CN108377497B

CN108377497B - Connection establishment method, device and system

Info

Publication number: CN108377497B
Application number: CN201611041130.5A
Authority: CN
Inventors: 于游洋
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2016-11-21
Filing date: 2016-11-21
Publication date: 2020-03-10
Anticipated expiration: 2036-11-21
Also published as: WO2018090800A1; CN108377497A

Abstract

Embodiments of the present application provide a connection establishment method, device, and system, so as to at least solve the problem that in the prior art, no connection establishment scheme for services other than a mobile service exists. The method comprises the following steps: when User Equipment (UE) is accessed from a non-third generation partnership project (non-3GPP) network, a Control Plane (CP) functional entity acquires a service authorization indication of the UE, wherein the service authorization indication comprises a local service authorization indication; the CP functional entity obtains the local network protocol IP address of the UE according to the local service authorization indication; the CP function entity transmits the local IP address of the UE to the UE. The application is applicable to the technical field of communication.

Description

Connection establishment method, device and system

Technical Field

The present application relates to the field of communications technologies, and in particular, to a connection establishment method, device, and system.

Background

To address the challenges of wireless broadband technology, and to maintain the leading advantages of the third generation partnership project (3 GPP) networks, the 3GPP standards group has established a next generation mobile communication system (next generation system) network architecture, referred to as the fifth generation (5rd generation, 5G) network architecture, in the year 2016. The architecture not only supports the wireless technology defined by the 3GPP standard group to access a 5G core network (5G core network), but also supports the non-3GPP (non-3GPP) access technology to access the 5G core network. The core network functions of the 5G core network are divided into a User Plane (UP) function and a Control Plane (CP) function. The UP functional entity is mainly responsible for forwarding of packet data packets, quality of service (QoS) control, accounting information statistics, and the like; the CP function entity is mainly responsible for issuing a data packet forwarding strategy, a QoS control strategy and the like to the UP.

Currently, in the prior art, when a UE accesses a 5G core network from a 3GPP access technology or a non-3GPP access technology, all established connections are connections for a mobile service, and there is no connection establishment scheme for other services.

Disclosure of Invention

Embodiments of the present application provide a connection establishment method, device, and system, so as to at least solve the problem that in the prior art, no connection establishment scheme for services other than a mobile service exists.

In order to achieve the above purpose, the embodiments of the present application provide the following technical solutions:

in a first aspect, an embodiment of the present application provides a connection establishment method, including: when User Equipment (UE) is accessed from a non-third generation partnership project (non-3GPP) network, a Control Plane (CP) functional entity acquires a service authorization indication of the UE, wherein the service authorization indication comprises a local service authorization indication; the CP functional entity obtains the local network protocol IP address of the UE according to the local service authorization indication; the CP function entity transmits the local IP address of the UE to the UE. Based on the scheme, the problem that no connection establishment scheme aiming at other services except mobile services exists in the prior art can be solved, and the connection establishment of the local service is realized.

In a possible design, the acquiring, by the CP functional entity, the local network protocol IP address of the UE according to the local service authorization indication includes: the CP functional entity sends at least one of the local service authorization indication, the local IP address request of the UE or the local service policy information to a non-3GPP access gateway N3G-GW according to the local service authorization indication, wherein the at least one of the local service authorization indication, the local IP address request of the UE or the local service policy information is used for the N3G-GW to acquire the local IP address of the UE; the CP function entity receives the local IP address of the UE sent by the N3G-GW. That is, in this embodiment of the present application, the CP functional entity may display an indication that the N3G-GW allocates a local IP address for the UE, for example, send a local service authorization indication or a local IP address request of the UE to the N3G-GW; the N3G-GW may also be implicitly instructed to allocate a local IP address to the UE, for example, to send local service policy information to the N3G-GW, which is not specifically limited in this embodiment of the present application.

Illustratively, the local traffic policy information may include at least one of a local breakout policy, a local traffic charging policy, or a local traffic QoS policy. The local service charging policy may include a charging statistical information reporting policy based on time length or a threshold class statistical information reporting policy based on traffic; the local traffic QoS policy may include local traffic maximum bit rate MBR information, or local traffic guaranteed bit rate GBR information.

In one possible design, the service authorization indication further includes a mobile service authorization indication; after the CP functional entity obtains the service authorization indication of the UE, the method further includes: the CP function entity selects an UP function entity and establishes a packet data unit PDU connection between the N3G-GW and the UP function entity for the UE. That is, the embodiment of the present application may implement not only the connection establishment of the local service, but also the connection establishment of the mobile service.

In one possible design, the CP function entity establishes a PDU connection between the N3G-GW and the UP function entity for the UE, including: the CP function entity obtains the full tunnel endpoint identification F-TEID of the UP function entity, wherein the F-TEID of the UP function entity comprises the IP address of the UP function entity and the tunnel endpoint identification TEID of the UP function entity; the CP function entity obtains the IP address of the UE; the CP function entity sends the IP address of the UE to the UE; and the CP function entity sends the F-TEID of the UP function entity to the N3G-GW, and the N3G-GW stores the F-TEID of the UP function entity; the CP function entity obtains the F-TEID of the N3G-GW, the F-TEID of the N3G-GW comprises the IP address of the N3G-GW and the TEID of the N3G-GW; the CP function entity sends PDU session update request message to the UP function entity, the PDU session update request message carries the F-TEID of the N3G-GW, and the UP function entity stores the F-TEID of the N3G-GW; the CP function entity receives the PDU session update response message transmitted by the UP function entity.

In one possible design, the IP address of the UE and the mobile service indicate a binding.

In one possible design, the local IP address of the UE and the local traffic indicate binding.

The embodiment of the present application does not specifically limit the binding form between the local IP address of the UE and the local service indication, and the binding form between the IP address of the UE and the mobile service indication, for example, the binding form may be: defining 2 parameters in the attach response message, wherein one parameter is defined as the IP address of the mobile service and one parameter is defined as the IP address of the local service; alternatively, for example, it may be: defining 4 parameters in the attach response message, wherein one parameter is defined as a local IP address of the UE, and one parameter is used for indicating that the local IP address of the UE is an IP address of a local service; one parameter is defined as the IP address of the UE and one parameter is used to indicate that the IP address of the UE is the IP address of the mobile service.

In a possible design, before the CP function entity obtains the service authorization indication of the UE, the method further includes: the CP functional entity receives the subscription data of the UE sent by the database entity, and the subscription data of the UE is used for access authorization and service authorization of the UE; the CP functional entity obtaining the service authorization indication of the UE includes: and the CP functional entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE and obtains the service authorization indication of the UE. That is, in this embodiment of the present application, the CP functional entity may obtain the service authorization indication of the UE according to the subscription data of the UE.

In a possible design, the acquiring, by the CP functional entity, the service authorization indication of the UE includes: the CP functional entity receives a service authorization indication of the UE sent by a database entity, the service authorization indication of the UE is obtained after the database entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE, and the subscription data of the UE is used for the access authorization and the service authorization of the UE. That is, in this embodiment of the present application, the database entity may obtain the service authorization indication of the UE according to the subscription data of the UE, and further send the service authorization indication of the UE to the CP function entity.

In one possible design, the subscription data of the UE is used for access authorization and service authorization of the UE, and includes: the subscription data includes a network access mode parameter, wherein if the network access mode parameter is set to a packet switched domain, or if the network access mode parameter is set to a packet switched domain or a voice service domain, or non-3GPP subscription data exists, it indicates that the UE is allowed to access a core network from a currently accessed network, and the UE is allowed to use a mobile service and a local service.

In one possible design, the subscription data of the UE is used for access authorization and service authorization of the UE, and includes: the subscription data comprises a network access mode parameter, wherein if the network access mode parameter is set to a packet switching domain, or if the network access mode parameter is set to a packet switching domain or a voice service domain, or non-3GPP subscription data exists, the UE is allowed to access a core network from a currently accessed network, and the UE is allowed to use a mobile service; if the subscription data further comprises a local service authorization indication, indicating that the UE is allowed to use the local service; or, if the subscription data does not include the local service unauthorized indication, it indicates that the UE is allowed to use the local service.

In one possible design, the method further includes: the CP function entity receives the indication of the current access type of the UE sent by the N3G-GW; the subscription data of the UE is used for access authorization and service authorization of the UE, and includes: the subscription data comprises an access type indication, when the access type indication comprises the current access type indication, the UE is allowed to access a core network from a current access network, and the UE is allowed to use a mobile service and a local service; or, the subscription data includes an access type indication, and when the access type indication includes the current access type indication, it indicates that the UE is allowed to access the core network from the currently accessed network and is allowed to use the mobile service, and if the subscription data further includes a local service authorization indication, it indicates that the UE is also allowed to use the local service; or, if the subscription data does not include the local service unauthorized indication, it indicates that the UE is allowed to use the local service.

In one possible design, the current access type indication is implemented by defining an access type parameter, or defining a transmission type parameter, or defining an access mode parameter, wherein the access type parameter or a parameter value of the transmission type parameter may be set to non-3GPP access, WiFi access, local home access, local enterprise access, or local public access; the parameter value of the access mode parameter may be set to a local open mode, a local closed mode, or a local hybrid mode.

In a possible design, before the CP function entity obtains the service authorization indication of the UE, the method further includes: the CP function entity receives a local service request indication sent by the UE. Thus, after service authorization and access authorization, the CP functional entity may send local service policy information or other information to the N3G-GW based on the local service request indication. That is, the CP function entity transmits the local service policy information or other information to the N3G-GW only after receiving the local service request indication. Compared with the scenario that after the service authorization and the access authorization, no matter whether the UE needs the local service policy information or other information, the CP function entity can directly send the service policy information or other information to the N3G-GW, and the transmission resources between the CP function entity and the N3G-GW can be saved.

