WO2013117221A1 - Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters - Google Patents

Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters Download PDF

Info

Publication number
WO2013117221A1
WO2013117221A1 PCT/EP2012/052076 EP2012052076W WO2013117221A1 WO 2013117221 A1 WO2013117221 A1 WO 2013117221A1 EP 2012052076 W EP2012052076 W EP 2012052076W WO 2013117221 A1 WO2013117221 A1 WO 2013117221A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
policy rule
user equipment
gateway
provisioning
Prior art date
Application number
PCT/EP2012/052076
Other languages
French (fr)
Inventor
Vesa Pauli Hellgren
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/EP2012/052076 priority Critical patent/WO2013117221A1/en
Publication of WO2013117221A1 publication Critical patent/WO2013117221A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management

Definitions

  • the present invention relates to defining, provisioning and activating packet filters. More specifically, the present invention relates to methods, apparatuses and a related computer program product for defining, provisioning and activating packet filters.
  • TFT Traffic Flow Template
  • PDP packet data protocol
  • the 3 rd Generation Partnership Project (3GPP) has specified that a maximum size IPv4 packet filter can be of 32 bytes and that of IPv6 packet filter can be of 60 bytes. 3GPP has further specified that the maximum length of the TFT information element is 257 octets and it is possible to create a TFT including 16 maximum size packet filters. Thus, dedicated bearers wherein more than 16 packet filters are needed are not possible. This greatly restricts the applicability of dedicated bearers to such applications, protocols or services wherein the number of packet filters needed to be defined within a TFT is less than 16.
  • the present invention provides methods, apparatuses and a related computer program product for defining, provisioning and activating packet filters.
  • a method comprising: defining a policy rule comprising at least one packet filter; and provisioning the at least one packet filter and the policy rule at a user equipment and a gateway, wherein the gateway is configured to provide a connection to a packet data network for the user equipment.
  • the method may further comprise any of the following:
  • the request for activation of the provisioned policy rule by an application function may be based on the receipt of a request for a service.
  • a first apparatus comprising: means for defining a policy rule comprising at least one packet filter; and means for provisioning the at least one packet filter and the policy rule at a user equipment and a gateway.
  • the apparatus may further comprise any of the following:
  • means for transmitting a request to activate the provisioned policy rule.
  • the apparatus may comprise an application function and can, for example, comprises a proxy call session control function.
  • the present invention further provides as a third embodiment a second apparatus comprising: means for obtaining a policy rule comprising at least one packet filter; means for indicating the obtained policy rule to a gateway.
  • the obtained policy rule may comprise a network identifier of an operator of a home network of a subscriber and the apparatus may be configured to use the policy rule only if the network identifier of the operator matches with a network identifier of an access point name of the gateway.
  • the apparatus may comprise any of a chipset, a user equipment and a mobile handset.
  • a computer program product comprising code portions for causing an apparatus on which the computer program is executed to carry out the method according to the first embodiment. Further, the invention provides a computer readable medium embodying the computer program product.
  • packet filters that may not be supported by TFT information element or Gx interface, as for example, operator specific Layer 7 (L7) or Application Layer packet filters.
  • L7 operator specific Layer 7
  • Application Layer packet filters for example,
  • Figure 1 shows a network architecture according to an embodiment of the invention wherein procedures for defining, provisioning and activating policy rules or rulebases comprising packet filters may be performed;
  • Figure 2 shows a procedure for defining and provisioning policy rules or rulebases at a user equipment, a gateway entity and a policy control element, according to an embodiment of the invention
  • Figure 3 shows a procedure for a user equipment to indicate the support of policy rules or rulebases comprising packet filters in accordance with an embodiment of the invention
  • Figure 4 shows a procedure for activation of policy rules or rulebases comprising packet filters, initiated by an application function in accordance with an embodiment of the invention
  • Figure 5 shows a procedure for activation of policy rules or rulebases comprising packet filters, initiated by a user equipment in accordance with an embodiment of the invention.
  • Figure 6 shows an apparatuses for defining, provisioning and activating policy rules or rulebases comprising packet filters, according to an embodiment of the invention.
  • FIG. 1 shows a network architecture wherein procedures, according to examples of the present invention, may be performed.
  • a user equipment (UE) 100 such as a mobile station, may establish a communication session, e.g., Internet Protocol (IP) multimedia subsystem (IMS) session, using an application signaling to an application function (AF) 130 over an interface such as Gm interface defined by 3GPP (interface not shown in figure).
  • IP Internet Protocol
  • IMS multimedia subsystem
  • the application function 130 may be an element that may offer applications that require control of I P bearer resources.
  • Example of such application function 130 may be a proxy call session control function (P-CSCF) of a IMS network and the application signaling may be a session initiation protocol (SIP) signaling, such SIP-REGISTER, SIP- INVITE etc.
  • P-CSCF proxy call session control function
  • SIP session initiation protocol
  • the application function 130 may exchange policy related messages with a policy control function 120, such as a policy and charging rules function (PCRF) over an interface, e.g., Rx or Gq defined by 3GPP.
  • the policy control function 120 may make policy decision and/or rules based on session and media related information obtained from the application function 130.
  • the policy control function 120 may provide information about policy decisions and/or rules to a policy enforcement function 110.
  • Policy enforcement function 110 may be located in gateway elements such as Gateway General Packet Radio Service (GPRS) support node (GGSN) and packet data network (PDN) gateway (PDN-GW or P- GW).
  • GPRS Gateway General Packet Radio Service
  • GGSN Gateway General Packet Radio Service
  • PDN gateway packet data network gateway
  • the gateway element such as the GGSN or PDN-GW may provide connectivity for the user equipment 100 to packet data networks (not shown in figure).
  • packet data traffic from and to a user equipment may be carried over service data flows (SDFs), which can be thought of as a set of packet flows.
  • Service data flows may in turn be carried over bearers or packet data protocol (PDP) contexts.
  • Packet filters may be defined for each bearer or PDP context for choosing the bearer for the packet data traffic.
  • a traffic flow template (TFT) may be defined for a bearer to define the packet filters.
  • the traffic flow may contain packet filters for the downlink direction, the uplink direction or packet filters that may apply for both directions.
  • the downlink packet filters may be applied by the network (typically by a policy enforcement function that may be located in a gateway element such as a GGSN or PDN-GW) and the uplink packet filters may be applied by the used equipment. If a packet filter applies for both directions, the packet filter may be applied by both the network and user equipment.
  • the present invention overcomes this limitation by defining one or more packet filters and a policy rule comprising the one or more packet filters.
  • the defined policy rule and the one or more packet filters may be provisioned at a user equipment and a gateway comprising a policy enforcement function.
