CN106211117B

CN106211117B - Policy rule making method, system and device

Info

Publication number: CN106211117B
Application number: CN201510212438.0A
Authority: CN
Inventors: 周晓云; 吴锦花
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2015-04-29
Filing date: 2015-04-29
Publication date: 2021-01-26
Anticipated expiration: 2035-04-29
Also published as: CN106211117A; WO2016173364A1

Abstract

The invention provides a method, a system and a device for making policy rules, wherein the method adopts a protocol converter PC or an application access control AAC to receive a private network IP address, a private network source port number and first flow description information of user equipment UE sent by an application function AF, the PC or the AAC modifies a source address in the first flow description information to the private IP address, modifies a source port number in the first flow description information to the private source port number, generates second flow description information, the PC or the AAC sends the second flow description information to the PCRF, and the PCRF formulates a first PCC rule according to the second flow description information, so that the problem that a plurality of service accesses initiated by a user terminal aiming at one service at the same time can not be correctly reserved and controlled is solved, and the resource reservation and control of the plurality of service accesses initiated by the user terminal at the same time are realized.

Description

Policy rule making method, system and device

Technical Field

The invention relates to the field of communication, in particular to a method, a system and a device for making a policy rule.

Background

Fig. 1 is a schematic diagram of a PCC architecture according to the related art, and as shown in fig. 1, fig. 1 is a Policy and Charging Control (PCC) architecture defined by the third Generation Partnership Project (3rd Generation Partnership Project, abbreviated as 3 GPP).

A Policy and Charging Rules Function (Policy and Charging Rules Function, abbreviated PCRF) performs Quality of Service (QoS) and Charging Policy formulation for traffic using network resources. The PCRF formulates the control policy and needs to combine service information received from an Application function (AF for short), user Subscription information received from a Subscription database (SPR for short), a policy configured by an operator, and the like. The PCRF issues a control Policy formulated for the service to a Policy and Charging Enforcement Function (PCEF for short) or a Bearer Binding and Event reporting Function (BBERF for short) for execution. Meanwhile, the PCRF can subscribe the bearer layer related events to the PCEF and/or the BBERF so as to timely sense and change the control strategy when the bearer layer has the events. In addition, the PCEF and the Traffic Detection Function (TDF) can perform Application Detection and Control functions according to a PCC rule (PCEF) or an Application Detection Control (ADC) rule (TDF) issued by the PCRF.

With the development of the mobile internet, an operator needs to communicate with a third-party data application provider to guarantee the QoS for the services provided by the third-party data application provider. Fig. 2 is a schematic diagram of a PCC architecture of Application Access Control (AAC) according to the related art, and as shown in fig. 2, most third party data Application providers are better developed based on SOAP and REST protocols because of a Diameter protocol adopted by an Rx interface supported by the PCC at present. The research in the industry currently supports the Rx interface based on SOAP/REST protocol with PCC architecture. A logic function called Protocol Converter (PC for short) is directly set in PCRF and AF for converting SOAP or REST Protocol into Diameter. Furthermore, some access control functions may be added to the PC to better control the access of the operator to the third-party data application, in this case, the logic function is also referred to as an AAC functional entity.

Fig. 3 is a schematic diagram of a PCC architecture of NAT according to the related art, and as shown in fig. 3, in order to solve the problem of IP Address shortage, an operator typically deploys a Network Address Translation device (NAT) after a packet Network Gateway (pdn) (packet Data Network) Gateway (P-GW). Due to the presence of NAT, the same PDN connection carries a private IP address and port number used inside the Packet Core Evolved network (EPC for short), which is different from the public IP address and port number used in the external Packet network. In the related technology, the service information provided by the AF to the PCRF for formulating the PCC rules is based on the converted IP address and port number in the external packet Network, firstly, the PCRF cannot associate an AF session with an IP Access Network (IP-connectivity Access Network, abbreviated as IP-CAN) according to the public IP address provided by the AF and the private Network IP address provided by the PCEF, and secondly, if the PCRF formulates a filter template in the PCC rules according to the external IP address and port number and provides the filter template to the PCEF or BBERF for execution, the PCEF or BBERF cannot match a correct data stream.

In order to solve the above problem, a solution is proposed in the related art, that is, the NAT sends a mapping table of address translation to the PCRF, and the PCRF can find a corresponding private network IP address and port number according to the mapping table and information provided by the AF. However, this scheme requires that the NAT and the PCRF have an interworking mechanism, which greatly affects the existing network.

In the related art, another implementation is also provided, in which the P-GW inserts a private network IP address of the UE into a header of a packet data packet sent by the UE, and the AF provides the private network IP address of the UE while providing service information to the PCRF, so that the PCRF can perform session association according to the private network IP address. However, the current mechanism can only perform session binding, and since the PCRF cannot acquire the private network source port number of the service, the UE may not perform correct resource reservation and resource control for multiple service accesses initiated by one service at the same time. For example, the UE simultaneously initiates 2 HTTP service requests to the same service, since the private network IP address, the server-side IP address, and the server port number of the service data stream of the two services are consistent. In the existing mechanism, the PCRF cannot issue correct PCC rules to perform resource reservation and control for 2 simultaneous service accesses.