In one possible design, the local service in the embodiment of the present application includes a fixed network service or a non-seamless WLAN offload service.

In a second aspect, an embodiment of the present application provides a CP functional entity, where the CP functional entity has a function of implementing a CP functional entity behavior in the foregoing method embodiment. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In a third aspect, an embodiment of the present application provides a CP functional entity, including: a processor, a memory, a bus, and a communication interface; the memory is configured to store computer executable instructions, the processor is connected to the memory through the bus, and when the CP functional entity runs, the processor executes the computer executable instructions stored in the memory, so that the CP functional entity performs the connection establishment method according to any one of the above first aspects.

In a fourth aspect, embodiments of the present application provide a computer storage medium for storing computer software instructions for the CP functional entity, which includes a program designed for executing the above aspect for the CP functional entity.

In a fifth aspect, the present application provides a computer program, where the computer program includes instructions, and when the computer program is executed by a computer, the computer may execute the flow in the connection establishment method in any one of the first aspect.

In addition, the technical effects brought by any one of the design manners of the second aspect to the fifth aspect can be referred to the technical effects brought by different design manners of the first aspect, and are not described herein again.

In a sixth aspect, an embodiment of the present application provides a connection establishment method, including: when User Equipment (UE) is accessed from a non-third generation partnership project (non-3GPP) network, a non-3GPP access gateway N3G-GW receives at least one of a local service authorization indication of the UE, a local network protocol (IP) address request of the UE or local service strategy information, which is sent by a Control Plane (CP) functional entity; the N3G-GW obtaining a local IP address of the UE according to at least one of a local service authorization indication of the UE, a local IP address request of the UE, or the local service policy information; the N3G-GW sends the local IP address of the UE to the CP function entity. Based on the scheme, the problem that no connection establishment scheme aiming at other services except mobile services exists in the prior art can be solved, and the connection establishment of the local service is realized.

In one possible design, after the N3G-GW sends the local IP address of the UE to the CP function entity, the method further includes: the N3G-GW receiving the local IP address of the UE and the local service indication bound with the local IP address of the UE, and the IP address of the UE and the mobile service indication bound with the IP address of the UE, sent by the CP function entity; the N3G-GW sends the UE a local IP address of the UE and a local traffic indication bound with the local IP address of the UE, and an IP address of the UE and a mobile traffic indication bound with the IP address of the UE.

In one possible design, the method further includes: the N3G-GW receiving a service data packet sent by the UE, where the service data packet includes a source IP address; the N3G-GW determines that the service data packet is a mobile service data packet or a local service data packet according to the source IP address; if the service data packet is a mobile service data packet, the N3G-GW sends the service data packet to a user plane UP functional entity; or, if the service data packet is a local service data packet, the N3G-GW sends the service data packet to a local service server. By the scheme, the local service and the mobile service can be simultaneously provided for the UE, and reasonable distribution of the local service and the mobile service is realized.

In one possible design, after the N3G-GW sends the local IP address of the UE to the CP function entity, the method further includes: the N3G-GW receiving the IP address of the UE sent by the CP function entity; the N3G-GW sends the UE's IP address to the UE.

In one possible design, the method further includes: the N3G-GW receiving a service data packet sent by the UE, where the service data packet includes an IP address of the UE and at least one of a destination IP address, a destination port number, or a protocol type; the N3G-GW determining that the service data packet is a mobile service data packet or a local service data packet according to at least one of the destination IP address, the destination port number, or the protocol type, and at least one of local configuration information or the local service policy information; if the service data packet is a mobile service data packet, the N3G-GW sends the service data packet to a user plane UP functional entity; or, if the service data packet is a local service data packet, the N3G-GW sends the service data packet to a local service server after replacing the IP address of the UE with the local IP address of the UE; and the N3G-GW storing a correspondence between the IP address of the UE and the local IP address of the UE. By the scheme, the local service and the mobile service can be simultaneously provided for the UE, and reasonable distribution of the local service and the mobile service is realized. Meanwhile, in the embodiment of the application, no matter local service authorization or mobile service authorization, the UE obtains the IP address of the UE, the UE does not need to sense the service type, when the service data packet is sent to the N3G-GW, the source IP address of the service data packet is the same as the source IP address of the UE, the N3G-GW distinguishes the mobile service and the local service based on the destination IP address, the port number, the protocol type and the like, and data distribution is realized, so that the operation of the UE is simplified.

In one possible design, the method further includes: the N3G-GW receiving a downlink service packet, the downlink service packet including a local IP address of a destination UE; the N3G-GW, after replacing the local IP address of the destination UE with the IP address of the destination UE, sends the downlink traffic packet to the destination UE.

In a seventh aspect, an embodiment of the present application provides a non-third generation partnership project non-3GPP access gateway N3G-GW, where the N3G-GW has a function of implementing an N3G-GW behavior in the foregoing method embodiment. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In an eighth aspect, an embodiment of the present application provides a non-third generation partnership project non-3GPP access gateway N3G-GW, including: a processor, a memory, a bus, and a communication interface; the memory is configured to store computer executable instructions, and the processor is connected to the memory via the bus, and when the N3G-GW is running, the processor executes the computer executable instructions stored in the memory, so as to enable the N3G-GW to execute the connection establishment method according to any one of the above sixth aspects.

In a ninth aspect, embodiments of the present application provide a computer storage medium storing computer software instructions for use by the non-third generation partnership project non-3GPP access gateway N3G-GW described above, including program code for performing the aspects designed for the N3G-GW described above.

In a tenth aspect, the present application provides a computer program, where the computer program includes instructions that, when executed by a computer, enable the computer to execute the flow of the connection establishment method in any one of the above sixth aspects.

In addition, the technical effects brought by any one of the design manners of the seventh aspect to the tenth aspect can be referred to the technical effects brought by different design manners of the sixth aspect, and are not described herein again.

In an eleventh aspect, an embodiment of the present application provides a service establishment system, where the service establishment system includes a control plane CP functional entity and a database entity; when User Equipment (UE) is accessed from a non-third generation partnership project (non-3GPP) network, the database entity acquires subscription data of the UE, determines access authorization and service authorization of the UE according to the subscription data of the UE, and sends a service authorization indication of the UE to a CP function entity after obtaining the service authorization indication of the UE, wherein the service authorization indication comprises a local service authorization indication; the CP function entity receives the service authorization indication of the UE sent by the database entity, acquires the local network protocol IP address of the UE according to the local service authorization indication, and sends the IP address of the UE to the UE. Based on the scheme, the problem that no connection establishment scheme aiming at other services except mobile services exists in the prior art can be solved, and the connection establishment of the local service is realized.

These and other aspects of the present application will be more readily apparent from the following description of the embodiments.

Drawings

Fig. 1 is a schematic diagram of a 5G network architecture provided in an embodiment of the present application;

FIG. 2 is a schematic diagram of a computer device provided by an embodiment of the present application;

fig. 3 is a first interaction diagram of a connection establishment method according to an embodiment of the present application;

fig. 4 is a second interaction diagram of a connection establishment method according to an embodiment of the present application;

fig. 5 is a third interaction diagram of a connection establishment method according to an embodiment of the present application;

fig. 6 is a fourth interaction diagram of a connection establishment method according to an embodiment of the present application;

fig. 7 is a first schematic structural diagram of a CP functional entity according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a CP functional entity according to an embodiment of the present application;

fig. 9 is a first schematic structural diagram of an N3G-GW provided in the embodiment of the present application;

fig. 10 is a structural schematic diagram of an N3G-GW according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. In the description of the present application, the term "plurality" means two or more unless otherwise specified.

As shown in fig. 1, a 5G network architecture provided in the embodiments of the present application is shown. The architecture supports not only the wireless technology defined by the 3GPP standard group to access the 5G core network, but also the non-3GPP access technology to access the 5G core network.

As shown in fig. 1, when accessing from the 3GPP network, the UE accesses the 5G core network through a Radio Access Network (RAN) access point. The RAN access point communicates with a CP function entity of the 5G core network through a next generation network interface (NG) 2, and communicates with a UP function entity of the 5G core network through NG 3; when the UE is accessed from the non-3GPP network, the UE is accessed to the 5G core network through a non-3GPP access gateway (N3G-GW). The N3G-GW includes an N3G-GW control plane (N3G-GW-C) and an N3G-GW user plane (N3G-GW-U), the N3G-GW-C communicates with the CP function entity of the 5G core network through NG2, and the N3G-GW-U communicates with the UP function entity of the 5G core network through NG 3.

In addition, the CP functional entity communicates with an Application Function (AF) entity of the 5G core network through NG5, and issues a packet forwarding policy, a QoS control policy, and the like to the UP functional entity through NG 4; the UP functional entity communicates with a Data Network (DN) entity of the 5G core network through NG6, and is responsible for forwarding of packet data packets, QoS control, accounting information, and the like.

Although not shown, the 5G network architecture may further include a database entity for supporting a main user database of an Internet Protocol (IP) multimedia subsystem (IMS) network entity that handles or calls sessions. It includes a user profile, performs authentication and authorization of the user, and can provide information about the user's physical location, similar to a global system for mobile communications (GSM) home location register (home location register). The functions provided by the database entity include IP multimedia functions, or Home Location Register (HLR) functions necessary for Packet Switched (PS) domain, and/or HLR functions necessary for voice Service (CS) domain. The information processable by the database entity comprises one or more of the following: user identification, numbering and address information; user security information, i.e. network access control information for authentication and authorization; user positioning information, namely, the database entity supports user registration and stores position information; user list information, etc. In the embodiment of the application, the database entity is mainly used for providing subscription data of the UE under the condition that the UE is accessed from a non-3GPP network, so that the CP functional entity or the database entity determines the access authorization and the service authorization of the UE according to the subscription data.