  • the gateway may provide a connection to a packet data network for the user equipment and may act as the policy enforcement function.
  • FIG. 2 illustrates a procedure for provisioning packet filters in accordance with an embodiment of the present invention.
  • An application function 230 may define one or more packet filters and a policy rule comprising the packet filters and provision 201 the policy rule and the packet filters at a user equipment 200.
  • the policy rule and the packet filters may also be provisioned 21 1 at a gateway entity 210 that may provide connection to packet data networks to the user equipment 200.
  • the gateway entity 210 may comprise a policy enforcement function.
  • the provisioning of packet filters and policy rule at the user equipment and the gateway entity may be done by a network operator.
  • the provisioning at the gateway entity 210 of the policy rules comprising the packet filters may be done via a policy control function 220. Alternatively, if an interface exists between the application function 230 and the gateway entity 210, the provisioning may be performed directly.
  • the application function 230 may further provision 221 the policy rule at a policy control element 220. It may be noted that the packet filters may not be explicitly provisioned at the policy control element 220.
  • the application function may further define traffic flow template (TFT) comprising policy rules defined using the procedure described above.
  • TFT traffic flow template
  • the TFT may not explicitly contain the packet filters, but only implicitly defined within.
  • the limitation of number of packet filters that may be contained in the TFT may be overcome.
  • a policy rulebase comprising at least one policy rule and define traffic flow template to comprise policy rulebase instead of policy rule names.
  • the policy rulebase may be provisioned 221 at the policy control element 220.
  • Policy rulebases and/or policy rules provisioned to a user equipment may also contain a public land mobile network (PLMN) identifier of the operator, so that the user equipment may apply those policy rulebases and/or policy rules only when the PLMN identifier of an access point name (APN) of a gateway matches with the PLMN identifier of the operator. This may ensure that a user equipment does not activate invalid policy rules/rulebases when connected to visited PLMN (VPLMN) APN.
  • PLMN public land mobile network
  • the VPLMN operator may provision the user equipment and the gateway element in VPLMN with packet filters.
  • a UE 300 when a UE 300 requests a connection to a packet data network (PDN), i.e., when the UE 300 attempts to activate a primary packet data protocol (PDP) context or a default bearer, the UE 300 may send an indication 301 that it supports predefined packet filters and policy rules or rulebases comprising the packet filters to a gateway element 310 that may provide a connection to the PDN.
  • PDN packet data network
  • PDP packet data protocol
  • the UE 300 may send an indication 301 that it supports predefined packet filters and policy rules or rulebases comprising the packet filters to a gateway element 310 that may provide a connection to the PDN.
  • PCP policy and charging control
  • the value of the PCC command may be defined as follows:
  • PCC rule/rulebase refers to policy rule/rulebase.
  • the "no operation" PCC command may be used to indicate support of PCC rulebases/rules in the TFT.
  • "No operation” command may contain all the PCC rulebases/rules, which have been provisioned to the user equipment. If PCC rulebases are included in the PCC command, it may not be required to list the PCC rules which are part of the PCC rulebase.
  • the gateway element 310 may in turn forward the indication 31 1 to a policy control element 320.
  • the forwarding of the indication 31 1 may be performed using a Diameter Credit Control Request (CCR) signaling message over a Gx interface defined by 3GPP, wherein the indication may be sent, for example, as a TFT-packet-filter-information attribute value pair (AVP), which may be derived from the TFT information element sent as part of the message 301.
  • the policy control element 320 may acknowledge the indication using a Diameter Credit Control Answer (CCA) message 312.
  • CCA Diameter Credit Control Answer
  • Figure 4 and 5 illustrate procedures for activation of the policy rules and the related packet filters during a session initiation or activation of a secondary PDP context according to some embodiments of the invention.
  • a user equipment (UE) 400 may send a request 401 for a service to an application function 430.
  • An example of such request may be a SIP-INVITE message 401.
  • the application function 430 may send a request such as e.g., a Diameter access
  • AAR authorization request
  • the policy control element 420 may evaluate the request and may send an answer such as e.g., a Diameter access authorization answer (AAA) message 432 to the application function 430.
  • the policy control element 420 may, in parallel, select the policy rules or rulebases to be installed and send a re-authorization request (RAR) message 421 to a gateway element 410 for the installation of the policy rules or rulebases.
  • RAR re-authorization request
  • the gateway element 410 may in turn acknowledge the message using a re-authorization answer (RAA) message 422.
  • the gateway element may send an indication 402 of activation of the policy rules or rulebases to the UE 400.
  • the gateway element may send the indication 402 using protocol configuration option (PCO) as defined by 3GPP.
  • PCO protocol configuration option
  • FIG. 5 shows an alternative procedure, according to an embodiment of the invention, of establishment of session, wherein policy rules or rulebases comprising packet filters may be activated.
  • a user equipment 500 may send a attach request or a PDP context activation request 501 to a control element 540 such as a serving GPRS support node (SGSN) or mobility management entity (MME).
  • SGSN serving GPRS support node
  • MME mobility management entity
  • Such requests may comprise a request for activation of policy rules or rulebases, for example, using protocol
  • PCO may allow transparent transfer of parameters between the UE 500 and a gateway element 510 and may be sent through MME or SGSN as well as through any serving gateway (not shown in figure 5) that may be present.
  • the SGSN or MME may transmit a create session request or a create PDP context request 503 to the gateway element 510, with the indication of the policy rules or rulebases to be activated.
  • Such a request may be transmitted via other network elements such as a serving gateway. For simplicity reasons, such intermediate messaging as well as the additional network elements is not shown in the figure.
  • the gateway element 510 may send a request 51 1 for activation of policy rules or rulebases to a policy control element 520.
  • a policy control element 520 may be e.g., a Diameter credit control request (CCR) message comprising an indication of the policy rule or rulebase to be activated.
  • CCR Diameter credit control request
  • the policy control element 520 may evaluate the request and may send answer 512 to the gateway element 510, for example as a credit control answer (CCA) message.
  • the CCA message 512 may indicate an authorization of activation of the policy rules or rulebases or rejection of the request 511.
  • the gateway element may send an indication 502 of activation of the policy rules or rulebases to the UE 500.
  • the gateway element may send the indication of activation of the policy rules or rulebases 502 using protocol configuration option (PCO) as defined by 3GPP.
  • PCO protocol configuration option
  • the present invention provides a first apparatus 610 and a second apparatus 620 (figure 6) for provisioning and activating policy rules comprising packet filters.
  • the first apparatus 610 in accordance with the present invention may provide an application function (AF), enhanced with the features of the invention.
  • An example of such application function may be a proxy call session control function (P-CSCF) that may be part of a Internet Protocol (IP) multimedia subsystem (IMS) network.