In the related art, an effective solution is not proposed at present for the problem that multiple service accesses initiated by a user terminal for one service at the same time may not be able to perform correct resource reservation and resource control.

Disclosure of Invention

The invention provides a method, a system and a device for making a policy rule, which are used for at least solving the problem that the correct resource reservation and resource control can not be carried out by a plurality of service accesses initiated by a user terminal aiming at one service simultaneously in the related technology.

According to an aspect of the present invention, there is provided a policy rule making method, including:

a protocol converter PC or an application access control AAC receives a private network IP address, a private network source port number and first flow description information of User Equipment (UE) sent by an application function AF, the PC or the AAC modifies a source address in the first flow description information into the private network IP address, modifies the source port number in the first flow description information into the private network source port number, and generates second flow description information;

and the PC or the AAC sends the second flow description information to a Policy and Charging Rule Function (PCRF) so that the PCRF formulates a first PCC rule according to the second flow description information.

Further, the method further comprises:

the source address of the first flow description information is a public network IP address converted by a network address conversion function NAT, and the source port number is the public network source port number converted by the NAT.

Further, before the protocol converter PC or the application access control AAC receives the private network IP address, the private network source port number, and the first flow description information of the user equipment UE sent by the application function AF, a manner in which the AF acquires the private network IP address and the private network source port number includes one of the following:

inserting the private network IP address and the private network source port number of the UE into a data packet by an application detection function according to an indication in a service detection rule issued by the PCRF, and acquiring the private network IP address and the private network source port number from the data packet by the AF; alternatively, the first and second electrodes may be,

and the UE inserts the private network IP address and the private network source port number into a data packet, and the AF acquires the private network IP address and the private network source port number from the data packet.

Further, the inserting, by the application detection function, the private network IP address and the private network source port number of the UE in a data packet according to an indication in a service detection rule issued by the PCRF includes one of:

if the application detection function is a Policy Charging Enforcement Function (PCEF), the PCRF carries an insertion indication in a PCC rule provided for the PCEF, and when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet; alternatively, the first and second electrodes may be,

and if the application detection function is a service detection function TDF, the PCRF carries an insertion indication in an application detection control ADC rule provided for the TDF, and when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet.

According to another aspect of the present invention, there is provided a policy rule making method, including:

the PCRF receives a private network IP address, a private network source port number and third flow description information of the user equipment UE, which are sent by the AF;

the PCRF formulates a second PCC rule according to the private network IP address, the private network source port number and the third flow description information, wherein a service data filter in the second PCC rule is generated in the following mode: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number.

Further, the method further comprises:

the source address of the third stream description information is a public network IP address converted by a network address conversion function NAT, and the source port number is a public network source port number converted by the NAT.

Further, before the PCRF receives the private network IP address, the private network source port number, and the third flow description information of the user equipment UE sent by the AF, a manner of acquiring the private network IP address and the private network source port number includes one of the following:

if the application detection function is a PCEF, the PCRF carries an insertion indication in a PCC rule provided for the PCEF, and when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet; alternatively, the first and second electrodes may be,

and if the application detection function is TDF, the PCRF carries an insertion indication in an ADC rule provided by the TDF, and when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet.

the PCRF receives fifth flow description information, wherein an AF acquires a private network IP address, a private network source port number and fourth flow description information from a data packet, the AF modifies a source address in the fourth flow description information into the private network IP address, modifies the source port number in the fourth flow description information into the private network source port number, and generates the fifth flow description information;

and the PCRF formulates a third PCC rule according to the fifth flow description information.

Further, the method further comprises:

the source address of the fourth flow description information is a public network IP address converted by a network address conversion function NAT, and the source port number is the public network source port number converted by the NAT.

Further, the manner in which the AF obtains the private network IP address, the private network source port number, and the fourth flow description information from the packet includes one of:

inserting the private network IP address and the private network source port number of the UE into the data packet by using a detection function according to an indication in a service detection rule issued by the PCRF, and acquiring the private network IP address and the private network source port number from the data packet by using the AF; alternatively, the first and second electrodes may be,

and the UE inserts the private network IP address and the private network source port number into the data packet, and the AF acquires the private network IP address and the private network source port number from the data packet.

Further, the inserting, by the application detection function, the private network IP address and the private network source port number of the UE in a data packet according to an indication in the service detection rule issued by the PCRF includes one of:

and if the application detection function is TDF, the PCRF carries an insertion indication in an ADC rule provided for the TDF, and when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet.

According to another aspect of the present invention, there is also provided a policy rule making system, including:

the PC or AAC is used for receiving a private network IP address, a private network source port number and first flow description information sent by the AF, modifying a source address in the first flow description information into the private network IP address, modifying the source port number in the first flow description information into the private network source port number, generating second flow description information, and then sending the second flow description information to the PCRF;

and the PCRF is used for receiving the second flow description information sent by the PC or the AAC and formulating a first PCC rule according to the second flow description information.

