Comparison between RADIUS and Diameter

RADIUS is a widely deployed protocol for AAA (Authentication, Authorization, and Accounting) control, while Diameter is a draft planned as its successor. The protocols resemble each other in many ways. For example, their packet formats are quite similar, and they provide support for same kind of AAA mechanisms. However, while RADIUS is a pure client-server protocol, Diameter is more of a peer-to-peer protocol, as also Diameter servers can ask for certain services. On the transport layer RADIUS uses connectionless UDP, while Diameter utilizes either SCTP or TCP. Diameter’s operation is more reliable, mainly because its specification addresses issues such as fail-over procedure and proxy/agent support, while RADIUS specification omits these subjects. One of Diameter’s strengths is that it is backward compatible with RADIUS. Diameter contains also mechanisms for version compatibility support, while RADIUS specification hardly discusses the issue. For instance, Diameter supports error messages while RADIUS does not. Both protocols are designed to be extensible, but Diameter provides more extension mechanisms. Diameter also scales far better than RADIUS, mainly because RADIUS has no provisions for congestion control. Diameter always uses some kind of transport layer security scheme, such as IPSecurity or TLS, while for example IPSecurity support for RADIUS is optional. This affects mechanisms for entity authentication and overall data security making Diameter a more secure protocol.