Of course, the 5G network architecture may further include other modules or network entities, which is not specifically limited in this embodiment.

It should be noted that the UE referred to in the present application may include various handheld devices, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to a wireless modem with wireless communication function, as well as various forms of UE, Mobile Station (MS), terminal (terminal), terminal device (terminal equipment), soft terminal, and so on. For convenience of description, the above-mentioned devices are collectively referred to as user equipment or UE in this application.

It should be noted that the N3G-GW, the database entity, the CP function entity, and the UP function entity are only names, and the names themselves do not limit the devices. For example, the N3G-GW may also be replaced with a next generation packet data gateway (NG-PDG) or non-3GPP interworking function (N3 IWF) entity; the database entity may also be replaced by a user home server (HSS) or a User Subscription Database (USD); the CP function entity may also be replaced with a CP function, and the UP function entity may also be replaced with an UP function; alternatively, the CP function entity may also be replaced by a CP, the UP function entity may also be replaced by a UP, and so on, which are described herein in a unified manner and will not be described further below.

It should be noted that the above-mentioned non-3GPP access may also be defined as a non-next-generation radio access network (non-next Gen RAN) access technology, i.e. an access outside a next Gen RAN.

In addition, any functional node or network element in the 5G network architecture, such as a CP functional entity or a UP functional entity, may be implemented by one entity device, or may be implemented by multiple entity devices together; a plurality of functional nodes or network elements in the 5G network architecture, for example, the CP functional entity and the UP functional entity, may be implemented by different entity devices respectively, or may be implemented by the same entity device, which is not specifically limited in this embodiment of the present application. That is, it can be understood that any functional node or network element in the 5G network architecture, for example, a CP functional entity or an UP functional entity, may be a logical functional module in an entity device, or may be a logical functional module composed of a plurality of entity devices, which is not specifically limited in this embodiment of the present invention.

For example, as shown in fig. 2, the CP functional entity and the N3G-GW in fig. 1 may be implemented by a computer device (or system) in fig. 2.

Fig. 2 is a schematic diagram of a computer device according to an embodiment of the present application. The computer device 200 comprises at least one processor 201, a communication bus 202, a memory 203 and at least one communication interface 204.

The processor 201 may be a general processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more ics for controlling the execution of programs in accordance with the present invention.

The communication bus 202 may include a path that conveys information between the aforementioned components.

The communication interface 204 may be any device, such as a transceiver, for communicating with other devices or communication networks, such as an ethernet, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), etc.

The memory 203 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory may be self-contained and coupled to the processor via a bus. The memory may also be integral to the processor.

The memory 203 is used for storing application program codes for executing the scheme of the application, and the processor 201 controls the execution. The processor 201 is configured to execute application program code stored in the memory 203, thereby implementing the connection establishment of the present application.

In particular implementations, processor 201 may include one or more CPUs such as CPU0 and CPU1 in fig. 2, for example, as one embodiment.

In particular implementations, computer device 200 may include multiple processors, such as processor 201 and processor 208 in FIG. 2, as an example. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In particular implementations, computer device 200 may also include an output device 205 and an input device 206, as one embodiment. The output device 205 is in communication with the processor 201 and may display information in a variety of ways. For example, the output device 205 may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device 206 is in communication with the processor 201 and can accept user input in a variety of ways. For example, the input device 206 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.

The computer device 200 described above may be a general purpose computer device or a special purpose computer device. In a specific implementation, the computer device 200 may be a desktop computer, a laptop computer, a web server, a Personal Digital Assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, an embedded device, or a device with a similar structure as in fig. 2. The embodiment of the present application does not limit the type of the computer device 200.

Fig. 3 is a schematic flow chart of a connection method according to an embodiment of the present disclosure. Taking the case that the UE accesses from the non-3GPP network in the 5G network architecture shown in fig. 1 as an example, the interaction between the UE, the N3G-GW, the UP functional entity, the CP functional entity and the database entity is involved, which includes the following steps:

s301, UE establishes connection with a non-3GPP access point, and sends an attach request (attach request) message or an authentication request message (such as an Extended Authentication Protocol (EAP) message) to an N3G-GW through the non-3GPP access point, so that the N3G-GW receives the attach request (attach request) message or the authentication request message.

The N3G Access point may be, for example, a wireless-fidelity (WiFi) Access Point (AP) or a WiFi Access Controller (AC).

The attach request message or the authentication request message includes a UE identifier, where the UE identifier is an identity identifier when the UE accesses a network, that is, a Network Access Identifier (NAI) of the UE. Specifically, the UE identity includes a UE temporary identity or a UE permanent identity, for example, the UE permanent identity may be an International Mobile Subscriber Identity (IMSI).

Optionally, the attach request message or the authentication request message may further include a local service request indication, where the local service request indication is used to request a local service. Thus, after service authorization and access authorization, the CP functional entity may send local service policy information or other information to the N3G-GW based on the local service request indication. That is, the CP function entity transmits the local service policy information or other information to the N3G-GW only after receiving the local service request indication. Compared with the scenario that after the service authorization and the access authorization, no matter whether the UE needs the local service policy information or other information, the CP function entity can directly send the service policy information or other information to the N3G-GW, and the transmission resources between the CP function entity and the N3G-GW can be saved.

The local service in the embodiment of the present application includes, but is not limited to, a fixed network service or a non-seamless (non-seamless) WLAN offload service. It can be understood by those skilled in the art that, in the embodiment of the present application, when the local service is specifically a fixed network service, the following "local" may be replaced by a "fixed network", for example, when the local service is specifically a fixed network service, the following local access is actually a fixed network access, the following local home access is actually a fixed network home access, and the like; when the local service is specifically a non-seamless WLAN offload service (non-seamless WLAN offload), the following "local" may be replaced with "non-seamless WLAN offload (non-seamless WLAN offload)", for example, when the local service is specifically a non-seamless WLAN offload service, the following local access is actually a non-seamless WLAN offload service access, the following local home access is actually a non-seamless WLAN offload service home access, and so on, which is described in a unified manner and will not be described herein again.

It should be noted that the above local service may also be defined as a non-seamless (non-seamless) service, and the name itself is not specifically limited in the embodiment of the present application, which is described herein in a unified manner and is not described in detail below.

The following steps in the embodiment of the present application will be described by taking a message sent by the UE to the N3G-GW as an example of an attach request message. The attach request message may be replaced with an authentication request message, such as an EAP message, which is described in a unified manner herein and will not be described in detail below.

S302, N3G-GW identifies the access identification of UE and generates the current access type indication of the UE according to the access identification.

Specifically, N3G-GW-U in N3G-GW identifies an access identity of the UE, which may be, for example, an access point identity or a line identity (circuit ID). In addition, the N3G-GW-U also recognizes the attach request message and sends the attach request message and the access identity of the UE to the N3G-GW-C. The N3G-GW-C receives the attachment request message and the access identification sent by the N3G-GW-U, and generates a corresponding access type indication based on the access identification.

The embodiment of the present application does not specifically limit how the N3G-GW-C generates the access type indication, and possible implementation manners may be, for example, that the N3G-GW configures a corresponding relationship between the access identifier and the access type indication, and the N3G-GW-C generates a corresponding access type indication based on the access identifier and the corresponding relationship.

Specifically, the implementation schemes of the access type indication include, but are not limited to, the following defining manners:

in the first scheme, the access type indication is implemented by defining an access type parameter or defining a transmission type parameter. The parameter value of the access type parameter or the transmission type parameter can be set to non-3GPP access, WiFi access, local home access, local enterprise access or local public access.

In the second scheme, the access type indication is realized by defining access mode parameters. Wherein, the parameter value of the access mode parameter can be set to be a local open mode, a local closed mode or a local mixed mode.

S303, N3G-GW sends NG2 interface message to the CP functional entity to make the CP functional entity receive the NG2 interface message.

Wherein, the NG2 interface message carries the attach request message sent by the UE and the current access type indication of the UE obtained in step S302.

The NG2 interface message may be, for example, a connection establishment request message, or an NG2 message, or an NG2 Authentication (AUTH) request message, or an uplink non-access stratum (NAS) transport (uplink NAS transport) request message, which is not specifically limited in this embodiment of the present invention.

In fig. 3, the NG2 interface message sent by the N3G-GW to the CP functional entity is an NG2AUTH request message as an example. The NG2AUTH request message may be replaced by a connection establishment request message, an NG2 message, an uplink NAS transport request message, or other NG2 interface messages, which is described herein in a unified manner and will not be described in detail below.

S304, the CP functional entity sends an authentication request to the database entity, so that the database entity receives the authentication request.

The authentication request may specifically be a subscription data acquisition message or an update location request (update location request) message, which is not specifically limited in this embodiment of the present application. The message includes a UE permanent identity. The UE permanent identifier may be carried by the attach request message in step S301, or may be obtained according to the UE temporary identifier carried by the attach request message in step S301, which is not specifically limited in this embodiment of the present application. Optionally, the message may also carry an access type indication, which is not specifically limited in this embodiment of the present application.

S305, the database entity obtains the subscription data of the UE according to the permanent identity of the UE, and the subscription data is used for access authorization and service authorization of the UE.

In one possible implementation manner, the subscription data is used for access authorization and service authorization of the UE, and specifically may include:

the subscription data includes a network access mode (network access mode) parameter, wherein if the network access mode parameter is set to a packet switched domain (PS domain), or if the network access mode parameter is set to a packet switched domain (PS domain) or a voice service domain (CS domain), or non-3GPP subscription data exists, it indicates that the UE is allowed to access the core network from a currently accessed network, and the UE is allowed to use the mobile service and the local service.

