Radius protocol vs Diameter protocol-difference between Radius protocol and Diameter protocol

This page compares Radius protocol vs Diameter protocol and mentions difference between Radius protocol and Diameter protocol.

These protocols are basis for AAA server. AAA stands for Authentication, Authorization and Accounting. ISP roaming is possible using RADIUS servers. People can use their single registered ISP from different locations. Both Radius and diameter are known as AAA protocols.

We need these protocols for following benefits:
• To allow simple NAS (Network Access Server).
• To provide central user administration
• To provide roaming to the users
• To obtain protection against sniffing from Active attacker.

RADIUS Protocol

Radius Diameter Network Architecture

The figure-1 depicts simple network architecture used in radius and diameter protocols. The RADIUS stands for Remote Authentication Dial-In User Service. Following are the key features:
• Uses client/Server model
• provides network security
• uses flexible authentication methods
• It is extensible protocol

Following are the operation modes in which radius operates.
• User-Name/Password
• Challenge/Response
• Interoperation with PAP/CHAP
• Proxy

Before client and server communication starts secret key is shared between client and server. Following radius packet types are exchanged between client and server.
• Access Request: Initiates by client to server.
• Server sends either Access Accept, Access Reject or Access Challenge
• Access-Accept message keeps all the required attributes in order to provide service to the users.


Radius packet header format

Figure-2 depicts radius protocol packet header. As mentioned it consists of following fields.
• Code: It is 1 byte or 1 octet long in size. It identifies various types of packets.
• Identifier: It is 1 byte in size and helps in matching responses with requests.
• Length: This field is 2 bytes long and it specifies length of packet including code field, identifier field, length field and authenticator fields. It's size vary from 20 octets to 4096 octets.
• Authenticator: It is 16 octets in size. It is used in some cases of request/response messages.
• List of Attributes: There are more than 63 attributes used in RADIUS protocol. These attributes consist of three parts viz. type, length and value. Some of the RADIUS attributes are User-Name, User-Password, CHAP-Password, NAS-IP-Address, NAS-Port etc.


It is another AAA protocol which supports similar AAA features as RADIUS but with enhanced and additional capabilities. Following are the features of DIAMETER Protocol.
• Capabilities negotiation
• Carry AAA information in AVPs (Attribute Value Pairs)
• Error notification
• Extensibility, through addition of new commands and AVPs
• Basic services necessary for applications, such as handling of user sessions or accounting and session state maintenance
• Hop-by-hop security using IPSec (mandatory) and TLS (optional)
• Diameter clients must support TCP or SCTP while Diameter agents and servers must support TCP and SCTP
• Authentication/authorization session management may be independent of accounting session management
• Diameter is peer to peer protocol

Diameter Header format | Diameter AVP format

Diameter protocol header

Figure-3 depicts diameter protocol header format. As mentioned it consists of following fields.
• Flags 13 bits, EIR sequences denote command type (request, reply, indication).
• Hop-by-Hop Identifier
• End-To-End Identifier
• Command Code
• AVPs encapsulate relevant info to message

Diameter AVP

Figure-4 depicts diameter protocol AVP format. As mentioned it consists of following fields.
• AVP code uniquely identifies attribute.
• AVP Flags indicates how AVP should be handled
r (reserved), P (protected), M (mandatory), V (vendor-specific).

Diameter base protocol simply provide a secure transport for the messages defined in the various application-specific extensions. The data objects are encapsulated within the Attribute Value Pair (AVP).

Following is the tabular difference between radius protocol and diameter protocol.

Radius protocol Diameter protocol
The full form is Remote Authentication Dual In User Service It is enhanced radius protocol. It is successor to radius protocol.
It uses UDP. It uses TCP/SCTP (i.e. Stream Control Transmission Protocol).
It is unreliable protocol as it lacks in reliability, ordering and data integrity. It is reliable protocol as all the AAA nodes exchange messages and use positive and negative feedback mechanism for each messages.
It is defined in RFC 2865. It is defined in RFC 6733 and RFC 3588.
Applications are Network Access, IP Mobility etc. Applications are NAS, mobile IP, credit controls, 3G, SIP, EAP etc.

➨PDU header formats for radius and diameter protocols are different as described above. Refer radius packet header format and diameter header formats.
➨In summary, Diameter protocol provides better transport, better proxying, better session control and better security compare to Radius protocol. This differentiates diameter and radius protocols.

Networking Tags

What is Difference between

hub Vs switch  circuit switching Vs packet switching  firewall Vs router  HDLC Vs PPP  IGRP Vs EIGRP  router Vs bridge  switch Vs router  WLAN Vs Ethernet LAN  LAN vs WAN vs MAN 

RF and Wireless Terminologies