Further, the AF is further configured to obtain the private network IP address and the private network source port number from a data packet.

Further, the system further comprises: the PCEF is used for receiving a PCC rule which is provided by the PCRF and carries an insertion indication, and when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet; or, the TDF is configured to receive an ADC rule provided by the PCRF and carrying an insertion indication, and insert the private IP address of the UE and the private source port number in the data packet when the TDF detects the data packet according to the ADC rule.

the PCRF is configured to receive a second PCC rule sent by the AF according to the private network IP address, the private network source port number, and the third flow description information, where a service data filter in the second PCC rule is generated in the following manner: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number. .

Further, the system further comprises:

the PCEF is used for receiving a PCC rule which is provided by the PCRF and carries an insertion indication, and when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet; alternatively, the first and second electrodes may be,

and the TDF is used for receiving the ADC rule which is provided by the PCRF and carries an insertion indication, and when the TDF detects the data packet according to the ADC rule, the TDF inserts the private network IP address and the private network source port number of the UE into the data packet.

the AF is used for acquiring a private network IP address, a private network source port number and fourth flow description information from a data packet, modifying a source address in the fourth flow description information into the private network IP address, modifying the source port number in the fourth flow description information into the private network source port number, generating fifth flow description information and then providing the fifth flow description information for the PCRF;

and the PCRF is used for formulating a third PCC rule according to the fifth flow description information.

Further, the system further comprises:

According to another aspect of the present invention, there is also provided a PC or AAC apparatus including:

the first receiving module is used for receiving the private network IP address, the private network source port number and the first flow description information sent by the AF;

a first modification module, configured to modify a source address in the first flow description information into the private network IP address, modify a source port number in the first flow description information into the private network source port number, and generate second flow description information;

and the first sending module is used for sending the second flow description information to the PCRF.

According to another aspect of the present invention, there is also provided a PCRF device, including:

the second receiving module is used for receiving the private network IP address, the private network source port number and the third stream description information sent by the AF;

a formulating module, configured to formulate a second PCC rule according to the private network IP address, the private network source port number, and the third flow description information, where a service data filter in the second PCC rule is generated in the following manner: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number. .

According to another aspect of the present invention, there is also provided an AF apparatus including:

the acquisition module is used for acquiring a private network IP address, a private network source port number and fourth flow description information from the data packet;

a second modification module, configured to modify the source address in the fourth flow description information into the private IP address, modify the source port number in the fourth flow description information into the private source port number, generate fifth flow description information, and provide the fifth flow description information to the PCRF;

and the second sending module is used for sending the fifth flow description information to the PCRF.

According to the invention, a protocol converter PC or an application access control AAC is adopted to receive a private network IP address, a private network source port number and first flow description information of user equipment UE sent by an application function AF, the PC or the AAC modifies a source address in the first flow description information into the private network IP address, a source port number in the first flow description information is modified into the private network source port number, second flow description information is generated, the PC or the AAC sends the second flow description information to a PCRF, and the PCRF formulates a first PCC rule according to the second flow description information, so that the problem that a plurality of service accesses initiated by a user terminal at the same time can not correctly reserve resources and control the resources is solved, and the resource reservation and control of the plurality of service accesses initiated by the user terminal at the same time are realized.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

fig. 1 is a schematic diagram of a PCC architecture according to the related art;

fig. 2 is a schematic diagram of a PCC architecture of AAC according to the related art;

fig. 3 is a schematic diagram of a PCC architecture for NAT according to the related art;

FIG. 4 is a flow chart of a policy rule making method according to an embodiment of the invention;

fig. 5 is a block diagram of a PC or AAC apparatus according to an embodiment of the present invention;

fig. 6 is a block diagram of a PCRF device according to an embodiment of the present invention;

fig. 7 is a block diagram of a configuration of an AF apparatus according to an embodiment of the present invention;

fig. 8 is a first flowchart for implementing the PCRF formulating PCC rules according to the preferred embodiment of the present invention;

fig. 9 is a flowchart ii for implementing the PCRF formulating the PCC rules according to the preferred embodiment of the present invention.

Detailed Description

The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.

It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

In this embodiment, a policy rule making method is provided, and fig. 4 is a flowchart of a policy rule making method according to an embodiment of the present invention, as shown in fig. 4, the flowchart includes the following steps:

step S402, a protocol converter PC or an application access control AAC receives a private network IP address, a private network source port number and first flow description information of user equipment UE sent by an application function AF, the PC or the AAC modifies a source address in the first flow description information into the private network IP address, modifies a source port number in the first flow description information into the private network source port number, and generates second flow description information;

step S404, the PC or the AAC sends the second flow description information to the PCRF, so that the PCRF formulates the first PCC rule according to the second flow description information.