Or, optionally, in a possible implementation manner, the subscription data is used for access authorization and service authorization of the UE, and specifically may include:

the subscription data includes a network access mode (network access mode) parameter, where if the network access mode parameter is set to a packet switched domain (PS domain), or if the network access mode parameter is set to a packet switched domain (PSdomain) or a voice service domain (CS domain), or non-3GPP subscription data exists, it indicates that the UE is allowed to access the core network from a currently accessed network, and the UE is allowed to use the mobile service. If the subscription also comprises a local service authorization indication, indicating that the UE is allowed to use the local service; or, if the subscription does not include the local service non-authorization indication, it indicates that the UE is allowed to use the local service.

Or, when the authentication request in step S304 carries the current access type indication of the UE, optionally, in a possible implementation manner, the subscription data is used for access authorization and service authorization of the UE, and specifically may include:

the subscription data includes an access type indication, and when the access type indication includes the current access type indication of the UE carried in the authentication request in step S304, it indicates that the UE is allowed to access the core network from the currently accessed network, and the UE is allowed to use the mobile service and the local service.

the subscription data includes an access type indication, and when the access type indication includes the current access type indication of the UE carried in the authentication request in step S304, it indicates that the UE is allowed to access the core network from the currently accessed network, and the UE is allowed to use the mobile service. If the subscription also comprises a local service authorization indication, indicating that the UE is allowed to use the local service; or, if the subscription does not include the local service non-authorization indication, it indicates that the UE is allowed to use the local service.

It should be noted that, the foregoing is only an exemplary implementation that provides several kinds of subscription data for access authorization and service authorization of the UE, and of course, other implementation manners may also exist.

In addition, it should be noted that the mobile service in the embodiment of the present application specifically refers to a service provided by a mobile operator, and the local service specifically refers to a service provided by a local service operator or a fixed network operator, which are described in a unified manner herein and will not be described in detail below.

S306, the database entity sends an authentication response to the CP functional entity, so that the CP functional entity receives the authentication response.

If the authentication request in step S304 is a subscription data acquisition message, the authentication response may be a subscription data response message; if the authentication request in step S304 is specifically an update location request (update location request) message, the authentication response may be specifically an update location response (update location response) message, which is not specifically limited in this embodiment of the application. Wherein, the message includes subscription data.

S307, the CP functional entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE, and obtains a service authorization indication.

The service authorization indication in the embodiment of the present application may be at least one of a local service authorization indication or a mobile service authorization indication, that is, may be a local service authorization indication, a mobile service authorization indication, or a local service authorization indication and a mobile service authorization indication, which is not specifically limited in this embodiment of the present application.

After the CP functional entity obtains the service authorization indication, the CP functional entity performs the following processing according to the service authorization indication:

when the scene A and the service authorization indication only comprise the local service authorization indication, the following steps are executed:

s308a, the CP function entity sends NG2 interface message to N3G-GW according to the local service authorization indication, so that N3G-GW receives the NG2 interface message.

Wherein the NG2 interface message includes at least one of local service policy information, a local IP address request of the UE, or a local service authorization indication.

The content of the local service policy information is not specifically limited in the embodiments of the present application. Illustratively, the local traffic policy information may include at least one of a local breakout policy, a local traffic charging policy, or a local traffic QoS policy. The local service charging policy may include a charging statistical information reporting policy based on time length or a threshold class statistical information reporting policy based on traffic; the local service QoS policy may include local service Maximum Bit Rate (MBR) information or local service Guaranteed Bit Rate (GBR) information.

If the NG2 interface message in step S303 is the connection establishment request message, the NG2 interface message in step S308a may be, for example, a connection establishment response message; if the NG2 interface message in step S303 is the NG2 message, the NG2 interface message in step S308a may be, for example, a NG2 message; if the NG2 interface message in step S303 is an NG2 Authentication (AUTH) request message, the NG2 interface message in step S308a may be, for example, an NG2AUTH response message; if the NG2 interface message in step S303 is the upstream NAS transport request message, the NG2 interface message in step S308a may be, for example, an upstream NAS transport response message.

S309a, N3G-GW obtains at least one of local service policy information, UE local IP address request or local service authorization indication from NG2 interface message, and obtains local IP address of UE according to at least one of local service policy information, UE local IP address request or local service authorization indication.

Wherein, the N3G-GW may allocate the local IP address of the UE to the UE; the N3G-GW may also request a Dynamic Host Configuration Protocol (DHCP) server for a local IP address of the UE, which is not specifically limited in this embodiment of the present invention.

Optionally, if the NG2 interface message in step S308a includes at least one of the local service policy information or the local service authorization indication, the N3G-GW may store at least one of the local service policy information or the local service authorization indication; alternatively, if the NG2 interface message in step S308a includes the local IP address request of the UE, the N3G-GW may generate and store the local service authorization indication according to the local IP address request of the UE, which is not specifically limited in this embodiment of the present invention.

S310a, N3G-GW sends NG2 interface message to the CP functional entity so that the CP functional entity receives the NG2 interface message.

Wherein the NG2 interface message carries the local IP address of the UE.

The NG2 interface message may be, for example, a connection establishment request message, or a NG2 message, or a NG2AUTH request message, or an uplink NAS transport (uplink NAS transport) request message, which is not limited in this embodiment of the present invention.

S311a, the CP functional entity sends a NG2 interface message to the N3G-GW so that the N3G-GW receives the NG2 interface message.

Wherein the NG2 interface message encapsulates the attach response message. The attach response message includes the local IP address of the UE.

If the NG2 interface message in step S310a is a connection establishment request message, the NG2 interface message in step S311a may be, for example, a connection establishment response message; if the NG2 interface message in step S303 is the NG2 message, the NG2 interface message in step S308a may be, for example, a NG2 message; if the NG2 interface message in step S303 is an NG2 Authentication (AUTH) request message, the NG2 interface message in step S308a may be, for example, an NG2AUTH response message; if the NG2 interface message in step S303 is the upstream NAS transport request message, the NG2 interface message in step S308a may be, for example, an upstream NAS transport response message.

S312a, N3G-GW obtains an attach response message from the NG2 interface message, and transmits the attach response message to the UE so that the UE receives the attach response message.

Up to this point, the connection establishment procedure in the scenario where the service authorization indication only includes the local service authorization indication ends.

The embodiment of the application provides a connection establishment method of a local service, and based on the scheme, the problem that no connection establishment scheme aiming at other services except for a mobile service exists in the prior art can be solved, and the connection establishment of the local service is realized.

Optionally, after the service connection is established, as shown in fig. 3, the method may further include the following steps:

s313a, the UE sends the local service data packet to the N3G-GW, so that the N3G-GW receives the local service data packet.

The local service data packet may include other information such as a local IP address, a destination IP address, a source port number, a destination port number, or a protocol type of the UE, and specifically, reference may be made to an existing data packet encapsulation protocol, which is not specifically limited in this embodiment of the present application.

S314a, N3G-GW analyzes the local service data packet, carries out policy control to the local service data packet based on the stored local service policy information, and sends the local service data packet to the local service server.

By the scheme, the routing of the local service data packet can be realized.

When the scene B and the service authorization indication comprise a local service authorization indication and a mobile service authorization indication, the following steps are executed:

s308b, the CP function entity selects the UP function entity.

The CP functional entity may select the UP functional entity based on a current load condition of the UP functional entity, a matching condition of a service type supported by the UP functional entity and a request service, or location information of the UP functional entity, which is not specifically limited in this embodiment of the present application.

S309b, the CP function entity sends a Packet Data Unit (PDU) session establishment request (session establishment request) message to the UP function entity, so that the UP function entity receives the PDU session establishment request message.

Optionally, the PDU session establishment request message may include a full qualified tunnel endpoint identifier (F-TEID) of the UP functional entity allocated by the CP functional entity for the UP functional entity, where the F-TEID includes an IP address of the UP functional entity and a Tunnel Endpoint Identifier (TEID) of the UP functional entity.

The F-TEID of the UP functional entity is used for searching the user context inside the device, that is, the specific processing board (board corresponding to TEID) identifier of the specific device (device corresponding to IP address) where the user context information is located. The F-TEID of the UP functional entity may be an F-TEID of device granularity, that is, the IP address of the UP functional entity is an IP address of device granularity, and the TEID of the UP functional entity is a TEID of device granularity; the F-TEID of the UP functional entity may also be an F-TEID of a session granularity, that is, the IP address of the UP functional entity is an IP address of the session granularity, and the TEID of the UP functional entity is a TEID of the session granularity, which is not specifically limited in this embodiment of the present application.

Optionally, the PDU session setup request message may include an IP address of the UE allocated by the CP function entity to the UE, where the IP address of the UE is used for performing a mobile service.

Optionally, the PDU session establishment request message may further include a UE identifier, where the UE identifier is used by the UP functional entity to identify the UE and perform session management of UE granularity.

S310b, the UP functional entity sends a PDU session setup response (session setup response) message to the CP functional entity, so that the CP functional entity receives the PDU session setup response message.

Wherein, if the PDU session setup request message in step S309b does not include the F-TEID of the UP functional entity allocated by the CP functional entity for the UP functional entity, the PDU session setup response message in step S310b includes the F-TEID of the UP functional entity allocated by the UP functional entity for the UP functional entity. That is to say, in this embodiment of the present application, the F-TEID of the UP functional entity may be allocated by the CP functional entity, or may be allocated by the UP functional entity itself, which is not specifically limited in this embodiment of the present application.

If the PDU session setup request message in step S309b does not include the IP address of the UE allocated by the CP functional entity for the UP functional entity, the PDU session setup response message in step S310b includes the IP address of the UE allocated by the UP functional entity for the UP functional entity. That is to say, in this embodiment of the present application, the IP address of the UE may be allocated by the CP functional entity or may be allocated by the UP functional entity, which is not specifically limited in this embodiment of the present application.