  • the apparatus 610 may comprise a Central Processing Unit (CPU or a core functionality) 61 1 , a memory 612, a means for defining (Dx) or a defining unit 616 that may be configured to define e.g., policy rules or rulebases comprising packet filters, and a means for provisioning (Px) or a provisioning unit 617 that may be configured to provision the packet filters and the defined policy rules or policy rule bases.
  • the apparatus 610 may further comprise a means for receiving (Rx) or an input unit 614 that may be configured to receive message such as e.g,. session initiation requests and a means for transmitting (Tx) or an output unit 613 that may be configured to transmit messages, such as requests to activate provisioned policy rules or rulebases.
  • Rx means for receiving
  • Tx means for transmitting
  • output unit 613 may be configured to transmit messages, such as requests to activate provisioned policy rules or rulebases.
  • the means for receiving 614 and means for transmitting 613 may exchange information over an internal interface 615.
  • the means for provisioning 617 of the apparatus 610 may be functionalities running on the CPU 61 1 of the apparatus, or may alternatively be separate functional entities or means.
  • the CPU 611 may be configured to process various data inputs and to control the functions of the memory 612, the means for receiving 614, the means for transmitting 613, the means for defining 616 and the means for provisioning 617.
  • the memory 612 may serve e.g. for storing code means for carrying out e.g. the methods according to the examples of the present invention, when run e.g. on the CPU 611.
  • the memory 612 may, according to examples of the present invention, store defined packet filters and policy rules and/or rulebases that may comprise the packet filters. Further, the memory 612 store addresses of various network elements such as policy control function and policy enforcement functions present in the network of which the apparatus 610 may be part of.
  • the means for receiving 614 and the means for transmitting 613 may alternatively be provided as integral transceivers. It may further be noted that the means for receiving 614 and the means for transmitting 613 may be implemented i) as physical transmitters/receivers for transceiving e.g. via the air interface, ii) as routing entities e.g. for sending/receiving data packets e.g. in a PS (packet switched) network, or, iii) as any suitable combination of i) and ii).
  • the means for defining 616 may define packet one or more packet filters and policy rules or rulebases comprising the one or more packet filter.
  • the policy rulebase may comprise one or more policy rules, each of which in turn may comprise one or more packet filters.
  • the means for defining 616 may define traffic flow templates based on the policy rules or rulebases.
  • the defined one or more packet filters and policy rules or rulebases comprising one or more packet filters may be provisioned by the means for provisioning 617 at a user equipment and a policy enforcement function, which may be part of a gateway that may provide a connection to packet data networks for the user equipment. Further, the policy rules or rulesbases may be provisioned at a policy control function.
  • the means of receiving 614 may receive a request from a user equipment for a service. Such a request may be e.g. , a SI P-INVITE message. Upon receipt of such a request, the means of transmitting 613 may transmit a request to a policy control function for activation of provisioned policy rules or rulebases. Such a request may be e.g. , a Diameter access authorization request (AAR). The means of receiving 614 may receive an answer for such a request, which answer may be e.g. , a Diameter access authorization answer (AAA).
  • AAAA Diameter access authorization answer
  • policy rules or rulebases comprising packet filters may be defined, provisioned and activated by the apparatus 610.
  • the second apparatus 620 in accordance with the present invention may comprise a chipset, a user equipment or a mobile handset, enhanced with the features of the invention.
  • the apparatus 620 may comprise a Central Processing Unit (CPU or a core functionality) 621 , a memory 622, a means for receiving (Rx) or an input unit 624 that may be configured to obtain policy rules or rulebases comprising packet filters from an application function such as the first apparatus 610 described above, a means for transmitting (Tx) or an output unit 623 that may be configured to indicate an obtained policy rule to a gateway element and a means for determining (Dx) or a determining unit 626 that may be configured to determine e.g. , if to use the policy rules or rulebases comprising packet filters.
  • CPU Central Processing Unit
  • Rx means for receiving
  • Tx means for transmit
  • the means for receiving 624 and means for transmitting 623 may exchange information over an internal interface 625. Similarly, there may be interfaces (not shown in figure 6 for sake of simplicity) between the means for determining 626 and the means for receiving 624 and between the means for determining 626 and the means for transmitting 623.
  • the means for receiving Rx 624, the means for transmitting 623 and the means for determining 626 of the apparatus 620 may be functionalities running on the CPU 621 of the apparatus, or may alternatively be separate functional entities or means.
  • the CPU 621 may be configured to process various data inputs and to control the functions of the memory 622, the means for receiving 624, the means for transmitting 623 and the means for determining 626.
  • the memory 622 may serve e.g. for storing code means for carrying out e.g. the methods according to the examples of the present invention, when run e.g. on the CPU 621.
  • the memory 622 may, for example, comprise a subscriber identity module (SIM) of a mobile handset.
  • SIM subscriber identity module
  • the memory 622 may, according to examples of the present invention, store defined packet filters and policy rules and/or rulebases that may comprise the packet filters. Further, the memory 622 may store addresses of various network elements such as application functions and policy enforcement functions (gateway elements) present in the network of which the apparatus 620 may be part of.
  • network elements such as application functions and policy enforcement functions (gateway elements) present in the network of which the apparatus 620 may be part of.
  • the means for receiving 624 and the means for transmitting 623 may alternatively be provided as integral transceivers. It may further be noted that the means for receiving 624 and the means for transmitting 623 may be implemented i) as physical transmitters/receivers for transceiving e.g. via the air interface, ii) as routing entities e.g. for sending/receiving data packets e.g. in a PS (packet switched) network, or, iii) as any suitable combination of i) and ii).
  • the means of receiving 624 may obtain policy rules comprising one or more packet filters.
  • the obtained policy rules may comprise a network identifier e.g., PLMN identifier, of an operator of a home network of a subscriber.
  • the means of transmitting 623 may transmit an indication about the obtained policy rules to a gateway element.
  • the indication may be done by adding a new parameter, viz., policy and charging control (PCC) command, to the parameter list in a TFT information element, as described earlier in connection with figure 3.
  • PCC policy and charging control
  • the apparatus 620 may use the obtained policy rules only if the network identifier of an access point name of the gateway matches with the network identifier contained within the policy rule. This determination may be done by the means of determining 626. Thus, activation of policy rules in visited network may be avoided.
  • the present invention may further relate to a computer program product.
  • the computer program product may comprise code means for performing the procedures of defining, provisioning and activating packet filters, policy rules or rulebases, for example, as described with reference to figures 2-5. Further, the present invention may relate to a computer readable medium embodying the computer program product.

