JP5703111B2 - Communication system and apparatus - Google Patents

Description

  The present invention relates to a communication system and an apparatus, and more particularly to a technique for performing packet filtering on a packet transmitted and received between a terminal and a service providing server without deteriorating communication performance.

  In recent years, research and standardization activities for the 3.9th generation mobile communication system and the 4th generation mobile communication system have been promoted as a method for realizing higher speed and higher quality of mobile radio communication. 3GPP (3rd Generation Partnership Project), a standardization organization that formulates LTE (Long Term Evolution), one of the 3.9th generation mobile communication systems, and LTE Advanced, which is one of the 4th generation mobile communication systems. ) Has already formulated TS (Technical Specification). In this TS, a packet in a downlink direction (hereinafter referred to as a DL packet) transmitted from a service providing server belonging to an IP (Internet Protocol) network to the terminal, and a packet in an uplink direction transmitted from the terminal to the service providing server. Packet filtering for associating charging conditions and QoS (Quality of Service) conditions applied to each packet is performed at the gateway for each (hereinafter referred to as UL packet), and charging and priority control are performed based on the result. Specifications for applying QoS control such as packet transfer rate control and packet discard are defined.

  As a parameter for defining filter conditions for packet filtering in the gateway, Non-Patent Document 1 defines Flow-Description. Non-Patent Document 2 stipulates that a packet filtering condition indicated by Flow-Information including Flow-Description is sent from a node PCRF (Policy and Charging Rule Function) that manages policies to a gateway using the Diameter protocol. ing. Packet filtering conditions that can be set in Flow-Information are included in the IP layer packet filtering conditions such as the destination IP address and the source IP address, and the TCP (Transmission Control Protocol) header and UDP (User Datagram Protocol) header. Although the transport layer packet filtering conditions such as the destination port number and the transmission source port number are specified, it is not specified to set the packet filtering condition higher than the session layer.

  Further, in 3GPP, TDF (Traffic Detection Function) is defined as a device that can include header information or payload information of a layer higher than a session layer in a packet filtering condition. In TR (Technical Report) of Non-Patent Document 3, a method for realizing packet filtering based on packet filtering conditions received from the PCRF by connecting the TDF to the PCRF is being studied.

  Further, Patent Document 1 discloses a technique for extracting information necessary for packet filtering in a packet relay device such as a gateway and filtering according to the information, while Patent Document 2 discloses a rule control method in packet filtering. As described above, a technique for creating the second rule from the application result of the first rule is disclosed.

JP 2006-345366 A JP 2009-0707030 A

IETF RFC3588 (2003-9) 3GPP TS 29.212 V10.1.0, (2011-1), Technical Specification 3GPP TR23.813 V10.1.0, (2010-10), Technical Report

In the gateway conforming to the 3GPP TS described above, the IP layer packet filtering conditions such as the destination IP address and the source IP address, and the destination port number and the source port number included in the TCP header and UDP header, etc. In packet filtering based only on port layer packet filtering conditions (hereinafter referred to as simple packet filtering), the application type such as P2P (Peer to Peer) to which the UL packet or DL packet belongs, or the payload portion of the UL packet or DL packet Packet filtering based on the information contained in Therefore, in an apparatus (hereinafter referred to as a communication control apparatus) that performs communication control such as QoS control such as packet priority control, transfer rate control, and packet discard based on the packet filtering result, the packet application type and payload portion On the other hand, a device capable of including header information or payload information of a layer higher than a session layer such as TDF conforming to 3GPP TR in the packet filtering condition (hereinafter, details) In the search device, packet filtering (hereinafter referred to as detailed packet filtering) based on the application type to which the UL packet or DL packet belongs, such as P2P, or information included in the payload portion of the UL packet or DL packet. In the communication control device, the communication control based on the application type of the packet and the information included in the payload portion can be performed. However, the packet filtering result is generally compared with the simple packet filtering. Since it takes a long time to obtain the packet transfer performance, the packet transfer performance such as the packet transfer rate may be lowered.

  In view of the above problems, the object of the present invention is the same as when detailed packet filtering is performed by simple packet filtering in a communication device without performing detailed packet filtering in a detailed search device in a wireless or wired communication system. An object of the present invention is to provide a communication system and apparatus capable of improving packet transfer performance by applying packet filtering results to packets.

  In order to achieve the above object, according to the present invention, there is provided a communication system for filtering packets transmitted / received by a terminal capable of wireless communication or wired communication via an IP network. Communication device that performs simple packet filtering based on the above, a detailed search device that performs detailed packet filtering on packets based on detailed packet filtering conditions that are more detailed than simple packet filtering conditions, and a communication device based on the result of detailed packet filtering. Communication comprising a policy management device that creates simple packet filtering conditions and notifies the communication device of the simple packet filtering conditions, and a communication control device that performs communication control based on a filtering result for the packet To provide a stem.

  In order to achieve the above object, according to the present invention, there is provided a detailed search device that performs filtering on packets transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network. A network interface unit for the IP network, and the processing unit performs detailed packet filtering on the packet based on a detailed packet filtering condition based on an application type to which the packet belongs and information included in a payload portion of the packet. Detailed search device configured to transmit IP layer header information of packets detected by packet filtering and transport layer header information to a policy management device connected to an IP network via a network interface unit To provide.

  Furthermore, in order to achieve the above object, in the present invention, a policy management apparatus for creating a filtering condition for performing filtering on packets transmitted / received to / from a terminal capable of wireless communication or wired communication via an IP network A detailed search includes a processing unit, a memory unit, and a network interface unit for the IP network, and the processing unit performs detailed packet filtering based on a detailed packet filtering condition for a packet connected to the IP network. A simple packet filtering condition is created based on the IP layer header information of the packet detected by the detailed packet filtering and the transport layer header information notified from the device, and the IP network is passed through the network interface unit. Providing policy management device configured to be notified to the communication device connected to the workpiece.

  Furthermore, in order to achieve the above object, according to the present invention, there is provided a communication device that performs filtering on packets transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network, A memory unit and a network interface unit, and the processing unit receives the simple packet filtering condition notified from the policy management apparatus connected to the IP network, receives the simple packet filtering condition, and then receives the simple packet filtering condition from the IP network. Provided is a communication device configured to perform simple packet filtering based on simple packet filtering conditions for packets to be performed.

  According to the present invention, when performing communication control based on a detailed packet filtering result in a wireless or wired communication system, communication performance such as a packet transfer rate can be improved.

It is a conceptual diagram for demonstrating the function structure of the communication system based on a 1st Example. It is a block diagram which shows one structural example of the communication system based on 1st Example. It is a functional block diagram which shows an example of the gateway (GW) based on a 1st Example. It is a block diagram of the memory part of GW based on a 1st Example. It is a figure which shows an example of the table which GW hold | maintains based on a 1st Example. It is a figure which shows an example of the table which shows the application result list | wrist which GW hold | maintains based on 1st Example. It is a functional block diagram which shows an example of the policy management apparatus (PS) based on a 1st Example. FIG. 3 is a block diagram of a PS memory unit according to the first embodiment. It is a figure which shows an example of the table which shows the element required for simple packet filtering condition preparation which PS hold | maintains based on 1st Example. It is a figure which shows an example of the table which shows the IP address corresponding to the terminal (MS) which PS hold | maintains based on a 1st Example. It is a figure which shows an example of the table which PS which shows the IP address corresponding to a service provision server (SS) based on a 1st Example hold | maintains. It is a figure which shows an example of the table which shows the element required for simple packet filtering condition preparation which PS hold | maintains based on 1st Example. It is a figure which shows an example of the table which shows communication state of MS which PS hold | maintains based on 1st Example. It is a functional block diagram of an example of a detailed search device (DD) concerning the 1st example. It is a block diagram of the memory part of DD based on a 1st Example. It is a figure of an example of the table which shows information, such as a detailed packet filtering condition and an application result, which DD hold | maintains based on a 1st Example. It is a figure which shows an example of the table which shows the application result list | wrist which DD hold | maintains based on a 1st Example. It is a functional block diagram of an example of a communication control apparatus (TC) based on a 1st Example. It is a block diagram of the memory part of TC based on a 1st Example. It is a figure which shows an example of the table which determines communication control conditions which TC hold | maintains based on a 1st Example. It is a functional block diagram which shows an example of a 1st packet relay apparatus (FR) based on a 1st Example. It is a functional block diagram which shows an example of the 2nd packet relay apparatus (FR) based on 1st Example. It is a figure which shows an example of the process of the detailed packet filtering in DD based on 1st Example. It is a figure which shows an example of the process of simple packet filtering condition creation in PS based on 1st Example. It is a figure which shows an example of the process of simple packet filtering condition creation in PS based on 1st Example. It is a figure which shows an example of the process of the simple packet filtering in GW based on 1st Example. It is a figure which shows an example of the feedback flow to the simple packet filtering conditions of the detailed packet filtering result based on 1st Example.

  Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings. Before describing various embodiments, an outline thereof will be described.

  FIG. 1 is a functional configuration diagram for explaining an outline of a communication system according to the present invention. In the figure, in the detailed packet filtering in the detailed search device (Detailed Detection, hereinafter referred to as DD) 6, the header information and transformer of the IP layer of the UL packet or DL packet that match a certain detailed packet filtering condition (only in the case of Yes) The header information of the port layer is transmitted to the policy management device (Policy Server, hereinafter referred to as PS) 3. The PS 3 creates a simple packet filtering condition based on the received information, and transmits it to the gateway (Gateway, GW) 2 in order to add the created simple packet filtering condition.

  Then, the GW 2 performs simple packet filtering based on the received simple packet filtering condition on the received UL packet or DL packet, and the communication controller (Traffic Controller, TC) 7 performs the simple packet filtering in the GW 2. Communication control based on the packet filtering result is performed, and UL packets or DL packets are transmitted.

  With this communication system, the same filter result as the detailed packet filtering can be applied only by the simple packet filtering by the gateway, so that the communication performance such as the packet transfer rate can be improved.

  Hereinafter, a first embodiment of the present invention will be sequentially described with reference to the drawings.

<System configuration>
FIG. 2 is a diagram illustrating a configuration example of the communication system according to the first embodiment. The communication system according to the first embodiment includes a base station (hereinafter referred to as “BS”) 4, a terminal (mobile station, hereinafter referred to as “MS”) 5 that performs wireless communication or wired communication, a BS 4 and a first packet relay device (hereinafter referred to as “BS”). A service providing server (Service Server, hereinafter referred to as SS) that communicates with the GW 2 via a first router (hereinafter referred to as FR) 8 and a GW 2 that communicates with the MS 5 via a second packet relay device (hereinafter referred to as SR) 9. ) 1, PS3 communicating with GW2 and DD6 and TC7, DD6 communicating with GW2 and TC7 and PS3, TC7 communicating with GW2 and DD6 and FR8 and SR9, and FR8 communicating with BS4 and GW2 and TC7, SS1 and GW2 and T It includes SR9 and communicating with 7.

  Here, FR8 can be omitted. In this case, TC7 transmits the DL packet to BS4 without going through FR8, and GW2 communicates with BS4 without going through FR8. SR9 can be omitted. In this case, TC7 transmits a UL packet to SS1 without passing through SR8, and GW2 communicates with SS1 without passing through SR9.

  Further, DD6 may be mounted on the same device as GW2. TC7 may be mounted on the same device as GW2, may be mounted on the same device as DD6, or TC7 different in GW2 and DD6 may be used. BS4 can be omitted. In this case, MS1 communicates with FR8 or GW2 without going through BS4, and GW2 or FR8 communicates with MS1 without going through BS4. PS3 may be mounted on the same device as GW2, or may be mounted on the same device as DD6.