S311b, the CP functional entity sends a NG2 interface message to the N3G-GW so that the N3G-GW receives the NG2 interface message.

Wherein the NG2 interface message includes the F-TEID of the UP functional entity; and the NG2 interface message includes at least one of local service policy information, a local IP address request of the UE, or a local service authorization indication. The content of the local service policy information is not specifically limited in the embodiment of the present application, and for example, reference may be made to the description in step S308 a.

Optionally, the NG2 interface message may also include a mobile service authorization indication.

If the NG2 interface message in step S303 is the connection establishment request message, the NG2 interface message in step S311b may be, for example, a connection establishment response message; if the NG2 interface message in step S303 is the NG2 message, the NG2 interface message in step S311b may be, for example, a NG2 message; if the NG2 interface message in step S303 is an NG2 Authentication (AUTH) request message, the NG2 interface message in step S311b may be, for example, an NG2AUTH response message; if the NG2 interface message in step S303 is the upstream NAS transport request message, the NG2 interface message in step S311b may be, for example, an upstream NAS transport response message.

S312b, N3G-GW obtains at least one of local service policy information, UE local IP address request or local service authorization indication from NG2 interface message, and obtains local IP address of UE according to at least one of local service policy information, UE local IP address request or local service authorization indication; and the N3G-GW obtaining the F-TEID of the UP functional entity from the NG2 interface message and storing the F-TEID of the UP functional entity.

Optionally, if the NG2 interface message in step S311b includes at least one of the local service policy information or the local service authorization indication, the N3G-GW may store at least one of the local service policy information or the local service authorization indication; alternatively, if the NG2 interface message in step S311b includes the local IP address request of the UE, the N3G-GW may generate and store the local service authorization indication according to the local IP address request of the UE, which is not specifically limited in this embodiment of the present invention.

S313b, N3G-GW sends NG2 interface message to the CP functional entity so that the CP functional entity receives the NG2 interface message.

Wherein the NG2 interface message carries the local IP address of the UE.

Optionally, if the NG2 interface message in step S311b further includes a mobile service authorization indication, the N3G-GW may allocate an F-TEID of the N3G-GW to the N3G-GW based on at least one of the mobile service authorization indication or the F-TEID of the UP functional entity, where the F-TEID of the N3G-GW includes the IP address of the N3G-GW and the TEID of the N3G-GW. Further, the NG2 interface message in the step S313b may include the F-TEID of the N3G-GW.

The F-TEID of the N3G-GW is used for searching for a user context inside the device, that is, a specific processing board (a board corresponding to the TEID) identifier of a specific device (a device corresponding to the IP address) where the user context information is located. The F-TEID of the N3G-GW may be a device granularity F-TEID, i.e., the IP address of the N3G-GW is a device granularity IP address, and the TEID of the N3G-GW is a device granularity TEID; the F-TEID of the N3G-GW may also be a F-TEID of session granularity, that is, the IP address of the N3G-GW is an IP address of session granularity, and the TEID of the N3G-GW is a TEID of session granularity, which is not specifically limited in this embodiment of the present application.

S314b, the CP function entity sends a PDU session update request (session modify request) message to the UP function entity, so that the UP function entity receives the PDU session update request message.

Wherein the PDU session update request message carries the F-TEID of the N3G-GW. The F-TEID of the N3G-GW may be the F-TEID of the N3G-GW included in the NG2 interface message in step S313b, or the F-TEID of the N3G-GW allocated by the CP functional entity for the N3G-GW, which is not specifically limited in this embodiment of the present application.

S315b, the UP functional entity sends a PDU session modification response (PDU) message to the CP functional entity, so that the CP functional entity receives the PDU session modification response message.

S316b, the CP functional entity sends a NG2 interface message to the N3G-GW so that the N3G-GW receives the NG2 interface message.

Wherein the NG2 interface message encapsulates the attach response message. The attach response message includes the local IP address of the UE and the local service indication bound to the local IP address of the UE, and the IP address of the UE and the mobile service indication bound to the IP address of the UE. The local service indication may be, for example, a local service identifier, and the mobile service indication may be, for example, Access Point Name (APN) information.

If the NG2 interface message in step S313b is the connection establishment request message, the NG2 interface message in step S316b may be, for example, a connection establishment response message; if the NG2 interface message in step S313b is an NG2 message, the NG2 interface message in step S316b may be, for example, an NG2 message; if the NG2 interface message in step S313b is an NG2 Authentication (AUTH) request message, the NG2 interface message in step S316b may be, for example, an NG2AUTH response message; if the NG2 interface message in step S313b is the upstream NAS transport request message, the NG2 interface message in step S316b may be, for example, an upstream NAS transport response message.

S317b, N3G-GW obtains an attach response message from the NG2 interface message, and transmits the attach response message to the UE so that the UE receives the attach response message.

It should be noted that, in the embodiment of the present application, there is no inevitable execution sequence between steps S314b-S315b and steps S316b-S317b, and steps S314b-S315b may be executed first, and then steps S316b-S317b are executed; or steps S316b-S317b may be performed first, and then steps S314b-S315b may be performed; steps S314b-S315b and steps S316b-S317b may also be executed simultaneously, which is not specifically limited in the embodiment of the present application.

To this end, the connection establishment procedure under the scenario that the service authorization indication includes the local service authorization indication and the mobile service authorization indication is ended.

The embodiment of the application provides a method for establishing connection between a mobile service and a local service, and based on the scheme, the problem that no connection establishment scheme aiming at other services except the mobile service exists in the prior art can be solved, and the connection establishment of the local service and the connection establishment of the mobile service are realized.

s318b, the UE sends the service data packet to the N3G-GW, so that the N3G-GW receives the service data packet.

Wherein the service data packet includes a source IP address. The source IP address may be an IP address of the UE or a local IP address of the UE.

Of course, the service data packet may further include other information such as a destination IP address, a source port number, a destination port number, or a protocol type, which may specifically refer to an existing data packet encapsulation protocol, and this embodiment of the present application is not specifically limited to this.

S319b, N3G-GW analyzes the service data packet, obtains the source IP address, and determines the service data packet as mobile service data packet or local service data packet according to the source IP address.

If the service data packet is a mobile service data packet, the N3G-GW sends the service data packet to the UP functional entity; or, if the service data packet is a local service data packet, the N3G-GW performs policy control on the local service data packet based on the stored local service policy information, and sends the service data packet to the local service server.

By the scheme, the local service and the mobile service can be provided for the UE at the same time, and reasonable distribution of the local service and the mobile service is realized.

In scenario C, the connection establishment procedure when the service authorization indication only includes the mobile service authorization indication may refer to the existing scheme, and the embodiment of the present application is not described herein again.

It can be seen that, in scenario B, the connection establishment procedure when the service authorization indication includes the local service authorization indication and the mobile service authorization indication includes both the connection establishment procedure when only the local service authorization indication is included in scenario a and the connection establishment procedure when only the mobile service authorization indication is included in scenario C, and only the specific information included in the message is different with respect to the connection establishment procedure when only the local service authorization indication is included and the existing connection establishment procedure when only the mobile service authorization indication is included.

The actions of the CP function entities in S304, S307, S308a, S311a, S308b, S309b, S311b, S314b, and S316b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment.

The actions of the N3G-GW in S302, S303, S309a, S310a, S312a, S314a, S312b, S313b, S317b and S319b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application.

In another possible implementation manner, as shown in fig. 4, a schematic flow chart of another connection method provided in the embodiment of the present application is provided. Taking the case that the UE accesses from the non-3GPP network in the 5G network architecture shown in fig. 1 as an example, the interaction between the UE, the N3G-GW, the UP functional entity, the CP functional entity and the database entity is involved, which includes the following steps:

S401-S405 are the same as S301-S305.

S406, the database entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE, and obtains a service authorization indication.

S407, the database entity sends an authentication response to the CP functional entity, so that the CP functional entity receives the authentication response.

If the authentication request in step S404 is a subscription data acquisition message, the authentication response may be a subscription data response message; if the authentication request in step S404 is specifically an update location request (update location request) message, the authentication response may be specifically an update location response (update location response) message, which is not specifically limited in this embodiment of the application. Wherein, the message includes a service authorization indication.

s408a-S412a, similar to S308a-S312 a.

Optionally, after the service connection is established, as shown in fig. 4, the method may further include the following steps:

s413a-S414a, same as S313a-S314 a.

By the scheme, the routing of the local service data packet can be realized.

s408b-S417b, as same as S308b-S317 b.

s418b-S419b, similar to S318b-S319 b.

The actions of the CP function entities in S404, S408a, S411a, S408b, S409b, S411b, S414b and S416b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment.

The actions of N3G-GW in S402, S403, S409a, S410a, S412a, S414a, S412b, S413b, S417b and S419b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application.

The difference from the embodiment shown in fig. 3 is that in the embodiment of the present application, the database entity determines the access authorization and the service authorization of the UE based on the subscription data of the UE, and obtains the service authorization indication. And further, the database entity sends an authentication response to the CP functional entity, so that the CP functional entity receives the authentication response, wherein the authentication response carries the service authorization indication. In the embodiment shown in fig. 3, the authentication response sent by the database entity to the CP functional entity carries subscription data of the UE, and the CP functional entity determines access authorization and service authorization of the UE based on the subscription data of the UE, and obtains a service authorization indication. The obtaining mode of the service authorization indication is not specifically limited in the present application.

In another possible implementation manner, as shown in fig. 5, a schematic flow chart of another connection method provided in the embodiment of the present application is provided. Taking the case that the UE accesses from the non-3GPP network in the 5G network architecture shown in fig. 1 as an example, the interaction between the UE, the N3G-GW, the UP functional entity, the CP functional entity and the database entity is involved, which includes the following steps:

S501-S505 are the same as S301-S307.

s508a-S512a, same as S308a-S312 a.

