WebSphere brand IBM WebSphere IP Multimedia Subsystem Connector, Version 6.2

Channels and channel chains

Diameter Enabler uses WebSphere® Application Server Channel Framework Architecture.

Channels are used to transport data between the network and Diameter Enabler. Channels are linked together to form a channel chain. Diameter Enabler supports two channel chain configurations, unsecure and secure.

During the installation process, Diameter Enabler creates two inbound channel chains, secure and unsecure. The unsecure channel chain (DiameterChain) uses TCP channels. The secure channel chain (SecureDiameterChain) adds a TLS channel on top of the TCP channel.

When Diameter Enabler attempts to establish a connection, the first packet successfully exchanged on a connection determines the direction of the chain. If Diameter Enabler initiates the connection, the chain is an outbound chain. All future packets exchanged on this connection will use this outbound chain. If the Diameter peer initiates the connection, it is an inbound chain. All future packets exchanged on this connection will use this inbound chain.

Security is configured on each connection using the inbandSecurityPolicy property in the Diameter_Rf.properties, Diameter_Ro.properties, or Diameter_Sh.properties files. If you plan to use secure connections, then you must have a secure channel chain configured.

Diameter Enabler base checks the first packet sent on an inbound chain to see if the data is encrypted. If the data is encrypted, the SecureDiameterChain channel chain is used. If the data is not encrypted, the DiameterChain is used. The packet security must match the chain security for the connection to be successfully established. If the packet does not match the chain, the connection will be closed.

Table 1. Channel chain configurations and resulting actions
Channel chain configuration Diameter Enabler configuration Resulting action
Secure inbound (SecureDiameterChain) PROHIBIT_TLS Connection is closed
REQUIRE_TLS Connection is successful
Unsecure inbound (DiameterChain) PROHIBIT_TLS Connection is successful
REQUIRE_TLS Connection is closed



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.