  In the communication system of FIG. 2, the GW 2 applies the UL packet received from the BS 4 or FR 8 and the DL packet received from the SS 1 or SR 9 according to the simple packet filtering condition notified from the PS 3 or the simple packet filtering condition set in the GW 2. Simple packet filtering is performed on the packet, and the packet is transferred to DD6 or TC7 based on the filtering result.

  DD6 performs detailed packet filtering on the UL packet and DL packet received from GW2 according to the detailed packet filtering condition notified from PS3 and the detailed packet filtering condition set in DD6, and the packet is sent based on the filtering result. Transfer to TC7. At this time, for a packet that matches a specific detailed packet filtering condition, IP layer header information such as the destination IP address / destination IP address of the packet, and the destination port number / destination included in the UDP header / TCP header, etc. Transport layer header information such as a port number is transmitted to PS3.

  TC7 performs communication control on the UL packet or DL packet received from GW2 or DD6 according to the communication control condition notified from PS3 or the communication control condition set in TC7, and discards the packet, or UL packet Is transferred to SR9 or SS1, and the DL packet is transferred to FR8 or BS4, respectively. The FR 8 transfers the UL packet received from the BS 4 to the GW 2 and the DL packet received from the TC 7 to the BS 4. SR9 transfers the UL packet received from TC7 to SS1, and the DL packet received from SS1 to GW2.

  In the present embodiment, the simple packet filtering performed by the GW 2 based on the simple packet filtering condition set in the transmission or GW 2 from the PS 3 communicating with the GW 2 and the DD 6 and the detailed packet filtering condition set in the transmission or the DD 6 from the PS 3 When performing communication control based on both filtering results of the detailed packet filtering performed by the DD6 based on the TC7, in the detailed packet filtering performed by the DD6, a certain detailed packet filtering condition designated from the PS3 or set to the DD6 IP layer header information such as the destination IP address / destination IP address of the packet that matches the packet, and the transport layer such as the destination port number / destination port number included in the UDP header / TCP header Is transmitted to PS3, a simple packet filtering condition based on the information notified by PS3 is created, the simple packet filtering condition is notified to GW2, and a simple packet based on the simple packet filtering condition notified by GW2 By performing filtering on subsequent packets, communication TC7 performs the same communication control as when detailed packet filtering is performed only by performing simple packet filtering without performing detailed packet filtering on subsequent packets. It is what is implemented in.

<Apparatus configuration: GW2>
FIG. 3 shows a functional block of a configuration example of the GW 2 used in this embodiment. The GW 2 includes, for example, an SR interface unit 21, an FR interface unit 22, a PS interface unit 23, a DD interface unit 24, a TC interface unit 25, a memory unit 26, and a processing unit 27.

  The SR interface unit 21 is an interface with the SR 9. The SR interface unit 21 causes the GW 2 to transmit and receive IP packets with the SS 1 via the SR 9. In the case of a communication system in which SR9 is omitted, the SR interface unit 21 serves as an interface with SS1, and the SR interface unit 21 allows GW2 to directly transmit and receive IP packets with SS1 without going through SR9.

  The FR interface unit 22 is an interface with the FR8. By the FR interface unit 22, the GW 2 transmits and receives IP packets to and from the BS 4 via the FR 8. In the case of a communication system in which the BS 4 is omitted, the FR interface unit 22 causes the GW 2 to directly transmit and receive IP packets with the MS 5 without going through the FR 8. In the case of a communication system in which FR8 is omitted, the FR interface unit 22 serves as an interface with the BS4, and the GW2 directly transmits and receives IP packets to and from the BS4 without passing through the FR8. In the case of a communication system in which BS4 and FR8 are omitted, the FR interface unit 22 serves as an interface with the MS5, and the GW2 directly transmits and receives IP packets to and from the MS5 without passing through the FR8 and BS4.

  The PS interface unit 23 is an interface with PS3. The PS interface unit 23 allows the GW 2 to transmit and receive IP packets with the PS 3. In the present embodiment, the GW 2 is a simple packet set by the PS interface unit 23 in the PS 3 in units of plural or single MS5 groups, multiple or single SS1 groups, or MS5 groups and SS1 groups. The filtering condition may be received from PS3.

  The DD interface unit 24 is an interface with the DD 6. With the DD interface unit 24, the GW 2 transmits and receives IP packets to and from the DD 6. In the present embodiment, the GW 2 matches the simple packet filtering condition (hereinafter referred to as a detailed search required simple filter condition) that requires detailed packet filtering in the DD 6, which is designated from the PS 3 or set to the GW 2 by the DD interface unit 24. A UL packet or a DL packet may be transmitted to DD6.

  The TC interface unit 25 is an interface with the TC7. By the TC interface unit 25, the GW 2 transmits and receives IP packets to and from the TC 7. In the present embodiment, the GW 2 is UL matched with the simple packet filtering condition (hereinafter referred to as the detailed search unnecessary simple filter condition) that is designated by the TC interface unit 25 from the PS3 or set to the GW 2 and does not require the detailed packet filtering in the DD 6. A packet or DL packet may be transmitted to TC7.

  The memory unit 26 stores information such as IP packets to be transmitted and received, addresses of SR9, SS1, FR8, BS4, PS3, DD6, and TC7 to be connected, simple packet filtering conditions applied to the UL packet or DL packet received by the interface unit. Store and manage as necessary.

  The interface unit 21-25 in the GW 2 described above may be collectively referred to as an interface unit of the GW 2 or a network interface unit. The interface unit is connected to the memory unit 26 and the processing unit 27 through an internal bus. Has been.

  The processing unit 27 is configured by, for example, a central processing unit (CPU). The processing unit 27 manages the information held in the memory unit 26 or executes various programs stored in the memory unit 26 to perform IP packet transmission / reception processing such as construction and analysis of IP packets, and the interface unit. Simple packet filtering of the received UL packet or DL packet is performed.

  It should be noted that PS3, DD6, TC7, FR8, SR9, etc., which are components other than GW2 constituting the communication system of the present embodiment, which will be described in sequence below, are similarly incorporated in the network interface unit, memory unit, Although the processing unit is provided, these processing units are also realized by a CPU that executes and processes a function program specific to the component. Further, although detailed description of the internal configuration is omitted, it goes without saying that SS1, BS4, and MS5 also have a configuration including a network interface unit, a memory unit, and a processing unit therein.

FIG. 4 shows a block diagram of a configuration example of the memory unit of the GW 2 of this embodiment.
For example, as shown in FIG. 4, the memory unit 26 has a table 261 that shows information such as a simple packet filtering condition used for comparison with the received UL packet or DL packet and its application result, and the UL / DL of the received packet. Information such as type, transmission source IP address condition, transmission source port number condition, destination IP address condition, destination port number condition, simple packet filtering condition application result, simple packet filtering condition application priority, and the like can be managed. Details of the table will be described later.

  For example, as illustrated in FIG. 4, the memory unit 26 includes a table 262 indicating an application result list to be transmitted to the DD 6, and manages information such as the UL / DL type of the received packet and the application result to be transmitted to the DD 6. be able to. Details of the table will be described later.

  As an example of information held in the memory unit 26 of the GW 2 of this embodiment, FIG. 5 shows a table 261 indicating information such as a simple packet filtering condition used for comparison with the received UL packet or DL packet, and its application result. Show. The table 261 includes, for example, the UL / DL type (Direction) of the received packet, the source IP address condition (Source IP Address), the source port number condition (Source Port Num), the destination IP address condition (Destination IP Address), the destination A port number condition (Destination Port Num), a simple packet filtering condition application result (Result), and a simple packet filtering condition application priority (Filter Priority) are stored.

  The UL / DL type of the received packet is a parameter indicating whether the application target of the corresponding simple packet filtering condition is the UL packet or the DL packet received by the GW 2. The GW 2 may determine that the UL / DL type of the packet included in the received UL packet or DL packet matches this parameter as one of the conditions to which the corresponding simple packet filtering condition is applied. This information may be omitted when the corresponding simple packet filtering condition is applied to any UL packet or DL packet received by GW2.

  The transmission source IP address condition is a parameter that stipulates under which conditions the corresponding simple packet filtering condition matches the transmission source IP address of the UL packet or DL packet received by the GW 2. The source IP address condition may be defined in a format such as single designation of an IPv4 address or IPv6 address, or designation of a range of an IPv4 address or IPv6 address using a subnet value. Note that this information may be omitted if the corresponding simple packet filtering condition matches regardless of the source IP address of the UL packet or DL packet received by GW2.

  The transmission source port number condition is a parameter that stipulates under which conditions the corresponding simple packet filtering condition matches the transmission source port number of the UL packet or DL packet received by the GW 2. The source port number condition may be defined in a format such as single designation of numbers, designation of a range of consecutive numbers, or designation of a list of discontinuous numbers. The source port number condition may specify a transport layer protocol such as UDP or TCP. In this case, the GW 2 specifies the transport layer protocol and source port number of the received UL packet or DL packet. It may be determined that the packet matches the condition only when both match the condition. Further, the source port number condition may specify only the transport layer protocol. Note that this information may be omitted if the corresponding simple packet filtering condition matches regardless of the source port number of the UL packet or DL packet received by the GW 2 or the protocol of the transport layer.

  The destination IP address condition is a parameter that stipulates under which conditions the corresponding simple packet filtering condition matches the destination IP address of the UL packet or DL packet received by the GW 2. The destination IP address condition may be defined in a format such as single designation of an IPv4 address or IPv6 address, or designation of an IPv4 address or IPv6 address range using a subnet value. Note that this information may be omitted when the corresponding simple packet filtering condition matches regardless of the destination IP address of the UL packet or DL packet received by GW2.

  The destination port number condition is a parameter that stipulates under which conditions the corresponding simple packet filtering condition matches the destination port number of the UL packet or DL packet received by the GW 2. The destination port number condition may be defined in a format such as single designation of numbers, range designation of consecutive numbers, or list designation of discontinuous numbers. The destination port number condition may specify a transport layer protocol such as UDP or TCP. In that case, the GW2 is required to specify both the transport layer protocol and the destination port number of the received UL packet or DL packet. It may be determined that the packet matches the condition only in a case that matches the condition. Further, the destination port number condition may specify only the transport layer protocol. Note that this information may be omitted if the corresponding simple packet filtering condition matches regardless of the destination port number of the UL packet or DL packet received by the GW 2 or the transport layer protocol.

  The application result of the simple packet filtering condition is a parameter indicating the application result for the UL packet or the DL packet that matches the corresponding simple packet filtering condition. The GW 2 may determine whether to transmit the received UL packet or DL packet to the DD 6 or TC 7 based on the application result. The GW 2 may set the application result in a packet transmitted to the DD 6 or TC 7.

  The application priority of simple packet filtering conditions is a parameter that defines the application order of corresponding simple packet filtering conditions. The GW 2 may determine which simple packet filtering is applied in order to the received UL packet or DL packet based on this application priority.

  Note that the initial values of these pieces of information may be set in GW2, or may be set by a message received from PS3. These pieces of information can be updated by a message received from PS3.

  FIG. 6 illustrates a table 262 indicating an application result list transmitted to the DD 6 as an example of information held in the memory unit of the GW 2 according to the present embodiment. The table 262 stores, for example, the UL / DL type (Direction) of the received packet and the application result (Result to DD) transmitted to the DD 6.

  The UL / DL type of the received packet is a parameter indicating whether the search target of the corresponding application result is the UL packet or the DL packet received by the GW 2.