Optionally, after the service connection is established, as shown in fig. 5, the method may further include the following steps:

s513a-S514a, similar to S313a-S314 a.

By the scheme, the routing of the local service data packet can be realized.

s508b-S515b are similar to S308b-S315b, except that in step S513a, the NG2 interface message sent by the N3G-GW to the CP functional entity may or may not carry the local IP address of the UE, which is not limited in this embodiment of the present invention.

S516b, the CP functional entity sends NG2 interface message to the N3G-GW so that the N3G-GW receives the NG2 interface message.

Wherein the NG2 interface message encapsulates the attach response message. The attach response message includes the IP address of the UE.

If the NG2 interface message in step S513b is the connection establishment request message, the NG2 interface message in step S516b may be, for example, a connection establishment response message; if the NG2 interface message in step S513b is an NG2 message, the NG2 interface message in step S516b may be, for example, an NG2 message; if the NG2 interface message in step S513b is an NG2 Authentication (AUTH) request message, the NG2 interface message in step S516b may be, for example, an NG2AUTH response message; if the NG2 interface message in step S513b is the upstream NAS transport request message, the NG2 interface message in step S516b may be, for example, an upstream NAS transport response message.

S517b, N3G-GW obtains an attach response message from the NG2 interface message, and transmits the attach response message to the UE, so that the UE receives the attach response message.

It should be noted that, in the embodiment of the present application, there is no inevitable execution sequence between steps S514b-S515b and steps S516b-S517b, and steps S514b-S515b may be executed first, and then steps S516b-S517b are executed; or steps S516b-S517b may be performed first, and then steps S514b-S515b may be performed; steps S514b-S515b and steps S516b-S517b may also be executed simultaneously, which is not specifically limited in the embodiment of the present application.

s518b, the UE sends the service data packet to the N3G-GW, so that the N3G-GW receives the service data packet.

Wherein the service data packet includes an IP address of the UE and at least one of a destination IP address, a destination port number, or a protocol type.

S519b, N3G-GW analyzes the service data packet, and obtains the IP address of the UE, and at least one of the destination IP address, the destination port number or the protocol type. Furthermore, the N3G-GW determines that the service data packet is a mobile service data packet or a local service data packet according to at least one of a destination IP address, a destination port number, or a protocol type, and at least one of local configuration information or local service policy information.

The embodiment of the present application does not specifically limit the local configuration information, and possible schemes such as the local configuration information include a correspondence between a service type (including mobile service or local service) and an IP address or a service port number, a protocol number, and the like of the service server.

If the service data packet is a mobile service data packet, the N3G-GW sends the service data packet to the UP functional entity; or, if the service data packet is a local service data packet, the N3G-GW performs Network Address Translation (NAT) conversion on the local service data packet and sends the converted local service data packet to the local server.

The NAT forwarding scheme described above involves the N3G-GW assigning a different local IP address for each UE. When the N3G-GW receives a local service data packet sent by the UE, the N3G-GW replaces the source address of the local service data packet (in this embodiment, the source address of the local service data packet is the IP address of the UE) with the local IP address of the UE allocated by the N3G-GW, and stores the corresponding relationship between the IP address of the UE and the local IP address of the UE. When the N3G-GW receives the downlink service data packet, the N3G-GW replaces the destination address of the downlink service data packet with the original IP address of the destination UE (in this embodiment, the local IP address of the destination UE is replaced with the IP address of the destination UE), and then sends the downlink service data packet to the destination UE.

Another NAT translation scheme assigns the N3G-GW the same local IP address for multiple UEs, but assigns different port numbers for each UE. When the N3G-GW receives a local service packet sent by the UE, the N3G-GW replaces the source address of the local service packet (in this embodiment, the source address of the local service packet is the IP address of the UE) with the local IP address of the UE allocated by the N3G-GW, replaces the source port number with the locally allocated unique port number, and stores the correspondence between the IP address of the UE and the local IP address of the UE and the correspondence between the port numbers before and after the replacement. When the N3G-GW receives the downlink service data packet, the N3G-GW replaces the destination address of the downlink service data packet with the original IP address of the destination UE (in this embodiment, the local IP address of the destination UE is replaced with the IP address of the destination UE) according to the correspondence between the port numbers before and after replacement, and then sends the downlink service data packet to the destination UE.

The actions of the CP function entities in S504, S507, S508a, S511a, S508b, S509b, S511b, S514b and S516b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment.

The actions of N3G-GW in S502, S503, S509a, S510a, S512a, S514a, S512b, S513b, S517b, and S519b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application.

Of course, in scenario B of the embodiment shown in fig. 4, reference may also be made to the connection establishment method in scenario B of the embodiment shown in fig. 5 and the flow after service connection establishment, which is not described herein again in this embodiment of the application, and specifically, reference may be made to the embodiment shown in fig. 5.

The difference with the scenario B of the embodiment shown in fig. 3 or fig. 4 is that, in the embodiment of the present application, no matter local service authorization or mobile service authorization, the UE obtains the IP address of the UE, the UE does not need to sense the service type, when sending a service data packet to the N3G-GW, the source IP address of the service data packet is the same and is the IP address of the UE, and the N3G-GW distinguishes the mobile service and the local service based on the destination IP address, the port number, or the protocol type, and implements data offloading, thereby simplifying the operation of the UE.

In another possible implementation manner, as shown in fig. 6, a schematic flow chart of another connection method provided in the embodiment of the present application is provided. Taking the case that the UE accesses from the non-3GPP network in the 5G network architecture shown in fig. 1 as an example, the interaction between the UE, the N3G-GW, the UP functional entity, the CP functional entity and the database entity is involved, which includes the following steps:

S601-S607 are the same as S301-S307.

S608, the CP function entity sends NG2 interface message to N3G-GW to make N3G-GW receive the NG2 interface message.

Wherein the NG2 interface message encapsulates the attach response message.

If the NG2 interface message in step S603 is a connection establishment request message, the NG2 interface message in step S608 may be, for example, a connection establishment response message; if the NG2 interface message in step S603 is the NG2 message, the NG2 interface message in step S608 may be, for example, the NG2 message; if the NG2 interface message in step S603 is a NG2AUTH request message, the NG2 interface message in step S608 may be, for example, a NG2AUTH response message; if the NG2 interface message in step S603 is the upstream NAS transport request message, the NG2 interface message in step S608 may be, for example, an upstream NAS transport response message.

The S609, N3G-GW obtains an attach response message from the NG2 interface message and transmits the attach response message to the UE so that the UE receives the attach response message.

S610, after the UE completes the attach procedure, sending NAS signaling to the CP functional entity, so that the CP functional entity receives the NAS signaling.

The NAS signaling may include, for example, a PDU session establishment request (PDU session establishment request) message, where the PDU session establishment request message includes a UE identifier, and the UE identifier is used by the UP functional entity to identify the UE and perform session management of UE granularity.

Optionally, the PDU session setup request message may further include a local service request indication, where the local service request indication is used to request a local service.

After the CP functional entity receives the NAS signaling, the CP functional entity performs the following processing according to the service authorization indication obtained in the above step:

s611a-S615a are similar to S308a-S312a, except that the attach response message is replaced by an NAS message, and the description of the embodiments of the present application is omitted here.

Optionally, after the service connection is established, as shown in fig. 6, the method may further include the following steps:

s616a-S617a, as same as S313a-S314 a.

By the scheme, the routing of the local service data packet can be realized.

s611b-S620b are similar to S308b-S317b, except that the attach response message is replaced by an NAS message, and the description of the embodiment of the present application is omitted here.

s621b-S622b, the same as S318b-S319 b.

The actions of the CP function entities in S604, S607, S608, S611a, S614a, S611b, S612b, S614b, S617b, and S619b may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application.

The actions of N3G-GW in S602, S603, S609, S612a, S613a, S615a, S617a, S615b, S616b, S620b and S622b described above may be executed by the processor 201 in the computer device 200 shown in fig. 2 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application.

Of course, in the embodiments shown in fig. 4 or fig. 5, connection establishment may also be performed by referring to the connection establishment method in the embodiment shown in fig. 6, which is not described herein again in this embodiment of the present application.

The difference from the above embodiments is that, in the embodiment of the present application, the establishment of the service connection for the UE occurs after the UE attaches to the network, that is, the NAS message sent by the UE triggers the connection establishment of the service. In the embodiments, the connection establishment of the service occurs during the attachment of the UE to the network. The advantage of the scheme is that the attachment process (or authentication process) is separated from the service connection establishment process. Only when the UE initiates the service, the network side establishes the service connection for the UE, thereby saving network resources.

The above-mentioned scheme provided by the embodiment of the present application is introduced mainly from the perspective of interaction between network elements. It is understood that the above CP functional entity and N3G-GW contain corresponding hardware structures and/or software modules for performing respective functions in order to implement the above functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiment of the present application, the CP functional entity and the N3G-GW may be divided into functional modules according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.

For example, in the case of dividing each functional module by corresponding functions, fig. 7 shows a possible structural diagram of the CP functional entity involved in the foregoing embodiment, where the CP functional entity 700 includes: an acquisition module 701 and a sending module 702. The obtaining module 701 is configured to obtain a service authorization indication of the UE when the UE accesses from a non-3GPP network, where the service authorization indication includes a local service authorization indication. The obtaining module 701 is further configured to obtain a local IP address of the UE according to the local service authorization indication. The sending module 702 is configured to send the local IP address of the UE to the UE.