Abstract

Methods, apparatuses and a related computer program product for defining, provisioning and activating packet filters are disclosed. The method comprises defining a policy rule comprising at least one packet filter and provisioning the at least one packet filter and the policy rule at a user equipment and a gateway, wherein the gateway is configured to provide a connection to a packet data network for the user equipment.

Description

DESCRIPTION
TITLE
METHODS, APPARATUSES, A SYSTEM, AND A RELATED COMPUTER PROGRAM PRODUCT FOR DEFINING, PROVISIONING AND ACTIVATING PACKET FILTERS
FIELD OF THE INVENTION
The present invention relates to defining, provisioning and activating packet filters. More specifically, the present invention relates to methods, apparatuses and a related computer program product for defining, provisioning and activating packet filters.
BACKGROUND
Traffic Flow Template (TFT) is used in packet services together with secondary packet data protocol (PDP) contexts and dedicated bearers. TFT defines, for example, packet filters which may be used to select a suitable bearer for a packet traffic.
The 3rd Generation Partnership Project (3GPP) has specified that a maximum size IPv4 packet filter can be of 32 bytes and that of IPv6 packet filter can be of 60 bytes. 3GPP has further specified that the maximum length of the TFT information element is 257 octets and it is possible to create a TFT including 16 maximum size packet filters. Thus, dedicated bearers wherein more than 16 packet filters are needed are not possible. This greatly restricts the applicability of dedicated bearers to such applications, protocols or services wherein the number of packet filters needed to be defined within a TFT is less than 16.
SUMMARY
In consideration of the above, it is an object of examples of the present invention to overcome one or more of the above drawbacks. In particular, the present invention provides methods, apparatuses and a related computer program product for defining, provisioning and activating packet filters.
According to first embodiment of the invention, there is provided a method comprising: defining a policy rule comprising at least one packet filter; and provisioning the at least one packet filter and the policy rule at a user equipment and a gateway, wherein the gateway is configured to provide a connection to a packet data network for the user equipment.
The method may further comprise any of the following:
• defining at least one traffic flow template comprising the policy rule; • provisioning the policy rule at a policy control entity;
• indicating by the user equipment support of the at least one packet filter and the policy rule;
• requesting (either by an application or by a user equipment) activation of the provisioned policy rule.
The request for activation of the provisioned policy rule by an application function may be based on the receipt of a request for a service.
According to a second embodiment of the invention, there is provided a first apparatus comprising: means for defining a policy rule comprising at least one packet filter; and means for provisioning the at least one packet filter and the policy rule at a user equipment and a gateway.
The apparatus may further comprise any of the following:
• means for provisioning the policy rule at a policy control entity;
• means for receiving a request for a service from the user equipment;
· means for transmitting a request to activate the provisioned policy rule.
The apparatus may comprise an application function and can, for example, comprises a proxy call session control function.
The present invention further provides as a third embodiment a second apparatus comprising: means for obtaining a policy rule comprising at least one packet filter; means for indicating the obtained policy rule to a gateway.
The obtained policy rule may comprise a network identifier of an operator of a home network of a subscriber and the apparatus may be configured to use the policy rule only if the network identifier of the operator matches with a network identifier of an access point name of the gateway.
The apparatus may comprise any of a chipset, a user equipment and a mobile handset.
According to a fourth embodiment of the invention, there is provided a computer program product comprising code portions for causing an apparatus on which the computer program is executed to carry out the method according to the first embodiment. Further, the invention provides a computer readable medium embodying the computer program product.
Embodiments of the present invention may have one or more of the following advantages:
- procedures of the invention remove limitation of the maximum number of packet filters per traffic flow template;
- since the packet filters are implicitly defined by using policy rules, operations at network nodes to validate the packet filters for every instance of a session initiation are avoided; - procedures according the invention allow extending traffic flow templates to include any new filter types that may require more than 257 bytes (the maximum length of a traffic flow template);
- definition of packet filters using policy rules also allows packet filters that may not be supported by TFT information element or Gx interface, as for example, operator specific Layer 7 (L7) or Application Layer packet filters.
BRIEF DESCRI PTION OF THE DRAWINGS
Figure 1 shows a network architecture according to an embodiment of the invention wherein procedures for defining, provisioning and activating policy rules or rulebases comprising packet filters may be performed;
Figure 2 shows a procedure for defining and provisioning policy rules or rulebases at a user equipment, a gateway entity and a policy control element, according to an embodiment of the invention;
Figure 3 shows a procedure for a user equipment to indicate the support of policy rules or rulebases comprising packet filters in accordance with an embodiment of the invention;
Figure 4 shows a procedure for activation of policy rules or rulebases comprising packet filters, initiated by an application function in accordance with an embodiment of the invention;
Figure 5 shows a procedure for activation of policy rules or rulebases comprising packet filters, initiated by a user equipment in accordance with an embodiment of the invention; and
Figure 6 shows an apparatuses for defining, provisioning and activating policy rules or rulebases comprising packet filters, according to an embodiment of the invention.
DETAI LED DESCRI PTION OF THE PRESENT I NVENTION
Examples of the present invention are described herein below with reference to the accompanying drawings.