  The application result transmitted to DD6 is a parameter indicating a condition of a packet to be transmitted to DD6 among UL packets or DL packets received by GW2. When the application result of simple packet filtering in GW2 matches the information, GW2 may transmit the packet to DD6. If the application result of simple packet filtering in GW2 does not match the information, GW2 may transmit the packet to TC7 without transmitting the packet to DD6.

  Note that the initial values of these pieces of information may be set in GW2, or may be set by a message received from PS3. These pieces of information can be updated by a message received from PS3.

<Device configuration: PS3>
FIG. 7 shows a functional block diagram of an example of PS3 used in this embodiment. The PS 3 includes, for example, a GW interface unit 31, a DD interface unit 32, a TC interface unit 33, a memory unit 34, and a processing unit 35.

  The GW interface unit 31 is an interface with the GW 2. The GW interface unit 31 causes the PS 3 to transmit and receive IP packets with the GW 2. In the present embodiment, the PS 3 may transmit a message indicating addition, change or deletion of the simple packet filtering condition to the GW 2 by the GW interface unit 31.

  The DD interface unit 32 is an interface with the DD 6. With the DD interface unit 32, the PS3 transmits and receives IP packets to and from the DD6. In the present embodiment, PS3 receives a PS notification packet indicating the application result of detailed packet filtering from DD6 by DD interface unit 32, and transmits a message indicating addition, change or deletion of simple packet filtering conditions to DD6. You may do it.

  The TC interface unit 33 is an interface with the TC7. The TC interface unit 33 causes the PS 3 to transmit and receive IP packets with the TC 7. In the present embodiment, the PS 3 may transmit a message indicating addition, change, or deletion of a message indicating a communication control condition of communication control performed by the TC 7 by the TC interface unit 33.

  The memory unit 34 stores and manages information such as IP packets to be transmitted and received and addresses of connected GW2, DD6, and TC7 as necessary.

  The processing unit 35 performs management of information held in the memory unit 34, IP packet transmission / reception processing such as construction and analysis of IP packets, creation of simple packet filtering conditions, and the like.

  FIG. 8 shows an example of a block diagram of the memory unit of the policy management apparatus. For example, as shown in FIG. 8, the memory unit 34 includes a table 341 indicating elements necessary for creating a simple packet filtering condition that does not depend on the MS 5 or SS 1 corresponding to the application result of the simple packet filtering, and the UL / DL of the received packet. Type (Result Direction), application result of detailed packet filtering condition of received packet (Result from DD), terminal location information (User Location), connection standard between terminal and base station (MS-BS Protocol), operator to which terminal belongs Identifier (Carrier of MS), application priority (Filter Priority) of the simple packet filtering condition to be created, UL / DL type (Filter Direction) of the simple packet filtering condition to be created, Necessity of creating source IP address condition (Source IP Address), Necessity of creating source port number condition (Source Port Num), Necessity of creating destination IP address condition (Destination IP Address), Creation of destination port number condition Information including various elements such as necessity (Destination Port Num) can be managed. Details of the table will be described later.

  For example, as illustrated in FIG. 8, the memory unit 34 includes a table 342 indicating an IP address corresponding to the MS 5, and can manage information such as an identifier of the MS 5 and an IP address assigned to the MS 5. Details of the table will be described later.

  Further, as shown in FIG. 8, for example, the memory unit 34 includes a table 343 indicating the IP address corresponding to SS1, and can manage information such as an identifier of SS1 and an IP address assigned to SS1. Details of the table will be described later.

  Further, as shown in FIG. 8, for example, the memory unit 34 includes a table 344 indicating various elements necessary for creating a simple packet filtering condition depending on the MS 5 or SS 1 corresponding to the application result of the simple packet filtering. UL / DL type (Result Direction), SS1 identifier (ID of SS), MS5 identifier (ID of MS), application result of detailed packet filtering condition of received packet (Result from DD), terminal location information (User) Location), connection standard between terminal and base station (MS-BS Protocol), operator identifier to which terminal belongs (Carrier of MS), application priority (Filter Priority) of simple packet filtering condition to be created, simple to create Packet filtering condition UL / DL type (Filter Direction), source IP address condition creation necessity (Source IP Address), source port number condition creation necessity (Source Port Num), destination IP address condition creation necessity It is possible to manage information such as “No” (Destination IP Address) and whether or not a destination port number condition needs to be created (Destination Port Num). Details of the table will be described later.

  Further, as shown in FIG. 8, for example, the memory unit 34 includes a table 345 indicating the communication state of the MS 5, and information such as the identifier of the MS 5, the communication state of the MS 5, and the application result of simple packet filtering when the MS 5 cannot communicate. Can be managed. Details of the table will be described later.

  FIG. 9 shows a table 341 indicating elements necessary for creating a simple packet filtering condition that does not depend on MS5 or SS1 corresponding to the application result of simple packet filtering, as an example of information held in the memory unit 34 of the PS3 of the present embodiment. . The table 341 includes, for example, the UL / DL type of the received packet, which is the various elements described above, the application result of the detailed packet filtering condition of the received packet, the location information of the terminal, the connection standard between the terminal and the base station, and the provider to which the terminal belongs The identifier, the priority of application of the simple packet filtering condition to be created, the UL / DL type of the simple packet filtering condition to be created, the necessity of creating the source IP address condition, the necessity of creating the source port number condition, and the destination IP address condition The necessity of creation and the necessity of creation of destination port number conditions are stored. Hereinafter, the contents of each of these elements will be described.

  The UL / DL type of the received packet is a parameter indicating whether the application target of the corresponding simple packet filtering condition creation condition is the UL packet or the DL packet received by the DD 6. For PS3, the fact that this parameter matches the UL / DL type of the packet included in the PS notification packet received from DD 6 may be one of the conditions to which the corresponding simple packet filtering condition creation condition is applied. PS3 can also consider that this parameter matches the UL / DL type of the packet received by DD6 included in the PS notification packet received from DD6 as one of the conditions to which the corresponding simple packet filtering condition creation condition is applied. Good. Note that this information may be omitted if the corresponding simple packet filtering condition creation condition is applied to any UL packet or DL packet received by the DD 6.

  The application result of the detailed packet filtering condition of the received packet is a parameter indicating the application result of the detailed packet filtering condition for the UL packet or DL packet to which the corresponding simple packet filtering condition creation condition is applied. PS3 may set one of the conditions to which the corresponding simple packet filtering condition creation condition is applied that this parameter matches the application result of the detailed packet filtering included in the PS notification packet received from DD6.

  The terminal location information is a parameter indicating the location information of the MS 5 to which the corresponding simple packet filtering condition creation condition is applied. For PS3, the corresponding simple packet filtering condition creation condition is applied that this parameter matches the position information of MS5 included in the PS notification packet received from DD6 or the position information of MS5 held in PS3. It can be one of the conditions. The location information of the MS 5 may be defined by the identifier of the BS 4 to which the MS 5 is connected, or may be defined by the identifier of the area to which the BS 4 to which the MS 5 is connected belongs. This information may be omitted when the corresponding simple packet filtering condition creation condition is applied regardless of the location information of the MS 5.

  The connection standard between the terminal and the base station is a parameter indicating the connection standard between the MS 5 and the BS 4 to which the corresponding simple packet filtering condition creation condition is applied. PS3 indicates that this parameter matches the connection standard of MS5 and BS4 included in the PS notification packet received from DD6 or the connection standard of MS5 and BS4 held by PS3, and corresponding simple packet filtering condition creation conditions It may be one of the conditions to which is applied. The connection standard between the MS 5 and the BS 4 may be defined by an identifier of a radio standard that the MS 5 connects to the BS 4 such as LTE or eHRPD. Note that this information may be omitted when the corresponding simple packet filtering condition creation condition is applied regardless of the connection standard between the MS 5 and the BS 4.

  The carrier identifier to which the terminal belongs is a parameter indicating the carrier to which the MS 5 to which the corresponding simple packet filtering condition creation condition is applied belongs. PS3 indicates that this parameter matches the operator identifier to which MS5 belongs included in the PS notification packet received from DD6 or the operator identifier to which MS5 belongs, which PS3 holds, and corresponding simple packet filtering condition creation conditions It may be one of the conditions to which is applied. The operator identifier to which the MS 5 belongs may be defined by a set of MCC and MNC. Note that this information may be omitted when the corresponding simple packet filtering condition creation condition is applied regardless of the operator to which the MS 5 belongs.

  The application priority of the simple packet filtering condition to be created is a parameter indicating the application priority of the simple packet filtering condition to be created. PS3 may include this parameter in a message including the created simple packet filtering condition to be transmitted to GW2. In addition, this information may be abbreviate | omitted when the application priority of the simple packet filtering conditions to produce | generate is produced | generated by GW2.

  The necessity of creating the transmission source IP address condition is a parameter that defines whether the condition of the transmission source IP address of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 sets the condition of the source IP address of the simple packet filtering condition to be created so that the source IP address of the UL packet or DL packet included in the PS notification packet is included in the applicable range. It may be set. Note that this information may be omitted if the corresponding simple packet filtering condition applies a creation method that always includes or does not always include the condition of the source IP address.

  The necessity of creation of the transmission source port number condition is a parameter that defines whether the condition of the transmission source port number of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 transmits a simple packet filtering condition to be created so that the transmission port number of the UL packet or DL packet included in the PS notification packet and the protocol of the transport layer are included in the applicable range. The original port number condition and the transport layer protocol condition may be set. Note that this information may be omitted when the corresponding simple packet filtering condition applies a creation method that always includes or does not always include the condition of the source port number or the condition of the transport layer.

  The necessity of creating the destination IP address condition is a parameter that defines whether the destination IP address condition of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 sets the destination IP address condition of the simple packet filtering condition to be created so that the destination IP address of the UL packet or DL packet included in the PS notification packet is included in the applicable range. May be. Note that this information may be omitted if the corresponding simple packet filtering condition applies a creation method that always includes or does not always include the condition of the destination IP address.

  The necessity of creating the destination port number condition is a parameter that defines whether the destination port number condition of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 creates a destination port of the simple packet filtering condition to be created so that the destination port number of the UL packet or DL packet included in the PS notification packet and the protocol of the transport layer are included in the applicable range. Number conditions and transport layer protocol conditions may be set. Note that this information may be omitted when the corresponding simple packet filtering condition applies a creation method that always includes or does not always include a destination port number condition or a transport layer condition.

  Note that the initial values of these pieces of information may be set to PS3. These pieces of information can be updated by a message received from GW 2 or DD 6.

  FIG. 10 shows a table 342 indicating an IP address corresponding to the MS 5 as an example of information held in the memory unit of the PS 3 of this embodiment. The table 342 stores, for example, an identifier (ID of MS) of the MS 5 and an IP address (IP Address of MS) assigned to the MS 5.

  The identifier of MS5 is a parameter for identifying MS5. The identifier of the MS 5 may be defined by IMSI (International Mobile Subscriber Identity) or the like. Moreover, you may prescribe | regulate with the identifier of the MS5 group to which one or more MS5 belongs.

  The IP address assigned to the MS 5 is a parameter indicating the IP address assigned to each MS 5 or each MS 5 group. This parameter may be defined in a format such as a single designation of an IPv4 address or an IPv6 address, or a range designation of an IPv4 address or an IPv6 address using a subnet value. The PS 3 may identify the identifier of the corresponding MS 5 by comparing this parameter with the source IP address of the UL packet or the destination IP address of the DL packet included in the PS notification packet.

  Note that the initial values of these pieces of information may be set to PS3. These pieces of information can be updated by a message received from GW 2 or DD 6.