Further, the obtaining module 701 obtains the local IP address of the UE according to the local service authorization indication, including: according to the local service authorization indication, sending at least one of the local service authorization indication, the local IP address request of the UE or local service policy information to an N3G-GW, wherein the at least one of the local service authorization indication, the local IP address request of the UE or the local service policy information is used for the N3G-GW to acquire the local IP address of the UE; and receiving the local IP address of the UE sent by the N3G-GW.

Further, the service authorization indication also comprises a mobile service authorization indication. As shown in fig. 7, the CP function entity 700 further includes: a selection module 704 and a setup module 705. The selecting module 704 is configured to select the UP function entity after the obtaining module obtains the service authorization indication of the UE. The establishing module 705 is configured to establish a PDU connection between the N3G-GW and the UP functional entity for the UE.

Further, the establishing module 705 establishes a PDU connection between the N3G-GW and the UP functional entity for the UE, including: acquiring the F-TEID of the UP functional entity, wherein the F-TEID of the UP functional entity comprises the IP address of the UP functional entity and the tunnel endpoint identification TEID of the UP functional entity; acquiring the IP address of the UE; sending the IP address of the UE to the UE; and sending the F-TEID of the UP functional entity to the N3G-GW, and storing the F-TEID of the UP functional entity by the N3G-GW; acquiring the F-TEID of the N3G-GW, wherein the F-TEID of the N3G-GW comprises the IP address of the N3G-GW and the TEID of the N3G-GW; sending a PDU session update request message to the UP functional entity, wherein the PDU session update request message carries the F-TEID of the N3G-GW, and the UP functional entity stores the F-TEID of the N3G-GW; and receiving a PDU session update response message sent by the UP functional entity.

Further, the IP address of the UE and the mobile service indicate binding. The local IP address of the UE and the local traffic indication binding.

Further, as shown in fig. 7, the CP function further includes a receiving module 706. The receiving module 706 is configured to receive subscription data of the UE sent by a database entity before the obtaining module 701 obtains the service authorization indication of the UE, where the subscription data of the UE is used for access authorization and service authorization of the UE. The obtaining module 701 obtains the service authorization indication of the UE, including: and determining the access authorization and the service authorization of the UE according to the subscription data of the UE, and obtaining the service authorization indication of the UE.

Optionally, the obtaining module 701 obtains the service authorization indication of the UE, including: and receiving a service authorization indication of the UE, which is sent by a database entity, wherein the service authorization indication of the UE is obtained after the database entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE, and the subscription data of the UE is used for the access authorization and the service authorization of the UE.

For specific implementation of the subscription data of the UE for the access authorization and the service authorization of the UE, reference may be made to the above method embodiment, and details of the embodiment of the present application are not repeated herein.

Optionally, as shown in fig. 7, the CP function further includes a receiving module 706. The receiving module 706 is configured to receive the current access type indication of the UE sent by the N3G-GW.

For specific implementation of the current access type indication, reference may be made to the foregoing method embodiment, and details of the embodiment of the present application are not described herein again.

In combination with the current access type indication, the specific implementation of the subscription data of the UE for the access authorization and the service authorization of the UE may refer to the above method embodiment, and this embodiment is not described herein again.

Optionally, the CP function further includes a receiving module 706. The receiving module 706 is configured to receive a local service request indication sent by the UE before the obtaining module 701 obtains the service authorization indication of the UE.

Optionally, the local service includes fixed network service or non-seamless WLAN offload service.

All relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again.

In the case of dividing each functional module in an integrated manner, fig. 8 shows a possible structural diagram of the CP functional entity involved in the foregoing embodiment, where the CP functional entity 800 includes: a processing module 801 and a communication module 802. The processing module 801 may be configured to execute operations that can be executed by the obtaining module 701, the selecting module 704, and the establishing module 705 in fig. 7, and the communication module 802 may be configured to execute operations that can be executed by the receiving module 706 and the sending module 702 in fig. 7, which may specifically refer to the embodiment shown in fig. 7, and this embodiment of the present application is not described herein again.

In this embodiment, the CP functional entity is presented in a form of dividing each functional module corresponding to each function, or in a form of dividing each functional module in an integrated manner. A "module" as used herein may refer to an application-specific integrated circuit (ASIC), an electronic circuit, a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that provide the described functionality. In a simple embodiment, those skilled in the art may recognize that the CP function 700 or the CP function 800 may take the form shown in fig. 2. For example, the obtaining module 701, the selecting module 704, the establishing module 705, the receiving module 706, and the sending module 702 in fig. 7 may be implemented by the processor 201 and the memory 203 in fig. 2, specifically, the obtaining module 701, the sending module 702, the selecting module 704, the establishing module 705, and the receiving module 706 may be executed by the processor 201 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application. Alternatively, for example, the processing module 801 and the communication module 802 in fig. 8 may be implemented by the processor 201 and the memory 203 in fig. 2, and specifically, the processing module 801 and the communication module 802 may be executed by the processor 201 calling the application program code stored in the memory 203, which is not limited in this embodiment of the present application.

The present invention further provides a computer storage medium for storing computer software instructions for the CP functional entity, which includes a program designed to execute the method of the embodiment. By executing the stored program, the connection establishment of the service can be realized.

For example, in the case of dividing each function module by corresponding functions, fig. 9 shows a possible structural diagram of the N3G-GW involved in the above embodiment, where the N3G-GW900 includes: a receiving module 901, an obtaining module 902 and a sending module 903. A receiving module 901, configured to receive at least one of a local service authorization indication of a UE, a local network protocol IP address request of the UE, or local service policy information, sent by a CP functional entity, when the UE accesses from a non-3GPP network. An obtaining module 902, configured to obtain a local IP address of the UE according to at least one of a local service authorization indication of the UE, a local IP address request of the UE, or the local service policy information. A sending module 903, configured to send the local IP address of the UE to the CP function entity.

Further, the receiving module 901 is further configured to receive, after the sending module 903 sends the local IP address of the UE to the CP functional entity, the local IP address of the UE and the local service indication bound to the local IP address of the UE sent by the CP functional entity, and the IP address of the UE and the mobile service indication bound to the IP address of the UE. The sending module is further configured to send, by the UE, the local IP address of the UE and the local service indication bound to the local IP address of the UE, and the IP address of the UE and the mobile service indication bound to the IP address of the UE.

Further, as shown in fig. 9, the N3G-GW900 further includes a determining module 904. The receiving module 901 is further configured to receive a service data packet sent by the UE, where the service data packet includes a source IP address. The determining module 904 is configured to determine that the service data packet is a mobile service data packet or a local service data packet according to the source IP address. The sending module 903 is configured to send the service data packet to an UP functional entity if the service data packet is a mobile service data packet; or if the service data packet is a local service data packet, sending the service data packet to a local service server.

Optionally, the receiving module 901 is further configured to receive the IP address of the UE sent by the CP functional entity after the sending module 903 sends the local IP address of the UE to the CP functional entity; the sending module 903 is further configured to send the IP address of the UE to the UE.

Further, as shown in fig. 9, the N3G-GW900 further includes a determining module 904 and a replacing module 905. A receiving module 901, configured to receive a service data packet sent by the UE, where the service data packet includes an IP address of the UE and at least one of a destination IP address, a destination port number, or a protocol type. A determining module 904, configured to determine that the service data packet is a mobile service data packet or a local service data packet according to at least one of the destination IP address, the destination port number, or the protocol type, and at least one of local configuration information or the local service policy information. A sending module 903, configured to send the service data packet to an UP functional entity if the service data packet is a mobile service data packet; or, if the service data packet is a local service data packet, after the replacing module 905 replaces the IP address of the UE with the local IP address of the UE, the sending module 903 sends the service data packet to the local service server. A storage module 906, configured to store a corresponding relationship between the IP address of the UE and the local IP address of the UE.

Further, the receiving module 901 is further configured to receive a downlink service data packet, where the downlink service data packet includes a local IP address of the destination UE. A replacing module 905 is further configured to replace the local IP address of the destination UE with the IP address of the destination UE. The sending module 903 is further configured to send the downlink service data packet to the destination UE.

In the case of dividing the functional modules in an integrated manner, fig. 10 shows a possible structural diagram of the N3G-GW involved in the above-described embodiment, where the N3G-GW1000 includes: a processing module 1001, a communication module 1002 and a storage module 1003. The processing module 1001 may be configured to execute operations that can be executed by the obtaining module 902, the determining module 904, and the replacing module 905 in fig. 9, the communication module 1002 may be configured to execute operations that can be executed by the receiving module 901 and the sending module 903 in fig. 9, and the storage module 1003 may be configured to execute operations that can be executed by the storage module 906 in fig. 9, which may specifically refer to the embodiment shown in fig. 9, and this embodiment of the present application is not described again here.

In this embodiment, the N3G-GW is presented in a form of dividing each function module corresponding to each function, or the N3G-GW is presented in a form of dividing each function module in an integrated manner. A "module" as used herein may refer to an application-specific integrated circuit (ASIC), an electronic circuit, a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that provide the described functionality. In a simple embodiment, those skilled in the art will recognize that either N3G-GW900 or N3G-GW1000 may take the form shown in FIG. 2. For example, the obtaining module 902, the determining module 904, the replacing module 905, the receiving module 901, the sending module 903 and the storing module 906 in fig. 9 may be implemented by the processor 201 and the memory 203 in fig. 2, and specifically, the obtaining module 902, the determining module 904, the replacing module 905, the receiving module 901, the sending module 903 and the storing module 906 may be executed by the processor 201 calling an application program code stored in the memory 203, which is not limited in this embodiment of the present application. Alternatively, for example, the processing module 1001, the communication module 1002, and the storage module 1003 in fig. 10 may be implemented by the processor 201 and the memory 203 in fig. 2, specifically, the processing module 1001, the communication module 1002, and the storage module 1003 may be executed by the processor 201 calling an application program code stored in the memory 203, which is not limited in this embodiment.