Figure 1 shows a network architecture wherein procedures, according to examples of the present invention, may be performed. The figure shows only the network entities and interfaces relevant for the invention. A user equipment (UE) 100, such as a mobile station, may establish a communication session, e.g., Internet Protocol (IP) multimedia subsystem (IMS) session, using an application signaling to an application function (AF) 130 over an interface such as Gm interface defined by 3GPP (interface not shown in figure). The application function 130 may be an element that may offer applications that require control of I P bearer resources. Example of such application function 130 may be a proxy call session control function (P-CSCF) of a IMS network and the application signaling may be a session initiation protocol (SIP) signaling, such SIP-REGISTER, SIP- INVITE etc.
The application function 130 may exchange policy related messages with a policy control function 120, such as a policy and charging rules function (PCRF) over an interface, e.g., Rx or Gq defined by 3GPP. The policy control function 120 may make policy decision and/or rules based on session and media related information obtained from the application function 130. The policy control function 120 may provide information about policy decisions and/or rules to a policy enforcement function 110. Policy enforcement function 110 may be located in gateway elements such as Gateway General Packet Radio Service (GPRS) support node (GGSN) and packet data network (PDN) gateway (PDN-GW or P- GW). The gateway element such as the GGSN or PDN-GW may provide connectivity for the user equipment 100 to packet data networks (not shown in figure).
In packet data networks, packet data traffic from and to a user equipment may be carried over service data flows (SDFs), which can be thought of as a set of packet flows. Service data flows may in turn be carried over bearers or packet data protocol (PDP) contexts. Packet filters may be defined for each bearer or PDP context for choosing the bearer for the packet data traffic. A traffic flow template (TFT) may be defined for a bearer to define the packet filters. The traffic flow may contain packet filters for the downlink direction, the uplink direction or packet filters that may apply for both directions. The downlink packet filters may be applied by the network (typically by a policy enforcement function that may be located in a gateway element such as a GGSN or PDN-GW) and the uplink packet filters may be applied by the used equipment. If a packet filter applies for both directions, the packet filter may be applied by both the network and user equipment.
The above described method of defining TFT for bearers, however, allows only 16 packet filters to be contained in a traffic flow template. This greatly restricts the bearers to such applications and services where there is no need to define more than 16 packet filters in the TFT.
The present invention overcomes this limitation by defining one or more packet filters and a policy rule comprising the one or more packet filters. The defined policy rule and the one or more packet filters may be provisioned at a user equipment and a gateway comprising a policy enforcement function. As noted earlier, the gateway may provide a connection to a packet data network for the user equipment and may act as the policy enforcement function.
Figure 2 illustrates a procedure for provisioning packet filters in accordance with an embodiment of the present invention. An application function 230 may define one or more packet filters and a policy rule comprising the packet filters and provision 201 the policy rule and the packet filters at a user equipment 200. The policy rule and the packet filters may also be provisioned 21 1 at a gateway entity 210 that may provide connection to packet data networks to the user equipment 200. The gateway entity 210 may comprise a policy enforcement function. The provisioning of packet filters and policy rule at the user equipment and the gateway entity may be done by a network operator. The provisioning at the gateway entity 210 of the policy rules comprising the packet filters may be done via a policy control function 220. Alternatively, if an interface exists between the application function 230 and the gateway entity 210, the provisioning may be performed directly.
The application function 230 may further provision 221 the policy rule at a policy control element 220. It may be noted that the packet filters may not be explicitly provisioned at the policy control element 220.
The application function may further define traffic flow template (TFT) comprising policy rules defined using the procedure described above. Thus, the TFT may not explicitly contain the packet filters, but only implicitly defined within. Thus, the limitation of number of packet filters that may be contained in the TFT may be overcome.
It may be noted that it is possible to define a policy rulebase comprising at least one policy rule and define traffic flow template to comprise policy rulebase instead of policy rule names. In this case, the policy rulebase may be provisioned 221 at the policy control element 220. Policy rulebases and/or policy rules provisioned to a user equipment may also contain a public land mobile network (PLMN) identifier of the operator, so that the user equipment may apply those policy rulebases and/or policy rules only when the PLMN identifier of an access point name (APN) of a gateway matches with the PLMN identifier of the operator. This may ensure that a user equipment does not activate invalid policy rules/rulebases when connected to visited PLMN (VPLMN) APN. For local breakout scenario, where a user equipment may be connected to VPLMN, the VPLMN operator may provision the user equipment and the gateway element in VPLMN with packet filters.
Referring to figure 3, when a UE 300 requests a connection to a packet data network (PDN), i.e., when the UE 300 attempts to activate a primary packet data protocol (PDP) context or a default bearer, the UE 300 may send an indication 301 that it supports predefined packet filters and policy rules or rulebases comprising the packet filters to a gateway element 310 that may provide a connection to the PDN. By way of example, this may be done by adding a new parameter, viz., policy and charging control (PCC) command, to the parameter list in the TFT information element:
• 04H (PCC command).
The value of the PCC command may be defined as follows:
o PCC operation code (add PCC rule/rulebase, delete PCC rule/rulebase, no operation)
o Number of PCC rules or PCC rulebases for the PCC operation o Actual PCC rules or PCC rulebases, which contain the PCC rule or PCC rulebase identifier.
In the above parameter description, PCC rule/rulebase refers to policy rule/rulebase.
If it is determined that any PCC rules or PCC rulebases are not to be activated by the user equipment with the request message, the "no operation" PCC command may be used to indicate support of PCC rulebases/rules in the TFT. "No operation" command may contain all the PCC rulebases/rules, which have been provisioned to the user equipment. If PCC rulebases are included in the PCC command, it may not be required to list the PCC rules which are part of the PCC rulebase.
