Diameter Enabler uses WebSphere® Application Server Channel Framework Architecture.
Channels are used to transport data between the network and Diameter Enabler. Channels are linked together to form a channel chain. Diameter Enabler supports two channel chain configurations, unsecure and secure.
When Diameter Enabler attempts to establish a connection, the first packet successfully exchanged on a connection determines the direction of the chain. If Diameter Enabler initiates the connection, the chain is an outbound chain. All future packets exchanged on this connection will use this outbound chain. If the Diameter peer initiates the connection, it is an inbound chain. All future packets exchanged on this connection will use this inbound chain.
Security is configured on each connection using the inbandSecurityPolicy property in the Diameter_Rf.properties, Diameter_Ro.properties, or Diameter_Sh.properties files. If you plan to use secure connections, then you must have a secure channel chain configured.
Diameter Enabler base checks the first packet sent on an inbound chain to see if the data is encrypted. If the data is encrypted, the SecureDiameterChain channel chain is used. If the data is not encrypted, the DiameterChain is used. The packet security must match the chain security for the connection to be successfully established. If the packet does not match the chain, the connection will be closed.
Channel chain configuration | Diameter Enabler configuration | Resulting action |
---|---|---|
Secure inbound (SecureDiameterChain) | PROHIBIT_TLS | Connection is closed |
REQUIRE_TLS | Connection is successful | |
Unsecure inbound (DiameterChain) | PROHIBIT_TLS | Connection is successful |
REQUIRE_TLS | Connection is closed |