Embodiments of the present application further provide a computer storage medium storing computer software instructions for the N3G-GW, which includes a program designed to perform the method embodiments described above. By executing the stored program, the connection establishment of the service can be realized.

The embodiment of the present application further provides a computer program, which includes instructions, when the computer program is executed by a computer, the computer may execute the procedures of the above method embodiments.

While the present application has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus (device), or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. A computer program stored/distributed on a suitable medium supplied together with or as part of other hardware, may also take other distributed forms, such as via the Internet or other wired or wireless telecommunication systems.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and figures are merely exemplary of the present application as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the present application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A method for connection establishment, the method comprising:

when User Equipment (UE) is accessed from a non-third generation partnership project (non-3GPP) network, a Control Plane (CP) functional entity receives subscription data of the UE, which is sent by a database entity, wherein the subscription data of the UE is used for access authorization and service authorization of the UE;

the CP functional entity obtains a service authorization indication of the UE, wherein the service authorization indication comprises a local service authorization indication;

the CP functional entity acquires a local network protocol IP address of the UE according to the local service authorization indication;

the CP function entity sends a local IP address of the UE to the UE;

the subscription data of the UE is used for access authorization and service authorization of the UE, and includes:

the subscription data comprises a network access mode parameter, wherein if the network access mode parameter is set to a packet switching domain, or if the network access mode parameter is set to a packet switching domain or a voice service domain, or non-3GPP subscription data exists, the UE is allowed to access a core network from a currently accessed network, and the UE is allowed to use a mobile service and a local service;

or, the subscription data includes a network access mode parameter, where if the network access mode parameter is set to a packet switched domain, or if the network access mode parameter is set to a packet switched domain or a voice service domain, or non-3GPP subscription data exists, it indicates that the UE is allowed to access a core network from a currently accessed network, and the UE is allowed to use a mobile service; if the subscription data further comprises a local service authorization indication, indicating that the UE is allowed to use the local service; or, if the subscription data does not include the local service unauthorized indication, it indicates that the UE is allowed to use the local service.

2. The method of claim 1, wherein the CP function entity obtaining the local network protocol IP address of the UE according to the local service authorization indication, comprises:

the CP functional entity sends at least one of the local service authorization indication, the local IP address request of the UE or the local service policy information to a non-3GPP access gateway N3G-GW according to the local service authorization indication, wherein the at least one of the local service authorization indication, the local IP address request of the UE or the local service policy information is used for the N3G-GW to obtain the local IP address of the UE;

and the CP function entity receives the local IP address of the UE sent by the N3G-GW.

3. The method of claim 2, the service authorization indication further comprising a mobile service authorization indication;

after the CP functional entity obtains the service authorization indication of the UE, the method further includes:

the CP function entity selects an UP function entity and establishes a Packet Data Unit (PDU) connection between the N3G-GW and the UP function entity for the UE.

4. The method of claim 3 wherein the CP function entity establishes a PDU connection between the N3G-GW and the UP function entity for the UE, comprising:

the CP function entity obtains a full tunnel endpoint identifier F-TEID of the UP function entity, wherein the F-TEID of the UP function entity comprises an IP address of the UP function entity and the tunnel endpoint identifier TEID of the UP function entity;

the CP functional entity acquires the IP address of the UE;

the CP function entity sends the IP address of the UE to the UE; and, the CP function entity transmitting the F-TEID of the UP function entity to the N3G-GW, storing the F-TEID of the UP function entity by the N3G-GW;

the CP function entity acquires the F-TEID of the N3G-GW, wherein the F-TEID of the N3G-GW comprises the IP address of the N3G-GW and the TEID of the N3G-GW;

the CP function entity sends a PDU session update request message to the UP function entity, the PDU session update request message carries the F-TEID of the N3G-GW, and the UP function entity stores the F-TEID of the N3G-GW;

and the CP functional entity receives a PDU session update response message sent by the UP functional entity.

5. The method of claim 4, wherein the UE's IP address and Mobile services indicate binding.

6. The method of claim 1, wherein a local IP address of the UE and a local traffic indication binding.

7. The method of claim 1,

the CP functional entity obtaining the service authorization indication of the UE includes:

and the CP functional entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE and obtains the service authorization indication of the UE.

8. The method of claim 1, wherein the CP function entity obtaining the service authorization indication of the UE comprises:

and the CP functional entity receives a service authorization indication of the UE sent by a database entity, wherein the service authorization indication of the UE is obtained after the database entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE, and the subscription data of the UE is used for the access authorization and the service authorization of the UE.

9. The method according to claim 7 or 8, characterized in that the method further comprises:

the CP function entity receives the current access type indication of the UE sent by N3G-GW;

the subscription data comprises an access type indication, when the access type indication comprises the current access type indication, the UE is allowed to access a core network from a current access network, and the UE is allowed to use a mobile service and a local service;

or, the subscription data includes an access type indication, and when the access type indication includes the current access type indication, it indicates that the UE is allowed to access a core network from a currently accessed network and to use a mobile service, and if the subscription data further includes a local service authorization indication, it indicates that the UE is also allowed to use a local service; or, if the subscription data does not include the local service unauthorized indication, it indicates that the UE is allowed to use the local service.

10. The method of claim 9, wherein the current access type indication is implemented by defining an access type parameter, or defining a transmission type parameter, or defining an access mode parameter, wherein the access type parameter or a parameter value of the transmission type parameter is settable to non-3GPP access, WiFi access, local access, home access, enterprise access, or public access; the parameter value of the access mode parameter can be set to a local open mode, a local closed mode or a local mixed mode.

11. The method of claim 1, before the CP function entity obtains the service authorization indication of the UE, further comprising:

and the CP functional entity receives a local service request indication sent by the UE.

12. The method of claim 1, wherein the local traffic comprises fixed network traffic or non-seamless Wireless Local Area Network (WLAN) offload traffic.

13. A control plane, CP, functional entity, characterized in that the CP functional entity comprises: the device comprises a receiving module, an obtaining module and a sending module;

the receiving module is used for receiving subscription data of User Equipment (UE) sent by a database entity, wherein the subscription data of the UE is used for access authorization and service authorization of the UE;

the obtaining module is configured to obtain a service authorization indication of the UE when the UE accesses from a non-third generation partnership project non-3GPP network, where the service authorization indication includes a local service authorization indication;

the obtaining module is further configured to obtain a local network protocol IP address of the UE according to the local service authorization indication;

the sending module is configured to send the local IP address of the UE to the UE;

14. The CP function entity of claim 13, wherein the obtaining module obtains a local network protocol IP address of the UE according to the local service authorization indication, comprising:

according to the local service authorization indication, at least one of the local service authorization indication, the local IP address request of the UE or local service policy information is sent to a non-3GPP access gateway N3G-GW, and the at least one of the local service authorization indication, the local IP address request of the UE or the local service policy information is used for the N3G-GW to obtain the local IP address of the UE;

and receiving the local IP address of the UE sent by the N3G-GW.

15. The CP function entity of claim 14, the service authorization indication further comprising a mobile service authorization indication;

the CP function entity further includes: a selection module and an establishment module;

the selection module is configured to select a user plane UP functional entity after the acquisition module acquires the service authorization indication of the UE;

the establishing module is configured to establish a packet data unit, PDU, connection between the N3G-GW and the UP functional entity for the UE.

16. The CP function entity of claim 15, wherein the establishing module establishes a PDU connection between the N3G-GW and the UP function entity for the UE, comprising:

acquiring a full tunnel endpoint identifier F-TEID of the UP functional entity, wherein the F-TEID of the UP functional entity comprises an IP address of the UP functional entity and the tunnel endpoint identifier TEID of the UP functional entity;

acquiring an IP address of the UE;

sending the IP address of the UE to the UE; and, the CP function entity transmitting the F-TEID of the UP function entity to the N3G-GW, storing the F-TEID of the UP function entity by the N3G-GW;

acquiring an F-TEID of the N3G-GW, the F-TEID of the N3G-GW comprising an IP address of the N3G-GW and a TEID of the N3G-GW;

sending a PDU session update request message to the UP functional entity, wherein the PDU session update request message carries the F-TEID of the N3G-GW, and the UP functional entity stores the F-TEID of the N3G-GW;

and receiving a PDU session update response message sent by the UP functional entity.

17. The CP function of claim 16, wherein the UE IP address and mobile services indicate binding.

18. The CP function of claim 13, wherein the UE's local IP address and local traffic indication binding.

19. The CP function according to claim 13,

the obtaining module obtains the service authorization indication of the UE, including:

and determining the access authorization and the service authorization of the UE according to the subscription data of the UE, and obtaining the service authorization indication of the UE.

20. The CP functional entity of claim 13, wherein the obtaining module obtains the service authorization indication of the UE, comprising:

and receiving a service authorization indication of the UE, which is sent by a database entity, wherein the service authorization indication of the UE is obtained after the database entity determines the access authorization and the service authorization of the UE according to the subscription data of the UE, and the subscription data of the UE is used for the access authorization and the service authorization of the UE.

21. The CP function according to claim 13,

the receiving module is further configured to receive a local service request indication sent by the UE before the obtaining module obtains the service authorization indication of the UE.

22. The CP functional entity according to claim 13, wherein the local traffic comprises fixed network traffic or non-seamless WLAN offload traffic.

23. A control plane CP functional entity, comprising: a processor, a memory, a bus, and a communication interface;

the memory is used for storing computer-executable instructions, the processor is connected with the memory through the bus, and when the CP function entity runs, the processor executes the computer-executable instructions stored in the memory so as to enable the CP function entity to execute the connection establishment method according to any one of claims 1-12.