The gateway element 310 may in turn forward the indication 31 1 to a policy control element 320. For example, the forwarding of the indication 31 1 may be performed using a Diameter Credit Control Request (CCR) signaling message over a Gx interface defined by 3GPP, wherein the indication may be sent, for example, as a TFT-packet-filter-information attribute value pair (AVP), which may be derived from the TFT information element sent as part of the message 301. The policy control element 320 may acknowledge the indication using a Diameter Credit Control Answer (CCA) message 312.
Figure 4 and 5 illustrate procedures for activation of the policy rules and the related packet filters during a session initiation or activation of a secondary PDP context according to some embodiments of the invention. As shown in figure 4, a user equipment (UE) 400 may send a request 401 for a service to an application function 430. An example of such request may be a SIP-INVITE message 401. Upon receipt of the request 401 , the application function 430 may send a request such as e.g., a Diameter access
authorization request (AAR) message 431 comprising information relating to the requested service to a policy control element 420. The policy control element 420 may evaluate the request and may send an answer such as e.g., a Diameter access authorization answer (AAA) message 432 to the application function 430. The policy control element 420 may, in parallel, select the policy rules or rulebases to be installed and send a re-authorization request (RAR) message 421 to a gateway element 410 for the installation of the policy rules or rulebases. The gateway element 410 may in turn acknowledge the message using a re-authorization answer (RAA) message 422. Further, the gateway element may send an indication 402 of activation of the policy rules or rulebases to the UE 400. For example, the gateway element may send the indication 402 using protocol configuration option (PCO) as defined by 3GPP.
Figure 5 shows an alternative procedure, according to an embodiment of the invention, of establishment of session, wherein policy rules or rulebases comprising packet filters may be activated. In this case, a user equipment 500 may send a attach request or a PDP context activation request 501 to a control element 540 such as a serving GPRS support node (SGSN) or mobility management entity (MME). Such requests may comprise a request for activation of policy rules or rulebases, for example, using protocol
configuration option (PCO) as defined by 3GPP. PCO may allow transparent transfer of parameters between the UE 500 and a gateway element 510 and may be sent through MME or SGSN as well as through any serving gateway (not shown in figure 5) that may be present. The SGSN or MME may transmit a create session request or a create PDP context request 503 to the gateway element 510, with the indication of the policy rules or rulebases to be activated. Such a request may be transmitted via other network elements such as a serving gateway. For simplicity reasons, such intermediate messaging as well as the additional network elements is not shown in the figure. Upon receipt of the request
503, the gateway element 510 may send a request 51 1 for activation of policy rules or rulebases to a policy control element 520. Such message may be e.g., a Diameter credit control request (CCR) message comprising an indication of the policy rule or rulebase to be activated. The policy control element 520 may evaluate the request and may send answer 512 to the gateway element 510, for example as a credit control answer (CCA) message. The CCA message 512 may indicate an authorization of activation of the policy rules or rulebases or rejection of the request 511. If the policy control element 520 authorizes the activation of the policy rules or rulebases, the gateway element may send an indication 502 of activation of the policy rules or rulebases to the UE 500. As described earlier, for example, the gateway element may send the indication of activation of the policy rules or rulebases 502 using protocol configuration option (PCO) as defined by 3GPP.
The present invention provides a first apparatus 610 and a second apparatus 620 (figure 6) for provisioning and activating policy rules comprising packet filters.
The first apparatus 610 in accordance with the present invention may provide an application function (AF), enhanced with the features of the invention. An example of such application function may be a proxy call session control function (P-CSCF) that may be part of a Internet Protocol (IP) multimedia subsystem (IMS) network. The apparatus 610 may comprise a Central Processing Unit (CPU or a core functionality) 61 1 , a memory 612, a means for defining (Dx) or a defining unit 616 that may be configured to define e.g., policy rules or rulebases comprising packet filters, and a means for provisioning (Px) or a provisioning unit 617 that may be configured to provision the packet filters and the defined policy rules or policy rule bases. The apparatus 610 may further comprise a means for receiving (Rx) or an input unit 614 that may be configured to receive message such as e.g,. session initiation requests and a means for transmitting (Tx) or an output unit 613 that may be configured to transmit messages, such as requests to activate provisioned policy rules or rulebases.
The means for receiving 614 and means for transmitting 613 may exchange information over an internal interface 615. Similarly, there may be interfaces (not shown in figure 6 for sake of simplicity) between the means for defining 616 and the means for receiving 614 and between the means for defining 616 and the means for transmitting 613. Further, there may be interfaces (not shown in figure 6 for sake of simplicity) between the means for provisioning 617 and the means for receiving 614 and between the means for provisioning 617 and the means for transmitting 613.
The means for receiving Rx 614, the means for transmitting 613, the means for defining
616 and the means for provisioning 617 of the apparatus 610 may be functionalities running on the CPU 61 1 of the apparatus, or may alternatively be separate functional entities or means.