Through the steps, a protocol converter PC or an application access control AAC receives a private network IP address, a private network source port number and first flow description information of user equipment UE, wherein the private network IP address, the private network source port number and the first flow description information are sent by an application function AF, a source address in the first flow description information is modified into the private network IP address by the PC or the AAC, the source port number in the first flow description information is modified into the private network source port number, and second flow description information is generated; the PC or the AAC sends the second flow description information to the PCRF, and the PCRF formulates a first PCC rule according to the second flow description information, so that the problem that a plurality of service accesses initiated by a user terminal aiming at one service at the same time can not be correctly reserved and controlled is solved, and the resource reservation and control of the plurality of service accesses initiated by the user terminal at the same time are realized.

In this embodiment, the source address of the first flow description information is a public network IP address converted by a network address translation function NAT, and the source port number is a public network source port number converted by the NAT.

In this embodiment, before the protocol converter PC or the application access control AAC receives the private network IP address, the private network source port number, and the first flow description information of the user equipment UE sent by the application function AF, a manner of acquiring the private network IP address and the private network source port number by the AF includes one of the following:

the application detection function inserts the private network IP address and the private network source port number of the UE into a data packet according to an indication in a service detection rule issued by the PCRF, and the AF acquires the private network IP address and the private network source port number from the data packet; alternatively, the first and second electrodes may be,

the UE inserts the private network IP address and the private network source port number into a data packet, and the AF acquires the private network IP address and the private network source port number from the data packet.

In this embodiment, the inserting, by the application detection function, the private network IP address and the private network source port number of the UE in the data packet according to the indication in the service detection rule issued by the PCRF includes one of the following:

if the application detection function is a traffic detection function TDF, the PCRF carries an insertion indication in an application detection control ADC rule provided for the TDF, and when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet.

In an embodiment of the present invention, a policy rule making method is further provided, including:

the PCRF formulates a second PCC rule according to the private network IP address, the private network source port number, and the third flow description information, wherein a service data filter in the second PCC rule is generated in the following manner: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number.

In this embodiment, the source address of the third flow description information is a public network IP address converted by a network address translation function NAT, and the source port number is a public network source port number converted by the NAT.

In this embodiment, before the PCRF receives the private network IP address, the private network source port number, and the third flow description information of the user equipment UE sent by the AF, a manner of acquiring the private network IP address and the private network source port number includes one of the following:

if the application detection function is the TDF, the PCRF carries an insertion indication in an ADC rule provided by the TDF, and when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet.

the PCRF receives fifth flow description information, wherein an AF acquires a private network IP address, a private network source port number and fourth flow description information from a data packet, modifies a source address in the fourth flow description information into the private network IP address, modifies the source port number in the fourth flow description information into the private network source port number, and generates the fifth flow description information;

In this embodiment, the source address of the fourth flow description information is a public network IP address converted by the network address translation function NAT, and the source port number is a public network source port number converted by the NAT.

In this embodiment, the manner for the AF to obtain the private network IP address, the private network source port number, and the fourth flow description information from the data packet includes one of the following:

the application detection function inserts the private network IP address and the private network source port number of the UE into the data packet according to the indication in the service detection rule issued by the PCRF, and the AF acquires the private network IP address and the private network source port number from the data packet; alternatively, the first and second electrodes may be,

the UE inserts the private network IP address and the private network source port number into the data packet, and the AF acquires the private network IP address and the private network source port number from the data packet.

if the application detection function is the TDF, the PCRF carries an insertion indication in the ADC rule provided for the TDF, and inserts the private IP address and the private source port number of the UE in the data packet when the TDF detects the data packet according to the ADC rule.

In an embodiment of the present invention, a policy rule making system is further provided, including:

In this embodiment, the AF is further configured to obtain the private network IP address and the private network source port number from a packet.

In this embodiment, the system further includes:

the PCEF is configured to receive a PCC rule provided by the PCRF and carrying an insertion indication, and insert the private network IP address and the private network source port number of the UE in the data packet when the PCEF detects the data packet according to the PCC rule; alternatively, the first and second electrodes may be,

and the TDF is used for receiving the ADC rule which is provided by the PCRF and carries the insertion indication, and when the TDF detects the data packet according to the ADC rule, the TDF inserts the private network IP address and the private network source port number of the UE into the data packet.

and the PCRF is used for receiving a second PCC rule which is sent by the AF and formulated according to the private network IP address, the private network source port number and the third flow description information, wherein a service data filter in the second PCC rule is generated in the following mode: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number. .

In this embodiment, the system further includes:

the AF is used for acquiring a private network IP address, a private network source port number and fourth flow description information from the data packet, modifying a source address in the fourth flow description information into the private network IP address, modifying the source port number in the fourth flow description information into the private network source port number, generating fifth flow description information and then providing the fifth flow description information to the PCRF;

In this embodiment, the system further includes:

Fig. 5 is a block diagram showing the structure of a PC or AAC apparatus according to an embodiment of the present invention, as shown in fig. 5, the apparatus including:

a first receiving module 52, configured to receive a private network IP address, a private network source port number, and first flow description information sent by an AF;

a first modifying module 54, configured to modify the source address in the first flow description information into the private IP address, modify the source port number in the first flow description information into the private source port number, and generate second flow description information;

a first sending module 56, configured to send the second flow description information to the PCRF.

