I’ve covered the basics of Diameter Routing Agents (DRAs) in the past, and even shared an unstable DRA built using Kamailio, but today I thought I’d cover building something a little more “production ready”.
FreeDiameter has been around for a while, and we’ve covered configuring the FreeDiameter components in Open5GS when it comes to the S6a interface, so you may have already come across FreeDiameter in the past, but been left a bit baffled as to how to get it to actually do something.
FreeDiameter is a FOSS implimentation of the Diameter protocol stack, and is predominantly used as a building point for developers to build Diameter applications on top of.
But for our scenario, we’ll just be using plain FreeDiameter.
So let’s get into it,
You’ll need FreeDiameter installed, and you’ll need a certificate for your FreeDiameter instance, more on that in this post.
Once that’s setup we’ll need to define some basics,
Inside freeDiameter.conf we’ll need to include the identity of our DRA, load the extensions and reference the certificate files:
#Basic Diameter config for this box Identity = "dra.mnc001.mcc001.3gppnetwork.org"; Realm = "mnc001.mcc001.3gppnetwork.org"; Port = 3868; LoadExtension = "dbg_msg_dumps.fdx" : "0x8888"; #LoadExtension = "rt_redirect.fdx":"0x0080"; #LoadExtension = "rt_default.fdx":"rt_default.conf"; TLS_Cred = "/etc/freeDiameter/cert.pem", "/etc/freeDiameter/privkey.pem"; TLS_CA = "/etc/freeDiameter/cert.pem"; TLS_DH_File = "/etc/freeDiameter/dh.pem";
Next up we’ll need to define the Diameter peers we’ll be routing between.
For each connection / peer / host we’ll need to define here:
ConnectPeer = "mme01.mnc001.mcc001.3gppnetwork.org" { ConnectTo = "10.98.0.10"; No_TLS; }; ConnectPeer = "hss01" { ConnectTo = "10.0.1.252"; No_TLS; Port = 3868; Realm = "mnc001.mcc001.3gppnetwork.org";};
And we’ll configure our HSS and MME defined in the ConnectPeers to connect/accept connections from, dra.mnc001.mcc001.3gppnetwork.org.
Now if we start freeDiameter, we can start routing between the hosts. No config needed.
If we define another HSS in the ConnectPeers, any S6a requests from the MME may get routed to that as well (50/50 split).
In our next post, we’ll look at using the rt_default extension to control how we route and look at some more advanced use cases.