  FIG. 11 shows a table 343 indicating an IP address corresponding to SS1 as an example of information held in the memory unit of the PS3 of this embodiment. The table 343 stores, for example, an identifier (ID of SS) of SS1 and an IP address (IP Address of SS) assigned to SS1.

  The identifier of SS1 is a parameter for identifying SS1. The identifier of SS1 may be defined by APN or the like. Moreover, you may prescribe | regulate with the identifier of SS1 group to which one or more SS1 belongs.

  The IP address assigned to SS1 is a parameter indicating the IP address assigned to each SS1 or each SS1 group. This parameter may be defined in a format such as a single designation of an IPv4 address or an IPv6 address, or a range designation of an IPv4 address or an IPv6 address using a subnet value. The PS 3 may compare this parameter with the destination IP address of the UL packet or the transmission source IP address of the DL packet included in the PS notification packet, and specify the identifier of the corresponding SS 1.

  Note that the initial values of these pieces of information may be set to PS3. These pieces of information can be updated by a message received from GW 2 or DD 6.

  FIG. 12 shows a table 344 showing various elements necessary for creating simple packet filtering conditions depending on MS5 and SS1 corresponding to the application result of simple packet filtering, as an example of information held in the memory unit of PS3 of this embodiment. Indicates. The table 344 includes, for example, the received packet UL / DL type, the SS1 identifier, the MS5 identifier, the application result of the detailed packet filtering condition of the received packet, the location information of the terminal, the connection standard between the terminal and the base station, and the terminal Service provider identifier, priority of application of simple packet filtering condition to be created, UL / DL type of simple packet filtering condition to be created, necessity of creation of source IP address condition, necessity of creation of source port number condition, destination IP The necessity of creating an address condition and the necessity of creating a destination port number condition are stored.

  The UL / DL type of the received packet is a parameter indicating whether the application target of the corresponding simple packet filtering condition creation condition is the UL packet or the DL packet received by the DD 6. For PS3, the fact that this parameter matches the UL / DL type of the packet included in the PS notification packet received from DD 6 may be one of the conditions to which the corresponding simple packet filtering condition creation condition is applied. PS3 can also consider that this parameter matches the UL / DL type of the packet received by DD6 included in the PS notification packet received from DD6 as one of the conditions to which the corresponding simple packet filtering condition creation condition is applied. Good. Note that this information may be omitted if the corresponding simple packet filtering condition creation condition is applied to any UL packet or DL packet received by the DD 6.

  The identifier of SS1 is a parameter for identifying SS1. The identifier of SS1 may be defined by APN or the like. Moreover, you may prescribe | regulate with the identifier of SS1 group to which one or more SS1 belongs. PS3 is one of the conditions under which the corresponding simple packet filtering condition creation condition is applied that this parameter matches the destination or source SS1 of the packet received by DD6 included in the PS notification packet received from DD6. It is good. In addition, by designating “other” in this parameter, PS3 can receive the packet received by DD6 included in the PS notification packet received from DD6 as one of the conditions to which the corresponding simple packet filtering condition creation condition is applied. It may be included that the identifier of the SS1 of the destination or the transmission source does not match any other setting value of this parameter. Note that this information may be omitted when the corresponding simple packet filtering condition creation condition is applied to any SS1.

  The identifier of MS5 is a parameter for identifying MS5. The identifier of the MS 5 may be defined by IMSI or the like. Moreover, you may prescribe | regulate with the identifier of the MS5 group to which one or more MS5 belongs. PS3 is one of the conditions under which the corresponding simple packet filtering condition creation condition is applied to match that this parameter matches the destination or source MS5 of the packet received by DD6 included in the PS notification packet received from DD6. It is good. In addition, by designating “other” in this parameter, PS3 can receive the packet received by DD6 included in the PS notification packet received from DD6 as one of the conditions to which the corresponding simple packet filtering condition creation condition is applied. It may be included that the identifier of the destination MS5 or the source MS5 does not match any other setting value of this parameter. Note that this information may be omitted if the corresponding simple packet filtering condition creation condition is applied to any MS 5.

  The application result of the detailed packet filtering condition of the received packet is a parameter indicating the application result of the detailed packet filtering condition for the UL packet or DL packet to which the corresponding simple packet filtering condition creation condition is applied. PS3 may set one of the conditions to which the corresponding simple packet filtering condition creation condition is applied that this parameter matches the application result of the detailed packet filtering included in the PS notification packet received from DD6.

  The terminal location information is a parameter indicating the location information of the MS 5 to which the corresponding simple packet filtering condition creation condition is applied. For PS3, the corresponding simple packet filtering condition creation condition is applied that this parameter matches the position information of MS5 included in the PS notification packet received from DD6 or the position information of MS5 held in PS3. It may be one of the conditions. The location information of the MS 5 may be defined by the identifier of the BS 4 to which the MS 5 is connected, or may be defined by the identifier of the area to which the BS 4 to which the MS 5 is connected belongs. Note that this information may be omitted when the corresponding simple packet filtering condition creation condition is applied regardless of the location information of the MS 5.

  The connection standard between the terminal and the base station is a parameter indicating the connection standard between the MS 5 and the BS 4 to which the corresponding simple packet filtering condition creation condition is applied. PS3 indicates that this parameter matches the connection standard of MS5 and BS4 included in the PS notification packet received from DD6 or the connection standard of MS5 and BS4 held by PS3, and corresponding simple packet filtering condition creation conditions It may be one of the conditions to which is applied. The connection standard between the MS 5 and the BS 4 may be defined by an identifier of a radio standard that the MS 5 connects to the BS 4 such as LTE or eHRPD. Note that this information may be omitted when the corresponding simple packet filtering condition creation condition is applied regardless of the connection standard between the MS 5 and the BS 4.

  The carrier identifier to which the terminal belongs is a parameter indicating the carrier to which the MS 5 to which the corresponding simple packet filtering condition creation condition is applied belongs. PS3 indicates that this parameter matches the operator identifier to which MS5 belongs included in the PS notification packet received from DD6 or the operator identifier to which MS5 belongs, which PS3 holds, and corresponding simple packet filtering condition creation conditions It may be one of the conditions to which is applied. The operator identifier to which the MS 5 belongs may be defined by a set of MCC and MNC. Note that this information may be omitted when the corresponding simple packet filtering condition creation condition is applied regardless of the operator to which the MS 5 belongs.

  The application priority of the simple packet filtering condition to be created is a parameter indicating the application priority of the simple packet filtering condition to be created. PS3 may include this parameter in a message including the created simple packet filtering condition to be transmitted to GW2. In addition, this information may be abbreviate | omitted when the application priority of the simple packet filtering conditions to produce | generate is produced | generated by GW2.

  The necessity of creating the transmission source IP address condition is a parameter that defines whether the condition of the transmission source IP address of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 sets the condition of the source IP address of the simple packet filtering condition to be created so that the source IP address of the UL packet or DL packet included in the PS notification packet is included in the applicable range. It may be set. Note that this information may be omitted if the corresponding simple packet filtering condition applies a creation method that always includes or does not always include the condition of the source IP address.

  The necessity of creation of the transmission source port number condition is a parameter that defines whether the condition of the transmission source port number of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 transmits a simple packet filtering condition to be created so that the transmission port number of the UL packet or DL packet included in the PS notification packet and the protocol of the transport layer are included in the applicable range. The original port number condition and the transport layer protocol condition may be set. Note that this information may be omitted when the corresponding simple packet filtering condition applies a creation method that always includes or does not always include the condition of the source port number or the condition of the transport layer.

  The necessity of creating the destination IP address condition is a parameter that defines whether the destination IP address condition of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 sets the destination IP address condition of the simple packet filtering condition to be created so that the destination IP address of the UL packet or DL packet included in the PS notification packet is included in the applicable range. May be. Note that this information may be omitted if the corresponding simple packet filtering condition applies a creation method that always includes or does not always include the condition of the destination IP address.

  The necessity of creating the destination port number condition is a parameter that defines whether the destination port number condition of the UL packet or DL packet is set in the simple packet filtering condition to be created. When this condition needs to be set, PS3 creates a destination port of the simple packet filtering condition to be created so that the destination port number of the UL packet or DL packet included in the PS notification packet and the protocol of the transport layer are included in the applicable range. Number conditions and transport layer protocol conditions may be set. Note that this information may be omitted when the corresponding simple packet filtering condition applies a creation method that always includes or does not always include a destination port number condition or a transport layer condition.

  Note that the initial values of these pieces of information may be set to PS3. These pieces of information can be updated by a message received from GW 2 or DD 6.

  FIG. 13 shows a table 345 indicating the communication state of the MS 5 as an example of information held by the memory unit of the PS 3 of this embodiment. The table 345 stores, for example, an identifier of the MS 5, a communication state of the MS 5 (Dormant of MS), and an application result of simple packet filtering (Result in Dormant) when the MS 5 cannot communicate.

  The identifier of MS5 is a parameter for identifying MS5. The identifier of the MS 5 may be defined by IMSI or the like. Moreover, you may prescribe | regulate with the identifier of the MS5 group to which one or more MS5 belongs.

  The communication state of the MS 5 is a parameter indicating the communication state of each MS 5 or each MS 5 group. This parameter may set whether each MS 5 or each MS 5 group is in a state where communication is not possible, or may set an identifier of the MS 5 which is in a state where communication is not possible in each MS 5 or each MS 5 group.

  The application result of simple packet filtering when the MS 5 cannot communicate is a parameter that defines the application result of simple packet filtering that is set when each MS 5 or each MS 5 group cannot communicate. PS3 may include this parameter corresponding to the destination or source MS5 identifier of the packet received by DD6 included in the PS notification packet received from DD6 in the simple packet filtering condition to be created. Note that this information may be omitted when the simple packet filtering condition to be created does not change depending on the communication state of the MS 5.

  Note that the initial values of these pieces of information may be set to PS3. These pieces of information can be updated by a message received from GW 2 or DD 6.

<Apparatus configuration: DD6>
FIG. 14 shows an example of a functional block diagram of the DD 6 used in this embodiment. The DD 6 includes, for example, a PS interface unit 61, a GW interface unit 62, a network interface unit including a TC interface unit 63, a memory unit 64, and a processing unit 65.

  The PS interface unit 61 is an interface with PS3. With the PS interface unit 61, the DD 6 transmits and receives IP packets to and from the PS3. In the present embodiment, DD 6 may send a PS notification packet indicating the application result of detailed packet filtering to PS 3 by PS interface unit 61.

  The GW interface unit 62 is an interface with the GW 2. With the GW interface unit 62, the DD 6 transmits and receives IP packets to and from the GW 2.

  The TC interface unit 63 is an interface with the TC 7. With the TC interface unit 63, the DD 6 transmits and receives IP packets to and from the TC 7.

  The memory unit 64 stores and manages information such as IP packets to be transmitted / received, addresses of PS3, GW2 and TC7 to be connected, detailed packet filtering conditions applied to the UL packet or DL packet received by the interface unit as necessary. To do.

  The processing unit 65 manages information stored in the memory unit 64, and further executes various programs stored in the memory unit 64, thereby performing IP packet transmission / reception processing such as construction and analysis of IP packets, and the interface unit Performs detailed packet filtering of the UL packet or DL packet received in step (1).

  FIG. 15 shows an example of a block diagram of the memory unit of the detailed search device. For example, as shown in FIG. 15, the memory unit 64 includes a table 641 indicating information such as detailed packet filtering conditions used for comparison with the received UL packet or DL packet and the application result thereof, and the UL / DL of the received packet. Information such as the type (Direction), the detailed packet filtering condition (Condition), the application result (Result) of the detailed packet filtering condition, and the application priority (Filter Priority) of the detailed packet filtering condition can be managed. Details of the table will be described later.