Fig. 6 is a block diagram of a PCRF device according to an embodiment of the present invention, and as shown in fig. 6, the PCRF device includes:

a second receiving module 62, configured to receive a private network IP address, a private network source port number, and third flow description information sent by an AF;

a formulating module 64, configured to formulate a second PCC rule according to the private network IP address, the private network source port number, and the third flow description information, where a service data filter in the second PCC rule is generated in the following manner: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number.

Fig. 7 is a block diagram of the structure of an AF apparatus according to an embodiment of the present invention, as shown in fig. 7, the apparatus including:

an obtaining module 72, configured to obtain a private network IP address, a private network source port number, and fourth flow description information from the data packet;

a second modifying module 74, configured to modify the source address in the fourth flow description information into the private network IP address, modify the source port number in the fourth flow description information into the private network source port number, generate fifth flow description information, and provide the fifth flow description information to the PCRF;

a second sending module 76, configured to send the fifth flow description information to the PCRF.

In this embodiment, before the AF sends the private network IP address, the private network source port number, and the flow description information to the PC or AAC, the manner in which the AF acquires the private network IP address and the private network source port number includes one of the following:

In this embodiment, the application detection function inserts the private network IP address and the private network source port number of the UE into a data packet according to an indication in a service detection rule issued by the PCRF, and the AF obtains the private network IP address and the private network source port number from the data packet and includes one of the following:

if the application detection function is a Policy Charging Enforcement Function (PCEF), the PCRF carries an insertion indication in a PCC rule provided for the PCEF, when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet, and the AF acquires the private network IP address and the private network source port number; alternatively, the first and second electrodes may be,

if the application detection function is a traffic detection function TDF, the PCRF carries an insertion indication in an ADC rule provided for the TDF, when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet, and the AF acquires the private network IP address and the private network source port number.

In this embodiment, a method for making policy rules is further provided, including:

the AF sends a private network IP address, a private network source port number and third flow description information of user equipment UE to the PCRF, the PCRF formulates a second PCC rule according to the private network IP address, the private network source port number and the third flow description information, wherein a service data filter in the second PCC rule modifies a source address into the private network IP address for the third flow description information, and modifies the source port number into the private network source port number to generate the third flow description information.

In this embodiment, before the AF sends the private network IP address, the private network source port number, and the third flow description information to the PCRF, a manner of acquiring the private network IP address and the private network source port number includes one of the following:

if the application detection function is a PCEF, the PCRF carries an insertion indication in a PCC rule provided for the PCEF, when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet, and the AF acquires the private network IP address and the private network source port number; alternatively, the first and second electrodes may be,

if the application detection function is TDF, the PCRF carries an insertion indication in an ADC rule provided for a traffic detection function TDF, when the TDF detects the data packet according to the ADC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet, and the AF acquires the private network IP address and the private network source port number.

the AF modifies a source address in the fourth flow description information into the private network IP address, modifies the source port number in the fourth flow description information into the private network source port number, generates fifth flow description information and provides the fifth flow description information to the PCRF;

In this embodiment, the application detection function inserts the private network IP address and the private network source port number of the UE into a data packet according to an indication in the service detection rule issued by the PCRF, and the AF obtains the private network IP address and the private network source port number from the data packet, where the obtaining includes one of the following:

In this embodiment, a policy rule making system is further provided, including:

an AF to provide a private network IP address, a private network source port number, and first flow description information to the AAC;

the PC or AAC is used for receiving the private network IP address, the private network source port number and the first flow description information sent by the AF, modifying a source address in the first flow description information into the private network IP address, modifying the source port number in the first flow description information into the private network source port number, generating second flow description information, and then sending the second flow description information to the PCRF;

and the PCRF is used for the second flow description information sent by the PC or the AAC and formulating a first PCC rule according to the second flow description information.

In this embodiment, the PCEF is configured to receive a PCC rule provided by the PCRF and carrying an insertion indication, and insert the private network IP address and the private network source port number of the UE in the data packet when the PCEF detects the data packet according to the PCC rule; alternatively, the first and second electrodes may be,

In this embodiment, a policy rule making system is further provided, including:

AF, used for sending the private network IP address, the private network source port number and the third flow description information of the user equipment UE to PCRF,

and the PCRF is used for formulating a second PCC rule according to the private network IP address, the private network source port number and the third flow description information, wherein a service data filter in the second PCC rule modifies a source address into the private network IP address for the third flow description information, and modifies the source port number into the private network source port number for generation.

In this embodiment, a policy rule making system is further provided, including:

In this embodiment, a PC or AAC device and a PCRF device are also provided, where the PC or AAC device and the PCRF device are used to implement the foregoing embodiments and preferred embodiments, and details are not repeated for what has been described. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.

The present invention will be described in detail with reference to preferred embodiments.

Example 1

In the preferred embodiment, the application function AF provides a private network source port number to the PCRF through the PC/AAC, and the PCRF formulates different PCC rules to implement resource reservation and QoS control on the traffic data stream. (in the embodiment of the present invention, the source IP address, the source port number, the destination IP address, and the destination port number are all for the uplink direction).

