Configuring the Server Identification
The server identification consists of:
Local Identity—specifies the server Origin-Host and Origin-Realm.
Local Addresses—specifies the IP addresses the server uses for Diameter Capabilities Exchange messages (CER/CEA messages). The first Diameter messages exchanged between two Diameter peers, after establishing the transport connection, are Capabilities Exchange messages. A Capabilities Exchange message carries a peer's identity and its capabilities (protocol version number, supported Diameter applications, etc.). A Diameter node only transmits commands to peers that have advertised support for the Diameter application associated with the given command. This must be configured for the Diameter protocol.
Self Names—this field specifies realms that are considered to be local to this server, meaning that any requests sent for these realms will be treated as if there is no realm in the request.
The NAI (Network Access Identifier) in the request identifies the intended realm name for servers. In order to properly interpret requests received from intermediate servers, the IMS AAA Server must know which realms it is responsible for servicing locally.
When a request is received, the server examines the NAI to determine the realm to which the request should be routed. If the request does not contain an NAI, the Destination-Realm in the request is used; this applies to Diameter requests only. If the realm to which the request is to be routed is listed in the Self Names field, the realm is ignored and the request is treated as if it contained no realm. If no realm is present in either the NAI or the Destination-Realm, the request is considered to be local.
For example, assume that "Cambridge.com" is listed in the Self Names field and that the following routing rules are defined in the server:
- If realm="Cambridge.com" route requests to server "Downstream 1"
- If User= "Bob" route requests to server "Downstream 2"
- If Realm= "Boston.com" route requests to server "Downstream 3"
- Use "Downstream 4"server as the default route for all users from all realms.
Following are a number of examples showing how the IMS AAA Server would route requests based on this configuration.Example 1:The NAI in the request="Cambridge.com" and the Destination-Realm="Boston.com"Route: The request is routed to the "Downstream 4" server.Example 2:The NAI in the request="Cambridge.com", the User name="Bob", and the Destination- Realm="NewYork.com"Route: The request is routed to the "Downstream 2" server.Example 3:The request has no NAI and the Destination-Realm="Boston.com"Route: The request is routed to the "Downstream 3" server.Example 4:The request has no NAI and the Destination-Realm="Cambridge.com"Route: The request is routed to the "Downstream 4" server.Example 5:The request has no NAI, the Destination-Realm="Cambridge.com", and the Username= "Bob"Route: The request is routed to the "Downstream 2" server.
Note that if the IMS AAA Server receives a request for a realm not listed in the Self Names field, it will attempt to find a matching routing rule to determine how to route the request. See Request Routing Rules.
To access the server Local Identification dialogs:
The Identification dialog (Figure 20) opens in the content frame area.
To configure the Local Identity:
NOTE: The identity of the Juniper Networks IMS AAA Server is pre-configured with the Origin-Host=your-host.your-realm.net and the Origin-Realm=your-realm.net. The first step in configuring the server is to reconfigure these settings for your network environment.
- Enter the Origin-Host name of the server in the Host Name (Origin-Host) field.
This is the name by which other network elements refer to the IMS AAA Server (Origin-Host, Destination-Host).
- Enter the name of the realm or network in which the server resides in the Realm Name (Origin-Realm) field.
This is the realm in which other network elements consider this server to be (Origin-Realm, Destination-Realm).
- Click Apply in the toolbar area to save the configuration.
To configure the Local Addresses:
- Click New in the Local Addresses area.
The New Local Address dialog opens (Figure 21).
- Enter the IP Address of the server in the IP Address field.
- To use IPv6 addressing, enable the Use IPv6 Networking checkbox, otherwise leave it disabled for IPv4 addressing.
- Click OK.
To configure the server Self Names:
- In the Self Names area click New.
The New Local Realm Name dialog opens (Figure 22).
- Enter the realm name in the Name field and click OK.
The new realm name is added to the list of realm names under Self Names.
Deleting a Local Address
To delete a local address:
- Select the local address and click Delete.
You are prompted to confirm the delete.
- Click Yes to delete the address or No to cancel the delete.
Deleting a Local Realm Name
To delete an existing local realm name:
- Select the realm name from the list of Realm Names in the Self Names area and click Delete.
You are prompted to confirm the delete.
- Click Yes to delete the realm name or No to cancel the delete.