The CPU 611 may be configured to process various data inputs and to control the functions of the memory 612, the means for receiving 614, the means for transmitting 613, the means for defining 616 and the means for provisioning 617. The memory 612 may serve e.g. for storing code means for carrying out e.g. the methods according to the examples of the present invention, when run e.g. on the CPU 611. The memory 612 may, according to examples of the present invention, store defined packet filters and policy rules and/or rulebases that may comprise the packet filters. Further, the memory 612 store addresses of various network elements such as policy control function and policy enforcement functions present in the network of which the apparatus 610 may be part of. It may be noted that the means for receiving 614 and the means for transmitting 613 may alternatively be provided as integral transceivers. It may further be noted that the means for receiving 614 and the means for transmitting 613 may be implemented i) as physical transmitters/receivers for transceiving e.g. via the air interface, ii) as routing entities e.g. for sending/receiving data packets e.g. in a PS (packet switched) network, or, iii) as any suitable combination of i) and ii).
According to some examples of the invention, the means for defining 616 may define packet one or more packet filters and policy rules or rulebases comprising the one or more packet filter. The policy rulebase may comprise one or more policy rules, each of which in turn may comprise one or more packet filters. Further, the means for defining 616 may define traffic flow templates based on the policy rules or rulebases.
The defined one or more packet filters and policy rules or rulebases comprising one or more packet filters may be provisioned by the means for provisioning 617 at a user equipment and a policy enforcement function, which may be part of a gateway that may provide a connection to packet data networks for the user equipment. Further, the policy rules or rulesbases may be provisioned at a policy control function.
According to an embodiment of the invention, the means of receiving 614 may receive a request from a user equipment for a service. Such a request may be e.g. , a SI P-INVITE message. Upon receipt of such a request, the means of transmitting 613 may transmit a request to a policy control function for activation of provisioned policy rules or rulebases. Such a request may be e.g. , a Diameter access authorization request (AAR). The means of receiving 614 may receive an answer for such a request, which answer may be e.g. , a Diameter access authorization answer (AAA). Thus, policy rules or rulebases comprising packet filters may be defined, provisioned and activated by the apparatus 610.
The second apparatus 620 in accordance with the present invention may comprise a chipset, a user equipment or a mobile handset, enhanced with the features of the invention. The apparatus 620 may comprise a Central Processing Unit (CPU or a core functionality) 621 , a memory 622, a means for receiving (Rx) or an input unit 624 that may be configured to obtain policy rules or rulebases comprising packet filters from an application function such as the first apparatus 610 described above, a means for transmitting (Tx) or an output unit 623 that may be configured to indicate an obtained policy rule to a gateway element and a means for determining (Dx) or a determining unit 626 that may be configured to determine e.g. , if to use the policy rules or rulebases comprising packet filters.
The means for receiving 624 and means for transmitting 623 may exchange information over an internal interface 625. Similarly, there may be interfaces (not shown in figure 6 for sake of simplicity) between the means for determining 626 and the means for receiving 624 and between the means for determining 626 and the means for transmitting 623.
The means for receiving Rx 624, the means for transmitting 623 and the means for determining 626 of the apparatus 620 may be functionalities running on the CPU 621 of the apparatus, or may alternatively be separate functional entities or means. The CPU 621 may be configured to process various data inputs and to control the functions of the memory 622, the means for receiving 624, the means for transmitting 623 and the means for determining 626. The memory 622 may serve e.g. for storing code means for carrying out e.g. the methods according to the examples of the present invention, when run e.g. on the CPU 621. The memory 622 may, for example, comprise a subscriber identity module (SIM) of a mobile handset. The memory 622 may, according to examples of the present invention, store defined packet filters and policy rules and/or rulebases that may comprise the packet filters. Further, the memory 622 may store addresses of various network elements such as application functions and policy enforcement functions (gateway elements) present in the network of which the apparatus 620 may be part of.
It may be noted that the means for receiving 624 and the means for transmitting 623 may alternatively be provided as integral transceivers. It may further be noted that the means for receiving 624 and the means for transmitting 623 may be implemented i) as physical transmitters/receivers for transceiving e.g. via the air interface, ii) as routing entities e.g. for sending/receiving data packets e.g. in a PS (packet switched) network, or, iii) as any suitable combination of i) and ii).
According to an embodiment of the invention, the means of receiving 624 may obtain policy rules comprising one or more packet filters. The obtained policy rules may comprise a network identifier e.g., PLMN identifier, of an operator of a home network of a subscriber. Subsequent to obtaining the policy rules, the means of transmitting 623 may transmit an indication about the obtained policy rules to a gateway element. By way of example, the indication may be done by adding a new parameter, viz., policy and charging control (PCC) command, to the parameter list in a TFT information element, as described earlier in connection with figure 3.
According to some examples of the invention, the apparatus 620 may use the obtained policy rules only if the network identifier of an access point name of the gateway matches with the network identifier contained within the policy rule. This determination may be done by the means of determining 626. Thus, activation of policy rules in visited network may be avoided.
The present invention may further relate to a computer program product. The computer program product may comprise code means for performing the procedures of defining, provisioning and activating packet filters, policy rules or rulebases, for example, as described with reference to figures 2-5. Further, the present invention may relate to a computer readable medium embodying the computer program product.
Although the present invention has been described herein before with reference to particular embodiments thereof, the present invention is not limited thereto and various modifications can be made thereto. For example, procedures of the invention may be extended to any packet data network wherein defining, provisioning and activating packet filters may be required. Further, the procedures described herein may be performed by any suitable network entity in a network.