Fig. 8 is a flowchart illustrating a procedure for implementing the PCRF for formulating PCC rules according to a preferred embodiment of the present invention, as shown in fig. 8,

step 801: the UE attaches to the network and establishes an IP-CAN session. In this procedure, a Gx session for policy and charging control is established between the PCEF and the PCRF. And if the IP-CAN session relates to the BBERF, establishing a gateway control session for policy control between the BBERF and the PCRF. The PCRF carries an insertion indication in the PCC rule provided to the PCEF, that is, when the PCEF detects a specific service data flow according to the PCC rule, the private network IP address of the UE and the private network source port number of the service data flow are inserted in the data packet.

Step 802: the UE initiates service access, and after detecting a specific service data flow initiated by the UE according to the PCC rule, the PCEF adds a private network IP address and a private network source port number (denoted as a private network source port 1) of the UE to a data packet of the service. After the service packet passes through the NAT, the source IP address (i.e., the private network IP address of the UE) and the source port number (i.e., the private network source port number 1) in the five-tuple of the packet header are converted into the public network IP address and the public network source port number (denoted as the public network source port number 1) by the NAT. The application server obtains the five-tuple of the data packet and the private network IP address and the private network source port number 1 of the UE added by the PCEF in the data packet.

Step 803: and the AF sends HTTP POST information to the AAC, wherein the information carries service description information, a public network IP address, a private network IP address and a private network source port number 1. The service description information includes service description information identifier 1, stream description information, media type, and requested bandwidth information. Wherein the flow description information is the five-tuple of the data packet obtained by the application server in step 802.

Step 804: AAC adjusts the flow description information in the service description, modifies the source address into a private network IP address, and modifies the source port number into a private network source port 1.

Step 805: AAC sends AAR message to PCRF, the message carries service flow description information and private network IP address;

step 806: after the PCRF saves the information, a confirmation message is returned;

step 807: AAC returns a confirmation message to AF;

step 808: the PCRF formulates a PCC rule 1 according to the service information, the network policy, the user subscription, and other information, wherein the flow description information (also called a service filter template) carried in the PCC rule 1 is the flow description information provided by the AAC. The QoS information carried in the PCC rule 1 includes a QoS Class Identifier (QCI), an Allocation And Retention Priority (ARP). If the QCI formulated by the PCRF is GBR-QCI, the QoS information includes a Guaranteed Bit Rate (GBR) and a Maximum Bit Rate (MBR); if the QCI formulated by the PCRF is a Non-guaranteed bit rate (Non-GBR) QCI, the QoS information may include MBR. And if the BBERF exists, the PCRF also formulates a QoS rule 1 according to the PCC rule 1.

Step 809: the PCRF provides QoS rule 1 to the BBERF;

step 810: the PCRF provides PCC rule 1 to the PCEF;

step 811: the UE initiates access to the same service again, and after detecting the specific service data flow initiated by the UE again according to the PCC rule, the PCEF adds a private network IP address of the UE and a private network source port number (denoted as private network source port number 2) of the service data flow to the data packet of the service. After the service packet passes through the NAT, the source IP address (i.e., the private network IP address of the UE) and the source port number (i.e., the private network source port number 2) in the five-tuple of the service packet are translated into the public network IP address and the source public network port number (denoted as the public network source port number 2) by the NAT. The application server obtains the five-tuple of the data packet and the private network IP address and the private network source port number 2 of the UE added by the PCEF in the data packet. Since the UE accesses the same service, the destination IP address and the destination port number in the five-tuple are the same as those in step 802.

Step 812: and the AF sends an HTTP PUT message to the AAC, wherein the message carries service description information, a public network IP address, a private network IP address and a private network source port number 2. The service description information includes service description information identifier 2, stream description information, media type, and requested bandwidth information. Wherein the flow description information is the five-tuple of the packet obtained in step 811.

Step 813: AAC adjusts the flow description information in the service description, modifies the source address into a private network IP address, and modifies the source port number into a private network source port 2.

Step 814: AAC sends AAR message to PCRF, the message carries service flow description information and private network IP address;

step 815: after the PCRF saves the information, a confirmation message is returned;

step 816: AAC returns a confirmation message to AF;

step 817: the PCRF formulates a PCC rule 2 according to the service information, the network policy, the user subscription, and other information, wherein the flow description information (also called a service filter template) carried in the PCC rule 2 is the flow description information provided by the AAC. The QoS information carried in the PCC rule 2 includes QCI and ARP. If the QCI formulated by the PCRF is GBR-QCI, the QoS information comprises GBR and MBR; if the QCI formulated by the PCRF is a Non-GBR QCI, the QoS information may include the MBR. If the BBERF exists, the PCRF further formulates QoS rules 2 according to the PCC rules 2.

Step 818: the PCRF provides QoS rule 2 to the BBERF;

step 819: the PCRF provides PCC rule 2 to the PCEF;

in the above process, the PCRF carries different flow description information in the PCC rule 1 and the PCC rule 2, so the PCEF can respectively perform resource reservation according to the PCC rule 1 and the PCC rule 2, and respectively perform data filtering and control on 2 accesses of the same service.

