temporary lack of space.

Result Code Others

Total number of aggregate count result for 4xxx result codes. This Result Code Others does not match with any of the other specific result codes counter.

Permanent Failures (5xxx]

Result Code 5002

Displays the aggregate total count of DIAMETER_UNKNOWN_SESSION_ID result code value (5002), if the request contains an unknown Session-Id.

Result Code 5003

Displays the aggregate total count of DIAMETER_AUTHORIZATION_REJECTED (5003) result code value, if a request was received for which the user could not be authorized. This error occurs if the requested service is not permitted to the user.

Result Code 5005

Displays the aggregate total count of DIAMETER_MISSING_AVP (5005) result code value, if a request did not contain an AVP that is required by the Command Code definition.

Important 
If this value is sent in the Result-Code AVP, a Failed-AVP should be included in the message. The Failed-AVP must contain an example of the missing AVP complete with the Vendor-Id if applicable. The value field of the missing AVP should be of correct minimum length and contain zeroes.

Result Code 5006

Displays the aggregate total count of DIAMETER_RESOURCES_EXCEEDED (5006) result code value, when a request was received that cannot be authorized because the user has already expended allowed resources. For example, error occurs when a user is restricted to one dial-up PPP port, attempts to establish a second PPP connection.

Result Code 5012

Displays the aggregate total count of DIAMETER_UNABLE_TO_COMPLY (5012) result code value, if an error is returned when a request is rejected for unspecified reasons.

Result Code 5030

Displays the aggregate total count of DIAMETER_USER_UNKNOWN (5030) result code value.

Result Code Others

Total number of aggregate count result for 5xxx result codes. This Result Code Others does not match with any of the other specific result codes counter.

Experimental Result Code Stats

Exp Result Code 5001

Total number of times the Experimental-Result-Code DIAMETER_ERROR_USER_UNKNOWN (5001) is received in the authentication response message.

Exp Result Code 5004

Total number of times the Experimental-Result-Code DIAMETER_ERROR_ROAMING_NOT_ALLOWED (5004) is received in the authentication response message.

Bulk Statistics

This section provides bulkstats related to diameter-auth and diameter-acct schemas for ePDG and SaMOG services.

diameter-acct Schema

The following counters are available in the Diameter Accounting schema for the following error codes.

Bulk Statistics

Description

acct-result-unable-to-deliver 3002

Shows the total number of diameter account results that cannot be delivered to the destination.

acct-result-too-busy 3004

Shows the total number of diameter account results that cannot be allowed for the requested service, when specific servers are requested for.

acct-result-loop-detected 3005

Shows the total number of diameter account results that an agent detected a loop while trying to get the message to the inteded recipient.

acct-result-invld-hdr-bits 3008

Shows the total number of diameter account results for an invalid header bits request received. A request received could be related to bits in the diameter header were set either to an invalid combination or to a value that is inconsistent with the defintion of the Command Code.

acct-result-invld-avp-bits 3009

Shows the total number of diameter account results for a request received that included an AVP whose flag bits are set to an unrecognized value or that is inconsistent with the AVP definition.

acct-result-authen-rej 4001

Shows the total number of diameter account results for the user authentication failure due to an invalid password used by the user.

acct-result-out-of-space 4002

Shows the total number of diameter account results for a Diameter node received but was unable to commit it to stable due to a temporary lack of space.

acct-exp-result-user-unknown 5001

Shows the total number of diameter account expected results for the unknown user error.

acct-result-unk-sess-id 5002

Shows the total number of diameter account results that contains unknown session Identifiers.

acct-result-author-rej 5003

Shows the total number of diameter account results where the user requests could not be authorized.

acct-exp-result-roaming-not-allowed 5004

Shows the total number of diameter expected account results for which roaming calls are not allowed.

acct-result-missing-avp 5005

Shows the total number of dimater account results that does not contain an AVP.

acct-result-resrc-exceed 5006

Shows the total number of account results that caanot be authorized because the user has already expended allowed resources.

acct-result-unable-to-comply 5012

Shows the total number of account results rejected for unspecified reasons.

acct-result-user-unknown 5030

Shows the total number of account results that contains unknown users.

acct-exp-result-no-wlan-subs 5041

Shows the total number of expected account results for no VLAN Sub band.

diameter-auth Schema

The following counters are available in the Diameter Authentication/Authorization schema for the following error codes.

Bulk Statistics

Description

auth-result-unable-to-deliver 3002

Shows the total number of diameter authentiction/authroization results that cannot be delivered to the destination.

auth-result-too-busy 3004

Shows the total number of diameter authentication/authorization results that cannot be allowed for the requested service, when specific servers are requested for.

auth-result-loop-detected 3005

Shows the total number of diameter authentication/authorization results that an agent detected a loop while trying to get the message to the inteded recipient.

auth-result-invld-hdr-bits 3008

Shows the total number of diameter authentication/authorization results for an invalid header bits request received. A request received could be related to bits in the diameter header were set either to an invalid combination or to a value that is inconsistent with the defintion of the Command Code.

auth-result-invld-avp-bits 3009

Shows the total number of diameter authentication/authorization results for a request received that included an AVP whose flag bits are set to an unrecognized value or that is inconsistent with the AVP definition.

auth-result-authen-rej 4001

Shows the total number of diameter authentication/authorization results for the user authentication failure due to an invalid password used by the user.

auth-result-out-of-space 4002

Shows the total number of diameter authentication/authorization results for a Diameter node received but was unable to commit it to stable due to a temporary lack of space.

auth-exp-result-user-unknown 5001

Shows the total number of diameter authentication/authorization expected results for the unknown user error.

auth-result-unk-sess-id 5002

Shows the total number of diameter authentication/authorization results that contains unknown session Identifiers.

auth-result-author-rej 5003

Shows the total number of diameter authentication/authorization resultswhere the user requests could not be authorized.

auth-exp-result-roaming-not-allowed 5004

Shows the total number of diameter authentication/authorization expected results for which roaming calls are not allowed.

auth-result-missing-avp 5005

Shows the total number of diameter authentication/authorization results that does not contain an AVP.

auth-result-resrc-exceed 5006

Shows the total number of diameter authentication/authorization results that caanot be authorized because the user has already expended allowed resources.

auth-result-unable-to-comply 5012

Shows the total number of diameter authentication/authorization results rejected for unspecified reasons.

auth-result-user-unknown 5030

Shows the total number of diameter authentication/authorization results that contains unknown users.

auth-exp-result-no-wlan-subs 5041

Shows the total number of expected diameter authentication/authorization results for no VLAN Sub band.