  For example, as shown in FIG. 15, the memory unit 64 has a table 642 indicating an application result list to be transmitted to PS3, and manages information such as the UL / DL type of the received packet and the application result to be transmitted to PS3. Can do. Details of the table will be described sequentially.

  FIG. 16 shows a table 641 indicating information such as detailed packet filtering conditions used for comparison with the received UL packet or DL packet and information about the application result, as an example of information held in the memory unit of the DD 6 of this embodiment. . The table 641 stores, for example, the UL / DL type of the received packet, the detailed packet filtering condition, the application result of the detailed packet filtering condition, and the application priority of the detailed packet filtering condition.

  The UL / DL type of the received packet is a parameter indicating whether the application target of the corresponding detailed packet filtering condition is the UL packet or the DL packet received by the DD 6. The DD 6 may set one of the conditions to which the corresponding detailed packet filtering condition is applied that the UL / DL type of the packet included in the received UL packet or DL packet matches this parameter. Note that this information may be omitted when the corresponding detailed packet filtering condition is applied to any of the UL packets or DL packets received by the DD 6.

  The detailed packet filtering condition is a parameter that defines in what conditions the corresponding detailed packet filtering condition matches the UL packet or DL packet received by the DD 6. The detailed packet filtering condition may include specification of a layer to be compared, specification of a comparison part such as a header part or a payload part, or condition specification including a specific value. Note that this information may be omitted if the corresponding detailed packet filtering condition matches regardless of the source IP address of the UL packet or DL packet received by the DD 6.

  The application result of the detailed packet filtering condition is a parameter indicating the application result for the UL packet or the DL packet that matches the corresponding detailed packet filtering condition. The DD 6 may set this application result in a packet transmitted to the TC 7 or PS 3.

  The application priority of the detailed packet filtering condition is a parameter that defines the application order of the corresponding detailed packet filtering condition. The DD 6 may determine which detailed packet filtering is applied in order to the received UL packet or DL packet based on this application priority.

  The initial values of these pieces of information may be set in DD6 or may be set by a message received from PS3. These pieces of information can be updated by a message received from PS3.

  FIG. 17 shows a table 642 indicating an application result list transmitted to the PS 3 as an example of information held in the memory unit of the DD 6 of this embodiment. The table 642 stores, for example, the UL / DL type (Direction) of the received packet and the application result (Result to PS) transmitted to the PS3.

  The UL / DL type of the received packet is a parameter indicating whether the search target of the corresponding application result is the UL packet or DL packet received by the DD 6.

  The application result transmitted to PS3 is a parameter indicating a condition of a packet transmitted to PS3 among UL packets or DL packets received by DD6. If the application result of detailed packet filtering in DD6 matches the information, DD6 may transmit the packet to PS3. If the application result of detailed packet filtering in DD 6 does not match the information, DD 6 may transmit the packet to TC 7 without transmitting the packet to PS 3.

  The initial values of these pieces of information may be set in DD6 or may be set by a message received from PS3. These pieces of information can be updated by a message received from PS3.

<Device configuration: TC7>
FIG. 18 shows a functional block diagram of a configuration example of the TC 7 used in this embodiment. The TC 7 includes, for example, an SR interface unit 71, an FR interface unit 72, a PS interface unit 73, a DD interface unit 74, a GW interface unit 75, a memory unit 76, and a processing unit 77.

  The SR interface unit 71 is an interface with the SR 9. With the SR interface unit 71, the TC 7 transmits and receives IP packets to and from SS1 via SR9. In the case of a communication system in which SR9 is omitted, the SR interface unit 71 becomes an interface with SS1, and the SR interface unit 71 allows the TC 7 to directly transmit and receive IP packets with SS1 without going through SR9.

  The FR interface unit 72 is an interface with the FR 8. By the FR interface unit 72, the TC 7 transmits and receives IP packets to and from the BS 4 via the FR 8. In the case of a communication system in which the BS 4 is omitted, the TC 7 transmits and receives IP packets to and from the MS 5 via the FR 8 by the FR interface unit 72. In the case of a communication system in which FR8 is omitted, the FR interface unit 72 becomes an interface with the BS4, and the TC7 directly transmits and receives IP packets to and from the BS4 without passing through the FR8. In the case of a communication system in which FR8 and BS4 are omitted, the FR interface unit 72 serves as an interface with the MS5, and the TC7 directly transmits and receives IP packets to and from the MS5 without passing through the FR8 and BS4.

  The PS interface unit 73 is an interface with PS3. By the PS interface unit 73, the TC 7 transmits and receives IP packets with the PS3.

  The DD interface unit 74 is an interface with the DD 6. With the DD interface unit 74, the TC 7 transmits and receives IP packets to and from the DD 6.

  The GW interface unit 75 is an interface with the GW 2. With the GW interface unit 75, the TC 7 transmits and receives IP packets to and from the GW 2.

  The memory unit 76 stores information such as IP packets to be transmitted and received, addresses of SR9, SS1, FR8, BS4, PS3, DD6, and GW2 to be connected, UL packets or DL packets received by the interface unit as necessary. ·to manage.

  The processing unit 77 manages information held in the memory unit 76, IP packet transmission / reception processing such as construction and analysis of IP packets, packet transfer rate control and priority control of UL packets or DL packets received by the interface unit, etc. Perform communication control.

  FIG. 19 shows a block diagram of a configuration example of the memory unit of the communication control apparatus. For example, as shown in FIG. 19, the memory unit 76 has a communication control condition determination table 761 to be applied to the received UL packet or DL packet, and includes the UL / DL type (Direction) of the received packet, the simple or detailed packet of the received packet. Information such as the filtering result application result (Result), the maximum packet transfer rate allowed (Packet Rate), and the packet transfer priority (Packet Priority) can be managed. Details of the table will be described sequentially.

  FIG. 20 shows a communication control condition determination table 761 applied to a received UL packet or DL packet as an example of information held in the memory unit of the TC 7 of this embodiment. The table 761 stores, for example, the UL / DL type of the received packet, the application result of the simple or detailed packet filtering condition of the received packet, the allowable maximum packet transfer rate, and the packet transfer priority.

  The UL / DL type of the received packet is a parameter indicating whether the application target of the corresponding communication control condition is the UL packet or the DL packet received by the TC7. The TC 7 may set that the UL / DL type of the packet included in the UL packet or DL packet received from the GW 2 or DD 6 matches this parameter as one of the conditions to which the corresponding communication control condition is applied. In addition, this information may be omitted when the corresponding communication control condition is applied to any UL packet or DL packet received by TC7.

  The application result of the simple or detailed packet filtering condition of the received packet is a parameter indicating the application result of the detailed packet filtering condition for the UL packet or DL packet to which the corresponding communication control condition is applied. TC7 may use one of the conditions for applying the corresponding communication control condition that this parameter matches the application result of simple or detailed packet filtering included in the UL packet or DL packet received from GW2 or DD6. .

  The allowable maximum packet transfer rate is a parameter that defines the maximum value of the packet transfer rate when the UL packet or DL packet received by the TC 7 is transmitted to the FR8, BS4, SR9, or SS1. The TC 7 may perform packet transfer rate control so that the packet transfer rate does not exceed the value of this parameter corresponding to the communication control condition applied to the packet. Note that this information may be omitted when the corresponding communication control condition does not define the maximum value of the packet transfer rate.

  The packet transfer priority is a parameter that defines the packet transfer priority when the UL packet or DL packet received by the TC 7 is transmitted to the FR8, BS4, SR9, or SS1. The TC 7 may perform packet priority control such as transmission order determination based on the value of this parameter corresponding to the communication control condition applied to the packet. Note that this information may be omitted if the corresponding communication control condition does not define the priority of packet transfer.

  Note that the initial values of these pieces of information may be set in TC7 or may be set by a message received from PS3. These pieces of information can be updated by a message received from PS3.

<Apparatus configuration: FR8>
FIG. 21 shows a functional block diagram of a configuration example of FR8 used in this embodiment. The FR 8 includes, for example, a GW interface unit 81, a BS interface unit 82, a TC interface unit 83, a memory unit 84, and a processing unit 85.

  The GW interface unit 81 is an interface with GW2. By the GW interface unit 81, the FR 8 transmits and receives IP packets to and from the GW 2.

  The BS interface unit 82 is an interface with the BS 4. By the BS interface unit 82, the FR 8 transmits and receives IP packets to and from the BS 4.

  The TC interface unit 83 is an interface with the TC 7. With the TC interface unit 83, the FR 8 transmits and receives IP packets to and from the TC 7.

  The memory unit 84 stores and manages information such as IP packets to be transmitted and received and addresses of connected GW2, BS4, and TC7 as necessary.

  The processing unit 85 performs management of information held in the memory unit 84, IP packet transmission / reception processing such as construction and analysis of IP packets, and the like.

<Apparatus configuration: SR9>
FIG. 22 shows a functional block diagram of one configuration of SR9 used in this embodiment. The SR 9 includes, for example, a GW interface unit 91, an SS interface unit 92, a TC interface unit 93, a memory unit 94, and a processing unit 95.

  The GW interface unit 91 is an interface with the GW 2. Through the GW interface unit 91, the SR 9 transmits and receives IP packets to and from the GW 2.

  The SS interface unit 92 is an interface with SS1. Through the SS interface unit 92, the SR 9 transmits and receives IP packets to and from SS1.

  The TC interface unit 93 is an interface with the TC7. Through the TC interface unit 93, the SR 9 transmits and receives IP packets to and from the TC 7.

  The memory unit 94 stores and manages information such as IP packets to be transmitted / received and addresses of GW2, SS1, and TC7 to be connected as necessary. The processing unit 95 performs management of information held in the memory unit 94, IP packet transmission / reception processing such as construction and analysis of IP packets, and the like.

  This is the end of the description of the example of the apparatus configuration of the present embodiment, and then an example of the operation processing of the present embodiment will be described with reference to the flowcharts of FIGS.

<Operation processing: Feedback from DD6>
FIG. 23 shows an example of detailed packet filtering processing in the DD 6 of this embodiment. In step S601, the processing unit 65 of the DD 6 compares the UL packet or DL packet received by the GW interface unit 61 with the packet out of all the detailed packet filtering conditions held in the memory unit 64. Information such as the detailed packet filtering condition to be used and its application result is read into the table 641.

  Which detailed packet filtering condition information is to be read may be obtained by reading all the detailed packet filtering conditions held in the memory unit 64, the condition of the port number that received the packet, or the condition of the IP address that received the packet Of the detailed packet filtering conditions held in the memory unit 64, only the detailed packet filtering conditions that match the information may be read using the packet tunneling protocol header condition as a key. Further, as information to be read into the table 641, only the detailed packet filtering condition or only a part of the information associated with the condition such as application priority is read, and the information associated with the remaining detailed packet filtering conditions such as the application result is the step After the detailed packet filtering condition matching the packet is determined in S606Y, the information may be read from all the detailed packet filtering condition information held in the memory unit 64.

  For example, the processing unit 65 includes information such as the port number that received the packet, the IP address that received the packet, the header of the tunneling protocol of the packet, the detailed packet filtering conditions held in the memory unit 64 and the key packet. The correspondence relationship between the received port number, the received IP address of the packet, and the header information of the tunneling protocol of the packet is compared, and only the matching detailed packet filtering conditions are read into the table 641 as shown in FIG.