In the above embodiment, the flow description information is adjusted by AAC, and in other embodiments, the flow description information may be adjusted by AF or PCRF. The implementation of the adjustment by AF is: the flow description information provided by the AF to the AAC sets a source address as a private network IP address of the UE, and a source port number is set as a private network source port number, so that the AAC does not need to be further adjusted, and an external private network source port number does not need to be sent to the PCRF; the implementation of the adjustment by the PCRF is: firstly, AAC directly sends all information acquired from AF to PCRF, PCRF formulates PCC rule, sets source IP address in flow description information in PCC rule as private network IP address of UE, and sets source port number as private network source port number.

Example 2

In the preferred embodiment, the application function AF provides a private network source port number to the PCRF, and the PCRF formulates different PCC rules to implement resource reservation and QoS control on the service data flow.

Fig. 9 is a flowchart of a second implementation of the PCRF formulating PCC rules according to the preferred embodiment of the present invention, as shown in fig. 9,

step 901: the UE attaches to the network and establishes an IP-CAN session. In this procedure, a Gx session for policy and charging control is established between the PCEF and the PCRF. And if the IP-CAN session relates to the BBERF, establishing a gateway control session for policy control between the BBERF and the PCRF. The PCRF carries the insertion indication in the PCC rules provided to the PCEF. That is, when the PCEF detects a specific service data flow according to the PCC rule, the private network IP address and the private network source port number of the UE are inserted into the data packet.

Step 902: the UE initiates service access, and after detecting a specific service data flow initiated by the UE according to the PCC rule, the PCEF adds a private network IP address and a private network source port number (denoted as a private network source port number 1) of the UE to a data packet of the service. After the service packet passes through the NAT, the source IP address (i.e., the private network IP address of the UE) and the source port number (i.e., the private network source port number 1) in the five-tuple of the service packet are converted into the public network IP address and the source public network port number (denoted as the source public network port number 1) by the NAT. The application server obtains the five-tuple of the data packet and the private network IP address and the private network source port number 1 of the UE added by the PCEF in the data packet.

Step 903: and the AF sends an AAR message to the PCRF, wherein the message carries service description information, a public network IP address, a private network IP address and a private network source port number 1. The service description information includes service description information identifier 1, stream description information, media type, and requested bandwidth information. Wherein the flow description information is the five-tuple of the packet obtained by the application server in step 902.

Step 904: after the PCRF saves the information, a confirmation message is returned;

step 905: the PCRF formulates a PCC rule 1 according to the information such as the service information, the network policy, the user subscription and the like, wherein the flow description information (namely a service filter template) carried in the PCC rule 1 modifies a source address into a UE private network IP address according to the service description information provided by the AF for the PCRF, and the source port number is modified into a private network source port number 1. The QoS information carried in the PCC rule 1 includes a QoS Class Identifier (QCI), an Allocation And Retention Priority (ARP). If the QCI formulated by the PCRF is GBR-QCI, the QoS information includes a Guaranteed Bit Rate (GBR) and a Maximum Bit Rate (MBR); if the QCI formulated by the PCRF is a Non-guaranteed bit rate (Non-GBR) QCI, the QoS information may include MBR. And if the BBERF exists, the PCRF also formulates a QoS rule 1 according to the PCC rule 1.

Step 906: the PCRF provides QoS rule 1 to the BBERF;

step 907: the PCRF provides PCC rule 1 to the PCEF;

step 908: the UE initiates access to the same service again, and the PCEF detects a specific service data flow initiated by the UE again according to the PCC rule, and adds a private network IP address and a private network source port number (denoted as private network source port number 2) of the UE to a data packet of the service. After the service packet passes through the NAT, the source IP address (i.e., the private network IP address of the UE) and the source port number (i.e., the private network source port number 2) in the five-tuple of the packet header are converted into the public network IP address and the source public network port number (denoted as the source public network port number 2) by the NAT. The application server obtains the five-tuple of the data packet and the private network IP address and the private network source port number 2 of the UE added by the PCEF in the data packet. Since the UE accesses the same service, the destination IP address and the destination port number in the five-tuple are the same as those in step 902.

Step 909: and the AF sends an AAR message to the PCRF, wherein the message carries service description information, a public network IP address, a private network IP address and a private network source port number 2. The service description information includes service description information identifier 2, stream description information, media type, and requested bandwidth information. Wherein the flow description information is the five-tuple of the packet obtained in step 908.

Step 910: after the PCRF saves the information, a confirmation message is returned;

step 911: and the PCRF formulates a PCC rule 2 according to the information such as the service information, the network policy, the user appointment and the like, wherein the flow description information carried in the PCC rule 2 modifies the source address into a private network IP address in the service description information provided by the AF for the PCRF, and the source port number is modified into a private network source port 2. The QoS information carried in the PCC rule 2 includes QCI and ARP. If the QCI formulated by the PCRF is GBR-QCI, the QoS information comprises GBR and MBR; if the QCI formulated by the PCRF is a Non-GBR QCI, the QoS information may include the MBR. If the BBERF exists, the PCRF further formulates QoS rules 2 according to the PCC rules 2.

