Radius protocol vs Diameter protocol-difference between Radius protocol and Diameter protocol
This page compares Radius protocol vs Diameter protocol and mentions difference between Radius protocol and Diameter protocol.
These protocols are basis for AAA server. AAA stands for Authentication, Authorization and Accounting. ISP roaming is possible using RADIUS servers. People can use their single registered ISP from different locations. Both Radius and diameter are known as AAA protocols.
We need these protocols for following benefits:
• To allow simple NAS (Network Access Server).
• To provide central user administration
• To provide roaming to the users
• To obtain protection against sniffing from Active attacker.
RADIUS Protocol

The figure-1 depicts simple network architecture used in radius and diameter protocols.
The RADIUS stands for Remote Authentication Dial-In User Service.
Following are the key features:
• Uses client/Server model
• provides network security
• uses flexible authentication methods
• It is extensible protocol
Following are the operation modes in which radius operates.
• User-Name/Password
• Challenge/Response
• Interoperation with PAP/CHAP
• Proxy
Before client and server communication starts secret key is shared between client and server.
Following radius packet types are exchanged between client and server.
• Access Request: Initiates by client to server.
• Server sends either Access Accept, Access Reject or Access Challenge
• Access-Accept message keeps all the required attributes in order to provide service to
the users.
RADIUS PACKET HEADER format

Figure-2 depicts radius protocol packet header. As mentioned it consists of
following fields.
• Code: It is 1 byte or 1 octet long in size. It identifies various types of packets.
• Identifier: It is 1 byte in size and helps in matching responses with requests.
• Length: This field is 2 bytes long and it specifies length of packet including
code field, identifier field, length field and authenticator fields.
It's size vary from 20 octets to 4096 octets.
• Authenticator: It is 16 octets in size.
It is used in some cases of request/response messages.
• List of Attributes: There are more than 63 attributes used in RADIUS protocol.
These attributes consist of three parts viz. type, length and value.
Some of the RADIUS attributes are User-Name, User-Password, CHAP-Password, NAS-IP-Address,
NAS-Port etc.
DIAMETER PROTOCOL
It is another AAA protocol which supports similar AAA features as RADIUS but
with enhanced and additional capabilities. Following are the features of DIAMETER Protocol.
• Capabilities negotiation
• Carry AAA information in AVPs (Attribute Value Pairs)
• Error notification
• Extensibility, through addition of new commands and AVPs
• Basic services necessary for applications,
such as handling of user sessions or accounting and session
state maintenance
• Hop-by-hop security using IPSec (mandatory) and TLS (optional)
• Diameter clients must support TCP or SCTP while Diameter agents and servers must support TCP and SCTP
• Authentication/authorization session management may be independent of accounting session management
• Diameter is peer to peer protocol
Diameter Header format | Diameter AVP format

Figure-3 depicts diameter protocol header format. As mentioned it consists of following fields.
• Flags 13 bits, EIR sequences denote command type (request, reply, indication).
• Hop-by-Hop Identifier
• End-To-End Identifier
• Command Code
• AVPs encapsulate relevant info to message

Figure-4 depicts diameter protocol AVP format.
As mentioned it consists of following fields.
• AVP code uniquely identifies attribute.
• AVP Flags indicates how AVP should be handled
r (reserved), P (protected), M (mandatory), V (vendor-specific).
Diameter base protocol simply provide a secure transport for the messages defined in the various application-specific extensions. The data objects are encapsulated within the Attribute Value Pair (AVP).
Following is the tabular difference between radius protocol and diameter protocol.
Radius protocol | Diameter protocol |
---|---|
The full form is Remote Authentication Dual In User Service | It is enhanced radius protocol. It is successor to radius protocol. |
It uses UDP. | It uses TCP/SCTP (i.e. Stream Control Transmission Protocol). |
It is unreliable protocol as it lacks in reliability, ordering and data integrity. | It is reliable protocol as all the AAA nodes exchange messages and use positive and negative feedback mechanism for each messages. |
It is defined in RFC 2865. | It is defined in RFC 6733 and RFC 3588. |
Applications are Network Access, IP Mobility etc. | Applications are NAS, mobile IP, credit controls, 3G, SIP, EAP etc. |
➨PDU header formats for radius and diameter protocols are different as described above.
Refer radius packet header format and diameter header formats.
➨In summary, Diameter protocol provides better transport, better proxying, better session control and
better security compare to Radius protocol. This differentiates diameter and radius protocols.
Networking Tags
What is Difference between
hub Vs switch circuit switching Vs packet switching firewall Vs router HDLC Vs PPP IGRP Vs EIGRP router Vs bridge switch Vs router WLAN Vs Ethernet LAN LAN vs WAN vs MAN