  In step S602, the processing unit 65 of the DD 6 searches for the detailed packet filtering condition having the highest application priority among the detailed packet filtering conditions read to the table 641 among the detailed packet filtering conditions that have not been compared with the packet. For example, when the table 641 is managed as shown in FIG. 16, the processing unit 65 has the highest application priority among the detailed packet filtering conditions that have been compared with the packet among the detailed packet filtering conditions managed in the table 641. A condition having the smallest application priority value is searched for among conditions having a larger application priority value than the application priority value (hereinafter referred to as “applied detailed filter highest priority”).

  If the corresponding detailed packet filtering condition does not exist as a result of the search in step S602, the processing unit 65 of the DD 6 performs processing when the corresponding detailed packet filtering condition set in the DD 6 does not exist in step S603N. To finish this sequence. For example, when the corresponding detailed packet filtering condition set in the DD 6 does not exist, the processing unit 65 may discard the packet, or set the transfer destination preset in the DD 6 as the packet. May be set in the destination information such as the destination IP address, and the packet may be transferred from any of the interface units 61 to 63 of the DD 6 according to the setting of the DD 6.

  As a result of the search in step S602, if the corresponding detailed packet filtering condition does not exist, the processing unit 65 of the DD 6 compares the packet with the detailed packet filtering condition selected in step S602 in step S604Y. For example, when the table 641 is managed as shown in FIG. 16, the processing unit 65 compares the detailed packet filtering condition selected in step S602 with the contents of the header and payload of the packet.

  As a result of the comparison in step S604Y, if the packet does not satisfy the compared condition, the processing unit 65 of DD6 uses the information in the memory unit 64 as the detailed packet filtering condition that has been compared in step S605N. Update and go to step S602. For example, when the table 641 is managed as shown in FIG. 16, the processing unit 65 sets the applied detailed filter highest priority value held in the memory unit 64 to the applied priority value of the detailed packet filtering condition. And the process proceeds to step S602.

  As a result of the comparison in step S604Y, if the packet satisfies the compared condition, the processing unit 65 of the DD 6 searches the information in the memory unit 64 for the application result of the detailed packet filtering condition in step S606Y. When the application result of the detailed packet filtering condition is read in the table 641 in step S601, the processing unit 65 retrieves the application result from the table 641, and reads the application result of the detailed packet filtering condition in the table 641 in step S601. If not, the processing unit 65 searches for the application result from all the detailed packet filtering conditions held in the memory unit 64.

  In step S607, the processing unit 65 of the DD 6 searches whether the application result searched in step S606Y is registered in the application result list to be transmitted to PS3 set in the table 642. For example, when the table 642 is managed as shown in FIG. 17, the processing unit 65 searches whether the application result is included in the application result list.

  As a result of searching in step S607, if the application result is not registered in the table 642, the processing unit 65 of the DD 6 proceeds to step S609N.

  When the application result is registered in the table 642 as a result of the search in step S607, the processing unit 65 of the DD 6 determines in step S608Y that the header information of the IP layer such as the destination IP address / destination IP address of the packet, PS including transport layer header information such as destination port number / destination port number included in UDP header / TCP header, etc., application result searched in step S606Y, and information indicating whether the packet is a UL packet or a DL packet A notification packet is created, and the PS interface unit 61 transmits the PS notification packet to PS3. Which information is transmitted to the PS 3 may be set in advance in the DD 6 or may be set in the table 642 for each application result.

  The setting of the application result to the PS notification packet may be, for example, a tunnel identifier associated with the application result in the header part or payload part of the packet tunneling protocol or the like. For example, when the table 642 is managed as shown in FIG. 17, the processing unit 65 searches the table 642 for information to be notified to the PS 3 corresponding to the application result, and the application result searched in step S606Y, and A PS notification packet including information indicating whether it is a UL packet or a DL packet in the payload portion is created.

  In step S609N, the processing unit 65 of the DD 6 sets the application result information in the packet, and the TC interface unit 63 transmits the packet to the TC 7 and ends the sequence. For setting the application result to the packet, for example, a tunnel identifier associated with the application result may be set in the header part or the payload part of the packet tunneling protocol or the like.

<Operation processing: Simple packet filtering condition creation processing in PS3>
FIG. 24 shows an example of simple packet filtering condition creation processing based on packet information notified from DD 6 in PS 3.

  The processing unit 35 of the PS 3 analyzes the PS notification packet received by the DD interface unit 32 in step S301. That is, IP layer header information such as the destination IP address / destination IP address of the packet, and transport layer header information such as the destination port number / destination port number included in the UDP header / TCP header, etc., and the detailed packet Information such as filtering application results and information identifying whether the packet is a UL packet or a DL packet is extracted. For example, when the information is included in the payload portion of the PS notification packet, the processing unit 35 determines the IP layer header information such as the destination IP address / destination IP address of the packet, the UDP header / A portion corresponding to transport layer header information such as a destination port number / destination port number included in a TCP header or the like, an application result of detailed packet filtering, and information indicating whether the packet is a UL packet or a DL packet is extracted.

  Subsequently, in step S302, the processing unit 35 of the PS3 searches for a simple filter creation condition corresponding to the application result of the detailed packet filtering read in step S301, and the simple packet filtering condition and its application according to the simple filter creation condition. Create conditions such as results and application priority. For example, FIG. 25 shows an example of processing for creating a simple packet filtering condition in PS3.

  In the processing flow of FIG. 25, the processing unit 35 of PS3 shows simple packet filtering conditions independent of MS5 and SS1 in the table 341 of the memory unit 34 of PS3 from the information of the application result of detailed packet filtering in step S311. Search for conditions. Note that the corresponding simple packet filtering application results in the table 341 may be individually set according to the connection standard of the MS 5 to the BS 4, the identifier of the operator to which the MS 5 belongs, the current location of the MS 5, and the like. For example, when the table 341 is managed as shown in FIG. 9, the processing unit 35 compares the application result of the detailed packet filtering included in the table 341 with the application result of the detailed packet filtering included in the PS notification packet, Search for a match.

  When the table 341 includes conditions such as the connection standard of the MS 5 to the BS 4, the identifier of the operator to which the MS 5 belongs, and the current location of the MS 5, the processing unit 35 and the application result of the detailed packet filtering included in the table 341 and The information is compared with the application result of the detailed packet filtering included in the PS notification packet and the information, and a search is made for a match.

  If there is a corresponding condition as a result of the search in step S311, the processing unit 35 of PS3 performs the simple packet filtering application result corresponding to the simple packet filtering condition corresponding to the search result in step S311 and the simple packet filter in step S311Y. Elements necessary for the simple packet filtering condition such as whether the application target is UL, DL, UL, and DL are extracted from the table 341, the simple packet filtering condition is created, and the process proceeds to step S313N. For example, when the table 341 is managed as shown in FIG. 9, the processing unit 35 requires the simple packet filtering application result corresponding to the simple packet filtering condition corresponding to the search result in step S311 and the elements necessary for the simple packet filtering condition. Are extracted from the table 341, and simple packet filtering conditions are created.

  If there is no corresponding condition as a result of the search in step S311, the processing unit 35 of PS3 proceeds to step S313N.

  In step S313N, the PS3 processing unit 35 searches the table 342 and the table 343 based on the IP address information extracted from the PS notification packet, and identifies the corresponding MS5 identifier and SS1 identifier. For example, when the table 342 is managed as shown in FIG. 10, the processing unit 35 extracts the destination IP address of the DL packet or the transmission source IP address of the UL packet from the IP address information extracted from the PS notification packet. The IP address of 342 is searched for a match, and the corresponding MS5 identifier is specified. When the table 343 is managed as shown in FIG. 11, the processing unit 35 extracts the transmission source IP address of the DL packet or the destination IP address of the UL packet from the IP address information extracted from the PS notification packet. A matching one of the IP addresses of 343 is searched to identify the corresponding SS1 identifier. If the table 342 or the table 343 is not set to PS3, the processing unit 35 may omit the corresponding search process. Further, when neither the table 342 nor the table 343 is set in PS3, the processing unit 35 may omit this step and proceed to step S318.

  In step S314, the PS3 processing unit 35 determines that the corresponding simple packet filtering application result and the simple packet filter application target from the table 344 are based on information such as the MS5 identifier and SS1 identifier specified in step S313N. The elements necessary for the simple packet filtering condition such as “DL”, “DL”, “UL”, and “DL” are specified. Note that the corresponding simple packet filtering application result in the table 344 may be individually set according to the connection standard of the MS 5 to the BS 4, the identifier of the operator to which the MS 5 belongs, the current location of the MS 5, and the like. For example, when the table 344 is managed as shown in FIG. 12, the processing unit 35 corresponds to the identifier of SS1 specified in step S313 among the IP address information extracted from the PS notification packet, and is specified in step S313. An application result of simple packet filtering corresponding to the identifier of MS5 and elements necessary for simple packet filtering conditions are specified. If the table 344 is not set to PS3, the processing unit 35 may skip this step and proceed to step S316.

  In step S315, the processing unit 35 of PS3 searches the table 344 and applies the application priority corresponding to the application result of the created simple packet filtering condition. For example, when the table 344 is managed as shown in FIG. 12, the processing unit 35 searches the table 344 for the application result of the simple packet filtering condition specified in S312Y or S314, and specifies the corresponding application priority. Note that PS3 needs to assign application priority to the simple packet filtering condition, such as when comparing conditions in any order without using application priority in simple packet filtering in GW2, or when GW2 assigns application priority. If there is not, the processing unit 35 may skip this step and proceed to step S316. Further, when S316 is omitted, the processing unit 35 may omit this step and proceed to Step S318.

  In step S316, the processing unit 35 of the PS3 searches the table 345 from the identifier of the MS5 specified in step S313N, and specifies whether the corresponding MS5 cannot communicate, that is, cannot communicate. The state in which the MS 5 cannot communicate includes, for example, a dormant state in wireless access. When the processing unit 35 does not specify the MS5 identifier in step S313N, the MS5 identifier is specified in the same manner as in S313N. For example, when the table 345 is managed as shown in FIG. 13, the processing unit 35 searches the table 345 for the identifier of the MS 5 specified in S313N and specifies whether or not the corresponding MS 5 is in a state where communication is not possible. . If it is not necessary to change the simple packet filtering condition created by the PS3 and its application priority or application result depending on whether or not the corresponding MS 5 is in a communication disabled state, this step is skipped and the process proceeds to step S318. May be.

  If the corresponding MS 5 is not communicable in step S316, the processing unit 35 of PS3 searches the table 345 for the application result of simple packet filtering when the corresponding MS 5 cannot communicate in step S317Y. Updates the application results of all the simple packet filtering conditions created in the above step to the values obtained from the table 345.

  If it is determined in step S316 that the corresponding MS 5 is not in communication, the PS3 processing unit 35 proceeds to step S318.

  In step S318, the processing unit 35 of the PS3 creates a simple packet filtering condition based on the application result of the simple packet filtering specified in the above step and the elements necessary for the simple packet filtering condition, and ends this sequence. In addition, when assigning the priority of application of simple packet filtering in PS3, simple packet filtering conditions including the application priority of simple packet filtering are created, and this sequence ends.

  For example, when the application priority of the simple packet filtering condition is not determined in PS3, the processing unit 35 specifies the IP layer header condition such as the packet destination IP address / destination IP address range specification specified in the above step, and Transport layer header conditions such as the destination port number / destination port number included in the UDP header / TCP header, etc., the application result of the simple packet filter, and whether the simple packet filter is applied to UL, DL, UL, and DL Is created in the payload portion of the IP layer, and this sequence is completed. When determining the application priority of the simple packet filtering condition in PS3, the processing unit 35 creates an IP packet in which the application priority of the simple packet filtering condition is set in the payload portion of the IP layer in addition to the information described above. End the sequence.

  In step S303 of FIG. 24, the processing unit 35 of PS3 creates a message indicating that all the simple packet filtering conditions created in step S302 are added to the simple packet filtering conditions of GW2, and the GW interface unit 31 Is transmitted to GW2 to complete this sequence. Further, as a result of creating the simple packet filtering condition in step S302, if the change of the simple packet filtering condition set in GW2 is unnecessary, PS3 may omit step S303 and end this sequence. When the simple packet filtering condition set in GW2 does not need to be changed, for example, the processing unit 35 has the simple packet filtering condition currently applied in GW2 held in the memory unit 34 of PS3, and PS3. If the simple packet filtering conditions created by PS3 are compared, and the simple packet filtering conditions created by PS3 are not notified to GW2, the application result of simple packet filtering does not change for all UL packets and DL packets. This is the case that has been determined.

<Operation processing: Simple packet filtering processing in GW2>
FIG. 26 shows an example of simple packet filtering processing in GW2. In step S201, the processing unit 27 of the GW 2 applies all the simple packet filtering conditions held in the memory unit 26 to the UL packet received by the FR interface unit 22 or the DL packet received by the SR interface unit 21. Then, information such as a simple packet filtering condition used for comparison with the packet and its application result is read into the table 261. Which simple packet filtering condition information is to be read may be obtained by reading all simple packet filtering conditions held in the memory unit 26, the condition of the port number that received the packet, or the condition of the IP address that received the packet Of the simple packet filtering conditions held in the memory unit 26, only the simple packet filtering conditions that match the information may be read using the packet tunneling protocol header condition as a key.

  In addition, as information to be read into the table 261, only simple packet filtering conditions or only a part of information associated with conditions such as application priority is read, and information associated with the remaining simple packet filtering conditions such as application results is a step. After the simple packet filtering condition that matches the packet is determined in S206Y, the information may be read from all the simple packet filtering condition information stored in the memory unit 26. For example, the processing unit 27 includes information such as the port number that received the packet, the IP address that received the packet, the header of the tunneling protocol of the packet, the simple packet filtering condition held in the memory unit 26, and the key packet. The correspondence between the received port number, the received IP address of the packet, and the header information of the tunneling protocol of the packet is compared, and only the matching simple packet filtering conditions are read into the table 261 as shown in FIG.

  In step S202, the processing unit 27 of the GW 2 searches for a simple packet filtering condition having the highest application priority among simple packet filtering conditions that have not been compared with the packet among the simple filtering conditions read in the table 261. For example, when the table 261 is managed as shown in FIG. 5, the processing unit 27 is compared with the packet held in the memory unit 26 in the simple packet filtering conditions managed in the table 261. Among the simple packet filtering conditions, the highest application priority among conditions where the application priority value is higher than the application priority value of the condition with the highest application priority (hereinafter referred to as “applied simple filter highest priority”). Search for a condition with a small value.

  If the corresponding simple packet filtering condition does not exist as a result of the search in step S202, the processing unit 27 of GW2 performs the process when the corresponding simple packet filtering condition set in GW2 does not exist in step S203N. To finish this sequence. For example, when the corresponding simple packet filtering condition set in GW2 does not exist, the processing unit 27 may discard the packet, or set the transfer destination preset in GW2 to the packet. May be set in the destination information such as the destination IP address, and the packet may be transferred from any of the interface units 21 to 25 of the GW 2 according to the setting of the GW 2.

  If the corresponding simple packet filtering condition does not exist as a result of the search in step S202, the processing unit 27 of the GW 2 compares the packet with the simple packet filtering condition selected in step S202 in step S204Y. For example, when the table 261 is managed as shown in FIG. 5, the processing unit 27 compares the simple packet filtering condition selected in step S202 with the contents of the header and payload of the packet. When a plurality of conditions such as a destination IP address, a destination port number, a source IP address, and a source port number are set in one simple packet filtering condition, the processing unit 27 satisfies all the conditions. It may be determined that only the selected packet matches the selected simple packet filtering condition.

  As a result of the comparison in step S204Y, if the packet does not satisfy the compared condition, the processing unit 27 of the GW 2 uses the information in the memory unit 26 as the simple packet filtering condition that has been compared in step S205N. Update and go to step S202. For example, when the table 261 is managed as shown in FIG. 5, the processing unit 27 uses the applied simple filter highest priority value held in the memory unit 26 as the application priority of the simple packet filtering condition. The value is updated, and the process proceeds to step S202.

  As a result of the comparison in step S204Y, if the packet satisfies the compared condition, the processing unit 27 of the GW 2 searches the information in the memory unit 26 for the application result of the simple packet filtering condition in step S206Y. When the application result of the simple packet filtering condition is read in the table 261 in step S201, the processing unit 27 retrieves the application result from the table 261, and reads the application result of the simple packet filtering condition in the table 261 in step S201. If not, the processing unit 27 retrieves the application result from all the simple packet filtering conditions held in the memory unit 26.

  In step S207, the processing unit 27 of the GW 2 searches whether the application result searched in step S206Y is registered in the application result list transmitted to the DD 6 set in the table 262. For example, when the table 262 is managed as shown in FIG. 6, the processing unit 27 searches whether the application result is included in the application result list.

  If the application result is not registered in the table 262 as a result of the search in step S207, the processing unit 27 of the GW 2 proceeds to step S209N.

  If the application result is registered in the table 262 as a result of the search in step S207, the processing unit 27 of the GW 2 sets the application result information in the packet in step S208Y, and the DD interface unit 24 Is sent to DD6. For setting the application result to the packet, for example, a tunnel identifier associated with the application result may be set in the header part or the payload part of the packet tunneling protocol or the like.

  In step S209N, the processing unit 27 of the GW 2 sets the application result information in the packet, and the TC interface unit 25 transmits the packet to the TC 7. For setting the application result to the packet, for example, a tunnel identifier associated with the application result may be set in the header part or the payload part of the packet tunneling protocol or the like.

<Operation processing: communication control processing in TC7>
An example of communication control processing in TC7 is shown below. The processing unit 77 of the TC 7 has a communication control condition determination table held in the memory unit 76 for the UL packet or DL packet received by the DD interface unit 74 or the UL packet or DL packet received by the GW interface unit 75. 761 is searched, communication control conditions corresponding to the received UL packet or DL packet are applied, communication control such as packet transfer rate control and priority control based on the communication control conditions is performed, and the packet is discarded or SR DL packet transfer in the interface unit 71 or UL packet transfer in the FR interface unit 72 is performed.

  For example, when the table 761 is managed as shown in FIG. 20, the processing unit 77 searches FIG. 20 from the filtering application result set in the payload portion such as the tunneling protocol of the received packet, and transfers the corresponding packet. Search for the rate control value and packet transfer priority, perform packet transfer rate control by determining whether the packet can be transferred using the token bucket method according to the packet transfer rate control value, and buffering or discarding packets that cannot be transferred. By performing priority control such as transmission queue separation according to transfer priority, communication control such as packet transfer rate control and priority control according to the packet is performed. If the packet transfer rate control value is 0 kbps, the processing unit 77 may perform communication control that always discards the packet.

<Operation processing: packet transfer processing in FR8>
An example of UL packet or DL packet transfer processing in FR8 is shown below. The processing unit 85 of the FR 8 searches the DL packet transfer destination table 841 held in the memory unit 84 for the DL packet received by the TC interface unit 83 to determine the DL packet transfer destination, and the BS interface unit The DL packet transfer at 82 is performed. For example, the format of the table 841 and the method of determining the transfer destination of the DL packet may be the same as the transfer destination table and transfer destination determination logic of the existing router.

  The processing unit 85 of the FR 8 searches the UL packet transfer destination table 842 held in the memory unit 84 for the UL packet received by the BS interface unit 82, determines the transfer destination of the UL packet, and determines the GW The UL packet is transferred in the interface unit 81. For example, the format of the table 842 and the method for determining the transfer destination of the UL packet may be the same as the transfer destination table or transfer destination determination logic of the existing router.

<Operation Processing: Packet Transfer Processing in SR9>
An example of UL packet or DL packet transfer processing in SR9 is shown below.

  The processing unit 95 of the SR 9 searches the DL packet transfer destination table 941 held in the memory unit 94 for the DL packet received by the SS interface unit 92 and determines the DL packet transfer destination, and the GW interface unit The DL packet transfer at 91 is performed. For example, the format of the table 941 and the DL packet transfer destination determination method may be the same as the transfer destination table or transfer destination determination logic of the existing router.

  Further, the processing unit 95 of the SR 9 searches the UL packet transfer destination table 942 held in the memory unit 94 for the UL packet received by the TC interface unit 93 and determines the transfer destination of the UL packet. The UL packet is transferred in the interface unit 92. For example, the format of the table 942 and the method for determining the transfer destination of the UL packet may be the same as the transfer destination table and transfer destination determination logic of the existing router.

<Operation processing: feedback processing from DD6 to GW2>
FIG. 27 shows an example of a flow of feedback to the simple packet filtering condition in GW2 of the detailed packet filtering result in DD6 in the communication system according to the present embodiment.

  In step F1, GW2 performs simple packet filtering on the UL packet received from FR8 or BS4 or the DL packet received from SR9 or SS1, and transmits to DD6 the packet determined to be notified to DD6. . An example of the processing in this step has been described with reference to FIG.

  In step F2, DD6 performs detailed packet filtering on the UL packet or DL packet received from GW2, creates a PS notification packet for a packet that needs to be notified to PS3, and transmits it to PS3. . An example of the processing of this step has been described with reference to FIG.

  In step F3, PS3 creates simple packet filtering conditions based on the PS notification packet received from DD6, and adds simple packet filtering conditions to GW2 when adding, changing, or deleting GW2 simple packet filtering conditions according to the creation result. Or send messages indicating changes or deletions. An example of the processing of this step has been described with reference to FIG. In addition, an example of PS3 simple packet filtering condition creation in this step has been described with reference to FIG.

  GW2 adds or changes or deletes simple packet filtering conditions based on the message indicating addition, change or deletion of simple packet filtering conditions received from PS3 in step F4 of FIG. 27, and receives it after this step. The updated simple packet filtering condition is applied to the UL packet or DL packet.

  As a result of the above processing, the result of applying the simple packet filtering condition added or changed in step F4 of this flow to the simple packet filtering in GW2 for the UL packet or DL packet received by GW2 after step F4 of this flow. It is possible to notify the TC 7 of the same application result as the detailed packet filtering without performing the detailed packet filtering on the packet that does not need to be notified to the DD 6.

<Operation processing: Simple packet filtering condition addition / change / deletion processing in GW2>
Hereinafter, an example of processing for adding, changing, or deleting simple packet filtering conditions in the GW 2 will be described.

  The GW 2 may delete the simple packet filtering condition held in the GW 2 according to the policy set in the GW 2. For example, when GW2 receives a message indicating a request for deleting a simple packet filtering condition from PS3, BS4, SS1, etc., the number of times it is applied to a UL packet or DL packet within a certain time is less than the threshold set in GW2. When the simple packet filtering condition is detected, the simple packet filtering condition may be deleted.

  Further, according to the policy set in GW2, GW2 changes the location information of MS5, changes whether or not MS5 is in a state of communication, changes in the standard for MS5 to access BS4, changes in the operator to which MS5 is connected, The simple packet filtering condition held by GW2 is added, changed, or triggered by the occurrence of an event in which the simple packet filtering condition of GW2 is added, changed, or deleted, such as reception of a message indicating an update of a table held by PS3. It may be deleted.

  In addition, when the simple packet filtering condition held in GW2 is added, changed, or deleted, GW2 transmits a message indicating that the condition has been added, changed, or deleted to PS3, BS4, SS1, TC7, etc. May be.

<Operation Processing: Simple Packet Filtering Condition Addition / Change / Delete Processing in PS3>
Hereinafter, an example of addition, change, or deletion processing of the simple packet filtering condition in PS3 will be shown.

  PS3 indicates changes in location information of MS5, changes in whether MS5 cannot communicate, changes in standards for MS5 to access BS4, changes in operators connected to MS5, etc., in accordance with policies set in PS3 Message indicating addition, change, or deletion of GW2 simple packet filtering conditions triggered by the occurrence of an event in which PS3 simple packet filtering condition creation conditions are added, changed, or deleted, such as message reception or PS3 table update May be transmitted to GW2. The PS 3 stores all or a part of the PS notification packet received from the DD 6 in the memory unit 34, compares the stored PS notification packet with the contents changed by the trigger, and is applied to the GW 2. Only when it is determined that the filtering information needs to be updated, the simple packet filtering information applied to the GW 2 may be added, changed, or deleted.

  In addition, when adding, changing, or deleting simple packet filtering information applied to GW2, PS3 creates simple packet filtering conditions in the same procedure as in S311 to S318, and applies simple packets applied to GW2. A message for adding, changing or deleting filtering information may be created and sent.

  Further, when the PS 3 receives a message indicating that the IP address assigned to the MS 5 has changed, the PS 3 may update the IP address corresponding to the MS 5 in the table 342.

  Further, when the PS 3 receives a message indicating that the position information of the MS 5 has changed, the PS 3 may update the current position information in the table 344.

  In addition, when the PS 3 receives a message indicating that the state has changed so that the MS 5 cannot communicate, the PS 3 may update the communication state of the MS 5 in the table 346.

<Operation Processing: Detailed Packet Filtering Condition Addition or Change or Deletion Processing in DD6>
Below, an example of the addition, change, or deletion processing of the detailed packet filtering condition in DD6 is shown.

  The DD 6 may delete the detailed packet filtering condition held in the DD 6 according to the policy set in the DD 6. For example, when DD6 receives a message indicating a request to delete detailed packet filtering conditions from PS3, GW2, etc., the detailed packet whose number of application to UL packets or DL packets within a certain time is less than the threshold set in DD6 The detailed packet filtering condition may be deleted when the filtering condition is detected.

  Further, according to the policy set in DD6, DD6 changes the location information of MS5, changes whether MS5 cannot communicate, changes in the standard for MS5 to access BS4, changes in operators connected to MS5, When a detailed packet filtering condition of DD6 is added, changed, or deleted, such as reception of a message indicating an update of a table held by PS3, or the like, the detailed packet filtering condition held by DD6 is added or changed or triggered It may be deleted.

  Further, when the detailed packet filtering condition held in DD6 is added, changed, or deleted, DD6 transmits a message indicating that the condition has been added, changed, or deleted to PS3, GW2, SS1, TC7, etc. May be.

  As is apparent from the above description, the communication system of the present invention creates a simple packet filtering condition based on the packet information notified from the detailed search device by the policy management device and the detailed packet filtering result of the packet, and the simple packet Notifying the gateway of the filtering condition, and performing the simple packet filtering based on the simple packet filtering condition notified by the gateway for the subsequent packets, without performing the detailed packet filtering for the subsequent packets, Since only the simple packet filtering is performed and the communication control unit performs the same communication control as when the detailed packet filtering is performed, the packet transfer is performed when the communication control based on the detailed packet filtering result is performed. It is possible to improve the communication performance such as chromatography and.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. The above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described.

  Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Information such as programs, tables, and files for realizing each function can be stored in a storage device such as a memory, a hard disk, an SSD (Solid State Drive), or a recording medium such as an IC card or a DVD. If necessary, it can be downloaded via a network or the like and installed in various storage devices.

  The present invention can be used, for example, in a communication system that performs detailed packet filtering on IP packets transmitted / received to / from a wireless or wired terminal, and can be applied to various communication devices such as GW, PS, DD, TC, FR, and SR. Can be applied.

1 Service providing server (SS)
2 Gateway (GW)
21 SR interface unit 22 FR interface unit 23 PS interface unit 24 DD interface unit 25 TC interface unit 26 Memory unit 261, 262 Table 27 Processing unit 3 Policy management server (PS)
31 GW interface unit 32 DD interface unit 33 TC interface unit 34 Memory units 341, 342, 343, 344, 345 Table 35 Processing unit 4 Base station (BS)
5 Terminal (MS)
6 Detailed search device (DD)
61 PS interface unit 62 GW interface unit 63 TC interface unit 64 Memory units 641, 642 Table 65 Processing unit 7 Communication control device (TC)
71 SR Interface Unit 72 FR Interface Unit 73 PS Interface Unit 74 DD Interface Unit 75 GW Interface Unit 76 Memory Unit 761 Table 77 Processing Unit 8 First Packet Relay Device (FR)
9 Second packet relay device (SR)

Claims (10)

A communication system that performs filtering on packets transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network,
A communication device that performs simple packet filtering based on simple packet filtering conditions for the packet, and transmits the packet to a detailed inspection device when a predetermined simple packet filtering condition is satisfied,
A detailed search device that performs detailed packet filtering based on detailed packet filtering conditions that are more detailed than the simple packet filtering conditions, for packets that match the predetermined simple packet filtering conditions;
Based on the result of the detailed packet filtering, a simple packet filtering condition for the communication device is created, and a policy management device for notifying the simple packet filtering condition created for the communication device;
Based on the result of the simple packet filtering in the communication device for the packet, comprising a communication control device for performing communication control ,
The simple packet filtering condition executed by the communication device includes IP layer header information and transport layer header information,
The detailed packet filtering condition executed by the detailed search device includes header information and payload information of a layer higher than a session layer,
The detailed search device includes:
In the detailed packet filtering performed, the policy management device is notified of the header information of the IP layer and the transport layer of the packet that matches the detailed packet filtering condition,
The policy management device includes:
Based on the notified header information, the simple packet filtering condition is created, and when the simple packet filtering condition is created, the simple packet filtering condition is determined based on whether or not the terminal is in a temporary communication disabled state. create a,
A communication system characterized by the above.   A communication system that performs filtering on packets transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network,
  A communication device that performs simple packet filtering based on simple packet filtering conditions for the packet, and transmits the packet to a detailed inspection device when a predetermined simple packet filtering condition is satisfied,
  A detailed search device that performs detailed packet filtering based on detailed packet filtering conditions that are more detailed than the simple packet filtering conditions, for packets that match the predetermined simple packet filtering conditions;
  Based on the result of the detailed packet filtering, a simple packet filtering condition for the communication device is created, and a policy management device for notifying the simple packet filtering condition created for the communication device;
  Based on the result of the simple packet filtering in the communication device for the packet, comprising a communication control device for performing communication control,
  The simple packet filtering condition executed by the communication device includes IP layer header information and transport layer header information,
  The detailed packet filtering condition executed by the detailed search device includes header information and payload information of a layer higher than a session layer,
  The detailed search device includes:
  In the detailed packet filtering performed, the policy management device is notified of the header information of the IP layer and the transport layer of the packet that matches the detailed packet filtering condition,
  The policy management device includes:
  Create the simple packet filtering condition based on the notified header information, and create the simple packet filtering condition based on the location information of the terminal when creating the simple packet filtering condition,
  A communication system characterized by the above.   The communication system according to claim 1,
  The policy management device includes:
  A table showing elements necessary for creating the simple packet filtering condition;
  Storing the communication state of the terminal as the element in the table;
  A communication system characterized by the above.   A communication system according to claim 2,
  The policy management device includes:
  A table showing elements necessary for creating the simple packet filtering condition;
  In the table, the location information of the terminal is stored as the element.
  A communication system characterized by the above.   A communication system that performs filtering on packets transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network,
  A communication device that performs simple packet filtering based on simple packet filtering conditions for the packet, and transmits the packet to a detailed inspection device when a predetermined simple packet filtering condition is satisfied,
  A detailed search device that performs detailed packet filtering based on detailed packet filtering conditions that are more detailed than the simple packet filtering conditions, for packets that match the predetermined simple packet filtering conditions;
  Based on the result of the detailed packet filtering, a simple packet filtering condition for the communication device is created, and a policy management device for notifying the simple packet filtering condition created for the communication device;
  Based on the result of the simple packet filtering in the communication device for the packet, comprising a communication control device for performing communication control,
  The simple packet filtering condition executed by the communication device includes IP layer header information and transport layer header information,
  The detailed packet filtering condition executed by the detailed search device includes header information and payload information of a layer higher than a session layer,
  The detailed search device includes:
  In the detailed packet filtering performed, the policy management device is notified of the header information of the IP layer and the transport layer of the packet that matches the detailed packet filtering condition,
  The policy management device includes:
  Based on the notified header information, the simple packet filtering condition is created, and a table showing elements necessary for creating the simple packet filtering condition is provided, and the addition, change, or deletion of the element in the table is performed. As a trigger, a message for adding, changing, or deleting the simple packet filtering condition is transmitted to the communication device.
  A communication system characterized by the above.   A policy management apparatus for creating a filtering condition for performing filtering on a packet transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network,
  A processing unit, a memory unit, and a network interface unit for the IP network,
  The processor is
  IP layer header information of a packet detected by the detailed packet filtering, which is notified from a detailed search device that performs detailed packet filtering based on detailed packet filtering conditions for the packet connected to the IP network, and transport Based on the header information of the layer, create a simple packet filtering condition, and notify the communication device connected to the IP network via the network interface unit,
  In the simple packet filtering condition creation, create a simple packet filtering condition based on whether or not the terminal is temporarily in a communication disabled state,
  A policy management apparatus characterized by that.   A policy management apparatus for creating a filtering condition for performing filtering on a packet transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network,
  A processing unit, a memory unit, and a network interface unit for the IP network,
  The processor is
  IP layer header information of a packet detected by the detailed packet filtering, which is notified from a detailed search device that performs detailed packet filtering based on detailed packet filtering conditions for the packet connected to the IP network, and transport Based on the header information of the layer, create a simple packet filtering condition, and notify the communication device connected to the IP network via the network interface unit,
  In the simple packet filtering condition creation, create a simple packet filtering condition based on the location information of the terminal,
  A policy management apparatus characterized by that.   The policy management device according to claim 6,
  The memory unit of the policy management device includes a table indicating elements necessary for creating the simple packet filtering condition,
  Storing the communication state of the terminal as the element in the table;
  A policy management apparatus characterized by that.   The policy management device according to claim 7,
  The memory unit of the policy management device includes a table indicating elements necessary for creating the simple packet filtering condition,
  In the table, the location information of the terminal is stored as the element.
  A policy management apparatus characterized by that.   A policy management apparatus for creating a filtering condition for performing filtering on a packet transmitted to and received from a terminal capable of wireless communication or wired communication via an IP network,
  A processing unit, a memory unit, and a network interface unit for the IP network,
  The processor is
  IP layer header information of a packet detected by the detailed packet filtering, which is notified from a detailed search device that performs detailed packet filtering based on detailed packet filtering conditions for the packet connected to the IP network, and transport Based on the header information of the layer, create a simple packet filtering condition, and notify the communication device connected to the IP network via the network interface unit,
  The memory unit of the policy management device includes a table indicating elements necessary for creating the simple packet filtering condition,
  The processor is
  Sending a message to add, change, or delete the simple packet filtering condition to the communication device, triggered by addition, change, or deletion of the element in the table,
  A policy management apparatus characterized by that.

Images