Step 912: optionally, the PCRF provides QoS rules 2 to the BBERF;

step 913: the PCRF provides PCC rule 2 to the PCEF;

In the above embodiment, there is a PCRF to adjust the flow description information, and in other embodiments, the AF may also be used. That is, the flow description information provided by the AF to the PCRF sets the source address as the private network IP address of the UE, and sets the source port number as the private network source port number, so that the AF does not need to send the private network source port number brought outside to the PCRF.

In embodiments 1 and 2, the PCEF inserts the private network IP address and the private network source port number of the UE in the data packet according to the indication of the PCC rule. In other embodiments, the TDF may insert the private network IP address and the private network source port number of the UE in the data packet according to an insertion indication in the ADC rule issued by the PCRF. That is, for a scenario in which a TDF is deployed in a network, in the process of establishing an IP-CAN session, the PCRF issues the ADC rule carrying the insertion indication to the TDF, and when the TDF detects a traffic data flow (also called application) according to the ADC rule, the TDF inserts a private network IP address and a private network source port number of the UE in a data packet of the traffic data flow

In embodiments 1 and 2, the PCEF inserts the private network IP address and the private network source port number of the UE in the data packet according to the indication of the PCC rule. In other implementations, the UE may actively insert the private network IP address and the private network source port number of the UE into the data packet, and the AF may also obtain the above two information from the data packet.

Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.

The embodiment of the invention also provides a storage medium. Optionally, in this embodiment, the storage medium may be configured to store program codes for executing the method of the above embodiment:

optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.

Alternatively, in the present embodiment, the processor executes the method of the above-described embodiment according to the program code stored in the storage medium.

It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.

The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims

1. A method for making policy rules, comprising:

2. The method of claim 1, further comprising:

3. The method of claim 1, wherein before a protocol converter PC or application access control AAC receives a private network IP address, a private network source port number, and first flow description information of a user equipment UE sent by an application function AF, a manner in which the AF obtains the private network IP address and the private network source port number comprises one of:

4. The method of claim 3, wherein inserting the private network IP address and the private network source port number of the UE in a data packet according to an indication in a traffic detection rule issued by a PCRF by an application detection function comprises one of:

5. A method for making policy rules, comprising:

6. The method of claim 5, further comprising:

7. The method of claim 5, wherein before the PCRF receives a private network IP address, a private network source port number, and third flow description information of the UE sent by the AF, a manner of acquiring the private network IP address and the private network source port number comprises one of:

8. The method of claim 7, wherein inserting the private network IP address and the private network source port number of the UE in a data packet according to an indication in a traffic detection rule issued by a PCRF by an application detection function comprises one of:

9. A method for making policy rules, comprising:

10. The method of claim 9, further comprising:

11. The method of claim 9, wherein the AF obtains the private network IP address, the private network source port number, and the fourth flow description information from the packet in a manner that comprises one of:

inserting the private network IP address and the private network source port number of User Equipment (UE) into the data packet by an application detection function according to an indication in a service detection rule issued by the PCRF, and acquiring the private network IP address and the private network source port number from the data packet by the AF; alternatively, the first and second electrodes may be,

12. The method of claim 11, wherein the inserting, by the application detection function, the private network IP address and the private network source port number of the UE in a data packet according to an indication in the traffic detection rule issued by the PCRF comprises one of:

13. A policy rule making system, comprising:

14. The system of claim 13, comprising:

and the AF is also used for acquiring the private network IP address and the private network source port number from a data packet.

15. The system of claim 14, further comprising:

16. A policy rule making system, comprising:

the PCRF is configured to receive a second PCC rule sent by the AF according to the private network IP address, the private network source port number, and the third flow description information, where a service data filter in the second PCC rule is generated in the following manner: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number.

17. The system of claim 16, wherein:

18. The system of claim 16, further comprising:

the PCEF is used for receiving a PCC rule which is provided by the PCRF and carries an insertion indication, and when the PCEF detects a data packet according to the PCC rule, the private network IP address and the private network source port number of User Equipment (UE) are inserted into the data packet; alternatively, the first and second electrodes may be,

19. A policy rule making system, comprising:

20. The system of claim 19, further comprising:

the PCEF is used for receiving a PCC rule which is provided by the PCRF and carries an insertion indication, and when the PCEF detects the data packet according to the PCC rule, the private network IP address and the private network source port number of User Equipment (UE) are inserted into the data packet; alternatively, the first and second electrodes may be,

21. A PC or AAC device, comprising:

22. A PCRF device, comprising:

a formulating module, configured to formulate a second PCC rule according to the private network IP address, the private network source port number, and the third flow description information, where a service data filter in the second PCC rule is generated in the following manner: and modifying the source address in the third stream description information into the private network IP address, and modifying the source port number into the private network source port number.

23. An AF device, comprising: