Design And Realization Of Restricting Access Model Based On Diameter Message Routing

With the development of the Internet in recent years, the network technology has been widely used around the world. The number of network access users is increasing, the people’s daily life is closing with Internet, and the commercial development of network is more and more mature as wll. IP-based next generation network not only provides a broad space, facilitate people’s lives and work, but also put pressure and new challenges to the network AAA services as well in IPv4and IPv6transition period and triple-play network integration. For a commercial network system, identification is essential. Authentication, authorization and accounting is becoming a hot research topic, many operators taken in their own private way based on the generic AAA protocol in order to protect the safety. The disposal of authentication, authorization and accouting processes becomes a bottleneck restricting in the development of network, Identity-based access control becomes one of the key research direction of network management.In this paper, a brief description of the AAA protocol is taken, and describes of application status in Diameter protocol as well, all of these is based on modern network development. Comprehensive analysis on a variety of follow AAA framework agreement, we selected Diameter protocol, which is an improved protocol on the RADIUS (Remote Authentication Dial In User Service) protocol by the IETF. Then we introduced the theories, the structure of the Diameter protocol and the basic protocol as well. After that, we analyzed the Diameter protocol and the Diameter protocol, Diameter protocol format and detail process. Finally we proposed a design of restricting access model based on Diameter message routing, and the improvement program of access control model, finally realize Fine-grained access control through the processing of messages.The focus on this paper is the improvement of the controlled manner of access, which based on characteristics of Diameter protocol message, and mechanism of authorize in Diameter routing. Take full advantage of the role of the Proxy agent node, by which can get the function of access control in Diameter network, and share some of the pressure of the Diameter server. In authentication, Proxy agnt node has a ability to manage the access nodes, in this way we achieve the capacity of rapid verification and quickly rejection, and can better realize the error recovery (failover) function. In routing management, Proxy agent nodes can limit Diameter access nodes, which were graded according to the administrator’s management strategy, the request of authentication is changed to be a classification of access control by routing message, by this way we finally improve the ability of network management by detailed information of the message.For the realization of the effectiveness of the design, we signed message routing rules, take rational use of the module and the framework provided by the open source software freeDiameter, we add extensions in the proxy node to record the certified access node and verify access user permissions in order to judge the message sorting and manage the routing, and at last realize the function of users’access control and network resources management.Finally, we describes the realization of the experimental environment and experimental methods, carried the experiment of access control in Liunx system based on freeDiameter software, increased message-based expansion, and realized the access control design presented in this paper.