Claims

CLAIMS:
1. A method comprising:
defining a policy rule comprising at least one packet filter; and
provisioning the at least one packet filter and the policy rule at a user equipment and a gateway,
wherein the gateway is configured to provide a connection to a packet data network for the user equipment.
2. The method of claim 1 further comprising defining at least one traffic flow template comprising the policy rule.
3. The method of claims 1-2 further comprising provisioning the policy rule at a policy control entity.
4. The method of claims 1-3, further comprising indicating by the user equipment support of the at least one packet filter and the policy rule.
5. The method of claims 1-4, further comprising requesting activation of the provisioned policy rule.
6. The method of claim 5, wherein the requesting comprises requesting by an application function.
7. The method of claim 5, wherein the requesting comprises requesting by a user equipment.
8. The method of claim 6, wherein the requesting is based on the receipt of a request for a service.
9. An apparatus comprising: means for defining a policy rule comprising at least one packet filter; and means for provisioning the at least one packet filter and the policy rule at a user equipment and a gateway.
10. The apparatus of claim 9, further comprising means for provisioning the policy rule at a policy control entity.
11. The apparatus of claims 9-10, further comprising means for receiving a request for a service from the user equipment.
12. The apparatus of claims 9-11 , further comprising means for transmitting a request to activate the provisioned policy rule.
13. The apparatus of claims 9-12, wherein the apparatus comprises an application function.
14. The apparatus of claims 9-13, wherein the apparatus comprises a proxy call session control function.
15. An apparatus comprising:
means for obtaining a policy rule comprising at least one packet filter;
means for indicating the obtained policy rule to a gateway.
16. The apparatus of claim 15, wherein the policy rule comprises a network identifier of an operator of a home network of a subscriber.
17. The apparatus of claim 16, wherein the apparatus is configured to use the policy rule only if the network identifier of the operator matches with a network identifier of an access point name of the gateway.
18. The apparatus of claims 15-17, wherein the apparatus comprises any of a chipset, a user equipment and a mobile handset.
19. A computer program product comprising code portions for causing an apparatus on which the computer program is executed to carry out the method according to any of claims 1 to 8.
20. A computer readable medium embodying the computer program product according to claim 19.
PCT/EP2012/052076 2012-02-08 2012-02-08 Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters WO2013117221A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/052076 WO2013117221A1 (en) 2012-02-08 2012-02-08 Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/052076 WO2013117221A1 (en) 2012-02-08 2012-02-08 Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters

Publications (1)

Publication Number Publication Date
WO2013117221A1 true WO2013117221A1 (en) 2013-08-15

Family

ID=45563055

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/052076 WO2013117221A1 (en) 2012-02-08 2012-02-08 Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters

Country Status (1)

Country Link
WO (1) WO2013117221A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130148665A1 (en) * 2010-10-22 2013-06-13 Telefonaktiebolaget L M Ericsson (Publ) Differentiated Handling of Network Traffic using Network Address Translation
WO2020228967A1 (en) * 2019-05-16 2020-11-19 Telefonaktiebolaget Lm Ericsson (Publ) Over-the-top management in a communication network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1887740A1 (en) * 2006-08-11 2008-02-13 Nokia Siemens Networks Gmbh & Co. Kg Determination of the initiator for a configuration or an establishment of an access network connection
WO2010060457A1 (en) * 2008-11-03 2010-06-03 Nokia Siemens Networks Oy Charging control providing correction of charging control information
WO2011060974A1 (en) * 2009-11-20 2011-05-26 Telefonaktiebolaget L M Ericsson (Publ) Controlling packet filter installation in a user equipment
US20110317558A1 (en) * 2010-06-28 2011-12-29 Alcatel-Lucent Canada, Inc. Method and system for generating pcc rules based on service requests

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1887740A1 (en) * 2006-08-11 2008-02-13 Nokia Siemens Networks Gmbh & Co. Kg Determination of the initiator for a configuration or an establishment of an access network connection
WO2010060457A1 (en) * 2008-11-03 2010-06-03 Nokia Siemens Networks Oy Charging control providing correction of charging control information
WO2011060974A1 (en) * 2009-11-20 2011-05-26 Telefonaktiebolaget L M Ericsson (Publ) Controlling packet filter installation in a user equipment
US20110317558A1 (en) * 2010-06-28 2011-12-29 Alcatel-Lucent Canada, Inc. Method and system for generating pcc rules based on service requests

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130148665A1 (en) * 2010-10-22 2013-06-13 Telefonaktiebolaget L M Ericsson (Publ) Differentiated Handling of Network Traffic using Network Address Translation
US9160707B2 (en) * 2010-10-22 2015-10-13 Telefonaktiebolaget L M Ericsson (Publ) Differentiated handling of network traffic using network address translation
WO2020228967A1 (en) * 2019-05-16 2020-11-19 Telefonaktiebolaget Lm Ericsson (Publ) Over-the-top management in a communication network

Similar Documents

Publication Publication Date Title
US11083033B2 (en) Small data usage enablement in 3GPP networks
JP5468180B2 (en) System and method for generating PCC rules based on service requests
EP2080343B1 (en) Devices and method for guaranteeing service requirements per user equipment basis into a bearer
US9319867B2 (en) Method and apparatuses for policy and charging control of machine-to-machine type communications
KR102048882B1 (en) Method and system for selecting pcef and pcrf in a wireless communication system
US9094437B2 (en) System, policy nodes, and methods to perform policy provisioning of traffic offloaded at a fixed broadband network
US9554401B2 (en) Method and apparatuses for multimedia priority service
US8661145B2 (en) Method and system for transmitting a bearer control mode in roaming scenarios
EP2521385B1 (en) Policy and charging control method, gateway and mobile terminal thereof
EP2727433B1 (en) Method, apparatuses and computer program for controlling bearer related resources
US9807655B2 (en) PCRF assisted APN selection
WO2011115991A2 (en) Methods, systems, and computer readable media for communicating policy information between a policy charging and rules function and a service node
US10326604B2 (en) Policy and charging rules function (PCRF) selection
WO2012129992A1 (en) Sponsored data connectivity processing method, and policy and charging rules function
WO2016112958A1 (en) Qci mobility handling
WO2013117221A1 (en) Methods, apparatuses, a system, and a related computer program product for defining, provisioning and activating packet filters
EP2769567B1 (en) Visited pcrf s9 session id generation
WO2011134321A1 (en) Policy sending method and system for machine type communication
WO2017173897A1 (en) Application-based policy and charging control method, apparatus and system
EP2769581B1 (en) Roaming session termination triggered by roaming agreement/partner deletion
JP2017123617A (en) Information processing apparatus, information processing method, and program
EP2659660A1 (en) A method and apparatuses for multimedia priority service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12702556

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12702556

Country of ref document: EP

Kind code of ref document: A1